5:20 a.m.
Hello,
I need to deploy keycloak over MariaDB:
I downloaded the latest version of Keycloak, 2.5.1 and I want to connect
to my DB running over MariaDB.
I'm using the same JDBC driver that I also use for other applications:
I start WildFly, I open the console and I go to Deployment.
I load the mariadb-java-client-1.5.5.jar.
The driver is correctly loaded.
I shutdown the server, I edit the standalone.xml and I add:
<datasource jndi-name="java:jboss/MariaDBDS"
pool-name="MariaDBDS">
<connection-url>jdbc:mariadb://localhost:3306/KcTbs</connection-url>
<driver>mariadb-java-client-1.5.5.jar</driver>
<driver-class>org.mariadb.jdbc.Driver</driver-class>
<security>
<user-name>KcUsr</user-name>
<password>KcPwd</password>
</security>
<validation>
<valid-connection-checker
class-name="org.jboss.jca.adapters.jdbc.extensions.mysql.MySQLValidConnectionChecker"/>
<validate-on-match>true</validate-on-match>
<background-validation>false</background-validation>
<exception-sorter
class-name="org.jboss.jca.adapters.jdbc.extensions.mysql.MySQLExceptionSorter"/>
</validation>
</datasource>
I restart the server and I can see the new datasource.
I open it, I go to "Connection" and I receive the following error when I
try to test the connection:
12:12:51,248 ERROR [org.jboss.as.controller.management-operation]
(management task-7) WFLYCTL0013: Operation ("test-connection-in-pool")
failed - address: ([
("subsystem" => "datasources"),
("data-source" => "MariaDBDS")
]) - failure description: "WFLYJCA0040: failed to invoke operation:
WFLYJCA0047: Connection is not valid"
Any idea?
3:26 a.m.
New subject: Keycloak on active MQ
Hi ,
We are using keycloak as SSO in our organization. I would like to know if securing
activemq using keycloak is a valid use case. Does keycloak allow us to validate jms
requests to the queue or topic?
Regards,
Shankar
5:50 a.m.
New subject: Keycloak on active MQ
I didn't try that yet. However I think it should work as ActiveMQ has
some support for JAAS. We have some JAAS login modules, which can be
used to secure those kind of services. See docs for details
https://keycloak.gitbooks.io/securing-client-applications-guide/content/v...
.
Marek
On 01/02/17 10:26, Shankar_Bhaskaran wrote:
Hi ,
We are using keycloak as SSO in our organization. I would like to know if securing
activemq using keycloak is a valid use case. Does keycloak allow us to validate jms
requests to the queue or topic?
Regards,
Shankar
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev
2:20 p.m.
New subject: Keycloak on active MQ
Hi ,
I was able to secure activemq behind keycloak using the direct access login module, but I
specifically have to pass the username and password while getting a connection from active
mq. The SSO aspect of keycloak is not fulfilled since I have to pass username , password
from the webapplication. The activemq and my application share the same security domain
also.
connection = (ActiveMQConnection) connectionFactory.createConnection(username ,
password);
Is there a way to get authenticated in ActiveMQ in the same user session as the web
application that is calling the connection
Regards,
Shankar
-----Original Message-----
From: Marek Posolda [mailto:mposolda@redhat.com]
Sent: Wednesday, February 1, 2017 5:21 PM
To: Shankar_Bhaskaran <Shankar_Bhaskaran(a)infosys.com>; keycloak-dev(a)lists.jboss.org;
keycloak-user(a)lists.jboss.org
Subject: Re: [keycloak-dev] Keycloak on active MQ
I didn't try that yet. However I think it should work as ActiveMQ has some support for
JAAS. We have some JAAS login modules, which can be used to secure those kind of services.
See docs for details
https://keycloak.gitbooks.io/securing-client-applications-guide/content/v...
.
Marek
On 01/02/17 10:26, Shankar_Bhaskaran wrote:
Hi ,
We are using keycloak as SSO in our organization. I would like to know if securing
activemq using keycloak is a valid use case. Does keycloak allow us to validate jms
requests to the queue or topic?
Regards,
Shankar
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev
2:12 a.m.
New subject: Keycloak on active MQ
Yes, I think that for that case the second login module
(BearerTokenLoginModule) is better choice. Your webapp has accessToken
already, so you just need to send it as "password" to JAAS. Probably
something like this should work:
connectionFactory.createConnection(username , accessTokenString);
Marek
On 02/04/17 21:20, Shankar_Bhaskaran wrote:
Hi ,
I was able to secure activemq behind keycloak using the direct access login module, but I
specifically have to pass the username and password while getting a connection from active
mq. The SSO aspect of keycloak is not fulfilled since I have to pass username , password
from the webapplication. The activemq and my application share the same security domain
also.
connection = (ActiveMQConnection) connectionFactory.createConnection(username ,
password);
Is there a way to get authenticated in ActiveMQ in the same user session as the web
application that is calling the connection
Regards,
Shankar
-----Original Message-----
From: Marek Posolda [mailto:mposolda@redhat.com]
Sent: Wednesday, February 1, 2017 5:21 PM
To: Shankar_Bhaskaran <Shankar_Bhaskaran(a)infosys.com>;
keycloak-dev(a)lists.jboss.org; keycloak-user(a)lists.jboss.org
Subject: Re: [keycloak-dev] Keycloak on active MQ
I didn't try that yet. However I think it should work as ActiveMQ has some support
for JAAS. We have some JAAS login modules, which can be used to secure those kind of
services. See docs for details
https://keycloak.gitbooks.io/securing-client-applications-guide/content/v...
