Please use user mailing list (keycloak-user(a)lists.jboss.org) for general
questions and help. The developer mailing list is dedicated to discussing
development of Keycloak itself, including contributions.
On Wed, 3 Oct 2018 at 12:09, Shyam Gupta, Upendra <
upendra.shyam.gupta(a)accenture.com> wrote:
Hi Team ,
We have done standalone configuration , but we are struggling with Domain
Cluster mode .
We have Angular JS Application ,we have LB in front of key cloak could you
please suggest or guide how configuration should be done .
Also may use autoscaling in our production Environment ,please suggest is
Domain Cluster Mode suitable for this and if yes how to configure it .
Thanks ,
Upendra
+91 9765552818
-----Original Message-----
From: keycloak-dev-bounces(a)lists.jboss.org <
keycloak-dev-bounces(a)lists.jboss.org> On Behalf Of
keycloak-dev-request(a)lists.jboss.org
Sent: Wednesday, October 3, 2018 12:41 PM
To: keycloak-dev(a)lists.jboss.org
Subject: [External] keycloak-dev Digest, Vol 64, Issue 3
Send keycloak-dev mailing list submissions to
keycloak-dev(a)lists.jboss.org
To subscribe or unsubscribe via the World Wide Web, visit
https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.jboss.org_mail...
or, via email, send a message with subject or body 'help' to
keycloak-dev-request(a)lists.jboss.org
You can reach the person managing the list at
keycloak-dev-owner(a)lists.jboss.org
When replying, please edit your Subject line so it is more specific than
"Re: Contents of keycloak-dev digest..."
Today's Topics:
1. Create "online session" from offline session (Niels Bertram)
2. Re: Column Sorting (Stan Silvert)
3. Re: Create "online session" from offline session (Marek Posolda)
4. Re: Create "online session" from offline session (Niels Bertram)
5. PR for adding 'roles' and 'web-origins' client scopes
(Marek Posolda)
6. Re: Create "online session" from offline session (Marek Posolda)
----------------------------------------------------------------------
Message: 1
Date: Tue, 2 Oct 2018 16:24:20 +1000
From: Niels Bertram <nielsbne(a)gmail.com>
Subject: [keycloak-dev] Create "online session" from offline session
To: keycloak-dev <keycloak-dev(a)lists.jboss.org>
Message-ID:
<CAPLPyg=MqBHWsA0E2-Sd=UbYh-E+mHAb33F=cOUv9xSkxzPhxg(a)mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
Hi devs,
we are trying to turn an offline session back into an "online session" for
which we can generate cookies and send them to the clients browser.
I tried to create a user session with AuthenticationManager but for some
reason the created session is not showing up as a proper in the user
account management section. Is there anything that needs to happen after
this session is created to make it a normal user session?
AuthenticatedClientSessionModel clientSession =
session.sessions().createClientSession(realm, client, offlineSession);
We have a mobile app that uses offline_access to create an "always logged"
in experience for the app user. However when we open a SSO-enabled website
in the app (WebView), there is no KEYCLOAK_SESSION cookie to allow the web
page to initiate a successful pre-auth check.
We wrote a custom resource which we call in our webview to "redirect" the
user to an SSO enabled site:
1. authenticate the user
AuthResult auth = new AppAuthManager().authenticateBearerToken(session)
2. load a valid userSession
UserSessionModel userSession = session.sessions().getUserSession(realm,
token.getSessionState());
3. create the session cookies
AuthenticationManager.createLoginCookie(session, realm, user, userSession,
ctx.getUri(), ctx.getConnection());
4. forward the user to the SSO enabled website
5. SSO enabled website would do a normal pre-auth check with prompt=none
There was a similar conversation about the "lost" session in KEYCLOAK-4201
<
https://urldefense.proofpoint.com/v2/url?u=https-3A__issues.jboss.org_bro...;,
but that one did not go as far as creating a new session.
Anyone of you got any clever idea on how do "preload" a valid SSO session
into a WebView?
Cheers,
Niels
PS. we are on RH-SSO 7.2.4 so roughly Keycloak 3.4.3
------------------------------
Message: 2
Date: Tue, 2 Oct 2018 06:58:20 -0400
From: Stan Silvert <ssilvert(a)redhat.com>
Subject: Re: [keycloak-dev] Column Sorting
To: keycloak-dev(a)lists.jboss.org
Message-ID: <fcc562ce-4a46-f9a6-09ff-c21c48490cd9(a)redhat.com>
Content-Type: text/plain; charset=utf-8; format=flowed
If you have a PR for this we would welcome it.? However, it might be quite
awhile before it can be merged into the code base because we are fast
approaching an extended feature freeze.
