August 2014 - keycloak-user - Jboss List Archives

Pre-requistes for Non-interactive Realm, Application, User setup in Keycloak

by Kamal Jagadevan

Hello, I am quite aware that REST API is the only way for non-interactive integration to setup Realm, Application, and Users in Keycloak. Having said that even before invoking desired api, we need Client ID (Account), Client Secret, Username and password (after resetting) to obtain the access token. 1. what is the best way to obtain these values for subsequent API invocations? 2. I observed there is a mechanism to upload a JSON file with Realm configuration but how can I export it at the first place. Please share your thoughts. Best Kamal

10 years, 4 months

2
2
0 / 0

Last release candidate before final

by Stian Thorgersen

All, We aim to release RC-2 on Friday. This will hopefully be the last release candidate before 1.0.final is released, so please if you have any issues with RC-1 let us now asap. Regards, Stian

10 years, 5 months

1
0
0 / 0

Docker Image error

by Dean Peterson

I installed Docker on my Windows Server 2012 R2 machine and tried to use the Keycloak Docker image. I ran "docker run -it -p 8080:8080 -p 9090:9090 jboss/keycloak" and received the following error: java.lang.IllegalArgumentException: Failed to instantiate class "org.jboss.logma nager.handlers.PeriodicRotatingFileHandler" for handler "FILE" at org.jboss.logmanager.config.AbstractPropertyConfiguration$ConstructAc tion.validate(AbstractPropertyConfiguration.java:119) . . . at java.lang.reflect.Constructor.newInstance(Constructor.java:526) at org.jboss.logmanager.config.AbstractPropertyConfiguration$ConstructAc tion.validate(AbstractPropertyConfiguration.java:117) ... 19 more Caused by: java.io.FileNotFoundException: /opt/wildfly/standalone/log/server.log (No such file or directory) at java.io.FileOutputStream.open(Native Method) at java.io.FileOutputStream.<init>(FileOutputStream.java:221) Any ideas?

10 years, 5 months

2
1
0 / 0

How to get the state parm to create a valid redirect url?

by Christina Lau

I am trying to integrate Keycloak, RestEasy and Swagger. I got most of the stuff to work with the exception of a redirect URL problem. The scenario is if I am not yet authorized to a Restful service, then in Swagger, I can click on their authorize button and that is supposed to bring me to the Keycloak login screen. I am basically doing what is described in this article if that helps: http://developers-blog.helloreverb.com/enabling-oauth-with-swagger/ The problem I am facing is: It seems for Keycloak redirect to work, there is a state parameter. For example, this works: http://localhost:8080/auth/realms/DSG_API/tokens/login?client_id=dsgapi&r... How do I programmatically get this state parameter? Christina

10 years, 5 months

1
0
0 / 0

i18n in log-in forms etc.

by Nils Preusker

Hi everyone, I saw that there is already a JIRA issue for this, but I was wondering whether there are any plans to add support for i18n in keyclaok themes? Here's the issue: https://issues.jboss.org/browse/KEYCLOAK-301 To be more precise, we'd need to provide different messages and labels in log-in and registration templates based on the browser language. Cheers, Nils

10 years, 5 months

2
2
0 / 0

Re: [keycloak-user] SSO Session Idle Timeout for Direct

by Schneider, John DODGE CONSULTING SERVICES, LLC

My application is checking the access token timeout and refreshing it if expired. The thing is, the tokens are being invalidated after the SSO session timeout. So if I have the access token timeout set to 4 hours, and the SSO timeout set to 15 minutes, the access token and refresh tokens are both invalidated after only 15 minutes. Date: Thu, 21 Aug 2014 17:34:16 -0400 From: Bill Burke <bburke(a)redhat.com<mailto:bburke@redhat.com>> Subject: Re: [keycloak-user] SSO Session Idle Timeout for Direct Grants To: keycloak-user(a)lists.jboss.org<mailto:keycloak-user@lists.jboss.org> Message-ID: <53F665D8.9000303(a)redhat.com<mailto:53F665D8.9000303@redhat.com>> Content-Type: text/plain; charset=windows-1252; format=flowed I don't agree... Your application should be checking for token timeouts and performing a refresh. The response from direct-grant gives you a refresh token as well as an access token as well as a timeout (which you could check from the access token). Since you have a refresh token, you can refresh the access token. You still want the same setup: Short access token lifespan (seconds/minutes) with a longer refresh timeout minutes/hours. This is for revocation checks, permission changes, etc. I could set up a different SSO timeout/access token timeout for grant requests if you want, but that would have to be after 1.0.final.

10 years, 5 months

2
4
0 / 0

CSS design by Application

by Vinicius Nakayama

Hi, I created one realm with many applications associated. I would like to know if it is possible to find out which app that was called in my page(login.ftl)? For example: When some app from my realm is called, I discover the app that was called and I show login page with specific css for it. Thanks in advance.

10 years, 5 months

2
1
0 / 0

Unable to start Keycloak beta on AWS VM - HTTPS required

by Christina Lau

I am unable to start Keycloak beta 4 on EC2. When I clicked on the Admin Console, I got HTTPS required. I did the same configuration changes (standalone.xml) for Keycloak beta 3 and it worked on EC2. What else do I need to configure for beta 4? Here is the URLs: Beta 4 doesn’t work: http://54.88.95.99:8080/auth/ Beta 3 works: http://54.84.240.18:8080/auth/ Christina

10 years, 5 months

3
2
0 / 0

Multiple login screens

by Rodrigo Sasaki

Hi, I was wondering if there is a plan to implement multiple login screens. We have the need for more than one type of login screen here, for different flows, and I imagine we're not the only ones who will be interested in such a feature. Something that allows you to select between the screens you created for a given style, and have one by default maybe. Any thoughts? -- Rodrigo Sasaki

10 years, 5 months

4
3
0 / 0

Alternative ways to reset password

by Kamal Jagadevan

Hello, Are there any alternative ways like command line or shortcuts to update the Realm settings or user settings in Keycloak. Though it is possible to set it up through Admin console but trying to avoid the setup steps through UI. Looks like during application bootstrap these are few settings like admin password to be reset & Direct Grant API access being disabled. Is there any other better way to modify other than UI or directly updating them in database. Please let us know. This is critical for our post install steps while integrating with Keycloak. Thanks Kamal

10 years, 5 months

4
4
0 / 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

keycloak-user August 2014