Re: [keycloak-user] Ionic with keycloak-js sample project
by cen
Hi,
Putting it in a service is actually a good idea, didn't even think about
it.
I'll explore this option and update the project accordingly. Not sure if
combining the interceptor with service in the same module is any good
though. Interceptor can happily live on it's own since you don't ever
need to interact with it through the service.
Thanks for feedback, cen
Sebastien Blanc je 22. 08. 2016 ob 09:44 napisal:
> Really nice !
>
> Have you seen the angular example
> https://github.com/keycloak/keycloak/tree/master/examples/demo-template/a...
> ?
> It's really similar to what you did but instead of putting the keycloak
> object on the $rootscope, it creates a Auth angular Service on the fly.
>
> In the near future it would be nice to have a separate Angular module that
> contains the auth interceptor, the auth service and maybe a set of
> directives.
>
> Sebi
>
>
> On Sat, Aug 20, 2016 at 5:47 PM, cen <imbacen(a)gmail.com> wrote:
>
>> I guess it would help if I provided the link to the actual project..
>> https://github.com/cen1/ionic-babelify-es6-kc
>>
>>
>> cen je 20. 08. 2016 ob 17:44 napisal:
>>> Hi
>>>
>>> I couldn't find a good sample project with keycloak-js and Ionic
>>> anywhere on the internet (there is a very basic example with Cordova
>>> on GitHub), so I decided to hack one on my own. In addition, I decided
>>> to modularize the starter Ionic tabs project and add ES6 support. The
>>> project initializes Keycloak adapter and adds an auth interceptor on
>>> $httpProvider for header injection.
>>>
>>> Hopefully this is useful for someone.
>>>
>>>
>>> Best regards, cen
>>>
>>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user(a)lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
8 years, 4 months
Delivery reports about your e-mail
by Post Office
The original message was received at Mon, 22 Aug 2016 10:52:34 +0530 from 213.7.194.154
----- The following addresses had permanent fatal errors -----
keycloak-user(a)lists.jboss.org
----- Transcript of session follows -----
... while talking to host 135.76.87.185:
554 5.0.0 Service unavailable; [212.35.236.161] blocked using bl.spamcop.net, reason: Blocked
Session aborted, reason: lost connection
8 years, 4 months
Ionic with keycloak-js sample project
by cen
Hi
I couldn't find a good sample project with keycloak-js and Ionic
anywhere on the internet (there is a very basic example with Cordova on
GitHub), so I decided to hack one on my own. In addition, I decided to
modularize the starter Ionic tabs project and add ES6 support. The
project initializes Keycloak adapter and adds an auth interceptor on
$httpProvider for header injection.
Hopefully this is useful for someone.
Best regards, cen
8 years, 4 months
Error when adding users programmatically
by hasane has
Hi,
I'm trying to add a user pro grammatically to keycloak server like this :
Keycloak kc = KeycloakBuilder
.builder()
.serverUrl("http://localhost:8080/auth/")
.realm("myApp")
.username("admin")
.password("123")
.clientId("admin-cli")
.clientSecret("acce91b1-53ad-467e-8895-5ef8630a3295")
.clientId("Frontend")
.resteasyClient(
new ResteasyClientBuilder().connectionPoolSize(10)
.build()).build();
CredentialRepresentation credential = new
CredentialRepresentation();
credential.setType(CredentialRepresentation.PASSWORD);
credential.setValue("test123");
UserRepresentation user = new UserRepresentation();
user.setUsername("testuser");
user.setFirstName("Test");
user.setLastName("User");
user.setEnabled(true);
user.setCredentials(Arrays.asList(credential));
kc.realm("myApp").users().create(user);
but I get this error :
15:46:51,412 WARN [org.jboss.resteasy.core.ExceptionHandler] (default
task-22) Failed executing POST /admin/realms/myApp/users:
org.keycloak.services.ForbiddenException
at
org.keycloak.services.resources.admin.RealmAuth.requireManage(RealmAuth.java:59)
at
org.keycloak.services.resources.admin.UsersResource.createUser(UsersResource.java:181)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at
org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:137)
at
org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:296)
at
org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:250)
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:140)
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:109)
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:135)
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:109)
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:135)
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:103)
at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:356)
at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)
at
org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)
at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
at
io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:86)
at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:130)
at
org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:61)
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)
at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132)
at
io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:85)
at
io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
at
io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
at
org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
at
io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
at
io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
at
io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58)
at
io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:72)
at
io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
at
io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:282)
at
io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:261)
at
io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:80)
at
io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:172)
at io.undertow.server.Connectors.executeRootHandler(Connectors.java:199)
at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:774)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:744)
I think that the problem come from user role so I tried to grant the admin
role to that user but it doesn't work .
