Authentication via Facebook Token
by Luigi De Masi
Hi,
I have to create a rest layer to allow a mobile application to interact
with KC because mobile developers don't want to use any kind of redirect or
webview, only rest calls for login/registration.
For a username/password authentication/registration is easy, I can use
admin rest api, but for social login (only via facebook), there is a way to
get a keycloak JWT token passing a facebook token using admin api or any
other rest api?
If not, it's better to plug an authentication provider using Authentication
SPI or create a custom rest endpoint and generate (don't know how) a JWT?
Thanks.
--
Luigi De Masi
*"Talk is cheap. Show me the code."*
* -- Linus Torvalds*
--
------------------------------
Extra srl
p: +39 0587975800
a: Via Salvo D'Acquisto 40/P - 56025 - Pontedera - Italy
<https://goo.gl/maps/ngs7hecn9By>
w: www.extrasrl.it e: info(a)extrasys.it
<https://www.facebook.com/Extra-149813195076455/?fref=ts>
<https://twitter.com/extrasrl>
<https://www.linkedin.com/company/extra-srl>
<https://flipboard.com/@extrasrl/soluzioni-per-il-business-0rk6urr6y>
<https://www.youtube.com/channel/UCZa_aTznqeh5zoIPKPk1dNg>
Le informazioni trasmesse sono riservate alla persona o ente alla quali
sono indirizzate e possono contenere informazioni riservate e/o materiale
di valore. Qualsiasi revisione, ritrasmissione, diffusione o altro uso, o
l'adozione di azioni basate su tali informazioni da parte di soggetti
diversi dal destinatario è proibita. Se avete ricevuto per errore questo
messaggio, siete pregati di informare il mittente e cancellare il materiale
contenuto da ogni computer.
The information transmitted is intended for the person or entity to which
it is addressed and may contain confidential and/or privileged material.
Any review, retransmission, dissemination or other use of, or taking of any
action in reliance upon, this information by persons or entities other than
the intended recipient is prohibited. If you received this in error, please
contact the sender and delete the material from any computer.
8 years, 5 months
Token generation: possibilities to improve performance
by Matuszak, Eduard
Hello
Motivated by considerations on how to improve the performance of the token generation process I have two questions:
- I noticed that Keycloak's token generation via endpoint "auth/realms/ccp/protocol/openid-connect/token" generates a triple of tokens (access-, refresh- and id-token). Is there any possibility to dispense with the id-token generation?
- Is there a possibility to cause Keycloak to generate more "simple" bearer tokens then complex jwt-tokens?
Best regards, Eduard Matuszak
8 years, 5 months
Configuring javascript calling REST service
by Robert van Loenhout
I'm using the keycloak javascript adapter and the spring security adapter for my REST service.
The REST service is configured as a client with 'bearer-only' access type.
The javascript client is authenticated. When it does an ajax call to my REST service I receive the following error in my browser:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://localhost:30001/rest1/greeting. (Reason: CORS header 'Access-Control-Allow-Origin' missing).
I have added
"enable-cors": true
to my REST keycloak configuration.
However where do I configure which origins are allowed?
For 'public' and 'confidential' clients you can configure the web origins in the admin console.
But when I set it to 'bearer-only' this field is gone.
So what exactly are the steps you have to take to configure a javascript client that call a REST service on another host?
8 years, 5 months
Is clustering required?
by John D. Ament
Hey,
I was wondering, is clustering actually required on the keycloak server if
I have multiple deployed? Or will it read data from the database?
John
8 years, 5 months
Failed to run the Customer-portal Demo on two machines
by Martin Min
Hi, I can run the preconfigured Customer-portal demo successfully on the
single keycloak-demo-2.0.0.Final distribution by importing the
testrealm.json file to create the realm. Everything works fine.
And also I can run this simple login/logout demo by following this
instruction to install and setup KeyCloak and Wildfly servers separately:
https://keycloak.gitbooks.io/getting-started-tutorials/content/v/2.0/topi...
However, I failed to run the Customer-Portal demo by trying to set up the
KeyClaok server and Wildfly server separately. It always gives me this
message as I clicked the "Customer Listing
<http://localhost:8080/customer-portal/customers/view.jsp>" link:
http://localhost:8080/auth/realms/demo/protocol/openid-connect/auth?respo...
I did exactly the same thing as I tested in the KeyCloak-demo distribution
by importing the testrealm.json.
I didn't configure the subsystem section in the Wildfly 10's
standalone.xml, since I believe the "keycloak.json" and "web.xml" in the
application's WEB-INF directory will do the same thing. I only had this
configured in Wildfly standalone.xml:
<security-domain name="keycloak">
<authentication>
<login-module
code="org.keycloak.adapters.jboss.KeycloakLoginModule" flag="required"/>
</authentication>
</security-domain>
What am I missing? Thank you for your help to this working. By the way, it
would be really great to have a full tutorial on how to set up the
customer-portal demo on two separate KeyCloak and Wildfly servers by
configuring both Json and subsystem file.
