keycloak-server.json settings in 1.8.0.Final
by Paul Blair
I'm upgrading from 1.7.0.Final to 1.8.0.Final and when comparing my keycloak-server.json settings I see the following are not there in the newer version:
"userSessions": {
"provider" : "infinispan"
},
"realmCache": {
"provider": "infinispan"
},
"userCache": {
"provider": "infinispan"
},
These may be configurations I added in 1.7.0, but I can't find a reference to them in the 1.8.0.Final reference guide. Are they now obsolete?
9 years, 1 month
spring-security-adapter on wildfly: How?
by Benjamin Moser
Hello
I've been trying to get to work spring security with keycloak on widlfly
for hours.
I follow the instructions as described here:
http://keycloak.github.io/docs/userguide/keycloak-server/html/ch08.html#s...
.
This is my environment:
- Wildfly 9 (not spring-boot)
- Keycloak 1.7
- keycloak-spring-security-adapter in webapplication
- keycloak.json in WEB-INF
- spring-security-xml configuration as described in 8.10.2.2.
- No security config in web.xml
- No keycloak adapter in wildfly
Application starts up fine, spring security configuration seems to be
loaded. But when I directly access a protected resources, the resource is
not protected and I can access it directly. I am not redirected to login on
keycloak. So it seems spring security is not picking up the security
rules...
When I do not use the keycloak-spring-security-adapter and do the security
configuration in web.xml, it works. But then I'm missing the integration
with spring security, and thats what I need...
Any advice is more than welcomed...
Thanks,
Ben
9 years, 1 month
Key cloak Direct Access Grants. How?
by Reed Lewis
I have Keycloak working very well now where it can validate users in its own database, against a legacy database in our company, and from Google and Microsoft. Right now I have been testing with this module for Apache:
https://github.com/pingidentity/mod_auth_openidc
And it works as it should. I can go to a webpage on my webserver, and the complete flow works well. The user is redirected to the login page, then it returns, and my webserver requests a token as it should. :)
What I plan on doing though is securing a mobile App. I cannot find a raw HTTP(s) example of how to make a direct access grant where keycloak well ask the user for credentials, and directly return an jwt? Is this possible, or should I use the two step method (keyclock with redirect => to URL in APP => makes request with code to get the tokens?
Also, does anyone have good standalone python, node.js or even C code to validate a token? I see there are libraries, but I would like to use just openssl if possible.
Thank you,
Reed Lewis
9 years, 1 month
KeycloakConfigResolver vs. unprotected resources
by Bystrik Horvath
Hello,
I have an application that is part of several realms. That's why I
implemented the KeycloakConfigResolver and it works fine.
I observed that the KeycloakConfigResolver implementation gets called even
when unprotected resources of the application are requested. Is there a
(recommended) way how to avoid it? Or do I do something wrong?
Thank you for the answer.
Best regards,
Bystrik
9 years, 1 month
Back to application link is not shown on the success screen after a reset password action
by Edgar Vonk - Info.nl
Hi,
Considering the following scenario:
1/ Admin performs a ‘Reset Action’ on the user from the admin console (Manage - Users - Credentials). In our case an ‘Update password’ action and send the ‘Reset Actions Email’.
2/ User receives the reset action email with a link back to Keycloak.
3/ User follows the link, sets his/her password.
4/ User is now shown a success screen stating "Your account has been updated.” only. There is no link to the application or anything. The user is left on his/her own.
This happens because in AuthenticationManager#nextActionAfterAuthentication the ‘skipLink’ attribute is set to true. This results in the info.ftl template not showing the ‘back to application’ link.
I think in this case the link should be shown however. Otherwise the user has no idea where to go to next. In fact I think the ‘back to application’ link should nearly always be shown. So for now we have simply removed the {{<#if skipLink??>}} check in the info.ftl in our custom email theme. I do wonder why this ‘skipLink’ functionality was built in the first place? Does it not make sense to remove it altogether maybe?
cheers
9 years, 1 month
Realm Certificate from commercial Vendors
by Raghuram Prabhala
I have a question about the Certificate/private key which is generated today by Keycloak. But rather than use that certificate ,is there any way we can use a commercial Certificate from Vendors like Verisign? When that certificate expires, how do we generate/upload a new certificate (lifecycle) and handle the switch over to a new certificate with minimal impact to any of the client who will have to download the new certificate and use it when KC starts using the new one?
9 years, 1 month
Google social login in
by Martin Min
Hi, I am configuring Keycloak google login. On Google Developer Console,
there is a field: Authorized redirect URI with the format: http://
{host}:{port}/auth/realms/{realm}/broker/{provider_alias}.
I am testing my KeyCloak server on my local computer, with IP 127.0.0.1. So
here this IP or "localhost" probably doesn't work in this field. I have to
use a real public IP address. Right? How can I testing social login in
KeyCloak without using a real IP address.
Thank you.
Martin
9 years, 1 month
