Does keycloak SAML sp support encryption?
by Arulkumar Ponnusamy
I have enabled encryption on keycloak-saml file.. However i dont see any
encryption happened on SAML request.. Similarly. When idp sends encrypted
response, keycloak sp couldn't handle and throwing null pointer exception..
Is it a defect?.. M using HTTP POST binding..
8 years, 10 months
Re: [keycloak-user] spring-security-adapter on wildfly: How?
by Andrey Saroul
I had the same issue.
I missed the spring security initializer and so springSecurityFilterChain
was not registered.
I added this class in my app, and then all security worked just fine
public class SecurityWebApplicationInitializer
extends AbstractSecurityWebApplicationInitializer {
}
And by the way, no web.xml required at all if you use annotation config.
8 years, 10 months
No LDAP Group Attribute mapper in Keycloak?
by Edgar Vonk - Info.nl
Hi,
If I am correct there is no LDAP Group Attribute mapper in Keycloak right? There is a User Attribute mapper and there is a Group Mapper but group attributes in LDAP cannot be synched to and from Keycloak at the moment?
I guess it should not be too hard to write an LDAP Group Attribute mapper should we want to?
cheers
8 years, 10 months
Obtain client name inside email-verification.ftl
by LEONARDO NUNES
Hi, I would like to know if there's a way to get the Client Name at the email-verification.ftl, I tried to use client.name but it didn't work.
How can I find the variables available to use at the email template?
<html>
<body>
${msg("emailVerificationBodyHtml",link, linkExpiration, realmName, client.name)}
</body>
</html>
--
Leonardo Nunes
________________________________
Esta mensagem pode conter informa??o confidencial e/ou privilegiada. Se voc? n?o for o destinat?rio ou a pessoa autorizada a receber esta mensagem, n?o poder? usar, copiar ou divulgar as informa??es nela contidas ou tomar qualquer a??o baseada nessas informa??es. Se voc? recebeu esta mensagem por engano, por favor avise imediatamente o remetente, respondendo o e-mail e em seguida apague-o. Agradecemos sua coopera??o.
This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation
8 years, 10 months
Is there a REST Admin API to initiate the Reset Password flow?
by Lohitha Chiranjeewa
Hi,
There are a few clients of ours who use the Direct Grants API to
authenticate their users. A requirement has come up to provide the Reset
Password flow to those clients. From what I've checked and gathered,
there's no REST API to initiate this flow (sending the Keycloak password
reset email + resetting the password through the UI); only way to do is
through the browser.
If it's actually there somewhere, can someone point me to it?
Regards,
Lohitha.
8 years, 10 months
password forgotten - override UpdatePasswd required action (v 1.7.0)
by Adrian Matei
Hi guys,
in the UpdatePassword class we need to modify the string values that come
from formData
so that there are not "password-new" but "passwordNew" (JS conform as we've
build the GUI with AngularJS on top of Freemarker actions):
https://github.com/keycloak/keycloak/blob/de472dbd43dd2767afb3436835f7792...
We've created our own CustomUpdatePassword (similar with the class above
except the two lines and own id -UPDATE_PASSWORD_CUSTOM) and tried to hook
it in our own custom ResetPassword class:
@Override
public void authenticate(AuthenticationFlowContext context) {
if (context.getExecution().isRequired() ||
(context.getExecution().isOptional() &&
configuredFor(context))) {
context.getClientSession().addRequiredAction(CustomUpdatePassword.UPDATE_PASSWORD_CUSTOM);
}
context.success();
}
The custom classes are registered in META-INF services and everything, and
we can add the custom reset password execution in the Reset Credentials
workflow...
The result is a NPE in AuthenticationManager by trying to get the
providerId from the model
RequiredActionProviderModel model =
realm.getRequiredActionProviderByAlias(action);
RequiredActionFactory factory =
(RequiredActionFactory)session.getKeycloakSessionFactory().getProviderFactory(RequiredActionProvider.class,
model.getProviderId());
I am tired and cannot look through anymore, so your advice is more than
welcomed...
Thanks,
Adrian
8 years, 10 months
Social login error message
by Martin Min
Hello, I am configuring the social login with google, twitter and github.
Everything else works fine until this point, namely, after it's authorized,
at the "update account information" page, after I fill out the fields on
this page, clicked the "submitted" and I received this error message.
