Social Account Linking support in Keycloak.
by Revanth Ayalasomayajula
Hi,
I have an application secured using keycloak 1.5. I have a situation where
in an user is registered using a social login(say facebook). Now if i
login the user using another social login(say google+) using the same email
address as the former social login(fb) it say's that the user is already
registered and gives an error. Is there any way to link two accounts that
use the same email address but from two different social accounts or Is
there a way in which keycloak recognizes the email address and the log's in
the respective user.
Thanks.
9 years, 3 months
Custom theme - modifying HTML files
by Maciej Szewczykowski
Hi,
I'd like to create a custom admin theme which would contain some additional controls (buttons) which, when clicked, would redirect user to some external address.
Creating a theme itself is rather easy and well documented. The problem is that I can't seem to be able to modify the HTML page of my choice - in my case it is role-mappings.html page where the additional button should be placed. Modification of the page simply doesn't seem to take any effect (although page caching is switched off).
I'm using demo v. 1.4.0
Would be very grateful for any tips on how to achieve this.
Best Regards,
Maciej Szewczykowski
Java Developer
________________________________
T +44 01628 539 800
E firstname.lastname(a)pjmedia.co.uk
PJ Media Limited,
Plac Wolności 21, 05-825
Grodzisk Mazowiecki, Warsaw, Poland
[Brandpath]<http://www.brandpath.com/>
PJ MEDIA LIMITED | Registered in England and Wales no. 04946760 | Registered Office: Network House, Third Avenue, Globe Park, Marlow, Buckinghamshire, SL7 1EY, United Kingdom | Web site: http://www.pjmedia.co.uk
The contents of this message and any attachments to it are confidential and may be legally privileged. If you have received this message in error you should delete it from your system immediately and advise the sender. To any recipient of this message within PJ Media, unless otherwise stated, you should consider this message and attachments as PJ Media confidential.
PJ MEDIA LIMITED,
Registered in England no. 04946760
Address: Network House, Third Avenue, Globe Park, Marlow, SL7 1EY, United Kingdom
9 years, 3 months
Support for Implicit Flow
by Raghuram Prabhala
Hi Keycloak Dev team,
When can we expect support for Implicit flow and OpenID Connect certification for keycloak?
Thanks,Raghu
9 years, 3 months
Login by mobile number.
by Revanth Ayalasomayajula
Hi all,
I have an application that is secured by Keycloak. I am able to login using
username/email and password. I also want to implement login via phone
number. Could anybody help me how to store the phone number for a user and
also how to use it to login the user.
9 years, 3 months
UT010039: Unknown authentication mechanism KEYCLOAK
by Hristo Stoyanov
Hi all
I am getting the below message with KeyCloak 1.5.0/WF9.0.1 overlay
installation. My configuration file looks exactly the same as the stock
one, e.g:
<extensions>
...
<extension module="org.keycloak.keycloak-server-subsystem"/>
...
</extensions>
...
<profile>
...
<subsystem xmlns="urn:jboss:domain:keycloak-server:1.1">
<web-context>auth</web-context>
</subsystem>
</profile>
The module jars are properly put in the WF folders
My web.xml also seems right too:
=========================================
<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee
http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
version="3.1">
<!-- Default page to serve -->
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
<!-- This error page rule responds with the GWT Host page for
pushstate Errai Navigation URLs -->
<error-page>
<error-code>404</error-code>
<location>/</location>
</error-page>
<!-- Erray Keycloak security -->
<filter>
<filter-name>ErraiLoginRedirectFilter</filter-name>
<init-param>
<param-name>redirectLocation</param-name>
<param-value>/index_draft.jsp</param-value>
</init-param>
</filter>
<!-- JAX-RS configuration-->
<servlet-mapping>
<servlet-name>javax.ws.rs.core.Application</servlet-name>
<url-pattern>/rest/*</url-pattern>
</servlet-mapping>
<filter-mapping>
<filter-name>ErraiUserCookieFilter</filter-name>
<url-pattern>/index_draft.jsp</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>ErraiLoginRedirectFilter</filter-name>
<url-pattern>/app-login</url-pattern>
</filter-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>Login</web-resource-name>
<url-pattern>/app-login</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>KEYCLOAK</auth-method>
<realm-name>whatever</realm-name>
</login-config>
<security-role>
<role-name>user</role-name>
</security-role>
<security-role>
<role-name>admin</role-name>
</security-role>
</web-app>
I can access the KC admin console and configure realms/users/roles no
problem in the WF 9.0.1 server.* I am out of ideas of what could be causing
it. Any hints? Thanks*
=============================
11:47:54,444 ERROR [org.jboss.msc.service.fail] (ServerService Thread Pool
-- 78) MSC000001: Failed to start service
jboss.undertow.deployment.default-server.de
fault-host./draft: org.jboss.msc.service.StartException in service
jboss.undertow.deployment.default-server.default-host./draft:
java.lang.RuntimeException: jav
a.lang.RuntimeException: UT010039: Unknown authentication mechanism KEYCLOAK
at
org.wildfly.extension.undertow.deployment.UndertowDeploymentService$1.run(UndertowDeploymentService.java:85)
at java.util.concurrent.Executors$RunnableAdapter.call(Unknown
Source)
at java.util.concurrent.FutureTask.run(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown
Source)
at java.lang.Thread.run(Unknown Source)
at org.jboss.threads.JBossThread.run(JBossThread.java:320)
Caused by: java.lang.RuntimeException: java.lang.RuntimeException:
UT010039: Unknown authentication mechanism KEYCLOAK
at
io.undertow.servlet.core.DeploymentManagerImpl.deploy(DeploymentManagerImpl.java:224)
at
org.wildfly.extension.undertow.deployment.UndertowDeploymentService.startContext(UndertowDeploymentService.java:100)
at
org.wildfly.extension.undertow.deployment.UndertowDeploymentService$1.run(UndertowDeploymentService.java:82)
... 6 more
Caused by: java.lang.RuntimeException: UT010039: Unknown authentication
mechanism KEYCLOAK
at
io.undertow.servlet.core.DeploymentManagerImpl.setupSecurityHandlers(DeploymentManagerImpl.java:326)
at
io.undertow.servlet.core.DeploymentManagerImpl.deploy(DeploymentManagerImpl.java:200)
... 8 more
11:47:54,471 ERROR [org.jboss.as.controller.management-operation]
(management-handler-thread - 2) WFLYCTL0013: Operation ("deploy") failed -
address: ([("deploy
ment" => "draft.war")]) - failure description: {"WFLYCTL0080: Failed
services" =>
{"jboss.undertow.deployment.default-server.default-host./draft" =>
"org.jboss.
