logout workflow
by Graeme Collis
I am writing an application that uses Errai and Keycloak.
I am able to login successfully and get all my user details and roles.
When I logout, I call the authenticationService to logout and then redirect to login url.
The issue with this is then the login page is not shown, the filters somehow pick up that the user is cached and re-authenticates with the same user and comes straight back into the app.
When I logout the following is called:-
public void logout() {
securityContext.invalidateCache();
authService.call( new RemoteCallback<Void>() {
@Override
public void callback( Void response ) {
redirect( GWT.getHostPageBaseURL() + "app-login" );
}
}, new BusErrorCallback() {
@Override
public boolean error( Message message, Throwable throwable ) {
Window.alert( "Logout failed: " + throwable );
return true;
}
} ).logout();
}
Under the covers the logout calls the KeycloakAthenticationService.logout(). Following through in debug all this does is set the securityContext to null.
I added the invalidateCache as an attempt to clear the cache but that did not work. I think I'm just not understanding the flow.
I have a GWT module page(/provider-ui.html) which is the only page of the app.
I have a /app-login URL which is used by the filters to redirect to Keycloak and redirect back to the GWT page after authentication.
My web.xml looks like this:-
<filter>
<filter-name>ErraiLoginRedirectFilter</filter-name>
<init-param>
<param-name>redirectLocation</param-name>
<param-value>/provider-ui.html</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>ErraiLoginRedirectFilter</filter-name>
<url-pattern>/app-login</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>ErraiUserCookieFilter</filter-name>
<url-pattern>/provider-ui.html</url-pattern>
</filter-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>Login</web-resource-name>
<url-pattern>/app-login</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>KEYCLOAK</auth-method>
<realm-name>demo</realm-name>
</login-config>
<security-role>
<role-name>user</role-name>
</security-role>
<security-role>
<role-name>admin</role-name>
</security-role>
Any pointers of the direction I should take to solve this?
Thanks, Graeme
10 years, 6 months
Tomcat 7 Adapter download and configuration
by Marc R
Hi,
I am interested in using Keycloak to secure an existing application running
on AWS Elasticbeanstalk on Tomcat 7. I plan to deploy the Keycloak Server
on Wildfly on Openshift which seems to be well documented, but I am having
a little more trouble finding information about setting things up on the
Tomcat side.
I see a tomcat7 adapter on GitHub [1], but I don't see the corresponding
binaries when I download the Keycloak distribution. I also don't see any
information on how to install and configure the adapter and I am a total
novice as far as servlet security is concerned.
Could someone point me to the quickest way to get up an running with this?
I presume it is not fully supported yet but I figure somebody most have
tried it out by now and could help short circuit the process for me.
How different is it from the EAP configuration given that EAP uses tomcat
as well? I figure that the adapter installation process differs since
tomcat doesn't use subsytems or a standalone.xml file.
[1]
https://github.com/keycloak/keycloak/tree/master/integration/tomcat7/adapter
10 years, 6 months
How to connect Keycloak Server to JBoss EAP 6.x
by Christina Lau
Hi, the doc and preconfigured demo seems to suggest it is possible to deploy my applications on EAP 6.x and secured by Keycloak by configuring adapters.
However, I can’t figure out how. Questions:
After unzipping the jars and updating standalone.xml, do I need to start up both EAP and Keycloak servers?
In step 2 of the readme, it seems to suggest that I only need to start up EAP 6.x, but then I cannot get to the /auth/admin URL to import the test realm.
If I have to start up 2 servers, how do I connect the two servers? I don’t see any doc that talks about ports or any URL etc. Thx.
Christina
10 years, 6 months
I have tried everything
by Dean Peterson
I get the following stack trace no matter what I do. I have removed every
reference to ExampleDS I can find and it still complains about it. I want
to use my database: java:jboss/datasources/ui_users but nothing I do will
make it attempt to use anything but ExampleDS. I have rebuilt the
individual projects after removing every reference to ExampleDS and it
still tries to use ExampleDS. It is like a virus that keeps popping up.
Before, there was a persistence.xml file right in the keycloak-server
project I could modify to point directly to the jndi name of my choosinge.
Now the configuration seems to be spread out between the four corners of
the earth. Please don't make this more difficult to use. I like all the
features but I would much rather have fewer features and have the focus of
your team be on quality and simplicity.
