February 2016 - keycloak-user - Jboss List Archives

by Bill Simakis

I have a web app using the spring security adapter which I have successfully integrated for the authentication/Authorization with KeyCloak. We wanted to make the user's life a little easier by providing a link within our app to allow an authenticated user to go to their Account page in KeyCloak. As this link is realm specific, is there a way we could get the url dynamically? Thanks Bill

8 years, 10 months

2
1
0 / 0

1.8.1.Final SQL error

by Paul Blair

I've just installed Keycloak 1.8.1.Final in a clean environment with a new Postgres database instance. I'm getting an error on startup that the column direct_grants_only does not exist on the CLIENT table. When I log in to the database I can confirm it's not there; otherwise the tables all seem to be set up, and the CLIENT table does have a direct_access_grants_enabled column. I've verified that the server is running WildFly 10.0.0.Final and that all the Keycloak jars under ./modules/system/layers/base/org/keycloak/keycloak-core/main are 1.8.1.Final. I've diffed all the config files where we made changes against older versions of Keycloak and applied them to 1.8.1.Final, and nothing seems relevant. Also odd is that I have two Keycloak instances running in two separate Docker containers and that I only see this error in one of them. They were both created at the same time by Terraform in exactly the same way. Any idea what this might be coming from? 17:04:30,706 INFO [org.keycloak.services.resources.KeycloakApplication] (ServerService Thread Pool -- 50) Load config from /opt/jboss/wildfly/standalone/configuration/keycloak-server.json 17:04:33,048 INFO [org.keycloak.connections.jpa.updater.liquibase.LiquibaseJpaUpdaterProvider] (ServerService Thread Pool -- 50) Updating database 17:04:43,154 ERROR [org.keycloak.connections.jpa.updater.liquibase.LiquibaseJpaUpdaterProvider] (ServerService Thread Pool -- 50) Change Set META-INF/jpa-changelog-1.2.0.Final.xml::1.2.0.Final::keycloak failed. Error: ERROR: column "direct_grants_only" does not exist Position: 59 [Failed SQL: UPDATE public.CLIENT SET DIRECT_GRANTS_ONLY = FALSE WHERE DIRECT_GRANTS_ONLY is null]: liquibase.exception.DatabaseException: ERROR: column "direct_grants_only" does not exist Position: 59 [Failed SQL: UPDATE public.CLIENT SET DIRECT_GRANTS_ONLY = FALSE WHERE DIRECT_GRANTS_ONLY is null] at liquibase.executor.jvm.JdbcExecutor$ExecuteStatementCallback.doInStatement(JdbcExecutor.java:316) at liquibase.executor.jvm.JdbcExecutor.execute(JdbcExecutor.java:55) at liquibase.executor.jvm.JdbcExecutor.execute(JdbcExecutor.java:122) at liquibase.database.AbstractJdbcDatabase.execute(AbstractJdbcDatabase.java:1247) at liquibase.database.AbstractJdbcDatabase.executeStatements(AbstractJdbcDatabase.java:1230) at liquibase.changelog.ChangeSet.execute(ChangeSet.java:548) at liquibase.changelog.visitor.UpdateVisitor.visit(UpdateVisitor.java:51) at liquibase.changelog.ChangeLogIterator.run(ChangeLogIterator.java:73) at liquibase.Liquibase.update(Liquibase.java:210) at liquibase.Liquibase.update(Liquibase.java:190) at liquibase.Liquibase.update(Liquibase.java:186) at org.keycloak.connections.jpa.updater.liquibase.LiquibaseJpaUpdaterProvider.update(LiquibaseJpaUpdaterProvider.java:84) at org.keycloak.connections.jpa.DefaultJpaConnectionProviderFactory.lazyInit(DefaultJpaConnectionProviderFactory.java:153) at org.keycloak.connections.jpa.DefaultJpaConnectionProviderFactory.create(DefaultJpaConnectionProviderFactory.java:42) at