Call back URI after Registration.
by Revanth Ayalasomayajula
Hi all,
I am using Keycloak 1.5.0 to secure my application and wanted to know if it
is possible to have a call back uri after the user registers sucessfully
which performs some action and then keycloak redirects it to the respective
page.
Thanks.
10 years
SAML IdP Mapping
by Matthew Woolnough
I have added a SAML IdP and can successfully authenticate.
I have also added some mappings to map assertions in the SAML token to
database fields.
I can see that the SAML token is in the POST back to keycloak contains the
assertions i am after, but nothing is appearing in Keycloak.
How do I go about debugging this scenario? I'm new to the product. I've
switched to DEBUG mode, but I'm not seeing anything definitive.
Thanks,
Matthew
10 years
MultiTenancy / MultiRealms
by Sascha Skorupa
Hi,
we want to authenticate users from different realms in one client/application. We looked at the multitenancy example but there the realms are distinguished by the requested URL. In our case the users send tokens to the application from different issuers. Is there any recommendation how to handle this?
Cheers,
sascha
10 years
Problems when changing ID of a federated LDAP user.
by Kevin Thorpe
We changed the uid of an LDAP user to bring it into line with our policy on
user
ids. This has broken the federation because of the id change. I'm not sure
how
to work round this but can we at least have some form of notification
outside of
the application logs?
Message in logs:
10/26/2015 4:20:30 PM [0m [31m16:20:30,439 ERROR
[org.keycloak.federation.ldap.LDAPFederationProviderFactory] (default
task-45) Failed during import user from LDAP:
org.keycloak.models.ModelDuplicateException: Can't import user 'will.cross'
from LDAP because email 'will(a)pibenchmark.com' already exists in Keycloak.
Existing user with this email is 'will_cross'
*Kevin Thorpe*
CTO
www.p-i.net | @PI_150 <https://twitter.com/@PI_150>
10 years
UserFederationProvider CredentialValidationOutput validCredentials and close method never called
by alex orl
I'm using jboss keycloak 1.5 final version.I developed my custom user federation provider interfacing with keycloak properties and my user enterprise database.
My need is to send up to user the login interface custom error messages based on particular specific error related to my legacy user db.
I saw keycloak themes have a resources folder by which i can localize and add new messages. Then i can reference them by angular js using
$myMessage
notation. The problem is i want to rise up a message from keycloak server. My user federation provider implements UserFederationProvider interface. So i should have to override:
@Override public CredentialValidationOutput validCredentials(RealmModel realm, UserCredentialModel credential) { LOGGER.info("validCredentials(realm, credential)"); return CredentialValidationOutput.failed(); }
In the UserFederationProvider interface i read that validCredentials :Validate credentials of unknown user. The authenticated user is recognized based on provided credentials and returned back in CredentialValidationOutput
It seems to be the method i was looking for just because CredentialValidationOutput contains custom messages to be sent as validation output. The problem is this method is never called.
The same happens to the close method. It's never called at the end of each request so i cannot dispose my objectsWhy?
Thanks a lot
10 years
Re: [keycloak-user] set session cookie domain?
by keycloak-user.myq@xoxy.net
My goal is to have several web services (which reside at sub1.domain.com,
sub2.domain.com, etc.) all redirect users to auth.domain.com for login.
When a user is logged in and visits one of the web services, the web
service should be able to get the user's identity from a claim signed by
the authentication service (keycloak). The only way I know of to do this is
to pass a claim in a cookie.
Ideally, the web service should be able to verify the identity claim
without needing to emit an HTTP request to the auth service (by verifying
the signature against the realm's public key).
Is keycloak the right choice for this? and if not, do you have any
recommendations?
On Mon, Oct 26, 2015 at 9:49 AM, Marek Posolda - mposolda(a)redhat.com <
keycloak-user.myq.aa3199607d.mposolda#redhat.com(a)ob.0sg.net> wrote:
> This doesn't seem to be supported. Question is why you need it? All the
> cookies like KEYCLOAK_IDENTITY are set by keycloak server and it's just the
> keycloak server, which is supposed to read them.
>
> Marek
>
> On 26/10/15 14:26, keycloak-user.myq(a)xoxy.net wrote:
>
> Hello. How can I set the domain of session cookies?
>
> I want to run keycloak at auth.mydomain.com and get the session cookies
> (for SSO) at other subdomains of mydomain.com.