13:16:31,156 INFO [org.jboss.as.connector.subsystems.datasources] (MSC
service thread 1-3) JBAS010400: Bound data source
[java:jboss/datasources/ui_users]
13:16:31,246 INFO [org.jboss.as.server] (Controller Boot Thread)
JBAS018559: Deployed "mysql-connector-java-5.1.32-bin.jar" (runtime-name :
"mysql-connector-java-5.1.32-bin.jar")
13:16:31,444 INFO [org.jboss.as] (Controller Boot Thread) JBAS015961: Http
management interface listening on http://127.0.0.1:9990/management
13:16:31,445 INFO [org.jboss.as] (Controller Boot Thread) JBAS015951:
Admin console listening on http://127.0.0.1:9990
13:16:31,446 INFO [org.jboss.as] (Controller Boot Thread) JBAS015874:
WildFly 8.1.0.Final "Kenny" started in 5394ms - Started 218 of 273 services
(89 services are lazy, passive or on-demand)
13:17:03,193 INFO [org.jboss.as.repository] (management-handler-thread -
1) JBAS014900: Content added at location
C:\wildfly\standalone\data\content\0a\5ec72c18d0ad2b335b409fc50946b4924c89c3\content
13:17:03,206 INFO [org.jboss.as.server.deployment] (MSC service thread
1-7) JBAS015876: Starting deployment of "keycloak-server.war"
(runtime-name: "keycloak-server.war")
13:17:06,032 INFO [org.jboss.as.jpa] (MSC service thread 1-2) JBAS011401:
Read persistence.xml for keycloak-default
13:17:06,249 WARN [org.jboss.as.dependency.private] (MSC service thread
1-2) JBAS018567: Deployment "deployment.keycloak-server.war" is using a
private module ("org.apache.httpcomponents:main") which may be changed or
removed in future versions without notice.
13:17:06,250 WARN [org.jboss.as.dependency.private] (MSC service thread
1-2) JBAS018567: Deployment "deployment.keycloak-server.war" is using a
private module ("org.apache.httpcomponents:main") which may be changed or
removed in future versions without notice.
13:17:06,253 WARN [org.jboss.as.dependency.private] (MSC service thread
1-2) JBAS018567: Deployment "deployment.keycloak-server.war" is using a
private module ("org.codehaus.jackson.jackson-core-asl:main") which may be
changed or removed in future versions without notice.
13:17:06,254 WARN [org.jboss.as.dependency.private] (MSC service thread
1-2) JBAS018567: Deployment "deployment.keycloak-server.war" is using a
private module ("org.codehaus.jackson.jackson-core-asl:main") which may be
changed or removed in future versions without notice.
13:17:06,256 WARN [org.jboss.as.dependency.private] (MSC service thread
1-2) JBAS018567: Deployment "deployment.keycloak-server.war" is using a
private module ("org.codehaus.jackson.jackson-mapper-asl:main") which may
be changed or removed in future versions without notice.
13:17:06,256 WARN [org.jboss.as.dependency.private] (MSC service thread
1-2) JBAS018567: Deployment "deployment.keycloak-server.war" is using a
private module ("org.codehaus.jackson.jackson-mapper-asl:main") which may
be changed or removed in future versions without notice.
13:17:06,474 ERROR [org.jboss.as.controller.management-operation]
(management-handler-thread - 1) JBAS014613: Operation ("deploy") failed -
address: ([("deployment" => "keycloak-server.war")]) - failure description:
{"JBAS014771: Services with missing/unavailable dependencies" =>
["jboss.naming.context.java.module.auth.auth.DefaultDataSource is missing
[jboss.naming.context.java.jboss.datasources.ExampleDS]"]}
13:17:06,477 ERROR [org.jboss.as.server] (management-handler-thread - 1)
JBAS015870: Deploy of deployment "keycloak-server.war" was rolled back with
the following failure message: {"JBAS014771: Services with
missing/unavailable dependencies" =>
["jboss.naming.context.java.module.auth.auth.DefaultDataSource is missing
[jboss.naming.context.java.jboss.datasources.ExampleDS]"]}
13:17:06,526 INFO [org.hibernate.validator.internal.util.Version] (MSC
service thread 1-2) HV000001: Hibernate Validator 5.1.0.Final
13:17:07,026 INFO [org.jboss.as.server.deployment] (MSC service thread
1-8) JBAS015877: Stopped deployment keycloak-server.war (runtime-name:
keycloak-server.war) in 548ms
13:17:07,040 INFO [org.jboss.as.controller] (management-handler-thread -
1) JBAS014774: Service status report
JBAS014775: New missing/unsatisfied dependencies:
service
jboss.deployment.unit."keycloak-server.war".component."com.sun.faces.config.ConfigureListener".CREATE
(missing) dependents: [service
jboss.deployment.unit."keycloak-server.war".component."com.sun.faces.config.ConfigureListener".START]
service
jboss.deployment.unit."keycloak-server.war".component."com.sun.faces.config.ConfigureListener".JndiBindingsService
(missing) dependents: [service
jboss.deployment.unit."keycloak-server.war".jndiDependencyService]
service
jboss.deployment.unit."keycloak-server.war".component."com.sun.faces.config.ConfigureListener".START
(missing) dependents: [service
jboss.deployment.unit."keycloak-server.war".deploymentCompleteService,
service
jboss.undertow.deployment.default-server.default-host./auth.UndertowDeploymentInfoService]
service
jboss.deployment.unit."keycloak-server.war".component."javax.faces.webapp.FacetTag".JndiBindingsService
(missing) dependents: [service
jboss.deployment.unit."keycloak-server.war".jndiDependencyService]
service
jboss.deployment.unit."keycloak-server.war".component."javax.faces.webapp.FacetTag".START
(missing) dependents: [service
jboss.deployment.unit."keycloak-server.war".deploymentCompleteService,
service
jboss.undertow.deployment.default-server.default-host./auth.UndertowDeploymentInfoService,
service jboss.undertow.deployment.default-server.default-host./auth]
service
jboss.deployment.unit."keycloak-server.war".component."javax.servlet.jsp.jstl.tlv.PermittedTaglibsTLV".CREATE
(missing) dependents: [service
jboss.deployment.unit."keycloak-server.war".component."javax.servlet.jsp.jstl.tlv.PermittedTaglibsTLV".START]
service
jboss.deployment.unit."keycloak-server.war".component."javax.servlet.jsp.jstl.tlv.PermittedTaglibsTLV".JndiBindingsService
(missing) dependents: [service
jboss.deployment.unit."keycloak-server.war".jndiDependencyService]
service
jboss.deployment.unit."keycloak-server.war".component."javax.servlet.