Stan
On 10/1/2018 9:05 PM, KevinO wrote:
> Is there any opposition to me adding column sorting? There is the
> ticket for it:
>
https://urldefense.proofpoint.com/v2/url?u=https-3A__issues.jboss.org_
> browse_KEYCLOAK-2D4676&d=DwICAg&c=eIGjsITfXP_y-DLLX0uEHXJvU8nOHrUK8Irw
> NKOtkVU&r=0u41OaohNycTZQOwnnZYNmvujL8_9c9Upx3kK2RlVGifbELXY-3yW0mrWqin
> gS7U&m=iRh6nEotbfKHFIXI9A54mn8mX9WnOFa1RLKMlXDQAjk&s=GXdUVsHcO0O5XcZ7E
> 1ivVWk_t-E1Wdgf3ThuAK6Ldvk&e=
>
> I've tested a solution that uses standard angular ordering. I don't
> want to update all the tables if this is a feature that is not wanted.
>
> Here is what one option of sorting would look like using Font-Awesoms
> chevron as the clickable item.
> [image: image.png]
> [image: image.png]
>
>
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev(a)lists.jboss.org
>
https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.jboss.org_m
> ailman_listinfo_keycloak-2Ddev&d=DwICAg&c=eIGjsITfXP_y-DLLX0uEHXJvU8nO
> HrUK8IrwNKOtkVU&r=0u41OaohNycTZQOwnnZYNmvujL8_9c9Upx3kK2RlVGifbELXY-3y
> W0mrWqingS7U&m=iRh6nEotbfKHFIXI9A54mn8mX9WnOFa1RLKMlXDQAjk&s=vtPzZKTG6
> Ju-WczYEuZ1TJP2HOV-5yvr7Kv5ajKy8gg&e=
------------------------------
Message: 3
Date: Tue, 2 Oct 2018 16:33:00 +0200
From: Marek Posolda <mposolda(a)redhat.com>
Subject: Re: [keycloak-dev] Create "online session" from offline
session
To: Niels Bertram <nielsbne(a)gmail.com>,keycloak-dev
<keycloak-dev(a)lists.jboss.org>
Message-ID: <0ca41d60-abd2-f716-91ae-9ac0ba00444d(a)redhat.com>
Content-Type: text/plain; charset=utf-8; format=flowed
I suggest to use the flow like this:
1) Exchange the offline token for the 3 tokens, which will include the
triplet of (access token, id token, offline token).
2) Then you can pass the just retrieved IDToken in the authentication
request in the "id_token_hint" parameter.
3) Then you will need to create Authenticator (see our docs/quickstarts
for more details), which will be able to see if "id_token_hint" was sent
and then verify this token and authenticate user if it was ok. You can
probably use some existing code from IDToken introspection endpoint. If
parameter is not used, authenticator can be just ignored during the
authentication flow.
4) As last step, you will need to add this authenticator to the browser
authentication flow.
This will cause that if IDToken is sent, it will be able to use it to
authenticate the user and hence new UserSessionModel (+cookies and all of
this) will be properly created by Keycloak itself.
If you manage to make this working, we will be happy if you contribute it
in the PR :) As this is described in the OIDC specification (see
https://urldefense.proofpoint.com/v2/url?u=https-3A__openid.net_specs_ope...
), but we don't yet implement it.
If you don't want to send PR, you may implement it a bit easier and
differently in a non-OIDC standard way (EG. pass the offline_token directly
instead of IDToken in step 2).
Marek
On 02/10/18 08:24, Niels Bertram wrote:
> Hi devs,
>
> we are trying to turn an offline session back into an "online session"
> for which we can generate cookies and send them to the clients browser.
>
> I tried to create a user session with AuthenticationManager but for
> some reason the created session is not showing up as a proper in the
> user account management section. Is there anything that needs to
> happen after this session is created to make it a normal user session?
>
> AuthenticatedClientSessionModel clientSession =
> session.sessions().createClientSession(realm, client, offlineSession);
>
> We have a mobile app that uses offline_access to create an "always
logged"
> in experience for the app user. However when we open a SSO-enabled
> website in the app (WebView), there is no KEYCLOAK_SESSION cookie to
> allow the web page to initiate a successful pre-auth check.