org.keycloak.connections.jpa.DefaultJpaConnectionProviderFactory.create(DefaultJpaConnectionProviderFactory.java:30) at org.keycloak.services.DefaultKeycloakSession.getProvider(DefaultKeycloakSession.java:103) at org.keycloak.models.jpa.JpaRealmProviderFactory.create(JpaRealmProviderFactory.java:34) at org.keycloak.models.jpa.JpaRealmProviderFactory.create(JpaRealmProviderFactory.java:16) at org.keycloak.services.DefaultKeycloakSession.getProvider(DefaultKeycloakSession.java:103) at org.keycloak.models.cache.infinispan.DefaultCacheRealmProvider.getDelegate(DefaultCacheRealmProvider.java:61) at org.keycloak.models.cache.infinispan.DefaultCacheRealmProvider.getMigrationModel(DefaultCacheRealmProvider.java:43) at org.keycloak.migration.MigrationModelManager.migrate(MigrationModelManager.java:21) at org.keycloak.services.resources.KeycloakApplication.migrateModel(KeycloakApplication.java:139) at org.keycloak.services.resources.KeycloakApplication.<init>(KeycloakApplication.java:82) at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) at java.lang.reflect.Constructor.newInstance(Constructor.java:408) at org.jboss.resteasy.core.ConstructorInjectorImpl.construct(ConstructorInjectorImpl.java:150) at org.jboss.resteasy.spi.ResteasyProviderFactory.createProviderInstance(ResteasyProviderFactory.java:2209) at org.jboss.resteasy.spi.ResteasyDeployment.createApplication(ResteasyDeployment.java:299) at org.jboss.resteasy.spi.ResteasyDeployment.start(ResteasyDeployment.java:240) at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.init(ServletContainerDispatcher.java:113) at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.init(HttpServletDispatcher.java:36) at io.undertow.servlet.core.LifecyleInterceptorInvocation.proceed(LifecyleInterceptorInvocation.java:117) at org.wildfly.extension.undertow.security.RunAsLifecycleInterceptor.init(RunAsLifecycleInterceptor.java:78) at io.undertow.servlet.core.LifecyleInterceptorInvocation.proceed(LifecyleInterceptorInvocation.java:103) at io.undertow.servlet.core.ManagedServlet$DefaultInstanceStrategy.start(ManagedServlet.java:231) at io.undertow.servlet.core.ManagedServlet.createServlet(ManagedServlet.java:132) at io.undertow.servlet.core.DeploymentManagerImpl.start(DeploymentManagerImpl.java:526) at org.wildfly.extension.undertow.deployment.UndertowDeploymentService.startContext(UndertowDeploymentService.java:101) at org.wildfly.extension.undertow.deployment.UndertowDeploymentService$1.run(UndertowDeploymentService.java:82) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) at org.jboss.threads.JBossThread.run(JBossThread.java:320) Caused by: org.postgresql.util.PSQLException: ERROR: column "direct_grants_only" does not exist Position: 59 at org.postgresql.core.v3.QueryExecutorImpl.receiveErrorResponse(QueryExecutorImpl.java:2198) at org.postgresql.core.v3.QueryExecutorImpl.processResults(QueryExecutorImpl.java:1927) at org.postgresql.core.v3.QueryExecutorImpl.execute(QueryExecutorImpl.java:255) at org.postgresql.jdbc2.AbstractJdbc2Statement.execute(AbstractJdbc2Statement.java:561) at org.postgresql.jdbc2.AbstractJdbc2Statement.executeWithFlags(AbstractJdbc2Statement.java:405) at org.postgresql.jdbc2.AbstractJdbc2Statement.execute(AbstractJdbc2Statement.java:397) at org.jboss.jca.adapters.jdbc.WrappedStatement.execute(WrappedStatement.java:198) at liquibase.executor.jvm.JdbcExecutor$ExecuteStatementCallback.doInStatement(JdbcExecutor.java:314) ... 47 more

