Remove username/password fields from login
by Simon Gordon
Hi there
(Thanks for the fast help on the Openshift Catridge btw)
In our scenarios, there is no intention for users to have a username and
password within KeyCloak - hence just use identities from Identity
Providers.
Within the 'Authentication' settings, choose 'Browser' as flow type, I can
see 'Username Password form', but it is always 'Required'.
I can see that some kind of login form is needed (we will not have a
default) so users choose IdP, but really don't want the username/password
fields. Do I resort to just removing them from the login template?
I ask because the setting is a bit odd to have if it is always 'Required',
so I'm concerned that I'm missing a general issue which pushes me towards
giving all of our users passwords for KC. Which I'm keen to avoid.
Maybe the console setting could do with a rename?
Regards,
Simon
8 years, 10 months
Update account - login action tokens - how to make them persistent
by Edgar Vonk - Info.nl
Hi,
See if I understand this correctly: in the default set up of Keycloak sessions and temporary tokens are not persisted in the Keycloak database? So consider this scenario:
1/ login as admin to master realm
2/ go to Users - Credentials and send a ‘Update Password’ reset action email
3/ user receives an email with a link with a unique token to update his/her password in Keycloak
4/ Keycloak server is restarted for whatever reason
5/ the temporary ‘login action token’ no longer exists and the link from 3/ no longer works
Is this correct and expected behaviour?
And if so, can somebody maybe point us in the direction to solve this? I.e. by making sessions/tokens by persistent I guess.
cheers
Edgar
8 years, 10 months
Upgrade error - 1.8.0 to 1.8.1
by Darcy Welsh
Hi,
I successfully upgraded from 1.7.0 to 1.8.0, however, seeing the following error when attempting to upgrade from 1.8.0 to either 1.8.1 or 1.9.0:
22:45:48,803 ERROR [org.keycloak.services.resources.KeycloakApplication] (ServerService Thread Pool -- 51) Failed to migrate datamodel: java.lang.RuntimeException: Failed to update database
at org.keycloak.connections.jpa.updater.liquibase.LiquibaseJpaUpdaterProvider.update(LiquibaseJpaUpdaterProvider.java:87)
at org.keycloak.connections.jpa.DefaultJpaConnectionProviderFactory.lazyInit(DefaultJpaConnectionProviderFactory.java:153)
at org.keycloak.connections.jpa.DefaultJpaConnectionProviderFactory.create(DefaultJpaConnectionProviderFactory.java:42)
at org.keycloak.connections.jpa.DefaultJpaConnectionProviderFactory.create(DefaultJpaConnectionProviderFactory.java:30)
at org.keycloak.services.DefaultKeycloakSession.getProvider(DefaultKeycloakSession.java:103)
at org.keycloak.models.jpa.JpaRealmProviderFactory.create(JpaRealmProviderFactory.java:34)
at org.keycloak.models.jpa.JpaRealmProviderFactory.create(JpaRealmProviderFactory.java:16)
at org.keycloak.services.DefaultKeycloakSession.getProvider(DefaultKeycloakSession.java:103)
at org.keycloak.models.cache.infinispan.DefaultCacheRealmProvider.getDelegate(DefaultCacheRealmProvider.java:61)
at org.keycloak.models.cache.infinispan.DefaultCacheRealmProvider.getMigrationModel(DefaultCacheRealmProvider.java:43)
at org.keycloak.migration.MigrationModelManager.migrate(MigrationModelManager.java:21)
at org.keycloak.services.resources.KeycloakApplication.migrateModel(KeycloakApplication.java:139)
at org.keycloak.services.resources.KeycloakApplication.<init>(KeycloakApplication.java:82)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:408)
at org.jboss.resteasy.core.ConstructorInjectorImpl.construct(ConstructorInjectorImpl.java:150)
at org.jboss.resteasy.spi.ResteasyProviderFactory.createProviderInstance(ResteasyProviderFactory.java:2209)
