client config docs
by Harold Campbell
Am I terrible at searching, or do the new gitbook based docs not
contain any documentation of the client side keycloak.json?
I had to dig out the 1.8 docs to find something I was looking for.
--
Harold Campbell <hcamp(a)muerte.net>
A long-forgotten loved one will appear soon.
Buy the negatives at any price.
8 years, 3 months
Getting 401 if trying to access app via loadbalancer
by KASALA Štefan
Hello,
we have installed JBoss Overlord Rtgov 2.1.0 which is using Keycloak 1.2.0.Beta1. It is running on JBoss EAP 6.3, I will name it with hostname app01. We have a load balancer under another hostname lbapp in front of the deployed app. I am able to call the rest interface of RtGov directly on machine app01 but not using lbapp, I get 401 - Unauthorized from Keycloak. My guess is there is some check against hostname in http request. Is there some possibility to register aliases with the keycloak to enable calls via load balancer? Thanks.
Stefan Kasala
________________________________
Táto správa je určená iba pre uvedeného príjemcu a môže obsahovať dôverné alebo interné informácie. Ak ste ju omylom obdržali, upovedomte o tom prosím odosielateľa a vymažte ju. Akýkoľvek iný spôsob použitia tohto e-mailu je zakázaný.
This message is for the designated recipient only and may contain confidential or internal information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited.
8 years, 3 months
user logout
by yassine yas
Hi,
when an authenticated user try to logout (using the sign out
from auth/realms/*{realName}*/account/)
I get this error : Invalid redirect uri
here is the uri of the page that shows the pb:
http://10.129.3.27/auth/realms/*{realName}*
/protocol/openid-connect/logout?redirect_uri=http%3A%2F%2F10.129.3.27%2Fauth%2Frealms%2F
*{realName}*%2Faccount%2F
(the *{realName}* is the same )
how can I change the log out redirect uri
cordially
8 years, 4 months
ClassNotFoundException when importing a resource server configuration JSON incl drools policy of 'photoz' example project
by FREIMUELLER Christian
Dear all,
first of all - thanks for your effort for Keycloak - great product!
I'm trying to do a POC for the authorization API in Keycloak and therefore I downloaded from the project's website the Demo distribution and tried to follow the readme instructions on the "photoz" example.
The import of the realm was successful, but when I tried to load the resource server configuration JSON I received the following exception in the log file:
Caused by: java.lang.ClassNotFoundException: org.apache.commons.codec.binary.Base64 from
[Module "org.drools:main" from local module loader @1476ceae (finder: local module finder @1b4febf3 (
roots: D:\dev\software\keycloak\keycloak-demo-2.1.0.Final\keycloak\modules,
D:\dev\software\keycloak\keycloak-demo-2.1.0.Final\keycloak\modules\system\layers\keycloak,
D:\dev\software\keycloak\keycloak-demo-2.1.0.Final\keycloak\modules\system\layers\base
))]
I was able to fix this issue by providing the following dependency entry in the drools module description for the commons-codec module at <KEYCLOAK_ROOT>\keycloak\modules\system\add-ons\keycloak\org\drools\main\module.xml
After this I could successfully import the "photoz-restful-api-authz-service.json" finally.
Could it be that this entry is also missing in the source code at https://github.com/keycloak/keycloak/tree/master/distribution/feature-pac... ?
<dependencies>
<module name="javax.api"/>
<module name="javax.inject.api"/>
<module name="javax.enterprise.api"/>
<module name="org.slf4j"/>
<module name="org.apache.commons.codec"/><!-- this one is missing -->
<module name="org.apache.commons.logging"/>
<module name="org.keycloak.keycloak-core"/>
<module name="org.keycloak.keycloak-common"/>
<module name="org.keycloak.keycloak-server-spi"/>
</dependencies>
I also found a related JIRA "KEYCLOAK-3279<https://issues.jboss.org/browse/KEYCLOAK-3279> Possible error with Drools policies when running on Windows" entry but this was closed without code fix, I think.
Can you verify this finding?
Thanks,
Christian
8 years, 4 months
Force the display of Keycloak login page when using "authenticate by default" external OIDC IdP
by Gabriel Lavoie
Hi,
we are currently using Keycloak as a broker to do the SAML
authentication to an external service for us. Keycloak is configured to
authenticate the user with an external IdP (our application) that is set
with the "Authenticate by default" flag to ON.
Is it possible to still force the display of the Keycloak login page, but
only for some scenarios? We would like to have system integration users
that don't exist in our application (not exposed to our customers), but
would still be usable to access the external service (with proper roles).
Thanks,
Gabriel
--
Gabriel Lavoie
glavoie(a)gmail.com
8 years, 4 months
user credential and role pro grammatically
by yassine yas
Hi,
I'm creating users programmatically from my java code,but the users
credential and roles are note "persisted" (I think), when the user try to
authenticate he get *Invalid username or password (*even if he is visible
in the admin console), If I define (from the admin console) a passe Word
for the user and use it he can access his account, but here come the 2
problem, even if I give him the right (role) to use a resource he gets
forbidden.
here is the code that I use to define users credential and role :
* CredentialRepresentation credential = new
CredentialRepresentation();*
* credential.setType(CredentialRepresentation.PASSWORD);
*
* credential.setValue("123");
*
* user.setCredentials(Arrays.asList(credential));
*
* user.setRealmRoles(Arrays.asList("guest"));
*
Cordially
8 years, 4 months
How to integrate or make use of KeyCloak user database in my own application?
by Ling
Hi, All:
So far I have been playing with KeyCloak and been able to set it up and
running the customer-portal example successfully. Now I need to actually
use it in my application, and I am not totally sure whether KeyCloak is the
thing that I am looking for, but I believe my need is just a common use
case and hopefully KeyCloak is the right software that I am looking for..
When a user comes to my website, he registers and makes a post. Both the
post and the user information is stored into databases, and the link
between the user and post, i.e. who made which post? So I have two tables
in my database: Post(id, post) and User(id,name), and another table
UserPost(PostID, UserID) to store linking information. This is all fine in
my own database.
But now when KeyCloak comes into play, the user first registers in KeyCloak
server and user information are stored in its own database there, which
seems unrelated to the database (Post and User) in my application. I don't
want to duplicate two User databases in two servers, right? Even if I can
tolerate the duplication, how to make the connection between KeyCloak
database and my application database? I am using JBoss, Hibernate/JPA in my
application.
Maybe I am missing something in the way how to connect KeyCloak with my own
application. Is there any tutorial or documentation that I can read?
Thank you.
8 years, 4 months