>
> Browsers will allow sub.domain.com to set cookies for domain.com, but I
> can't figure out how to get Keycloak to do this.
>
> Thanks in advance!
>
>
> _______________________________________________
> keycloak-user mailing listkeycloak-user@lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
10 years
Re: [keycloak-user] Exception loading Keycloak modules in Wildfly 9.0
by Marko Strukelj
Checking the documentation for our examples I realise it needs a lot of
improvement, and it's especially out of date for the demo :/
So here are the full command line instructions that work for me. If you're
on windows you'll have to translate some of these commands into CLI /
PowerShell.
Since you are only trying to install adapter I assume you want to run
Keycloak server separately from your content server, but the demo works
out-of-the box only when server and protected content are deployed in the
same Wildfly instance. The instructions here configure server part
separately from the client part, but within the same Wildfly instance.
So here we go ...
Download Wildfly 9.0.1, Keycloak Server, Keycloak Wildfly 9 Adapter, and
Keycloak Examples. Use Google to find the Download pages ...
mkdir keycloak
cd keycloak
unzip ~/Downloads/wildfly-9.0.1.Final.zip
cd wildfly-9.0.1.Final
unzip ~/Downloads/keycloak-overlay-1.6.0.Final.zip
unzip ~/Downloads/keycloak-wf9-adapter-dist-1.6.0.Final.zip
(press 'A' for All when ask if you want to overwrite existing files -
adapter and server overlay contain some of the same modules, since each has
to be fully functional by itself)
Now we should open and edit standalone/configuration/standalone.xml to
configure the server (and adapter) part, but we can also configure it
directly through shell using jboss-cli tool:
bin/jboss-cli.sh
embed-server
/subsystem=datasources/data-source=KeycloakDS/:add(connection-url="jdbc:h2:${jboss.server.data.dir}/keycloak;AUTO_SERVER=TRUE",driver-name=h2,jndi-name=java:jboss/datasources/KeycloakDS,password=sa,user-name=sa,use-java-context=true)
/subsystem=infinispan/cache-container=keycloak:add(jndi-name="infinispan/Keycloak")
/subsystem=infinispan/cache-container=keycloak/local-cache=realms:add()
/subsystem=infinispan/cache-container=keycloak/local-cache=users:add()
/subsystem=infinispan/cache-container=keycloak/local-cache=sessions:add()
/subsystem=infinispan/cache-container=keycloak/local-cache=loginFailures:add()
/extension=org.keycloak.keycloak-server-subsystem/:add(module=org.keycloak.keycloak-server-subsystem)
/subsystem=keycloak-server:add(web-context=auth)
quit
The configuration changes will be saved to standalone.xml file.
We can do the same in order to configure the adapter part:
bin/jboss-cli.sh
embed-server
/extension=org.keycloak.keycloak-adapter-subsystem/:add(module=org.keycloak.keycloak-adapter-subsystem)
/subsystem=keycloak:add()
quit
Again the changes will be saved to standalone.xml file.
Keycloak is now ready to run, but let's build, and deploy the demo, so that
when we run Wildfly everything will be set up already.
Unpack, and build the demo:
cd ..
unzip ~/Downloads/keycloak-examples-1.6.0.Final.zip
cd keycloak-examples-1.6.0.Final/
cd preconfigured-demo/
mvn clean install
Deploy by copying to deployments dir:
cp database-service/target/database.war
../../wildfly-9.0.1.Final/standalone/deployments/
cp customer-app/target/customer-portal.war
../../wildfly-9.0.1.Final/standalone/deployments/
cp product-app/target/product-portal.war
../../wildfly-9.0.1.Final/standalone/deployments/
We also need to load into Keycloak server the demo realm that contains
roles, users, and application clients for our demo to work. We can do this
while starting up Keycloak server.
cd ../..
cd wildfly-9.0.1.Final
bin/standalone.sh -Dkeycloak.migration.action=import
-Dkeycloak.migration.provider=singleFile
-Dkeycloak.migration.realmName=demo
-Dkeycloak.migration.file=../keycloak-examples-1.6.0.Final/preconfigured-demo/testrealm.json
Next time you start up Wildfly only use:
bin/standalone.sh
Otherwise you'll get an exception during startup notifying you that the
'demo' realm can't be imported, as it already exists!
Your Wildfly running Keycloak server, and the content apps (our demo,
composed of customer-portal.war, product-portal.war, and database.war) is
now ready for use. You can go to:
http://localhost:8080/customer-portal
and click around. When prompted for login, use 'bburke(a)redhat.com' as a
username, and 'password' as a password.