10 years, 7 months
Replacing ExampleDS database is much more difficult
by Dean Peterson
I have changed the database many times in the past to point to a real
database such as ms-sql and mysql. However, I am not able to figure out
how to do that with the latest versions. It seems there are multiple
persistence.xml files buried in the lib directory rather than in the
auth-server.war or keycloak-server project. Even though I modify
keycloak-server.json file to point to my container managed datasource, when
I start the server I keep getting the same error about missing the default
ExampleDS datasource. What changed? The documentation seems to be quite
outdated.
10 years, 7 months
Issue with login-config KEYCLOAK
by Graeme Collis
I have the Keycloak auth war successfully running and have been able to create Realms, Users, Apps.
I now want to redirect the login from webapp to Keycloak.
I have followed the instructions to add the JBoss Adapter here:-
http://docs.jboss.org/keycloak/docs/1.0-beta-4/userguide/html/ch07.html#d...
I am using JBoss EAP 6.1
I added the modules by unzipping the adapters into ${JBOSS_HOME}/modules
I have updated the standalone.xml files to add the extension
<extension module="org.keycloak.keycloak-as7-subsystem"/>
I have added the subsystem
<subsystem xmlns="urn:jboss:domain:keycloak:1.0"/>
I have added the security domain
<security-domain name="keycloak">
<authentication>
<login-module code="org.keycloak.adapters.jboss.KeycloakLoginModule" flag="required"/>
</authentication>
</security-domain>
Yet my webapp won't deploy as it cannot find KEYCLOAK.
JBWEB001034: Cannot configure an authenticator for method KEYCLOAK
<login-config>
<auth-method>KEYCLOAK</auth-method>
<realm-name>demo</realm-name>
</login-config>
I have also used Keycloak to create the keycloak.json and put it in my WEB-INF folder.
Any ideas on the steps I may have missed.
Thanks,
Graeme
10 years, 7 months
Adding Extra Account Attributes/Fields
by Clifton Lee
Hi, quick question: is it possible to add custom account attributes (e.g. internal employee number, assigned-department) through the interface? Or would I have to somehow modify the IDToken class to add these extra attributes?
Thanks and Keycloak looks great.
*******************************************************************************
The views, opinions, and judgments expressed in this message are solely those of the author. The message contents have not been reviewed or approved by the UFT Welfare Fund.
*******************************************************************************
10 years, 7 months
Problem deploying JBoss AS 7 with beta 4
by Rodrigo Sasaki
Hi, I'm trying to deploy my web application, linking to a keycloak in
another server, this used to work until I deployed beta 4 on it.
The error I get is not very clear:
13:20:55,153 INFO [org.keycloak.adapters.as7.KeycloakAuthenticatorValve]
(MSC service thread 1-12) **** using /WEB-INF/keycloak.json
13:20:55,160 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-12)
MSC00001: Failed to start service jboss.web.deployment.default-host./:
org.jboss.msc.service.StartException in service
jboss.web.deployment.default-host./: *JBAS018040: Failed to start context*
at
org.jboss.as.web.deployment.WebDeploymentService.start(WebDeploymentService.java:95)
at
org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1811)
[jboss-msc-1.0.2.GA.jar:1.0.2.GA]
at
org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1746)
[jboss-msc-1.0.2.GA.jar:1.0.2.GA]
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
[rt.jar:1.7.0_60]
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
[rt.jar:1.7.0_60]
at java.lang.Thread.run(Thread.java:745) [rt.jar:1.7.0_60]
Is this something that is known? I think it might have something to do with
the *ssl-required* value on keycloak.json that has changed, but I'm not
sure.
--
Rodrigo Sasaki
10 years, 7 months
Setting up Postgresql Database with OpenShift
by Steven Pousty
Is there documentation or description about how to add Postgresql as the
database behind Keycloak on OpenShift?
Do I just add a postgresql cart and then treat it the same as the other
instructions?
Thanks
Steve
10 years, 7 months