.
Marek
On 01/02/17 10:26, Shankar_Bhaskaran wrote:
> Hi ,
>
> We are using keycloak as SSO in our organization. I would like to know if securing
activemq using keycloak is a valid use case. Does keycloak allow us to validate jms
requests to the queue or topic?
>
> Regards,
> Shankar
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
2:53 a.m.
New subject: Keycloak on active MQ
I did it in one project by adding plugin to activeMQ configuration :
<plugins>
<jaasAuthenticationPlugin configuration="KeycloakModule" />
<authorizationPlugin>
<map>
<authorizationMap>
<authorizationEntries>
<authorizationEntry topic=">"
read="SOME_ROLE, OTHER_ROLE"
write="SOME_ROLE,
OTHER_ROLE"
admin="SOME_ROLE,
OTHER_ROLE"/>
</authorizationEntries>
</authorizationMap>
</map>
</authorizationPlugin>
</plugins>
Keycloak module definition:
KeycloakModule {
org.keycloak.adapters.jaas.DirectAccessGrantsLoginModule required
keycloak-config-file="classpath:keycloak.json"
role-principal-class=org.apache.activemq.jaas.GroupPrincipal;
};
best regards
Andi
2017-04-03 9:12 GMT+02:00 Marek Posolda <mposolda(a)redhat.com>:
Yes, I think that for that case the second login module
(BearerTokenLoginModule) is better choice. Your webapp has accessToken
already, so you just need to send it as "password" to JAAS. Probably
something like this should work:
connectionFactory.createConnection(username , accessTokenString);
Marek
On 02/04/17 21:20, Shankar_Bhaskaran wrote:
> Hi ,
>
> I was able to secure activemq behind keycloak using the direct access
login module, but I specifically have to pass the username and password
while getting a connection from active mq. The SSO aspect of keycloak is
not fulfilled since I have to pass username , password from the
webapplication. The activemq and my application share the same security
domain also.
> connection = (ActiveMQConnection) connectionFactory.createConnection(username
, password);
> Is there a way to get authenticated in ActiveMQ in the same user session
as the web application that is calling the connection
>
> Regards,
> Shankar
>
> -----Original Message-----
> From: Marek Posolda [mailto:mposolda@redhat.com]
> Sent: Wednesday, February 1, 2017 5:21 PM
> To: Shankar_Bhaskaran <Shankar_Bhaskaran(a)infosys.com>;
keycloak-dev(a)lists.jboss.org; keycloak-user(a)lists.jboss.org
> Subject: Re: [keycloak-dev] Keycloak on active MQ
>
> I didn't try that yet. However I think it should work as ActiveMQ has
some support for JAAS. We have some JAAS login modules, which can be used
to secure those kind of services. See docs for details
https://keycloak.gitbooks.io/securing-client-applications-
guide/content/v/latest/topics/oidc/java/jaas.html
> .
>
> Marek
>
> On 01/02/17 10:26, Shankar_Bhaskaran wrote:
>> Hi ,
>>
>> We are using keycloak as SSO in our organization. I would like to know
if securing activemq using keycloak is a valid use case. Does keycloak
allow us to validate jms requests to the queue or topic?
>>
>> Regards,
>> Shankar
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev(a)lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev
6:34 p.m.
This mailing list is exclusively dedicated to discussions around
Keycloak development.
Please resend your question to keycloak-user mailing list [1] which is a
place for any questions related to installing, setting up, and using
Keycloak.
[1] https://lists.jboss.org/mailman/listinfo/keycloak-user
On 2017-01-30, Tech wrote:
Hello,
I need to deploy keycloak over MariaDB:
I downloaded the latest version of Keycloak, 2.5.1 and I want to connect
to my DB running over MariaDB.
I'm using the same JDBC driver that I also use for other applications:
I start WildFly, I open the console and I go to Deployment.
I load the mariadb-java-client-1.5.5.jar.
The driver is correctly loaded.
I shutdown the server, I edit the standalone.xml and I add:
<datasource jndi-name="java:jboss/MariaDBDS"
pool-name="MariaDBDS">
<connection-url>jdbc:mariadb://localhost:3306/KcTbs</connection-url>
<driver>mariadb-java-client-1.5.5.jar</driver>
<driver-class>org.mariadb.jdbc.Driver</driver-class>
<security>
<user-name>KcUsr</user-name>
<password>KcPwd</password>
</security>
<validation>
<valid-connection-checker
class-name="org.jboss.jca.adapters.jdbc.extensions.mysql.MySQLValidConnectionChecker"/>
<validate-on-match>true</validate-on-match>
<background-validation>false</background-validation>
<exception-sorter
class-name="org.jboss.jca.adapters.jdbc.extensions.mysql.MySQLExceptionSorter"/>
</validation>
</datasource>
I restart the server and I can see the new datasource.
I open it, I go to "Connection" and I receive the following error when I
try to test the connection:
12:12:51,248 ERROR [org.jboss.as.controller.management-operation]
(management task-7) WFLYCTL0013: Operation ("test-connection-in-pool")
failed - address: ([
("subsystem" => "datasources"),
("data-source" => "MariaDBDS")
]) - failure description: "WFLYJCA0040: failed to invoke operation:
WFLYJCA0047: Connection is not valid"
Any idea?
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev
--
abstractj
2824
days inactive
2887
days old
6 comments
5 participants
participants (5)
-
Andrzej Goławski -
Bruno Oliveira -
Marek Posolda -
Shankar_Bhaskaran -
Tech