Let me know if these instructions still don't work for you.
- marko
On Thu, Oct 22, 2015 at 9:51 PM, Vijay Bhadriraju <vbhadrir(a)us.ibm.com>
wrote:
> Thanks, Marco. I was able to move forward by using the latest adapter you
> pointed me to. I was able to bring up the Wildfly 9.0 server with the
> adapter installed and was able to install the Customer-Portal and
> Product-Portal example apps successfully. But, when I install the Database
> example app, I get the following error. Any tips on how to resolve this
> error ? Thanks.
>
> 15:39:28,922 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-5)
> MSC000001: Failed
> to start service jboss.deployment.unit.database.POST_MODULE:
> org.jboss.msc.service.StartE
> xception in service jboss.deployment.unit.database.POST_MODULE:
> WFLYSRV0153: Failed to pro
> cess phase POST_MODULE of deployment "database"
> at
> org.jboss.as.server.deployment.DeploymentUnitPhaseService.start(DeploymentUnitP
> haseService.java:163)
> at
> org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceContr
> ollerImpl.java:1948)
> at
> org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl
> .java:1881)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown
> Source)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown
> Source)
> at java.lang.Thread.run(Unknown Source)
> Caused by:
> org.jboss.as.server.deployment.DeploymentUnitProcessingException:
> WFLYRS0006: C
> ould not load JAX-RS Application class
> at
> org.jboss.as.jaxrs.deployment.JaxrsScanningProcessor.scan(JaxrsScanningProcesso
> r.java:205)
> at
> org.jboss.as.jaxrs.deployment.JaxrsScanningProcessor.deploy(JaxrsScanningProces
> sor.java:101)
> at
> org.jboss.as.server.deployment.DeploymentUnitPhaseService.start(DeploymentUnitP
> haseService.java:156)
> ... 5 more
> Caused by: java.lang.ClassNotFoundException:
> org.keycloak.example.oauth.DataApplication fr
> om [Module "deployment.database:main" from Service Module Loader]
> at
> org.jboss.modules.ModuleClassLoader.findClass(ModuleClassLoader.java:205)
> at
> org.jboss.modules.ConcurrentClassLoader.performLoadClassUnchecked(ConcurrentCla
> ssLoader.java:455)
> at
> org.jboss.modules.ConcurrentClassLoader.performLoadClassChecked(ConcurrentClass
> Loader.java:404)
> at
> org.jboss.modules.ConcurrentClassLoader.performLoadClass(ConcurrentClassLoader.
> java:385)
> at
> org.jboss.modules.ConcurrentClassLoader.loadClass(ConcurrentClassLoader.java:13
> 0)
> at
> org.jboss.as.jaxrs.deployment.JaxrsScanningProcessor.scan(JaxrsScanningProcesso
> r.java:201)
> ... 7 more
>
> 15:39:28,937 ERROR [org.jboss.as.controller.management-operation]
> (management-handler-thre
> ad - 5) WFLYCTL0013: Operation ("add") failed - address: ({"deployment" =>
> "database"}) -
> failure description: {"WFLYCTL0080: Failed services" =>
> {"jboss.deployment.unit.database.P
> OST_MODULE" => "org.jboss.msc.service.StartException in service
> jboss.deployment.unit.data
> base.POST_MODULE: WFLYSRV0153: Failed to process phase POST_MODULE of
> deployment \"databas
> e\"
> Caused by:
> org.jboss.as.server.deployment.DeploymentUnitProcessingException: WFLYRS000
> 6: Could not load JAX-RS Application class
> Caused by: java.lang.ClassNotFoundException:
> org.keycloak.example.oauth.DataApplicatio
> n from [Module \"deployment.database:main\" from Service Module Loader]"}}
> 15:39:28,953 ERROR [org.jboss.as.server] (management-handler-thread - 5)
> WFLYSRV0021: Depl
> oy of deployment "database" was rolled back with the following failure
> message:
> {"WFLYCTL0080: Failed services" =>
