Can not logout with RESTFul API
by Mai Zi
Hi, We are using the version 1.1.0 final. According to the doc, to logout current user, we call the method:
/admin/realms/{realm}/users/{username}/logout
We got the name as session.getIdToken.getName()
but get an 404 error.
We are not sure what we missed.
Any help will be appreciated.
Mai
9 years, 4 months
FaceBook Social Login
by Travis De Silva
Hi,
I notice that now Facebook returns only id and name fields in user info by
default, if you need other fields, you have to define these fields in your
request. E.g in the request parameter pass:
fields=id,name,email,first_name,last_name
If you look at the KeyCloak FacebookIdentityProvider class, I don't see
these parameters getting passed.
Do others also see this behaviour or is it only me as there seems to be a
lot of issues others have faced with Facebook getting the email due to
various other reasons not just limited to privacy issues.
Cheers
Travis
9 years, 4 months
Picketlink SP Filter
by Chen Keong Yap
Hi Guys,
Can keycloak 1.1.0 support Picketlink SP Filter Version 2.5.3 SP 10?
--
Best regards, CK Yap
Technology Consultant [image: iZeno Pte Ltd] <http://www.izeno.com/> *iZeno
Pte Ltd* | 72 Bendemeer Road Luzerne #05-28 Singapore 339941
M (65) 90666701 | T (65) 6100 2788 | www.izeno.com [image: facebook]
<https://www.facebook.com/iZenoPL> Oracle Certified Professional (OCP) |
PSMB Certified Train The Trainer [image: iZeno Pte Ltd]
<http://www.izeno.com/> This communication contains information which may
be confidential or privileged. The information is intended solely for the
use of the individual or entity named above. If you are not the intended
recipient, be aware that any disclosure, copying, distribution or use of
the contents of this information is prohibited. If you have received this
communication in error, please notify me by telephone immediately.
9 years, 5 months
Extending KeyCloak
by Mitya
Hi,
I'm wondering is it possible to extend KeyCloak the following way:
1) add custom entity type (ex., hardware token);
2) provide custom GUI to manage that entities;
3) define custom authentication mechanism (say, OATH HOTP).
So, is this possible with current KeyCloak? Does it provide any plugin-
like architecture, like, for example, Atlassian Crowd?
Thx
9 years, 5 months
KeyCloak and identity management for Java EE
by Mitya
Hi,
We are assessing several auth/IDM/SSO solutions for our project (an
enterprise Java EE application with REST services and WebSocket
endpoints). Initially, we leaned towards PicketLink, but recently I've
been advised several times to prefer KeyCloak instead. I'm still
hesitant because PicketLink offers a concise, well-architectured,
JavaEE-integrated IDM API that suits our needs perfectly. Imagine that
you need to:
1) identify currently logged-in user and retrieve his common
attributes (like name, email, photo etc.);
2) determine the user's roles and groups;
3) enumerate users of any given role/group, or perform more
sophisticated user search.
With PicketLink, all the above is done quite straightforward, using
Identity/IdentityManager/PartitionManager/RelationshipManager classes.
Yet, I didn't figure out how to implement the same with KeyCloak.
Any help appreciated. Thanks!
9 years, 5 months
Problem switching to application-level roles
by Orestis Tsakiridis
Hi,
I'm trying to switch realm-level to application-level roles with no
success. To isolate the issue i decided to try on the example customer-app
and database-service applications and see how it goes. No luck again.
Here is what i do and fails:
1. I'm using keycloak 1.2.0.Final
2. I've added "use-resource-role-mappings"->true to keycloak json of both
customer-app and database-service app.
3. I edited 'customer-portal' and 'database-service' clients and added a
'user' application level role.
4. I edited bburke(a)redhat.com user. Removed the realm-level 'user' role and
added 'user' application-level roles for customer-portal and
database-service clients.
After i login and try to see customers listing i get a 'Forbidden'
response. If i add 'user' realm-level role to bburke(a)redhat.com everything
works normally as if use-resource-role-mapping was ignored.
Any ideas ?
Is there any additional action i should perform ?
9 years, 5 months
Re: [keycloak-user] Application level roles don't work for web.xml restrictions
by Orestis Tsakiridis
False alarm!
i finally managed to make it work. Behaviour is normal. I was probably
missing sth.