Thank you for help.
8 years, 5 months
Keycloak 2.1.0.CR1 released
by Marek Posolda
Keycloak 2.1.0.CR1 has just been released. The final release will follow
next week if no major issues are reported. Few highlights of this release:
* *Password Policy SPI* - Now it's possible to plug your own
implementation of password policy. This is useful if available
builtin policies are not sufficient for you.
* *Jetty 9.3 adapter* - Allow you to secure your applications deployed
on Jetty 9.3 server.
* *Authorization fixes & improvements* - There are lots of fixes and
improvements in authorization services, which were recently added in
2.0 release. It really worth to check this out and eventually
provide us some feedback.
* *Better OpenID Connect interoperability* - There are lots of minor
fixes related to OpenID Connect support.
For the full list of issues resolved check out JIRA
<https://issues.jboss.org/issues/?jql=project%20%3D%20keycloak%20and%20fix...>
and to download the release go to the Keycloak homepage
<http://blog.keycloak.org/www.keycloak.org/downloads>.
8 years, 5 months
Wildfly swarm KC version?
by Hristo Stoyanov
Are there plans to provide wildflyswarm version of KC? Will love to run
KC-enabled web app in a SINGLE jvm, with 0 XML configurations ...one day.
/Hristo Stoyanov
8 years, 5 months
Access token or ID token
by Mohan.Radhakrishnan@cognizant.com
Hi,
My ID token flow and OIDC filter are working. But I am still doubtful about my implementation. When I used another IDP(IdentifyServer3) the redirect URL issued from
AngularJS gave me the access token with the ID token embedded in it directly.
But now I am using this code.
AccessToken accessToken = keycloakPrincipal.getKeycloakSecurityContext().getToken();
URL is this.
http://localhost:8080/auth/realms/Test/protocol/openid-connect/auth?respo...
And https://keycloak.gitbooks.io/securing-client-applications-guide/content/t... mentions that keycloak.json is required to get the access token in AngularJS.
Am I missing something ? Why is there a difference ?
Thanks,
Mohan
This e-mail and any files transmitted with it are for the sole use of the intended recipient(s) and may contain confidential and privileged information. If you are not the intended recipient(s), please reply to the sender and destroy all copies of the original message. Any unauthorized review, use, disclosure, dissemination, forwarding, printing or copying of this email, and/or any action taken in reliance on the contents of this e-mail is strictly prohibited and may be unlawful. Where permitted by applicable law, this e-mail and other e-mail communications sent to and from Cognizant e-mail addresses may be monitored.
8 years, 5 months
keycloak and spring security
by Robert van Loenhout
I'm trying to create a test application using spring and wicket (without spring boot). I'm unable to trigger any authentication redirect.
I have added a SecurityConfig class as specified by the manual, and it's been picked up by Spring.
For example my configure method is called
@Override
protected void configure(HttpSecurity http) throws Exception {
super.configure(http);
http.authorizeRequests().anyRequest().authenticated();
}
However whatever page I call it is returned without taking any security into account.
This is my web.xml
<servlet>
<servlet-name>wicket</servlet-name>
<servlet-class>org.apache.wicket.protocol.http.WicketServlet</servlet-class>
<init-param>
<param-name>applicationFactoryClassName</param-name>
<param-value>org.apache.wicket.spring.SpringWebApplicationFactory</param-value>
</init-param>
<init-param>
<param-name>applicationBean</param-name>
<param-value>wicketApplication</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>wicket</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/applicationContext.xml</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
The applicationContext does a component-scan.
Did I miss something that I need to add?
8 years, 5 months
Re: [keycloak-user] User Federation : How to implement provider if users are stored in other stores
by Deepak Garg
Hi,
I didn't find any relevant example where I can use existing database to
authenticate user using keycloak.
please suggest specific example.
Thanks,
Deepak
On Tue, Aug 2, 2016 at 6:04 PM, Bruno Oliveira <bruno(a)abstractj.org> wrote:
> Hi Deepak, there are several examples here[1]. I hope it helps.
>
> [1] - https://github.com/keycloak/keycloak/tree/master/examples/providers
>
> On 2016-08-02, Deepak Garg wrote:
> > Hi,
> >
> > We have a existing web application which is using RDBMS database for
> > authentication and authorization. I like to know how I can use keycloak
> to
> > authenticate my user against same RDBMS databse.
> >
> > In your documentation under User Federation you have mentioned that we
> can
> > implement our own provider if we have users in other stores such as
> RDBMS.
> > Can you please let me know how to do it.
> >
> > We are running ASP.Net web apps which is written in HTML5, JQuery and
> CSS3.
> >
> > Thanks,
> > Deepak
>
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user(a)lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
> --
>
> abstractj
> PGP: 0x84DC9914
>
8 years, 5 months