>
> We wrote a custom resource which we call in our webview to "redirect"
> the user to an SSO enabled site:
>
> 1. authenticate the user
>
> AuthResult auth = new
> AppAuthManager().authenticateBearerToken(session)
>
> 2. load a valid userSession
>
> UserSessionModel userSession =
> session.sessions().getUserSession(realm,
> token.getSessionState());
>
> 3. create the session cookies
>
> AuthenticationManager.createLoginCookie(session, realm, user,
> userSession, ctx.getUri(), ctx.getConnection());
>
> 4. forward the user to the SSO enabled website
>
> 5. SSO enabled website would do a normal pre-auth check with
> prompt=none
>
> There was a similar conversation about the "lost" session in
> KEYCLOAK-4201
> <
https://urldefense.proofpoint.com/v2/url?u=https-3A__issues.jboss.org_bro...;,
but that one did not go as far as creating a new session.
>
> Anyone of you got any clever idea on how do "preload" a valid SSO
> session into a WebView?
>
> Cheers,
> Niels
>
> PS. we are on RH-SSO 7.2.4 so roughly Keycloak 3.4.3
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev(a)lists.jboss.org
>
https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.jboss.org_m
> ailman_listinfo_keycloak-2Ddev&d=DwICAg&c=eIGjsITfXP_y-DLLX0uEHXJvU8nO
> HrUK8IrwNKOtkVU&r=0u41OaohNycTZQOwnnZYNmvujL8_9c9Upx3kK2RlVGifbELXY-3y
> W0mrWqingS7U&m=iRh6nEotbfKHFIXI9A54mn8mX9WnOFa1RLKMlXDQAjk&s=vtPzZKTG6
> Ju-WczYEuZ1TJP2HOV-5yvr7Kv5ajKy8gg&e=
------------------------------
Message: 4
Date: Wed, 3 Oct 2018 01:15:05 +1000
From: Niels Bertram <nielsbne(a)gmail.com>
Subject: Re: [keycloak-dev] Create "online session" from offline
session
To: Marek Posolda <mposolda(a)redhat.com>
Cc: keycloak-dev <keycloak-dev(a)lists.jboss.org>
Message-ID:
<CAPLPygkndifFFNXr27ic8MPiy_oc7Z3wM72UMGHGMnamfducHA(a)mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
Thanks for the response Marek. I implemented a custom authenticator before
so that makes all total sense. The parts I am a bit worried about is:
a) the GET implementation would require use to send the IDToken
unprotected in the URL (POST is fine)
b) a mobile app from which we want to initiate the "sign me in and then
redirect me to another website" would effectively need to whitelist every
possible URL that it can redirect to.
If I send a PR to latest Keycloak, any chance that can be patched into
current or next version of RH-SSO?
Cheers,
Niels
On Wed, Oct 3, 2018 at 12:33 AM Marek Posolda <mposolda(a)redhat.com> wrote:
> I suggest to use the flow like this:
> 1) Exchange the offline token for the 3 tokens, which will include the
> triplet of (access token, id token, offline token).
>
> 2) Then you can pass the just retrieved IDToken in the authentication
> request in the "id_token_hint" parameter.
>
> 3) Then you will need to create Authenticator (see our
> docs/quickstarts for more details), which will be able to see if
> "id_token_hint" was sent and then verify this token and authenticate
> user if it was ok. You can probably use some existing code from
> IDToken introspection endpoint. If parameter is not used,
> authenticator can be just ignored during the authentication flow.
>
> 4) As last step, you will need to add this authenticator to the
> browser authentication flow.
>
> This will cause that if IDToken is sent, it will be able to use it to
> authenticate the user and hence new UserSessionModel (+cookies and all
> of this) will be properly created by Keycloak itself.
>
> If you manage to make this working, we will be happy if you contribute
> it in the PR :) As this is described in the OIDC specification (see
>
https://urldefense.proofpoint.com/v2/url?u=https-3A__openid.net_specs_
>
openid-2Dconnect-2Dcore-2D1-5F0.html-23AuthRequest&d=DwICAg&c=eIGjsITfXP_y-DLLX0uEHXJvU8nOHrUK8IrwNKOtkVU&r=0u41OaohNycTZQOwnnZYNmvujL8_9c9Upx3kK2RlVGifbELXY-3yW0mrWqingS7U&m=iRh6nEotbfKHFIXI9A54mn8mX9WnOFa1RLKMlXDQAjk&s=WMK8NemyUzNtZIsMw_iLiVxqx9cKk4FCx2FM4hu00KI&e=
), but we don't yet implement it.
