Proxying SAML Login
by Sarp Kaya
Hi,
I have looked around but couldn't find what I was looking for.
What I want to do is when user wants to login with IDP I still want the user to login via Keycloak UI and I want Keycloak to proxy the IDP. What makes sense to me is to have something like a new client which will use OpenID and then this client would proxy it to the IDP itself. Is this possible? If so then how can I do it?
8 years, 9 months
H2 with tcp configuration
by Alessandro Segatto
Hi, when i configure keycloak to use a datasource usingi h2 over tcp (
jdbc:h2:tcp://localhost/~/h2/keycloak ) everything works fine, but when i
shutdown the application server and restart it the db is broken and promts
a primary key violation exception ...
Any ideas of why this is happening ?
Thanks ,
Alessandro S
--
Ing. Alessandro Segatto
Software Engineer
Research and Development
*ESTECO S.p.A.* - AREA Science Park, Padriciano 99 - 34149 Trieste - ITALY
Phone: +39 040 3755548 - Fax: +39 040 3755549 | www.esteco.com
Pursuant to Legislative Decree No. 196/2003, you are hereby informed that
this message contains confidential information intended only for the use of
the addressee. If you are not the addressee, and have received this message
by mistake, please delete it and immediately notify us. You may not copy or
disseminate this message to anyone. Thank you.
8 years, 9 months
Multiple 'user' data-source ?
by Sylvain Auger-Léger
Hi,
My company is aiming at building its own OpenId Connect provider, for our
internal apps.
Thus we are looking for an open source framework. KeyCloak seems very good.
Unfortunatly, we have a problem, and I did not find if KeyCloak can solve
it:
Our 'users' are store in an AD directory or in a database (postgree).
To sum up: if the user is not in the AD, then we should look in the databse
.
Is this doable with Keylcloak??
Thanks.
8 years, 9 months
Re: [keycloak-user] User Account access from client
by Marko Strukelj
Realm has to be a part of user account url. That's built into Keycloak
server, and how its service endpoints are structured.
Within your application you can use HttpServletRequest attributes to get to
KeycloakDeployment, which contains information about the realm your
application was configured with:
KeycloakSecurityContext ctx = (KeycloakSecurityContext)
request.getAttribute(KeycloakSecurityContext.class.getName());
KeycloakDeployment deployment = ((RefreshableKeycloakSecurityContext)
ctx).getDeployment();
String realm = deployment.getRealm();
You can now use this realm to construct user account URL. I'm not sure if
this is part of our public API. There is realm on KeycloakSecurityContext,
but that one is only available if user is currently logged in.
On Fri, Feb 19, 2016 at 9:17 PM, Bill Simakis <smacksnr(a)hotmail.com> wrote:
> Marko,
>
> Thanks but is there a way without having to hard-code the realm name?
>
> Thanks,
>
> Bill
>
> ----------------------------------------
> > Date: Tue, 16 Feb 2016 22:08:21 +0100
> > Subject: Re: [keycloak-user] User Account access from client
> > From: mstrukel(a)redhat.com
> > To: smacksnr(a)hotmail.com
> > CC: keycloak-user(a)lists.jboss.org
> >
> > You can take a look at how example demo app does this:
> >
> >
> https://github.com/keycloak/keycloak/blob/1.9.0.CR1/examples/demo-templat...
> >
> > On Tue, Feb 16, 2016 at 5:44 PM, Bill Simakis <smacksnr(a)hotmail.com>
> wrote:
> >> I have a web app using the spring security adapter which I have
> successfully integrated for the authentication/Authorization with KeyCloak.
> >> We wanted to make the user's life a little easier by providing a link
> within our app to allow an authenticated user to go to their Account page
> in KeyCloak. As this link is realm specific, is there a way we could get
> the url dynamically?
> >>
> >> Thanks
> >>
> >> Bill
> >> _______________________________________________
> >> keycloak-user mailing list
> >> keycloak-user(a)lists.jboss.org
> >> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
8 years, 9 months
SSL port on docker images
by Tim Dudgeon
Can the SSL port on the docker images be exposed?
Currently only port 8080 is exposed. Why not 8443?
Tim
8 years, 9 months
Adapter trustore: use default java trustore possible ?
by Jérôme Revillard
Dear all,
I'm testing now a Keycloak server properly configured with https
configuration.
The server certificate is one which is already known by the default java
trustore.
Would it be possible to setup the keycloak.json adapter config to use
this default java trustore ?
Best,
Jerome
8 years, 9 months
Various login methods for one realm
by Maurice Quaedackers
Hello,
We are using keycloak as an Identity Broker solution in front of our web application.
We have two options for an end-user:
1. User want to authenticate against a SAML IDP configured in Keycloak as an Identity Provider
2. User want to authenticate against keycloak username/password present in keycloak realm
Is it possible to set the Identity Provider to authenticate by default but if the user is not able to reach the configured Single Sign-On Service URL (because IDP is not available outside customer network) a fallback is given to the manual login page?
Or how can you end up at the manual (keycloak) username/password login screen when the Identity Provider has been set to authenticate by default.
I tried to find this in the manuals but I was not able to find this.
Best regards,
Maurice Quaedackers.
8 years, 9 months
