Keycloak Custom User Attributes description not correcte from the reference guide
by hasane has
Hi,
I'm working with keycloak 1.6.1, and I'm following the ref guide to
customize users attributs, but I found that there is a lot of incorrecte
information
for example to customize users attributs you should:
1. Create a new theme within the *themes/admin/mytheme* directory in your
distribution. Where mytheme is whatever you want to name your theme. (but
the path doesn't existe, I think the correct path is
*themes\keycloak\admin* )
2. ....(is correcte)
3. Copy the file
*themes/admin/base/resources/partials/user-attribute-entry.html* into
....(the path is not correct, but in *themes\base\admin\resources\partials*
I find that doesn't contains user-attribute-entry.html)
Thanks in advance .
8 years, 5 months
Keycloak I can not change the password in ldap
by Fox 69
Hello
My use case is the following:
Create an ldap federation keycloak-windows server
Create a user in keycloak.
And my problem is here when I want to change the cardenciais, does not work and shows the error "Invalid password Error:. Fails to match regex pattern (s)."
Thanks
8 years, 5 months
Why is the Base URL repeated in client configuration?
by Martin Min
Hello, I am configuring a client in the KeyCloak admin console, but am
having a trouble to create an client to secure. Specifically, The Base URL
field is wrong (repeated), as I saved in the configuration page.
Please see the two attachments for an illustration of the the issue. This
looks very weird.
As you can see clearly from keycloak2.png, the base URL i typed is
repeated, thus invalid.
Thanks for any information that might be helpful.
Martin
8 years, 5 months
Keycloak Reference Token Support
by Jitendra Chouhan
I want to know does keycloak have support for Reference/Opaque token. I
have found one feature request which is still in open submitted for
implementing reference token fetaure i.e. KEYCLOAK-1719. Today i came
across "KEYCLOAK-2738" which talks about problem related to aud is missing
from reference token.Can someone confirm, whether Reference/Opaque token
feature is provided by keycloak if yes then please provide reference point
to do configuration to generate "Reference/Opqaue" token.
Thanks,
Jitendra Chouhan
8 years, 5 months
Customize Themes by Client
by Josh Cain
Hi All,
I've got some SP's that want the ability to customize the look/feel of the
login page. Couldn't find anything on the docs/jira site, but was curious
as to whether:
- Keycloak currently supports login themes by client
- If not, would the team be open to such a feature?
Josh Cain | Software Applications Engineer
*Identity and Access Management*
*Red Hat*
+1 843-737-1735
8 years, 5 months
Authenticate externally (broker identity) or locally
by Haim Vana
Hi,
In Identity provider settings using the 'Authenticate by Default' option the user can choose between authentication with the external IDP or locally (for example).
Is there an option to achieve the same with different URL's one for local and one for external ? so it will be without the user intervention.
The motivation is that sometime we want the external user to authenticate locally, for example due to some customization we have in our login page (a plugin that injects the user/psw to the local login page).
Thanks,
Haim.
The information contained in this message is proprietary to the sender, protected from disclosure, and may be privileged. The information is intended to be conveyed only to the designated recipient(s) of the message. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, use, distribution or copying of this communication is strictly prohibited and may be unlawful. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank you.
8 years, 5 months
Client roles for 'security-admin-console' application are not fine grained enough
by Valerij Timofeev
Hi,
after reading the ticket KEYCLOAK-528 I've encountered two other issues in
the "security-admin-console" application (tested on RH SSO 7.0.0):
1) As soon as a realm user gets the 'manage-users' role, he can manage
"User federation" settings and even delete it. This can result in
unintentional removal of all users linked with the user federation provider
and thus affect potentially millions of users.
2) Users having 'view-users' role can view "User Federation". "Delete"
button is visible as well although it does not work finally.
IMO "User federation" should be covered by the realm management roles
instead.
Additionally the provided roles for the 'realm-management' client are not
fine grained enough IMO. One role per REST method would be ideal and, I
suppose, simplier to consider in the Keycloak Admin API.
The "security-admin-console" application without fine grained roles exposes
too much risk in real life scenarios and so makes it unusable. One use case
in mind: prevent deletion of any kind for Helpdesk employees e.g. managing
users. Having dedicated roles for DELETE operation would make such task
possible.
Kind regards
Valerij Timofeev
8 years, 5 months
Firstname and Lastname are null when REGISTER event
by Jairo Henao
Hello community:
I have a listener for REGISTER event and it works well, but when I try to get the first and last names of the user are null, but all other fields are filled as mail, telephone, etc.
@Override
public void onEvent(Event event) {
if (includedEvents.contains(event.getType())) {
if (event.getRealmId() != null && event.getUserId() != null) {
RealmModel realm = model.getRealm(event.getRealmId());
UserModel user = session.users().getUserById(event.getUserId(), realm);
if (user != null) {
if(isUserEnroledForClients(user, realm)){
//Cheking the event type
if(EventType.REGISTER.equals(event.getType())){
//Sending the new data to hubspot
log.infov("Registering the new user {0} in Hubspot...", user.getEmail());
user.getEmail(); //IS FILLED
user.getFirstName (); //IS NULL
user.getLastName (); //IS NULL
After the registration process ends if I check the table, the new user has a firstName and lastName.
Jairo Henao Rojas
IT ROI Solutions
8 years, 5 months