>
> If you don't want to send PR, you may implement it a bit easier and
> differently in a non-OIDC standard way (EG. pass the offline_token
> directly instead of IDToken in step 2).
>
> Marek
>
> On 02/10/18 08:24, Niels Bertram wrote:
> > Hi devs,
> >
> > we are trying to turn an offline session back into an "online
session"
> for
> > which we can generate cookies and send them to the clients browser.
> >
> > I tried to create a user session with AuthenticationManager but for
> > some reason the created session is not showing up as a proper in the
> > user account management section. Is there anything that needs to
> > happen after this session is created to make it a normal user session?
> >
> > AuthenticatedClientSessionModel clientSession =
> > session.sessions().createClientSession(realm, client,
> > offlineSession);
> >
> > We have a mobile app that uses offline_access to create an "always
> logged"
> > in experience for the app user. However when we open a SSO-enabled
> website
> > in the app (WebView), there is no KEYCLOAK_SESSION cookie to allow
> > the
> web
> > page to initiate a successful pre-auth check.
> >
> > We wrote a custom resource which we call in our webview to
> > "redirect" the user to an SSO enabled site:
> >
> > 1. authenticate the user
> >
> > AuthResult auth = new
> > AppAuthManager().authenticateBearerToken(session)
> >
> > 2. load a valid userSession
> >
> > UserSessionModel userSession =
> > session.sessions().getUserSession(realm,
> > token.getSessionState());
> >
> > 3. create the session cookies
> >
> > AuthenticationManager.createLoginCookie(session, realm, user,
> userSession,
> > ctx.getUri(), ctx.getConnection());
> >
> > 4. forward the user to the SSO enabled website
> >
> > 5. SSO enabled website would do a normal pre-auth check with
> > prompt=none
> >
> > There was a similar conversation about the "lost" session in
> KEYCLOAK-4201
> > <
https://urldefense.proofpoint.com/v2/url?u=https-3A__issues.jboss.o
> > rg_browse_KEYCLOAK-2D420&d=DwICAg&c=eIGjsITfXP_y-DLLX0uEHXJvU8nOHrUK
> > 8IrwNKOtkVU&r=0u41OaohNycTZQOwnnZYNmvujL8_9c9Upx3kK2RlVGifbELXY-3yW0
> > mrWqingS7U&m=iRh6nEotbfKHFIXI9A54mn8mX9WnOFa1RLKMlXDQAjk&s=ZMc4ZmEk4
> > 8Nmomy36jvaoA3dXdGc4akKoAsKI8KSkuE&e=>, but that one did not go
> as
> > far as creating a new session.
> >
> > Anyone of you got any clever idea on how do "preload" a valid SSO
> > session into a WebView?
> >
> > Cheers,
> > Niels
> >
> > PS. we are on RH-SSO 7.2.4 so roughly Keycloak 3.4.3
> > _______________________________________________
> > keycloak-dev mailing list
> > keycloak-dev(a)lists.jboss.org
> >
https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.jboss.org
> > _mailman_listinfo_keycloak-2Ddev&d=DwICAg&c=eIGjsITfXP_y-DLLX0uEHXJv
> > U8nOHrUK8IrwNKOtkVU&r=0u41OaohNycTZQOwnnZYNmvujL8_9c9Upx3kK2RlVGifbE
> > LXY-3yW0mrWqingS7U&m=iRh6nEotbfKHFIXI9A54mn8mX9WnOFa1RLKMlXDQAjk&s=v
> > tPzZKTG6Ju-WczYEuZ1TJP2HOV-5yvr7Kv5ajKy8gg&e=
>
>
>
------------------------------
Message: 5
Date: Tue, 2 Oct 2018 21:25:34 +0200
From: Marek Posolda <mposolda(a)redhat.com>
Subject: [keycloak-dev] PR for adding 'roles' and 'web-origins' client
scopes
To: "keycloak-dev(a)lists.jboss.org" <keycloak-dev(a)lists.jboss.org>
Message-ID: <c06346c8-e686-4049-c744-5467da8fd7b4(a)redhat.com>
Content-Type: text/plain; charset=utf-8; format=flowed
I've sent PR
https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_keycloak_...
