Generate Social Login Button Link
by LEONARDO NUNES
Hi,
I need to create a button for social login that behaves exactly like the one inside of Keycloak login page.
Below is the Link that was generated for the Facebook button:
http://localhost:8080/auth/realms/facebook-identity-provider-realm/broker...
How can I generate this link?
Is there an API I can call to generate the code parameter?
Is there any other way to add the social login buttons outside of the Keycloak login page?
--
Leonardo Nunes
________________________________
Esta mensagem pode conter informa??o confidencial e/ou privilegiada. Se voc? n?o for o destinat?rio ou a pessoa autorizada a receber esta mensagem, n?o poder? usar, copiar ou divulgar as informa??es nela contidas ou tomar qualquer a??o baseada nessas informa??es. Se voc? recebeu esta mensagem por engano, por favor avise imediatamente o remetente, respondendo o e-mail e em seguida apague-o. Agradecemos sua coopera??o.
This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation
9 years
Add users in integration tests
by Juraci Paixão Kröhling
I'm doing some integration tests for Hawkular and I want to add an user
via this integration test, but I'm having some problems in doing it via
the test itself.
I'm using the Admin Client from org.keycloak:keycloak-admin-client , and
it look like this:
Keycloak adminClient = KeycloakBuilder
.builder()
.realm("master")
.username("admin")
.password("admin")
.serverUrl("${baseURI}/auth")
.clientId(Constants.ADMIN_CLI_CLIENT_ID)
.build();
I then create an UserRepresentation (without credentials), and call:
adminClient.realm("hawkular").users().create(userRepresentation)
I then try to reset the password (or set it in a List of
CredentialRepresentation to the UserRepresentation above):
CredentialRepresentation pass = new CredentialRepresentation()
pass.type = "password"
pass.value = password
pass.temporary = false
adminClient.realm("hawkular").users().usersResource.get(userId).resetPassword(pass)
But this password is not set. At this stage, I'm facing two problems:
1) The first admin request fails, as the admin has a pending action
(reset the password).
2) The user's password is never correctly set. By that I mean that I try
to use the password via the UI, and it reports that the password is
invalid. I then login to the admin console, reset the password (setting
the same as I used in the tests). After this, I can correctly login.
So, my questions:
- What is the recommended approach for adding users in the context of
integration tests?
- If Admin Client is the way to go, what's the correct way to add an
user with a password?
- Juca.
9 years
Re: [keycloak-user] propagating authentication to REST layer
by Tim Dudgeon
So if I understand correctly, if the REST service is running in (for
instance) Tomcat, then I can use the standard Tomcat adapter to protect
it, but use:
"bearer-only" : true
as part of the configuration, as described here:
http://keycloak.github.io/docs/userguide/keycloak-server/html/ch08.html#a...
Also, regarding those options, its not clear to me what public-client
means. Does that mean that there is no authentication at all? e.g.
bypass keycloak completely?
Tim
On 06/01/2016 08:23, Stian Thorgersen wrote:
>
> The rest service doesn't check what client obtained the token only the
> realm/signature and that it contains the required roles.
>
> On 5 Jan 2016 10:20, "Tim Dudgeon" <tdudgeon.ml(a)gmail.com
> <mailto:tdudgeon.ml@gmail.com>> wrote:
>
> On 05/01/2016 07:36, Stian Thorgersen wrote:
>>
>>
>> On 1 January 2016 at 11:52, Tim Dudgeon <tdudgeon.ml(a)gmail.com
>> <mailto:tdudgeon.ml@gmail.com>> wrote:
>>
>> The user docs
>> (http://keycloak.github.io/docs/userguide/keycloak-server/html/Overview.ht...)
>> describe exactly what I'm looking for:
>>> Signed access tokens can also be propagated by REST client
>>> requests within an|Authorization|header. This is great for
>>> distributed integration as applications can request a login
>>> from a client to obtain an access token, then invoke any
>>> aggregated REST invocations to other services using that
>>> access token.