What could cause this? I followed the instruction carefully, but not sure
what caused this.
Context Path:
/auth
Servlet Path:
Path Info:
/realms/myproject/login-actions/first-broker-login
Query String:
code=Rp6yjxlbY0_IIjk8_-IpyOy_x8m_hC0d8zz4t-hp7vI.9ea99589-bf8d-4a13-930a-c58661dfb925
*Stack Trace*
java.lang.RuntimeException: request path:
/auth/realms/myproject/login-actions/first-broker-login
org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:75)
io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132)
io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:85)
io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58)
io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:72)
io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76)
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:282)
io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:261)
io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:80)
io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:172)
io.undertow.server.Connectors.executeRootHandler(Connectors.java:199)
io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:774)
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
java.lang.Thread.run(Thread.java:745)
Caused by: org.jboss.resteasy.spi.UnhandledException:
java.lang.NoClassDefFoundError:
org/keycloak/broker/provider/BrokeredIdentityContext
8 years, 10 months
KC1.8 failing realm merge/upgrade ?
by Hristo Stoyanov
Hi all,
I ma trying to install KC1.8.Final over a previous KC1.7 installation
backed by Postgres. I use template files to bootstrap my realm:
36 -rw-r--r-- 1 root root 36806 Feb 1 05:50 FinancialApps-realm.json
40 -rw-r--r-- 1 root root 39545 Feb 1 05:50 master-realm.json
4 -rw-r--r-- 1 root root 709 Feb 1 05:50 master-users-0.json
4 -rw-r--r-- 1 root root 77 Feb 1 05:50 version.json
and I use the import facility:
-Dkeycloak.migration.action=import \
-Dkeycloak.migration.provider=dir \
-Dkeycloak.migration.dir={{wildfly_home}}/keycloak \
-Dkeycloak.migration.strategy=IGNORE_EXISTING
Below is the exception I get. I understand that I can wipe out my Postgress
database and have a clean import, but I thought the import was careful
enough to check for duplicate keys???
=================================================================
Caused by: org.keycloak.models.ModelDuplicateException:
javax.persistence.PersistenceException:
org.hibernate.exception.ConstraintViolationException: could not execute
statement
at
org.keycloak.connections.jpa.PersistenceExceptionConverter.convert(PersistenceExceptionConverter.java:40)
at
org.keycloak.connections.jpa.PersistenceExceptionConverter.invoke(PersistenceExceptionConverter.java:34)
at com.sun.proxy.$Proxy83.flush(Unknown Source)
at org.keycloak.models.jpa.JpaUserProvider.addUser(JpaUserProvider.java:61)
at
org.keycloak.models.cache.infinispan.DefaultCacheUserProvider.addUser(DefaultCacheUserProvider.java:267)
at
org.keycloak.models.utils.RepresentationToModel.createUser(RepresentationToModel.java:1168)
at
org.keycloak.exportimport.util.ImportUtils.importUsers(ImportUtils.java:191)
at
org.keycloak.exportimport.util.ImportUtils.importUsersFromStream(ImportUtils.java:175)
at
org.keycloak.exportimport.dir.DirImportProvider$4.runExportImportTask(DirImportProvider.java:121)
at
org.keycloak.exportimport.util.ExportImportSessionTask.run(ExportImportSessionTask.java:18)
at
org.keycloak.models.utils.KeycloakModelUtils.runJobInTransaction(KeycloakModelUtils.java:267)
at
org.keycloak.exportimport.dir.DirImportProvider.importRealm(DirImportProvider.java:117)
at
org.keycloak.exportimport.dir.DirImportProvider.importModel(DirImportProvider.java:55)
at
org.keycloak.exportimport.ExportImportManager.runImport(ExportImportManager.java:69)
at
org.keycloak.services.resources.KeycloakApplication.<init>(KeycloakApplication.java:107)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:422)
at