. Summary of
changes:
- The roles and allowed-origins are not added automatically to the access
tokens now. Instead of it, the PR introduces 2 default client
scopes: 'roles' and 'web-origins' which adds them
- Client scope 'web-origins' adds allowed-origins to the access token
similarly like it was before. So the only advantage is, that it is possible
to remove clientScope/protocolMapper if you don't need web origins in the
token
- Client scope 'roles' contains protocol mappers for add roles to the
access tokens. By default, they are added to the claims "realm_access"
and "resource_access" exactly as it was before. However it is easier to
move to completely different claims. The PR doesn't introduce new protocol
mapper implementation for roles, but uses the existing implementations
UserRealmRoleMappingMapper and UserClientRoleMappingMapper. As a
side-effect, it fixes some bug in those mappers claimed by many community
users -
https://urldefense.proofpoint.com/v2/url?u=https-3A__issues.jboss.org_bro...
- PR introduces new protocol mapper implementation
AudienceResolveProtocolMapper, which adds audience of all the clients, for
which at least one client role is available in the token. This is added by
default to the 'roles' client scope
- There is new switch "Include in Token Scope" on the Client Scope. It is
applicable only for OIDC clients. When it is off, the client scope is not
added to the "scope" in the access token. It is used for both 'roles'
and
'web-origins' scopes, so those are not in the token by default now.
- There is some minor addition to ProtocolMapper SPI. Protocol mapper
implementations has "priority" now. This is needed, so that it is ensured
that for example we first "compute" the roles to be put in the token
(including composite roles etc), then eventually add/move some roles
through HardcodedRoleMapper or RoleNameMapper, then figure the audiences
and finally move the roles to proper place in the token (which is not
necessarily hardcoded to "realm_access" and "resource_access"
claims as it was before).
- Migration is handled, so that 'roles' and 'web-origins' scopes are
automatically added during migration and they are added to all the OIDC
confidential/public clients.
WDYT?
Marek
------------------------------
Message: 6
Date: Wed, 3 Oct 2018 09:10:31 +0200
From: Marek Posolda <mposolda(a)redhat.com>
Subject: Re: [keycloak-dev] Create "online session" from offline
session
To: Niels Bertram <nielsbne(a)gmail.com>
Cc: keycloak-dev <keycloak-dev(a)lists.jboss.org>
Message-ID: <fd2a86b5-0550-2c13-d4f4-e9cbbea62864(a)redhat.com>
Content-Type: text/plain; charset=utf-8; format=flowed
On 02/10/18 17:15, Niels Bertram wrote:
> Thanks for the response Marek. I implemented a custom authenticator
> before so that makes all total sense. The parts I am a bit worried
> about is:
>
> a) the GET implementation would require use to send the IDToken
> unprotected in the URL (POST is fine)
I see. This makes sense and we support sending POST request to the initial
Authentication endpoint. Maybe you can add a flag to the authenticator like
"Allow POST method only" to specify if it accepts just POST or allow both
POST and GET? Flag can be set to ON by default (hence accept only POST).
>
> b) a mobile app from which we want to initiate the "sign me in and
> then redirect me to another website" would effectively need to
> whitelist every possible URL that it can redirect to.
>
> If I send a PR to latest Keycloak, any chance that can be patched into
> current or next version of RH-SSO?
Yes, once the PR is accepted, it always go to the latest Keycloak upstream
and latest Keycloak always "turns" after some time to RH-SSO.
Some details about this
https://urldefense.proofpoint.com/v2/url?u=https-3A__www.keycloak.org_sup...
.
Just a note that we're close to feature freeze for Keycloak 4.x (RHSSO
7.3), so if you want it in RHSSO 7.3, you need to be a bit quick though
:) And even then no guarantee as we will need some time for PR review etc.
Marek
>
> Cheers,
> Niels
>
> On Wed, Oct 3, 2018 at 12:33 AM Marek Posolda <mposolda(a)redhat.com
> <mailto:mposolda@redhat.com>> wrote:
>
> I suggest to use the flow like this:
> 1) Exchange the offline token for the 3 tokens, which will include
> the
> triplet of (access token, id token, offline token).
>
> 2) Then you can pass the just retrieved IDToken in the authentication
> request in the "id_token_hint" parameter.
>
> 3) Then you will need to create Authenticator (see our
> docs/quickstarts
> for more details), which will be able to see if "id_token_hint"
> was sent
> and then verify this token and authenticate user if it was ok. You
> can
> probably use some existing code from IDToken introspection
> endpoint. If
> parameter is not used, authenticator can be just ignored during the
> authentication flow.