>> I have a web app (in Tomcat) that uses the Keycloak adapter
>> for user authentication.
>> This web app needs to access a REST service, running in a
>> different Tomcat container and I want the REST service to
>> use the same user authentication, but I'm not totally sure
>> about how to go about this.
>> Do I just grab the keycloak token in the header in the web
>> app and add that as a header when calling the REST service,
>> and set the REST service up to use the same Keycloak adapter
>> configuration as the web app?
>>
>>
>> You could or you can get the token from the adapter. Take a look at:
>>
>> https://github.com/keycloak/keycloak/blob/master/examples/demo-template/c...
> Thanks. That's useful.
>
>>
>> What if I want to have other ways to authenticate the REST
>> service (e.g. access from multiple clients)?
>>
>>
>> Not sure what you mean about this
>
> For example, lets assume we have 2 apps, authenticating against
> the same Keycloak realm, but as separate clients.
> Both hit the same REST service and pass through their token to
> that service.
> How is the REST service to authenticate the requests?
> All it really needs to to is check that the tokens are valid and
> come from the expected (keycloak) source, even though the tokens
> were generated for different clients.
> Is there an adapter that handles this?
>
> Tim
>>
>>
>>
>> Tim
>>
>>
>>
>>
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user(a)lists.jboss.org
>> <mailto:keycloak-user@lists.jboss.org>
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org>
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
9 years
Logout multiple webapps of the same realm
by Helder dos S. Alves
Hi.
I have my Keycloak 1.7.0.Final running on port 8080.
I also have an instance of Wildfly 9 running on 8180.
On Wildfly (8180) I have 2 webapps which are clients of the same realm on
Keycloak.
When I logout from one webapp, the other webapp still acts like I'm logged
in, the user data still in the 2nd app's session.
The same happens on Tomcat 7 and 8.
How can I get it to logout (and renew session) every application of the
same realm?
I tried deploying the same webapps on the keycloak wildfly instance (8080)
and it works: When I log out from one app, the other gets its session
renewed.
Thanks in advance.
Helder S. Alves
9 years
User Created Through API Not Logging In
by LEONARDO NUNES
Hi,
I'm using Keycloak admin client version 1.7.0. Final to create users from an external application.
The user is being create without any errors. However, when I try to login the message "Invalid username or password." is shown.
If I go to the console and change the password for the created user and try to login again, then it works.
As you can see below i'm setting the password when creating the user.
Why do I need to change the password for it to work?
I'm also setting the realmRoles, but when I open the user at the console, the realmRoles is not defined for the user.
Keycloak keycloak = Keycloak.getInstance("http://localhost:8080/auth", "demo", "admin", "my-password", "admin-cli");
UserRepresentation user = new UserRepresentation();
user.setUsername("usertest");
user.setFirstName("firsttest");
user.setLastName("lasttest");
user.setEnabled(true);
CredentialRepresentation credential = new CredentialRepresentation();
credential.setType(CredentialRepresentation.PASSWORD);
credential.setValue("123456");
credential.setTemporary(false);
user.setCredentials(Arrays.asList(credential));
List<String> realmRoles = new ArrayList<String>();
realmRoles.add("user");
user.setRealmRoles(realmRoles);
UsersResource userResources = keycloak.realm("demo").users();
userResources.create(user);
--
Leonardo Nunes
________________________________
Esta mensagem pode conter informa??o confidencial e/ou privilegiada. Se voc? n?o for o destinat?rio ou a pessoa autorizada a receber esta mensagem, n?o poder? usar, copiar ou divulgar as informa??es nela contidas ou tomar qualquer a??o baseada nessas informa??es. Se voc? recebeu esta mensagem por engano, por favor avise imediatamente o remetente, respondendo o e-mail e em seguida apague-o. Agradecemos sua coopera??o.