msc.service.StartException in service
jboss.undertow.deployment.default-server.default-host./draft:
java.lang.RuntimeException: java.lang.RuntimeException: UT01
0039: Unknown authentication mechanism KEYCLOAK
Caused by: java.lang.RuntimeException: java.lang.RuntimeException:
UT010039: Unknown authentication mechanism KEYCLOAK
Caused by: java.lang.RuntimeException: UT010039: Unknown authentication
mechanism KEYCLOAK"}}
11:47:54,478 ERROR [org.jboss.as.server] (management-handler-thread - 2)
WFLYSRV0021: Deploy of deployment "draft.war" was rolled back with the
following failur
e message:
{"WFLYCTL0080: Failed services" =>
{"jboss.undertow.deployment.default-server.default-host./draft" =>
"org.jboss.msc.service.StartException in service jboss.und
ertow.deployment.default-server.default-host./draft:
java.lang.RuntimeException: java.lang.RuntimeException: UT010039: Unknown
authentication mechanism KEYCLOAK
Caused by: java.lang.RuntimeException: java.lang.RuntimeException:
UT010039: Unknown authentication mechanism KEYCLOAK
Caused by: java.lang.RuntimeException: UT010039: Unknown authentication
mechanism KEYCLOAK"}}
11:47:54,488 INFO [org.jboss.as.jpa] (ServerService Thread Pool -- 79)
WFLYJPA0011: Stopping Persistence Unit (phase 2 of 2) Service
'draft.war#s4g'
9 years, 3 months
Search by client roles & search by custom attributes
by Remi Cartier
Hey there,
Question 1:
I was wondering if there was an existing mechanism to fetch users that have some specific client roles.
My scenario is this one. As a SSO provider, different applications (clients) are created in Keycloak.
A specific user can have roles for some of those clients.
If, in one of my application, I want to list all the users that ‘belongs’ to me (that have roles for my application) how do I do that ?
I don’t want to list all the users and they filter them by some criteria, that would be a very inefficient way to do it. (CPU + Bandwidth)
Question 2:
In the search REST admin endpoint, is there a mechanism to filter on specific custom attributes ?
for example. I created a language attribute for a user. I now want to list all my users with custom attribute language=FR for example, how do I do that ?
Syntax could be :
/search?attribute1=language&value1=FR or
/search?attribute_language=FR
Thank for your time and great work.
Sorry if those questions have already been asked (if so, please, simply point me to some reference without repeating yourself)
Cheers !
________________________________
REMI CARTIER
B.O.S.S. (Business & Operation Support Systems) P.O (Product Owner)
IMETRIK GLOBAL INC.
T : +1 514 448-6407 x2009
T : +1 866 276-5382 (toll free)
F : +1 514 904-0611
740 Notre Dame St. West, Suite 1575
Montreal, Quebec, Canada H3C 3X6
imetrik.com<http://www.imetrik.com/>
9 years, 3 months
Hash Algorithm
by Remi Cartier
Hey guys,
I will have to migrate from a custom in house user management system to keycloak.
We are using this algorithm to store salted/hashed password :
public static String hashPassword(String password, String salt) {
try {
KeySpec keySpec = new PBEKeySpec(password.toCharArray(), salt.getBytes(), 2048, 160);
SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
byte[] hash = secretKeyFactory.generateSecret(keySpec).getEncoded();
return new BigInteger(1, hash).toString(16);
} catch (Exception x) {
throw new IllegalStateException(x);
}
}
I was wondering, in order to ease the migration, if I could configure keycloak to use the same hash algorithm ?
Or if there was any other ways ? Like maybe a federation provider, but then comes the question when to push things into keycloak, at password change ?
What do you think ?
Sincerely.
________________________________
REMI CARTIER
B.O.S.S. (Business & Operation Support Systems) P.O (Product Owner)
IMETRIK GLOBAL INC.
T : +1 514 448-6407 x2009
T : +1 866 276-5382 (toll free)
F : +1 514 904-0611
740 Notre Dame St. West, Suite 1575
Montreal, Quebec, Canada H3C 3X6
imetrik.com<http://www.imetrik.com/>
9 years, 3 months