I'm working with keycloka 1.6
8 years, 4 months
Re: [keycloak-user] Newbie question about session last access time updating
by Joe Thielen
>
> Date: Thu, 18 Aug 2016 06:06:08 +0200
> From: Stian Thorgersen <sthorger(a)redhat.com>
> Subject: Re: [keycloak-user] Newbie question about session last access
> time updating.
> To: Joe Thielen <joe(a)joethielen.com>
> Cc: keycloak-user <keycloak-user(a)lists.jboss.org>
> Message-ID:
> <CAJgngAfH_JfS-YK85SCUfDkeabuJBGYPu-fEi8du1ZuPsDVz_g(a)mail.gmail.
> com>
> Content-Type: text/plain; charset="utf-8"
>
> What you're doing works just fine and is the only way available at the
> moment at least. It will have an impact on performance, both in terms of
> latency for request in your app and also additional load on the KC server.
> As long as you take that into consideration you should be fine.
>
> On 17 August 2016 at 17:30, Joe Thielen <joe(a)joethielen.com> wrote:
>
> > Hello all. I am new to both Keycloak and OpenID Connect. Keycloak looks
> > like a fantastic project and thanks to all who've put in work on it.
> >
> > I love that Keycloak can be set up to save events (login/logout/etc...).
> > I love that there is a way to administratively log out user sessions.
> All
> > this is great. My question is, what is the proper procedure to update
> the
> > session's "Last Access" if I want it to be updated on every page request
> by
> > a user? In some cases I have strict application requirements where it's
> > important to know exactly when the user last did something. So I can't
> > just log them in and periodically do a refresh to keep the session going.
> > I want to update the session every time the user does something (i.e.,
> > every page request or API request).
> >
> > Maybe this is overkill for most applications. Like I said, I'm new to
> > both Keycloak and OpenID Connect. I've figured out how to do the
> > authorization flow, request user info, and logout. And I think I've
> > figured out how to update the session in such a manner that it does
> update
> > the last access time. However, I'm not sure I'm doing it correctly...
> >
> > Here is an example using curl of what I've been doing to keep the last
> > access time updated:
> >
> > curl -s --data "grant_type=refresh_token&client_id=CLIENTID&client_
> > secret=CLIENTSECRET&refresh_token=REFRESHTOKEN" "
> > https://HOSTNAME:8443/auth/realms/REALMNAME/protocol/
> openid-connect/token
> >
> > Am I incorrectly using the refresh token here? In reading up on the
> flow,
> > it seems like this should only be used periodically, like when the
> > access_token expires.
> >
> > A positive side effect of this is that on every single request I'm
> > checking to ensure the session hasn't been administratively logged out.
> >
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user(a)lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: http://lists.jboss.org/pipermail/keycloak-user/
> attachments/20160818/956ac2dc/attachment-0001.html
>
Good to know, thank you Stian.
8 years, 4 months
Database upgrade
by Nalyvayko, Peter
Hi,
Is there an existing way to execute the keycloak database upgrade without actually starting the keycloak server?
Thanks!
--Peter
8 years, 4 months
Use of Keycloak account for web socket connexions
by GATEAU Martine
Dear Sir or madam,
We want to use keycloak for one project where we have Websocket communication between a mobile app and a server.
We want to create user account, so as the users can login and be authenticated. Then, we will open a web socket and only a few or no HTTP messages will be exchanged between the App and the server.
What will happen with the keycloak session? Is there a mean with web socket to let keycloak know that traffic exchanges have occurred without a HTTP message?
Do you advise to have long session duration (for exemple 1 day) to avoid to frequent disconnexions?
Thanks in advance for your answer
Martine Gateau
Systems Engineering
Altran Connected Solutions, Orvault
E-mail martine.gateau(a)altran.com<mailto:martine.gateau@altran.com>
Phone +33 2 40 67 61 64
[cid:image001.jpg@01CFAB3A.122A03F0]
8 years, 4 months
disable kerberos SSO when needed
by Zhou, Limin (Ray)
Hello
Right now our keycloak server was setup to do kerberos authentication with ldap as backup, so in this case, the user will get them in automatically
from the company domain when they hitting the URL, we have application role definitions in the keycloak, if the user does not have the role configured
then we want to logout them back to the default key cloack login page and let them try their LDAP user account.
But because kerberos authentication is always on the top, so right after we logout the user, the kerberos will let them in automatically
right now we are using keycloak.logout from keycloak.js to logout user
I am wondering what is the good practice to achieve this?