This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation
9 years
Additional jpaConnectionProvider for UserFederation via database
by Matuszak, Eduard
Hello
I am trying to implement a userfederation-provider based on a jpa-connection. My approach was:
According to an additional datasource-defintion for the federated DB in the standalone.xml
<datasource jta="true" jndi-name="java:jboss/datasources/CCPDS" pool-name="CCPDS" enabled="true" use-ccm="true">
<connection-url>jdbc:oracle:thin:@servername:1521:schemaname</connection-url>
..
, I tried to register this datasource as an additional connectionJpa-entry in keycloak-server.json as follows:
..
"connectionsJpa": {
"default": {
"dataSource": "java:jboss/datasources/CCPKCDS",
"databaseSchema": "update"
},
"FED-DB": {
"dataSource": "java:jboss/datasources/CCPDS"
}
},
..
According to these configuration I hoped to be able to establish the appropriate entity manager by coding:
// Get the appropriate entity manager from the KeycloakSession
EntityManager em = session.getProvider(JpaConnectionProvider.class, "FED-DB").getEntityManager();
This did not work, indeed there is still only one (default) JpaConnectionProvider available in the session (JpaConnectionProviderList size is 1):
Set<JpaConnectionProvider> JpaConnectionProviderList = session.getAllProviders(JpaConnectionProvider.class);
My question is: isn't it in principle possible to register a second jpaConnector additionally to the default one or is there something missing or wrong in my approach?
Thanks for any help in advance.
Best regards, Eduard Matuszak
Dr. Eduard Matuszak
Worldline, an atos company
T +49 (211)399 398 63
M +49 (163)166 23 67
F +49(211) 399 22 430
eduard.matuszak(a)atos.net<mailto:eduard.matuszak@atos.net>
Max-Stromeyer-Straße 116
78467 Konstanz
Germany
de.worldline.com<http://worldline.com/de/1/Home.html>
worldline.jobs.de<http://worldline.jobs.de>
facebook.com/WorldlineKarriere<http://www.facebook.com/WorldlineKarriere>
Worldline GmbH
Geschäftsführer: Wolf Kunisch
Aufsichtsratsvorsitzender: Christophe Duquenne
Sitz der Gesellschaft: Frankfurt/Main
Handelsregister: Frankfurt/Main HRB 40 417
* * * * * * * * L E G A L D I S C L A I M E R * * * * * * * *
This e-mail and the documents attached are confidential and intended solely for the addressee; it may also be privileged. If you receive this e-mail by error, please notify the sender immediately and destroy it. As its integrity cannot be secured on the internet, the Atos group liability cannot be triggered for the message content. Although the sender endeavors to maintain a computer virus-free network, the sender does not warrant that this transmission is virus-free and shall not be liable for any damages resulting from any virus transmitted.
* * * * * * * * L E G A L D I S C L A I M E R * * * * * * * *
9 years
keycloak training / consulting
by Steve Favez
Hi,
just wondering if
1. someone is providing / will provide some training for keycloak (so,
please contact me asap)
2. if there're already some people providing consulting (dev and so on) on
keycloak (also, please contact me asap)
3. is Jboss / redhat looking to provide some support for keycloak
In my point of view, it would be the next step to get a "wider" adoption of
this amazing SSO solution.
Thanks
Steve
9 years
[Migration] 1.3.1 -> 1.7.0
by Pavel Maslov
Hi guys,
I would like to migrate from 1.3.1 to the latest version. Will it be
possible to just export a json file at Keycloak boot and then import it in
the same way for the new version?
*1.3.1* : $ /opt/jboss/keycloak/bin/standalone.sh
-Dkeycloak.migration.action=export
-Dkeycloak.migration.provider=singleFile
-Dkeycloak.migration.file=kc_1.3.1.json
*1.7.0* : $ /opt/jboss/keycloak/bin/standalone.sh
-Dkeycloak.import=kc_1.3.1.json
Will this work?
Thanks!
Regards,
Pavel Maslov, MS
9 years
