Galera Replication and Caching
by Josh Cain
Hi all,
We're running into a problem with a couple of MariaDB instances +
Galera. When I go to add a client on the first Keycloak node/DB (we'll
call it DB01), it add successfully. I can then go to the second
Keycloak Node/DB (call this one DB02) and do not see the client on the
'clients' list. However, if I were to add the same client on DB02, I
get the expected 'client with ID already exists' message. What's more,
if I bounce the Keycloak node that talks to DB02, the client list
populates with the new entry added at DB01.
Was guessing it's some kind of caching issue - is there a setting where
I can alter this behavior?
--
Josh Cain | Software Applications Engineer
Identity and Access
Management
Red Hat
+1 256-452-0150
8 years, 1 month
KeycloakSpringBootConfigResolver not firing under eap 7
by java@neposoft.com
Hi group.
Keycloak Spring boot adapter works fine (driven by application.properties)
under embedded tomcat , running off mvn spring-boot:run.
Packaged into a war and deployed under jboss eap 7 (have installed the
adapters) my rest endpoints are not protected anymore since
KeycloakSpringBootConfigResolver is not wiring all that up.
Anyone noticed this behavior? kecloak* ver 2.2.1
Appreciate
john
8 years, 1 month
Login to Keycloak using API and create KeycloakPrincipal object
by Mariusz Chruscielewski - Info.nl
Hi. We are using Keycloak Tomcat Adapter to secure our webapp, after we access protected resource we are redirected to keycloak and after login we go back to our app. After that, we can get KeycloakPrincipal object from web context (request).
Is there a way to create / get this object without using Tomcat Adapter ? We want to make API call (like http://keycloak/auth/realms/vi/protocol/openid-connect/token) and get (or create manually) this object using AccessTokenResponse (or any other object we can get from API).
Ultimate goal is to login to keycloak like adapter does, but directly from Java, without any interaction from user on keycloak forms.
Is it even possible?
Kind Regards,
Mariusz Chruscielewski
8 years, 1 month
Keycloak live in multiple data centers
by Jeremy Simon
Hi,
Has anyone done deployments of Keycloak in multiple data centers? Any
thoughts, guidance, lessons learned on synchronization, etc? I'm
interested in the whole spectrum from DR and fail-over to other data
centers to well...anything.
jeremy
jeremy(a)jeremysimon.com
8 years, 1 month
Keycloak 2.2.1 Overlay on EAP 6.4.x
by Jeremy Simon
Hi All,
Is Keycloak 2.2.1's overlay supported on JBoss EAP 6.4.x (or
thereabouts)? It appears it's more geared solely for Wildfly. We
noticed the overlay is missing the keycloak specific standalone XML
with SPI configurations. And in the bin directory of the overlay,
there's a keycloak-install.cli which has an 'embed-server' command
that EAP doesn't seem recognize.
Previously we were on 1.7, running on EAP 6.4. We're in the process
of upgrading our custom SPIs and noticed things are a bit different!
Any insight appreciated!
jeremy
jeremy(a)jeremysimon.com
8 years, 1 month
Keycloak Upgrade to 2.2.1
by Mustafa Kuru
Hi,
We are planning to upgrade Keycloak from 1.8.1 to 2.2.1. Is it a good time
to upgrade or should we better wait for the next release?
I know we are far behind the current version but to be sure would like to
know if a newer release coming soon.
thx.
Kind regards.
Mustafa Kuru
8 years, 1 month
About using Spring Boot adapter
by Jari Kuusisto
Hello there, I am using AngularJS client (fronted) and Spring Boot with
Keycloak adapter (backend). In the backend, I am trying to expose a
unprotected (naked) API for the client to use, so I would like to make sure
that keycloak doesn't try to protect it. So I have the following questions
related to using Keycloak with Spring Boot:
1) How the Keycloak intercepts incoming HTTP requests: do incoming requests
come the Spring Boot and at what point the Keycloak comes into the play?
Also, how can I make sure that certain Rest applications are left
unprotected? From the documentation I can see a simple way of protecting
certain URLs, but this brings me to my second question...
2) Where can I find full documentation about all the configuration
possibilities for the Spring Boot Adapter? If I'll have to dive into the
code, could some one kindly point a correct starting point and give
instructions how to learn to extract all of the configuration properties
like "security collections" etc. (see below). The traditional "web.xml" is
quite easy the read and understand, but it isn't one-to-one mapping with
"application.properties" file content. With further info it might be
possible to use Spring Boot's code based configuration methods too.
Thanks in advance, best regards, Jari
--- The current documentation ---
You also need to specify the J2EE security config that would normally go in
the web.xml. Here’s an example configuration:
keycloak.securityConstraints[0].securityCollections[0].name = insecure stuff
keycloak.securityConstraints[0].securityCollections[0].authRoles[0] = admin
keycloak.securityConstraints[0].securityCollections[0].authRoles[0] = user
keycloak.securityConstraints[0].securityCollections[0].patterns[0] =
/insecure
keycloak.securityConstraints[0].securityCollections[1].name = admin stuff
keycloak.securityConstraints[0].securityCollections[1].authRoles[0] = admin
keycloak.securityConstraints[0].securityCollections[1].patterns[0] = /admin
8 years, 1 month