> {"jboss.deployment.unit.database.POST_MODULE" => "org.j
> boss.msc.service.StartException in service
> jboss.deployment.unit.database.POST_MODULE: WFL
> YSRV0153: Failed to process phase POST_MODULE of deployment \"database\"
> Caused by:
> org.jboss.as.server.deployment.DeploymentUnitProcessingException: WFLYRS000
> 6: Could not load JAX-RS Application class
> Caused by: java.lang.ClassNotFoundException:
> org.keycloak.example.oauth.DataApplicatio
> n from [Module \"deployment.database:main\" from Service Module Loader]"}}
> 15:39:28,953 INFO [org.jboss.as.server.deployment] (MSC service thread
> 1-1) WFLYSRV0028:
> Stopped deployment database (runtime-name: database) in 11ms
> 15:39:28,953 INFO [org.jboss.as.controller] (management-handler-thread -
> 5) WFLYCTL0183:
> Service status report
> WFLYCTL0186: Services which failed to start: service
> jboss.deployment.unit.database
> .POST_MODULE
>
> Regards, Vijay
>
>
>
>
> From: Marko Strukelj <mstrukel(a)redhat.com>
> To: Vijay Bhadriraju/Raleigh/IBM@IBMUS
> Cc: keycloak-user <keycloak-user(a)lists.jboss.org>
> Date: 10/22/2015 12:47 PM
> Subject: Re: [keycloak-user] Exception loading Keycloak modules in
> Wildfly 9.0
> ------------------------------
>
>
>
> Use the latest keycloak-wf9-adapter-dist from the download site:
> *http://keycloak.jboss.org/keycloak/downloads.html?dir=0%3Dadapters/keycloak-oidc%3B*
> <http://keycloak.jboss.org/keycloak/downloads.html?dir=0%3Dadapters/keyclo...>
>
> You're trying to use latest config syntax with an old version that uses a
> different kind of config, and is outdated.
>
> On Thu, Oct 22, 2015 at 6:02 PM, Vijay Bhadriraju <*vbhadrir(a)us.ibm.com*
> <vbhadrir(a)us.ibm.com>> wrote:
> I am getting the following exception after unzipping the
> keycloak-wildfly-adapter-dist-1.1.0.Final.zip into the WildFly 9.0 server
> and configuring the standalone.xml file with the following lines as
> described in the keycloak documentation. I have tried this with Wildfly
> 10.0 version also and get the same error.
>
> <server xmlns="urn:jboss:domain:1.4">
> <extensions>
> *<extension module="org.keycloak.keycloak-adapter-subsystem"/>*
> ...
> </extensions>
> <profile>
> *<subsystem xmlns="urn:jboss:domain:keycloak:1.1"/>*
> ...
> </profile>
>
> How do I resolve this keycloak module loading exception?
>
>
> 11:35:36,018 ERROR [org.jboss.as.server] (Controller Boot Thread)
> WFLYSRV0055: Caught exce
> ption during boot:
> org.jboss.as.controller.persistence.ConfigurationPersistenceException:
> WFLYCTL0085: Failed to parse configuration
> at
> org.jboss.as.controller.persistence.XmlConfigurationPersister.load(XmlConfigura
> tionPersister.java:131) [wildfly-controller-2.0.0.CR7.jar:2.0.0.CR7]
> at org.jboss.as.server.ServerService.boot(ServerService.java:356)
> [wildfly-server-
> 2.0.0.CR7.jar:2.0.0.CR7]
> at
> org.jboss.as.controller.AbstractControllerService$1.run(AbstractControllerServi
> ce.java:299) [wildfly-controller-2.0.0.CR7.jar:2.0.0.CR7]
> at java.lang.Thread.run(Unknown Source) [rt.jar:1.8.0_65]
> Caused by: javax.xml.stream.XMLStreamException: WFLYCTL0083: Failed to
> load module org.key
> cloak.keycloak-adapter-subsystem
> at
> org.jboss.as.controller.parsing.ExtensionXml.parseExtensions(ExtensionXml.java:
> 155) [wildfly-controller-2.0.0.CR7.jar:2.0.0.CR7]
> at
> org.jboss.as.server.parsing.StandaloneXml_4.readServerElement(StandaloneXml_4.j
> ava:220) [wildfly-server-2.0.0.CR7.jar:2.0.0.CR7]
> at
> org.jboss.as.server.parsing.StandaloneXml_4.readElement(StandaloneXml_4.java:14
> 3) [wildfly-server-2.0.0.CR7.jar:2.0.0.CR7]