at org.jboss.resteasy.spi.ResteasyDeployment.createApplication(ResteasyDeployment.java:299)
at org.jboss.resteasy.spi.ResteasyDeployment.start(ResteasyDeployment.java:240)
at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.init(ServletContainerDispatcher.java:113)
at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.init(HttpServletDispatcher.java:36)
at io.undertow.servlet.core.LifecyleInterceptorInvocation.proceed(LifecyleInterceptorInvocation.java:117)
at org.wildfly.extension.undertow.security.RunAsLifecycleInterceptor.init(RunAsLifecycleInterceptor.java:78)
at io.undertow.servlet.core.LifecyleInterceptorInvocation.proceed(LifecyleInterceptorInvocation.java:103)
at io.undertow.servlet.core.ManagedServlet$DefaultInstanceStrategy.start(ManagedServlet.java:231)
at io.undertow.servlet.core.ManagedServlet.createServlet(ManagedServlet.java:132)
at io.undertow.servlet.core.DeploymentManagerImpl.start(DeploymentManagerImpl.java:526)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentService.startContext(UndertowDeploymentService.java:101)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentService$1.run(UndertowDeploymentService.java:82)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
at org.jboss.threads.JBossThread.run(JBossThread.java:320)
Caused by: liquibase.exception.DatabaseException: Incorrect database name '' [Failed SQL: CREATE TABLE ``.DATABASECHANGELOG (ID VARCHAR(255) NOT NULL, AUTHOR VARCHAR(255) NOT NULL, FILENAME VARCHAR(255) NOT NULL, DATEEXECUTED datetime NOT NULL, ORDEREXECUTED INT NOT NULL, EXECTYPE VARCHAR(10) NOT NULL, MD5SUM VARCHAR(35) NULL, DESCRIPTION VARCHAR(255) NULL, COMMENTS VARCHAR(255) NULL, TAG VARCHAR(255) NULL, LIQUIBASE VARCHAR(20) NULL, CONTEXTS VARCHAR(255) NULL, LABELS VARCHAR(255) NULL)]
at liquibase.executor.jvm.JdbcExecutor$ExecuteStatementCallback.doInStatement(JdbcExecutor.java:316)
at liquibase.executor.jvm.JdbcExecutor.execute(JdbcExecutor.java:55)
at liquibase.executor.jvm.JdbcExecutor.execute(JdbcExecutor.java:122)
at liquibase.executor.jvm.JdbcExecutor.execute(JdbcExecutor.java:112)
at liquibase.changelog.StandardChangeLogHistoryService.init(StandardChangeLogHistoryService.java:214)
at liquibase.Liquibase.checkLiquibaseTables(Liquibase.java:1074)
at liquibase.Liquibase.listUnrunChangeSets(Liquibase.java:1136)
at liquibase.Liquibase.listUnrunChangeSets(Liquibase.java:1126)
at liquibase.Liquibase.listUnrunChangeSets(Liquibase.java:1122)
at org.keycloak.connections.jpa.updater.liquibase.LiquibaseJpaUpdaterProvider.update(LiquibaseJpaUpdaterProvider.java:63)
... 36 more
Caused by: com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: Incorrect database name ''
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:408)
at com.mysql.jdbc.Util.handleNewInstance(Util.java:377)
at com.mysql.jdbc.Util.getInstance(Util.java:360)
at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:978)
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3887)
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3823)
at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:2435)
at com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:2582)
at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2526)
at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2484)
at com.mysql.jdbc.StatementImpl.execute(StatementImpl.java:848)
at com.mysql.jdbc.StatementImpl.execute(StatementImpl.java:742)
at org.jboss.jca.adapters.jdbc.WrappedStatement.execute(WrappedStatement.java:198)
at liquibase.executor.jvm.JdbcExecutor$ExecuteStatementCallback.doInStatement(JdbcExecutor.java:314)
... 45 more
Any ideas as to the potential cause/resolution?
The MySQL datasource is configured as follows:
<datasource jta="true" jndi-name="java:jboss/datasources/KeycloakDS" pool-name="KeycloakDS" enabled="true" use-java-context="true">
<connection-url>jdbc:mysql://localhost:3306/keycloak</connection-url>
<connection-property name="defaultFetchSize">
1000
</connection-property>
<driver>mysql</driver>
<pool>
<max-pool-size>20</max-pool-size>
</pool>
<security>
<user-name>keycloak</user-name>
<password>keycloakrocks!</password>
</security>
<timeout>
<set-tx-query-timeout>true</set-tx-query-timeout>
</timeout>
<statement>
<prepared-statement-cache-size>100</prepared-statement-cache-size>
<share-prepared-statements>true</share-prepared-statements>
</statement>
</datasource>
<drivers>
<driver name="mysql" module="com.mysql.jdbc">
<xa-datasource-class>com.mysql.jdbc.jdbc2.optional.MysqlXADataSource</xa-datasource-class>
<datasource-class>com.mysql.jdbc.jdbc2.optional.MysqlDataSource</datasource-class>
</driver>
.
.
.
</drivers>
Any help would be much appreciated.
Thank-you in advance,
Darcy Welsh
8 years, 10 months
Exporting a realm as JSON file should not contain user groups?
by Edgar Vonk - Info.nl
Hi,
We notice that when we export our custom realm to a JSON file (to a directory) that this file also contains all User Groups. We do not want this as we synchronise these User Groups from AD/LDAP just like our users. We want to have realm configuration in the realm JSON file only and not any ‘run-time’ managed data such as users and user groups.
Currently only users are exported to a different JSON file (http://keycloak.github.io/docs/userguide/keycloak-server/html/export-impo...) but groups are not. Does it make sense to create a feature request to also export user groups separately?
We have hundreds of groups in AD/LDAP which we sync to Keycloak so we really do not want these in the realm JSON.
cheers
Edgar
8 years, 10 months
CRUD Using KeyCloak
by Yasser El-ata
Hello , i wan't to create CRUD using KeyCloak , i have an angularJS
application and it's use KeyCloak
My case is : i have screens in my application that contain sub screens and
every sub screen contain CRUD roles (CREATE , READ , UPDATE , DELETE) ,
it's may contain multi levels
the screenshot may make the case more clear
the normal client roles is not enough for me or maybe i miss understand
some thing
could you please help me how to create these roles in KeyCloak , or if
KeyCloak is support roles like this or if there is any other way to create
them ?
Thanks
--
Yasser El-Ata
Java Developer
BluLogix
737 Walker Rd Ste 3, Great Falls, VA 22066
t: 443.333.4100 | f: 443.333.4101
*www.blulogix.com <http://www.blueoss.com/>*
The information transmitted is intended only for the person(s) to whom it
is addressed and may contain confidential and/or privileged material. Any
review, retransmission, dissemination or other use of, or taking of any
action in reliance upon, this information by persons or entities other than
the intended recipient is prohibited. If you received this in error, please
contact the sender and delete the material from any computer.
8 years, 10 months
Multiple security Q&As for a user
by Riddhi Rathod
Hi all,
If security question option is enabled in the login flow, then the user has to save answer to it (Default question: “What is your mother’s name?”). This question is asked to user in the event of “forget password” for additional level of security. However, in the current system, there is provision of storing only one security Q&A. I am looking to modify this to include the following:
Could this functionality be extended to include 3 security Q&As which is popular practice. I modified the keycloak secret-question.ftl to include 2 more questions. But there is no way to store the additional questions and answers extracted from the ui form in the UserCredentialValueModel (SecretQuestionRequiredAction.java).
The security questions are not fixed i.e. a dropdown menu of questions will be displayed to users and they will be able to select whichever questions they want to.
Does keycloak support storing of multiple security Q&As for a user? Has anyone tried this before?
Thank you,
Riddhi Rathod
8 years, 10 months
Where to report an issue - docker image ?
by Charles Moulliard
Hi
The existing keycloak example docker image is not longer up to date as
the repo containing the code has moved from sourceforge to
downloads.jboss.org and maven version 3.0.5 is not supported sing
1.9.0.Final
Where can I open a ticket to propose a new Dockerfile ?
Regards
Charles
8 years, 10 months