Keycloak slf4j logging
by Robert van Loenhout
Hi,
Is there any request or effort to let keycloak use slf4j?
At the moment ClientCredentialsProviderUtils calls
org.jboss.logging.Logger.debugf(Ljava/lang/String;Ljava/lang/Object;Ljava/lang/Object;)V
which does not seem to exist in JBoss 4.2.3.GA, and causes a NoSuchMethodError.
8 years, 5 months
Access to Keyclaok collection and collection clean up issue
by Francisco Montada
Hi team, we are using Keycloak and we are facing two issues that we do not
know why is happening
1. We are using the same Database to save Keycloak and our App information,
we have a Spring boot and MongoDB environment, so we have access directly
from our Application level to the Keycloak collections, we had noticed
that if we change any value on Keycloak collection form the DB or from our
app level it is no reflected on Keycloak
Does Keycloak have some security validation for data that are No saved from
the Admin or API ?
Could be related with Caching ?
2. For some reason our Keycloak collections is getting mess up, after a
period of time, what is happening is the Master/Realm/Admin User password
is getting clean up and also the credentials for some of our users
Do you have any idea what is happening ?
Could be related with that we are adding extra values to the "user"
collection ?
Thanks
Francisco
8 years, 5 months
IOT-support
by Matuszak, Eduard
Hello
My question is: Is Keycloak planned or are there still any efforts to implement standards for the IOT also in the near future, e.g. to support CoAp or CBOR-Web-Tokens? We are asked to integrate resource constrained devices (by a large amount) in our project and it would be nice to keep Keycloak as AuthN/AuthZ-server to do the essential work.
Best Regards, Eduard Matuszak
8 years, 5 months
Cannot get themes to work as expected
by Subhrajyoti Moitra
Hello,
I am trying to create a new theme, similar to the keycloak theme, but with
my custom logo and some minor changes.
so i copied the default keycloak theme to a new theme name directory.
>From the admin pages, I point to my new theme.
I was expecting the theme to be "exactly" as the keycloak theme, with the
changes I have done.
But its not substituting the kcXXXX values in ftl files, that are provided
in themes.properties file.
For example the themes/base/login/template.ftl has ftl variables like
"kcHtmlClass" and "kcContentClass". The values are mentioned in
theme.properties file of the respective themes, but these values are not
getting picked up from my new theme.
What am i doing wrong?
I am not able to make this work. Please help.
Thanks,
Subhro.
8 years, 5 months
API for User Account Service?
by Aikeaguinea
Can the User Account Service be accessed as an API? I'm interested in
the "forgot password" and "change password" functionality in particular.
--
Aikeaguinea
aikeaguinea(a)xsmail.com
--
http://www.fastmail.com - mmm... Fastmail...
8 years, 5 months
Keycloak theme migration to new versions
by Francisco Montada
Hi team
We created a new theme for our login page on the Keycloak version
1.9.8.Final, but now we want to upgrade the Keycloak version to the
last 2.0.0.Final, Question is, can we just copy our team to the new version
or do we need to change something else to make it works ?
Thanks
Francisco
8 years, 5 months
Secure NodeJS API using keycloak - how to authenticate using bearer access type
by Deepak Garg
I have created a rest api in node js and used keycloak-connect npm packge.
I have mapped the nodejs middleware with keycloak middleware and just put
keycloak.Protect() method in side api method.
When the user is not logged in, it shows a login screen and ask for
credential. After login, it shows the result. but I don't want to show a
login screen if user is not already logged in. Instead of that i want to
pass the token and get access based upon that token?
Do i need to do anything in the API code so that it will accept the user
token?