> at
> org.jboss.as.server.parsing.StandaloneXml.readElement(StandaloneXml.java:69)
> [w
> ildfly-server-2.0.0.CR7.jar:2.0.0.CR7]
> at
> org.jboss.as.server.parsing.StandaloneXml.readElement(StandaloneXml.java:47)
> [w
> ildfly-server-2.0.0.CR7.jar:2.0.0.CR7]
> at
> org.jboss.staxmapper.XMLMapperImpl.processNested(XMLMapperImpl.java:110)
> [staxm
> apper-1.2.0.Final.jar:1.2.0.Final]
> at
> org.jboss.staxmapper.XMLMapperImpl.parseDocument(XMLMapperImpl.java:69)
> [staxma
> pper-1.2.0.Final.jar:1.2.0.Final]
> at
> org.jboss.as.controller.persistence.XmlConfigurationPersister.load(XmlConfigura
> tionPersister.java:123) [wildfly-controller-2.0.0.CR7.jar:2.0.0.CR7]
> ... 3 more
> Caused by: java.util.concurrent.ExecutionException:
> javax.xml.stream.XMLStreamException: W
> FLYCTL0083: Failed to load module
> at java.util.concurrent.FutureTask.report(Unknown Source)
> [rt.jar:1.8.0_65]
> at java.util.concurrent.FutureTask.get(Unknown Source)
> [rt.jar:1.8.0_65]
> at
> org.jboss.as.controller.parsing.ExtensionXml.parseExtensions(ExtensionXml.java:
> 147) [wildfly-controller-2.0.0.CR7.jar:2.0.0.CR7]
> ... 10 more
> Caused by: javax.xml.stream.XMLStreamException: WFLYCTL0083: Failed to
> load module
> at
> org.jboss.as.controller.parsing.ExtensionXml.loadModule(ExtensionXml.java:196)
> [wildfly-controller-2.0.0.CR7.jar:2.0.0.CR7]
> at
> org.jboss.as.controller.parsing.ExtensionXml.access$000(ExtensionXml.java:69)
> [
> wildfly-controller-2.0.0.CR7.jar:2.0.0.CR7]
> at
> org.jboss.as.controller.parsing.ExtensionXml$1.call(ExtensionXml.java:127)
> [wil
> dfly-controller-2.0.0.CR7.jar:2.0.0.CR7]
> at
> org.jboss.as.controller.parsing.ExtensionXml$1.call(ExtensionXml.java:124)
> [wil
> dfly-controller-2.0.0.CR7.jar:2.0.0.CR7]
> at java.util.concurrent.FutureTask.run(Unknown Source)
> [rt.jar:1.8.0_65]
> at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown
> Source) [rt.jar:1.8.0
> _65]
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown
> Source) [rt.jar:1.8.
> 0_65]
> at java.lang.Thread.run(Unknown Source) [rt.jar:1.8.0_65]
> at org.jboss.threads.JBossThread.run(JBossThread.java:320) [
> *jboss-threads-2.2.1.Fi* <http://jboss-threads-2.2.1.fi/>
> nal.jar:2.2.1.Final]
> Caused by: org.jboss.modules.ModuleNotFoundException:
> org.keycloak.keycloak-adapter-subsys
> tem:main
> at
> org.jboss.modules.ModuleLoader.loadModule(ModuleLoader.java:236)
> [jboss-modules
> .jar:1.4.4.Final]
> at
> org.jboss.as.controller.parsing.ExtensionXml.loadModule(ExtensionXml.java:178)
> [wildfly-controller-2.0.0.CR7.jar:2.0.0.CR7]
> ... 8 more
>
> Regards, Vijay
>
>
> _______________________________________________
> keycloak-user mailing list
> *keycloak-user(a)lists.jboss.org* <keycloak-user(a)lists.jboss.org>
> *https://lists.jboss.org/mailman/listinfo/keycloak-user*
> <https://lists.jboss.org/mailman/listinfo/keycloak-user>
>
>
>
10 years
Choose redirection url of immediate login after a required change of password
by Fabio Monteiro
Hi,
after an reset passwrod email is sent to the user and the user clicked on this email, he does enter its password 2 times. He is then invinted to click on a link "Back to application" and ten authenticates himself on the keycloak login screen. All ok.
BUT he is then redirect by default (it seems) to the page here:
http://localhost:8080/auth/realms/master/account/
Which is in the keycloak webapp.
Is there a way to change it ? I tried to put some redirects in the initial url values but it didn't seem to work.
Any help? Thanks a lot for your time !
Fabio Monteiro
10 years