On Wed, Aug 26, 2015 at 9:01 AM, Orestis Tsakiridis <
orestis.tsakiridis(a)telestax.com> wrote:
> Hello,
>
> Is there any example/documentation on using application roles and the
> "use-resource-role-mappings" property? It seems that they are ignored at
> the JEE level (meaning the roles have no effect when i apply restriction
> through web.xml).
>
> I've been trying to test application roles on the database-service
> example. I added "use-resource-role-mappings" property and enabled
> DirectAccessGrant to manually get a token. I also assigned the
> database-service:'user' role to bburke user and removed the realm-level
> 'user' role.When trying to access the /customers (as bburke) i keep getting
> a 403.
>
> Btw, i've checked the token and it looks perfectly normal. 'user' role is
> there as an application level role.
>
>
> Thanks
>
9 years, 5 months
Spring Adaptor Integration
by Doug Szeto
Hi,
I'm integration keycloak with a Spring project and using your provided spring adaptor with a bearer only rest api.
The documentation is enough to get things working with bearer token validation.
But it is lacking documentation on a few things, may be others have experience with it.
1. When the bearer token is invalid, the logs are spammed with stack traces (as posted below). How do you manage log levels?
2. Can I insert custom code on bad tokens in order to integrate with monitoring? How do others deal with this situation?
Thanks,
-Doug
[ERROR] org.keycloak.adapters.BearerTokenRequestAuthenticator - Failed to verify token
org.keycloak.VerificationException: Token is not active.
at org.keycloak.RSATokenVerifier.verifyToken(RSATokenVerifier.java:46) ~[keycloak-core-1.4.0.Final.jar:1.4.0.Final]
at org.keycloak.RSATokenVerifier.verifyToken(RSATokenVerifier.java:16) ~[keycloak-core-1.4.0.Final.jar:1.4.0.Final]
at org.keycloak.adapters.BearerTokenRequestAuthenticator.authenticateToken(BearerTokenRequestAuthenticator.java:67) ~[keycloak-adapter-core-1.4.0.Final.jar:1.4.0.Final]
at org.keycloak.adapters.BearerTokenRequestAuthenticator.authenticate(BearerTokenRequestAuthenticator.java:62) ~[keycloak-adapter-core-1.4.0.Final.jar:1.4.0.Final]
at org.keycloak.adapters.RequestAuthenticator.authenticate(RequestAuthenticator.java:45) ~[keycloak-adapter-core-1.4.0.Final.jar:1.4.0.Final]
at org.keycloak.adapters.springsecurity.filter.KeycloakAuthenticationProcessingFilter.attemptAuthentication(KeycloakAuthenticationProcessingFilter.java:116) ~[keycloak-spring-security-adapter-1.4.0.Final.jar:1.4.0.Final]
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:211) ~[spring-security-web-3.2.7.RELEASE.jar:3.2.7.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.2.7.RELEASE.jar:3.2.7.RELEASE]
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:110) [spring-security-web-3.2.7.RELEASE.jar:3.2.7.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.2.7.RELEASE.jar:3.2.7.RELEASE]
at org.keycloak.adapters.springsecurity.filter.KeycloakPreAuthActionsFilter.doFilter(KeycloakPreAuthActionsFilter.java:75) [keycloak-spring-security-adapter-1.4.0.Final.jar:1.4.0.Final]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.2.7.RELEASE.jar:3.2.7.RELEASE]
at org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:85) [spring-security-web-3.2.7.RELEASE.jar:3.2.7.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.1.7.RELEASE.jar:4.1.7.RELEASE]
...
9 years, 5 months
Application level roles don't work for web.xml restrictions
by Orestis Tsakiridis
Hello,
Is there any example/documentation on using application roles and the
"use-resource-role-mappings" property? It seems that they are ignored at
the JEE level (meaning the roles have no effect when i apply restriction
through web.xml).
I've been trying to test application roles on the database-service example.
I added "use-resource-role-mappings" property and enabled DirectAccessGrant
to manually get a token. I also assigned the database-service:'user' role
to bburke user and removed the realm-level 'user' role.When trying to
access the /customers (as bburke) i keep getting a 403.
Btw, i've checked the token and it looks perfectly normal. 'user' role is
there as an application level role.
Thanks
9 years, 5 months