I like to use this api through User interface and set the access type
bearer for this service in the keycloak admin.
see the example:
var express = require('express');
var apiRoutes = express.Router();
var User = require('../models/user');
var jwt = require('jsonwebtoken');
var faker = require('faker');
var session = require('express-session');
var Keycloak = require('keycloak-connect');
var hogan = require('hogan-express');
var memoryStore = new session.MemoryStore();
var keycloak = new Keycloak({store: memoryStore});
app.use(session({
secret: app.get('superSecret'),
resave: false,
saveUninitialized: true,
store: memoryStore
}));
app.use(keycloak.middleware({
logout: '/logout',
admin: '/'
}));
app.get('/api/user',* keycloak.protect()*, function (req, res) {
res.json({
name: faker.name.findName(),
email: faker.internet.email(),
address: faker.address.streetAddress(),
bio: faker.lorem.sentence(),
image: faker.image.avatar()
});
});
Keycloak.json:
{
"realm" : "nodejs-example",
"realm-public-key" :
"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0x
tL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/
UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/
p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
"auth-server-url" : "http://xxxx:9090/auth",
"ssl-required" : "external",
"resource" : "nodejs-connect",
"public-client" : true
}
Thanks,
Deepak
8 years, 5 months
Tomee 7.0.1 with Keycloak adapter throw NullPointerException
by shortname
Hello,
I have JAX-RS service secured by Keycloak. It works fine on Wildfly 8-10
and Glassfish 4. But on Tomee 7.0.1 async methods throws
NullPointerException (sync works fine). I have created simple project
for test on tomee 7.0.1 combination sync/async + keycloak and here is
results:
1. no keycloak + sync = ok
2. no keycloak + async = ok
3. keycloak + sync = ok
4. keycloak + async = error
Method signature sample:
@GET
public void findAll(@Suspended AsyncResponse response)
Exception stacktrace:
java.lang.NullPointerException
org.apache.cxf.jaxrs.impl.AsyncResponseImpl.initContinuation(AsyncResponseImpl.java:305)
org.apache.cxf.jaxrs.impl.AsyncResponseImpl.<init>(AsyncResponseImpl.java:68)
org.apache.cxf.jaxrs.utils.JAXRSUtils.processParameter(JAXRSUtils.java:816)
org.apache.cxf.jaxrs.utils.JAXRSUtils.processParameters(JAXRSUtils.java:789)
org.apache.cxf.jaxrs.interceptor.JAXRSInInterceptor.processRequest(JAXRSInInterceptor.java:212)
org.apache.cxf.jaxrs.interceptor.JAXRSInInterceptor.handleMessage(JAXRSInInterceptor.java:77)
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:254)
org.apache.openejb.server.cxf.rs.CxfRsHttpListener.doInvoke(CxfRsHttpListener.java:251)
org.apache.tomee.webservices.CXFJAXRSFilter.doFilter(CXFJAXRSFilter.java:94)
org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
org.apache.openejb.server.httpd.EEFilter.doFilter(EEFilter.java:65)
private void initContinuation() {
ContinuationProvider provider =
(ContinuationProvider)this.inMessage.get(ContinuationProvider.class.getName());
*this.cont = provider.getContinuation();*
this.initialSuspend = true;
}
How this issue can be resolved? May be this is tomcat adapter bug?
Best regards, Ilia
8 years, 5 months
Keycloak Spring Boot Adapter issue with Async calls
by Francisco Montada
Hi team we are having the same problem form the ticket below, we have a
asyc calls on our application and our Spring boot aplication is not working
when we add the Keyclaok Spring boot Adapter
Ticket
https://issues.jboss.org/browse/KEYCLOAK-3188
ERROR
"message": "Async support must be enabled on a servlet and for all filters
involved in async request processing. This is done in Java code using the
Servlet API or by adding \"<async-supported>true</async-supported>\" to
servlet and filter declarations in web.xml.",
Can someone have a idea how we can fix it ?
Thanks
Francisco
8 years, 5 months
How to secure the application's root
by Ling
Hi, if I want to secure the root directory, namely, when I visit
http://localhost:8080/myapp, then it redirects me to the keycloak login
page, asking for credentials. How to achieve that?
I modified the Web.xml as follows, but it doesn't secure anything at all. I
thought this should work "<url-pattern>/*</url-pattern>", but it doesn't.
<!--
<security-constraint>
<web-resource-collection>
<web-resource-name>Admins</web-resource-name>
<url-pattern>/admin/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Login</web-resource-name>
<url-pattern>/login2/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>
</auth-constraint>
</security-constraint>
-->
<security-constraint>
<web-resource-collection>
<web-resource-name>Web Root</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<!--
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
-->
</security-constraint>
<login-config>
<auth-method>KEYCLOAK</auth-method>
<realm-name>bword</realm-name>
</login-config>
8 years, 5 months