Any suggestions are welcome
thanks
raymond
________________________________
Moneris Solutions Corporation | 3300 Bloor Street West | Toronto | Ontario | M8X 2X2 | Canada www.moneris.com 1-866-319-7450
If you wish to unsubscribe from future updates from Moneris, please click here<https://www.moneris.com/en/About-Moneris/Contact-Moneris/Unsubscribe.aspx>. Please see the Moneris Privacy Policy here<http://www.moneris.com/Home/Legal/Website-Policies/Privacy-Policy.aspx>.
This e-mail may be privileged and/or confidential, and the sender does not waive any related rights and obligations. Any distribution, use or copying of this e-mail or the information it contains by other than an intended recipient is unauthorized. If you received this e-mail in error, please advise me (by return e-mail or otherwise) immediately.
________________________________
Corporation Solutions Moneris | 3300, rue Bloor Ouest | Toronto | Ontario | M8X 2X2 | Canada www.moneris.com 1-866-319-7450
Si vous désirez enlever votre nom de la liste d’envoi de Moneris, veuillez cliquer ici<https://www.moneris.com/about-moneris/contact-moneris/unsubscribe?sc_lang...>. Veuillez consulter la Politique de confidentialité de Moneris ici<http://www.moneris.com/Home/Legal/Website-Policies/Privacy-Policy.aspx?sc...>.
Ce courriel peut contenir des renseignements confidentiels ou privilégiés, et son expéditeur ne renonce à aucun droit ni à aucune obligation connexe. La distribution, l’utilisation ou la reproduction du présent courriel ou des renseignements qu’il contient par une personne autre que son destinataire prévu sont interdites. Si vous avez reçu ce courriel par erreur, veuillez m’en aviser immédiatement (par retour de courriel ou autrement).
8 years, 4 months
Cannot log in as admin when using docker image 2.0.0 mysql
by Kevin Thorpe
I'm trying to use Keycloak 2.0.0 from the docker image using mysql and I
can't log in once running. It all starts up ok and it creates the initial
schema ok. When I try to log in to the admion console it can't find the
admin user. What am I doing wrong? I thought it was my modifications to the
image to add https that were wrong but it doesn't work from the published
image anyway.
lots snipped....
keycloak_1 | 2016-08-17T16:39:58.280453387Z 16:39:58,280 INFO [org.jboss.as]
(Controller Boot Thread) WFLYSRV0025: Keycloak 2.0.0.Final (WildFly Core
2.0.10.Final) started in 29551ms - Started 418 of 800 services (542
services are lazy, passive or on-demand)
keycloak_1 | 2016-08-17T16:40:16.238260785Z 16:40:16,237 WARN
[org.keycloak.events] (default task-7) type=LOGIN_ERROR, realmId=master,
clientId=security-admin-console, userId=null, ipAddress=10.20.11.52,
error=user_not_found, auth_method=openid-connect, auth_type=code,
redirect_uri=http://10.20.13.236:8080/auth/admin/master/console/,
code_id=2bde62ed-9b9f-4620-b07f-39d4a282098c, username=admin
docker-compose.yml is:
keycloak:
image: jboss/keycloak-mysql:2.0.0.Final
# image: docker.pibenchmark.com/pi-keycloak:2.0.0-01
environment:
MYSQL_PORT_3306_TCP_ADDR: mysql
MYSQL_PORT_3306_TCP_PORT: 3306
MYSQL_USERNAME: keycloak
MYSQL_PASSWORD: xxxxxx
ports:
- "8443:8443/tcp"
- "8080:8080/tcp"
links:
- keycloak-db:mysql
# tty: true
# stdin_open: true
keycloak-db:
environment:
MYSQL_ROOT_PASSWORD: yyyyyy
MYSQL_DATABASE: keycloak
MYSQL_USER: keycloak
MYSQL_PASSWORD: xxxxxx
image: mysql/mysql-server:5.6
volumes:
- keycloak-test-db:/var/lib/mysql
volume_driver: convoy
*Kevin Thorpe*
VP Enterprise Platform
www.p-i.net | @PI_150 <https://twitter.com/@PI_150>
*T: +44 (0)20 3005 6750 <%2B44%20%280%2920%203005%206750> | F: +44(0)20
7730 2635 <%2B44%280%2920%207730%202635> | T: +44 (0)808 204 0344
<%2B44%20%280%29808%20204%200344> *
*150 Buckingham Palace Road, London, SW1W 9TR, UK*
*SAVE PAPER - THINK BEFORE YOU PRINT!*
____________________________________________________________________
This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error please notify the system manager.
This message contains confidential information and is intended only for the
individual named. If you are not the named addressee you should not
disseminate, distribute or copy this e-mail. Please notify the sender
immediately by e-mail if you have received this e-mail by mistake and
delete this e-mail from your system. If you are not the intended recipient
you are notified that disclosing, copying, distributing or taking any
action in reliance on the contents of this information is strictly
prohibited.
8 years, 4 months