>
> 4) As last step, you will need to add this authenticator to the
> browser
> authentication flow.
>
> This will cause that if IDToken is sent, it will be able to use it to
> authenticate the user and hence new UserSessionModel (+cookies and
> all
> of this) will be properly created by Keycloak itself.
>
> If you manage to make this working, we will be happy if you
> contribute
> it in the PR :) As this is described in the OIDC specification (see
>
https://urldefense.proofpoint.com/v2/url?u=https-3A__openid.net_specs_ope...
> ), but
> we don't yet implement it.
>
> If you don't want to send PR, you may implement it a bit easier and
> differently in a non-OIDC standard way (EG. pass the offline_token
> directly instead of IDToken in step 2).
>
> Marek
>
> On 02/10/18 08:24, Niels Bertram wrote:
> > Hi devs,
> >
> > we are trying to turn an offline session back into an "online
> session" for
> > which we can generate cookies and send them to the clients browser.
> >
> > I tried to create a user session with AuthenticationManager but
> for some
> > reason the created session is not showing up as a proper in the
user
> > account management section. Is there anything that needs to
> happen after
> > this session is created to make it a normal user session?
> >
> > AuthenticatedClientSessionModel clientSession =
> > session.sessions().createClientSession(realm, client,
> offlineSession);
> >
> > We have a mobile app that uses offline_access to create an
> "always logged"
> > in experience for the app user. However when we open a
> SSO-enabled website
> > in the app (WebView), there is no KEYCLOAK_SESSION cookie to
> allow the web
> > page to initiate a successful pre-auth check.
> >
> > We wrote a custom resource which we call in our webview to
> "redirect" the
> > user to an SSO enabled site:
> >
> > 1. authenticate the user
> >
> > AuthResult auth = new
> AppAuthManager().authenticateBearerToken(session)
> >
> > 2. load a valid userSession
> >
> > UserSessionModel userSession =
> session.sessions().getUserSession(realm,
> > token.getSessionState());
> >
> > 3. create the session cookies
> >
> > AuthenticationManager.createLoginCookie(session, realm, user,
> userSession,
> > ctx.getUri(), ctx.getConnection());
> >
> > 4. forward the user to the SSO enabled website
> >
> > 5. SSO enabled website would do a normal pre-auth check with
> prompt=none
> >
> > There was a similar conversation about the "lost" session in
> KEYCLOAK-4201
> > <
https://urldefense.proofpoint.com/v2/url?u=https-3A__issues.jboss.org_bro...;,
but that one did
> not go as
> > far as creating a new session.
> >
> > Anyone of you got any clever idea on how do "preload" a valid
> SSO session
> > into a WebView?
> >
> > Cheers,
> > Niels
> >
> > PS. we are on RH-SSO 7.2.4 so roughly Keycloak 3.4.3
> > _______________________________________________
> > keycloak-dev mailing list
> > keycloak-dev(a)lists.jboss.org <mailto:keycloak-dev@lists.jboss.org>
> >
>
https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.jboss.org_m
> ailman_listinfo_keycloak-2Ddev&d=DwICAg&c=eIGjsITfXP_y-DLLX0uEHXJvU8nO
> HrUK8IrwNKOtkVU&r=0u41OaohNycTZQOwnnZYNmvujL8_9c9Upx3kK2RlVGifbELXY-3y
> W0mrWqingS7U&m=iRh6nEotbfKHFIXI9A54mn8mX9WnOFa1RLKMlXDQAjk&s=vtPzZKTG6
> Ju-WczYEuZ1TJP2HOV-5yvr7Kv5ajKy8gg&e=
>
>
------------------------------
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.jboss.org_mail...
End of keycloak-dev Digest, Vol 64, Issue 3
*******************************************
________________________________
This message is for the designated recipient only and may contain
privileged, proprietary, or otherwise confidential information. If you have
received it in error, please notify the sender immediately and delete the
original. Any other use of the e-mail by you is prohibited. Where allowed
by local law, electronic communications with Accenture and its affiliates,
including e-mail and instant messaging (including content), may be scanned
by our systems for the purposes of information security and assessment of
internal compliance with Accenture policy. Your privacy is important to us.
Accenture uses your personal data only in compliance with data protection
laws. For further information on how Accenture processes your personal
data, please see our privacy statement at
https://www.accenture.com/us-en/privacy-policy.
______________________________________________________________________________________
www.accenture.com
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev