May 2016 - keycloak-user - Jboss List Archives

Async request/response processing at Keycloak

by Bystrik Horvath

Hello community, I found that (since 1.9.2?) there's RealmResourceProvider that gives me the possibility to provide own REST endpoint. After implementing the endpoint using async capabilty of jax-rs, I'm getting exception like: UT010026: Async is not supported for this request, as not all filters or Servlets were marked as supporting async. How is it possible to tweak Keycloak (I'm currently on 1.9.3) to asynchronously respond to my requests in implementation of RealmResourceProvider? Thank you for any comment on this. Best regards, Bystrik

8 years, 7 months

3
6
0 / 0

Keycloak integration with REST service

by Jim Dillon

Hello, I'm looking into Keycloak for a consulting engagement. The idea is to use Keycloak for SSO on multiple front end applications in order to secure many REST APIs. Some of the front end applications will be mobile and others will be browser base. Keycloak easily handled both effortlessly in a simple demo I created. Initially the client was looking for Active Directory integration, but now has decided to look into integrating with a REST service for authentication / group information. This brings up a few initial questions: 1. How would one go about integrating with this REST Service? - The user would need to be authenticated with usename / password retrieved from the REST Service. - The Password is encrypted. - New users would need to be "created" via the REST Service as well. (The REST Service is really an interface for an oracle table. So new users ultimately would need to be inserted into this table.) 2. I assume that Keycloak still needs its own database for operation, but could this database be configured to not include password storage for users? Thank you, jim *Red Hat Consulting* jdillon(a)redhat.com || 540.420.3639

8 years, 7 months

1
0
0 / 0

Re: [keycloak-user] keycloak-admin-client and realm initialization

by Okie Oth

Thank you for the response :) I had the same idea and so I grab the existing realm roles from the server before I create the new group. A realm role with the desired name exists and I try to add it with ID and name in setRealmRoles. I also try to add a group at first, grab the group list from server and update the group with new (but existing) realm roles. With wireshark I sniff the content that goes to the rest service and it contains my data. The response was HTTP-State 202 (no data). I test my code against final version 1.9.4 and 1.9.5. The keycloak server runs in standalone mode in a Ubuntu 14.04 VM and uses Postgresql as backend. Beside the groups I got a similar effect if I create a new user. I can create the user, but he has no assigned group. Cheers Am 31.05.2016 um 13:03 schrieb Stan Silvert: > I suspect your problem is that the roles don't exist yet. You need to > create the role as a realm role before you assign it to a group. > > realmResource.roles().create(myRole); > > On 5/31/2016 6:30 AM, Okie Oth wrote: >> Hello, >> I'm a keycloak newbie and try to write a tool that initialize my >> keycloak installation. Some parts work fine but I can't do deeper >> initializations. For instance I can create a new user group but if I >> want to assign some realm roles for the new created group nothing >> happens. >> >> I checked the results with the normal Keycloak webfrontend. >> >> Here is my sample code: >> ... >> GroupRepresentation gr = new GroupRepresentation(); >> gr.setName("myGroup"); >> List<String> realmRoleList=new ArrayList(); >> realmRoleList.add("test"); >> gr.setRealmRoles(realmRoleList); >> realmResource.groups().add(gr); >> ... >> // now the group 'myGroup' exists but no roles are assigned. >> >> Any advice or help is welcome >> >> Kind regards >> Eiko >> >> >> _______________________________________________ >> keycloak-user mailing list >> keycloak-user(a)lists.jboss.org >> https://lists.jboss.org/mailman/listinfo/keycloak-user >

8 years, 7 months

2
2
0 / 0

KC 1.9.4 Error during

by Emil Posmyk

Hello I'm reciving error when I try login to our application: ClientProtocolException: URI does not specify a valid host name: https:/auth/realms/Brandpath/protocol/openid-connect/token Http protocol is working fine, no errors, but using https I recive each time uri without host name. Auth page is working fine. What can cause that error ? 14:59:22,937 ERROR [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-2) failed to turn code into token: org.apache.http.client.ClientProtocolException: URI does not specify a valid host name: https:/auth/realms/Brandpath/protocol/openid-connect/token [Server:ms-server1] at org.apache.http.impl.client.CloseableHttpClient.determineTarget(CloseableHttpClient.java:94) [Server:ms-server1] at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82) [Server:ms-server1] at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107) [Server:ms-server1] at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55) [Server:ms-server1] at org.keycloak.adapters.ServerRequest.invokeAccessCodeToToken(ServerRequest.java:107) [Server:ms-server1] at org.keycloak.adapters.OAuthRequestAuthenticator.resolveCode(OAuthRequestAuthenticator.java:314) [Server:ms-server1] at org.keycloak.adapters.OAuthRequestAuthenticator.authenticate(OAuthRequestAuthenticator.java:260) [Server:ms-server1] at org.keycloak.adapters.RequestAuthenticator.authenticate(RequestAuthenticator.java:112) [Server:ms-server1] at org.keycloak.adapters.undertow.AbstractUndertowKeycloakAuthMech.keycloakAuthenticate(AbstractUndertowKeycloakAuthMech.java:110) [Server:ms-server1] at org.keycloak.adapters.undertow.ServletKeycloakAuthMech.authenticate(ServletKeycloakAuthMech.java:92) [Server:ms-server1] at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:233) [Server:ms-server1] at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:250) [Server:ms-server1] at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.access$100(SecurityContextImpl.java:219) [Server:ms-server1] at io.undertow.security.impl.SecurityContextImpl.attemptAuthentication(SecurityContextImpl.java:121) [Server:ms-server1] at io.undertow.security.impl.SecurityContextImpl.authTransition(SecurityContextImpl.java:96) [Server:ms-server1] at io.undertow.security.impl.SecurityContextImpl.authenticate(SecurityContextImpl.java:89) [Server:ms-server1] at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:55) [Server:ms-server1] at io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:33) [Server:ms-server1] at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [Server:ms-server1] at io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:51) [Server:ms-server1] at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46) [Server:ms-server1] at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64) [Server:ms-server1] at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:56) [Server:ms-server1] at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60) [Server:ms-server1] at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77) [Server:ms-server1] at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50) [Server:ms-server1] at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43) [Server:ms-server1] at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [Server:ms-server1] at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61) [Server:ms-server1] at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [Server:ms-server1] at org.wildfly.mod_cluster.undertow.metric.RunningRequestsHttpHandler.handleRequest(RunningRequestsHttpHandler.java:69) [Server:ms-server1] at org.keycloak.adapters.undertow.ServletPreAuthActionsHandler.handleRequest(ServletPreAuthActionsHandler.java:69) [Server:ms-server1] at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [Server:ms-server1] at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:284) [Server:ms-server1] at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:263) [Server:ms-server1] at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81) [Server:ms-server1] at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:174) [Server:ms-server1] at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202) [Server:ms-server1] at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:793) [Server:ms-server1] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [Server:ms-server1] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [Server:ms-server1] at java.lang.Thread.run(Thread.java:745) *regards* *--* *Emil Posmyk*

8 years, 7 months

2
1
0 / 0

Re: [keycloak-user] How to create the same client (same id) for multiple realms programmatically

by Haim Vana

Any idea regarding the below ? As a workaround how can I update existing client programmatically ? I couldn't find it in the admin API. Thanks again, Haim. From: Haim Vana Sent: Thursday, May 26, 2016 2:17 PM To: keycloak-user(a)lists.jboss.org Subject: How to create the same client (same id) for multiple realms programmatically Hi, I am trying to create the same client for many realms, however it creates it only once, probably because they have the same id, however in UI I am able to create it. Any idea how I can create the same client for different realms programmatically with the same id ? This is my code sample: ClientRepresentation clientRepresentation = new ClientRepresentation(); clientRepresentation.setId(clientId); // Same clientId for all reamls realm.clients().create(clientRepresentation); // Client is created only for first realm Any advice will be appreciated, Haim. The information contained in this message is proprietary to the sender, protected from disclosure, and may be privileged. The information is intended to be conveyed only to the designated recipient(s) of the message. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, use, distribution or copying of this communication is strictly prohibited and may be unlawful. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank you.

8 years, 7 months

4
9
0 / 0

keycloak-admin-client and realm initialization

by Okie Oth

Hello, I'm a keycloak newbie and try to write a tool that initialize my keycloak installation. Some parts work fine but I can't do deeper initializations. For instance I can create a new user group but if I want to assign some realm roles for the new created group nothing happens. I checked the results with the normal Keycloak webfrontend. Here is my sample code: ... GroupRepresentation gr = new GroupRepresentation(); gr.setName("myGroup"); List<String> realmRoleList=new ArrayList(); realmRoleList.add("test"); gr.setRealmRoles(realmRoleList); realmResource.groups().add(gr); ... // now the group 'myGroup' exists but no roles are assigned. Any advice or help is welcome Kind regards Eiko

8 years, 7 months

1
0
0 / 0

URL/Auth of REST API

by Andreas Jung

Hi there, currently evaluating Keyclock and its REST API in particular. I am running standalone.sh and created an 'admin' user with password 'admin' My expectation was that the following URL call would work: wget http://admin:admin@localhost:8080/auth/admin/realms --2016-05-30 21:52:34-- http://admin: *password*@localhost:8080/auth/admin/realms Resolving localhost... ::1, 127.0.0.1, fe80::1 Connecting to localhost|::1|:8080... failed: Connection refused. Connecting to localhost|127.0.0.1|:8080... connected. HTTP request sent, awaiting response... 401 Unauthorized Unknown authentication scheme. Username/Password Authentication Failed. ...but it does not...any insight? Andreas

8 years, 7 months

2
1
0 / 0

dotNet integration

by Rafael T. C. Soares

Hi all. What are the options available to integrate/secure dotNet apps with Keycloak today? Is there any plan to provide a Keycloak adapter for dotNet? Can someone give some insight on this kind of integration? Thanks in advance. -- ___ Rafael T. C. Soares

8 years, 7 months

3
4
0 / 0

Undertow adapter

by Iván Perdomo

Hi, I was wondering what's the status of the Undertow adapter. I see that there is some code in the repository [1], but is not documented in the docs. My intention is to know if I can make it work with Immutant web [2] [1] https://github.com/keycloak/keycloak/tree/1.9.5.Final/adapters/oidc/undertow [2] http://immutant.org/documentation/current/apidoc/guide-web.html Thanks, -- Iván

8 years, 7 months

2
1
0 / 0

Hide idp selection page

by Kristiaan Jansen

Hi I would like to hide the idp's on the main login of the key cloak. Senario: I have multiple idp's and key cloak infront of that as a SP. I am automatically letting the different groups go to the right idp with kc_idp_hint. But if a group goes to the sp url by accident I don't want a the full list of all the IDP's to be visible. Is there a way to achieve this in key cloak? IdpA(key cloak)---| | idpB(key cloak)---|----SP(key cloak)idp--- mywebaplication(tomcat). | ipdC(key cloak)---| Thanks, Kris

8 years, 7 months

2
1
0 / 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

keycloak-user May 2016