org.jboss.resteasy.core.ConstructorInjectorImpl.construct(ConstructorInjectorImpl.java:150)
... 19 more
Caused by: javax.persistence.PersistenceException:
org.hibernate.exception.ConstraintViolationException: could not execute
statement
at
org.hibernate.jpa.spi.AbstractEntityManagerImpl.convert(AbstractEntityManagerImpl.java:1692)
at
org.hibernate.jpa.spi.AbstractEntityManagerImpl.convert(AbstractEntityManagerImpl.java:1602)
at
org.hibernate.jpa.spi.AbstractEntityManagerImpl.convert(AbstractEntityManagerImpl.java:1608)
at
org.hibernate.jpa.spi.AbstractEntityManagerImpl.flush(AbstractEntityManagerImpl.java:1303)
at sun.reflect.GeneratedMethodAccessor300.invoke(Unknown Source)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:497)
at
org.keycloak.connections.jpa.PersistenceExceptionConverter.invoke(PersistenceExceptionConverter.java:32)
... 37 more
Caused by: org.hibernate.exception.ConstraintViolationException: could not
execute statement
at
org.hibernate.exception.internal.SQLStateConversionDelegate.convert(SQLStateConversionDelegate.java:112)
at
org.hibernate.exception.internal.StandardSQLExceptionConverter.convert(StandardSQLExceptionConverter.java:42)
at
org.hibernate.engine.jdbc.spi.SqlExceptionHelper.convert(SqlExceptionHelper.java:109)
at
org.hibernate.engine.jdbc.spi.SqlExceptionHelper.convert(SqlExceptionHelper.java:95)
at
org.hibernate.engine.jdbc.internal.ResultSetReturnImpl.executeUpdate(ResultSetReturnImpl.java:207)
at
org.hibernate.engine.jdbc.batch.internal.NonBatchingBatch.addToBatch(NonBatchingBatch.java:45)
at
org.hibernate.persister.entity.AbstractEntityPersister.insert(AbstractEntityPersister.java:2886)
at
org.hibernate.persister.entity.AbstractEntityPersister.insert(AbstractEntityPersister.java:3386)
at
org.hibernate.action.internal.EntityInsertAction.execute(EntityInsertAction.java:89)
at org.hibernate.engine.spi.ActionQueue.executeActions(ActionQueue.java:560)
at org.hibernate.engine.spi.ActionQueue.executeActions(ActionQueue.java:434)
at
org.hibernate.event.internal.AbstractFlushingEventListener.performExecutions(AbstractFlushingEventListener.java:337)
at
org.hibernate.event.internal.DefaultFlushEventListener.onFlush(DefaultFlushEventListener.java:39)
at org.hibernate.internal.SessionImpl.flush(SessionImpl.java:1282)
at
org.hibernate.jpa.spi.AbstractEntityManagerImpl.flush(AbstractEntityManagerImpl.java:1300)
... 41 more
*Caused by: org.postgresql.util.PSQLException: ERROR: duplicate key value
violates unique constraint "uk_ru8tt6t700s9v50bu18ws5ha6"*
* Detail: Key (realm_id, username)=(master, admin) already exists.*
at
org.postgresql.core.v3.QueryExecutorImpl.receiveErrorResponse(QueryExecutorImpl.java:2182)
at
org.postgresql.core.v3.QueryExecutorImpl.processResults(QueryExecutorImpl.java:1911)
at
org.postgresql.core.v3.QueryExecutorImpl.execute(QueryExecutorImpl.java:173)
at
org.postgresql.jdbc2.AbstractJdbc2Statement.execute(AbstractJdbc2Statement.java:645)
at
org.postgresql.jdbc2.AbstractJdbc2Statement.executeWithFlags(AbstractJdbc2Statement.java:495)
at
org.postgresql.jdbc2.AbstractJdbc2Statement.executeUpdate(AbstractJdbc2Statement.java:441)
at sun.reflect.GeneratedMethodAccessor295.invoke(Unknown Source)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:497)
at
org.postgresql.ds.jdbc23.AbstractJdbc23PooledConnection$StatementHandler.invoke(AbstractJdbc23PooledConnection.java:453)
at com.sun.proxy.$Proxy84.executeUpdate(Unknown Source)
at
org.jboss.jca.adapters.jdbc.WrappedPreparedStatement.executeUpdate(WrappedPreparedStatement.java:537)
at
org.hibernate.engine.jdbc.internal.ResultSetReturnImpl.executeUpdate(ResultSetReturnImpl.java:204)
8 years, 10 months
add-user-keycloak.sh in 1.8.0.Final
by Paul Blair
I'm noticing the 1.8.0.Final overlay contains a script named add-user-keycloak.sh but the reference guide only mentions add-user.sh. Should this script be used instead of add-user.sh?
8 years, 10 months