8 years, 10 months

1
0
0 / 0

OpenShift cartridge - steps to follow?

by Simon Gordon

Hi all Sorry if this is a simple one, I'm struggling with OpenShift and the cartridge instructions -- Option 1 -- I've followed the steps at: http://docs.jboss.org/keycloak/docs/1.2.0.CR1/userguide/html/openshift.html Which points to http://cartreflect-claytondev.rhcloud.com/github/keycloak/openshift-keycl... I guessed the URL was <host>/auth (although no output told me that), but admin/admin login isn't working. This cartridge I used a few months ago and I did manage to get this working - but now, no luck logging in -- Option 2 -- There is also, the older docs at: http://docs.jboss.org/keycloak/docs/1.0-alpha-1/userguide/html/openshift.... Which says to use: https://raw.githubusercontent.com/keycloak/openshift-keycloak-cartridge/m... This seems to lead to an 'empty' WildFly app server - at least, I can't find a URL to launch which actually provides a KeyCloak instance and no output from creating the instance which gives a hint I feel I'm missing something, although I'm following the guidance on the pages. Any hints please anyone? Cheers, Simon

8 years, 10 months

2
2
0 / 0

Problems when using Javascript Adapter

by LEONARDO NUNES

Hi, I'm having a problem when using the Javascript Adapter with an application deployed on Tomcat 7 at localhost:8088 and using Keycloak 1.8.0.CR3 on localhost:8080. I get the following error at the browser console when trying to call the keycloak.loadUserProfile() method. XMLHttpRequest cannot load http://localhost:8080/auth/realms/demo/account. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:8088' is therefore not allowed access. The response had HTTP status code 403. And this when I try to call keycloak.loadUserProfile() method. XMLHttpRequest cannot load http://localhost:8080/auth/realms/demo/protocol/openid-connect/userinfo. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:8088' is therefore not allowed access. The response had HTTP status code 403. Details: - If I don't login using keycloak.login() and just navigate to a restricted page configured at the web.xml and login, after i'm redirected to the restricted page if I try to call keycloak.loadUserProfile() I get the same error. - If I login using keycloak.login() and then call keycloak.loadUserProfile() or keycloak.loadUserProfile() it works. - If I navigate to another page and try to call keycloak.loadUserProfile() or keycloak.loadUserProfile() I get the same error. - It only works right after I login, if I navigate to another page it won't work anymore. This is my keycloak.json file { "realm": "demo", "realm-public-key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB", "auth-server-url": "http://localhost:8080/auth", "ssl-required": "external", "resource": "accounts-teste", "public-client": true, "enable-cors": true } -- Leonardo Nunes ________________________________ Esta mensagem pode conter informa??o confidencial e/ou privilegiada. Se voc? n?o for o destinat?rio ou a pessoa autorizada a receber esta mensagem, n?o poder? usar, copiar ou divulgar as informa??es nela contidas ou tomar qualquer a??o baseada nessas informa??es. Se voc? recebeu esta mensagem por engano, por favor avise imediatamente o remetente, respondendo o e-mail e em seguida apague-o. Agradecemos sua coopera??o. This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation

8 years, 10 months

4
6
0 / 0

NullPointerException - Authenticator - Cookie

by marso＠gmx.at

8 years, 10 months

1
0
0 / 0

How to find reference user guide for older verrsion

by Libor Krzyzanek

hi, I cannot find a link to reference guide for 1.8.0.Final http://keycloak.jboss.org/docs.html <http://keycloak.jboss.org/docs.html> shows only 1.9.0.CR1 which doesn’t have the version in the URL. Thanks, Libor Krzyžanek jboss.org Development Team

8 years, 10 months

2
2
0 / 0

Add custom protocol mapper

by Edgar Vonk - Info.nl

Hi, We want to write our own custom protocol mapper where we add custom dynamic user attributes to the JWT tokens by querying our custom database. However if I not mistaken there is no SPI for adding custom mappers? How would we go about adding our own protocol mapper most easily? cheers Edgar

8 years, 10 months

2
4
0 / 0

Reset password flow

by Mohan.Radhakrishnan＠cognizant.com

Hi, I have some details about a password change flow would work in OAuth. But my knowledge of it is scanty. Can I ask how the general procedure works ? 1. There is a identity service endpoint. Is this token endpoint unique for a client ? So here client is the AngularJS SPA that requests the bearer token. 2. This endpoint needs a current valid bearer token/clien ID/Client secret How is the password sent and updated using this flow ? Thanks, Mohan This e-mail and any files transmitted with it are for the sole use of the intended recipient(s) and may contain confidential and privileged information. If you are not the intended recipient(s), please reply to the sender and destroy all copies of the original message. Any unauthorized review, use, disclosure, dissemination, forwarding, printing or copying of this email, and/or any action taken in reliance on the contents of this e-mail is strictly prohibited and may be unlawful. Where permitted by applicable law, this e-mail and other e-mail communications sent to and from Cognizant e-mail addresses may be monitored.

8 years, 10 months

1
0
0 / 0

Cordova + Keycloak + Native Facebook login

by Renann Prado

Is Keycloak supporting native facebook already? I found at least 2 two-year old threads talking about native facebook login, but none of them seem to have a solution. Renann Prado

8 years, 10 months

2
1
0 / 0

Course and Fine Grained Entitlements

by Lars Noldan

We're in the investigation stage on moving from a $BigExpensiveVendor solution toward keycloak, and we're looking for a solution to help manage both Course and Fine grained entitlements. Keycloak appears to be a fantastic authentication solution, but I'm wondering what are you, the keycloak community using to handle Authorization? Thanks!

8 years, 10 months

5
4
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

keycloak-user February 2016