September 2016 - keycloak-user - Jboss List Archives

by yassine yas

Hi, when an authenticated user try to logout (using the sign out from auth/realms/*{realName}*/account/) I get this error : Invalid redirect uri here is the uri of the page that shows the pb: http://10.129.3.27/auth/realms/*{realName}* /protocol/openid-connect/logout?redirect_uri=http%3A%2F%2F10.129.3.27%2Fauth%2Frealms%2F *{realName}*%2Faccount%2F (the *{realName}* is the same ) how can I change the log out redirect uri cordially

8 years, 4 months

2
1
0 / 0

Does Keycloak have a URL that returns 200 response?

by Sarp Kaya

Hello, There used to be an old thread and seems like a jira ticket here: https://issues.jboss.org/browse/KEYCLOAK-1578 I don’t really see how this is not prioritized at all (given that if a Keycloak instance does not respond, it would be super useful to know that immediately, and build system on top of that). Anyway, I’m using Keycloak in AWS, and I have a load balancer that needs to know whether an instance is up or not. The problem is I could not actually find any endpoint from Keycloak that I could easily get 200 response, without passing any query parameters or any special headers. I know that I can write some SPI that could just return 200, but that won’t be the actual case, because I actually want something that’s integrated with the Keycloak login flow (such as the login page, if login page does not return a response, or does something unexpected continuously then it would make more sense) So I’d be really happy if anyone knows whether such URL exists for Keycloak and tell me that. Kind Regards, Sarp Kaya

8 years, 4 months

2
2
0 / 0

Fwd: Adding Shibboleth IdP to KeyCloak

by sai prashanth

Hi, I am trying to add Shibboleth IdP to KeyCloak, but couldn't find any resource on how this could be done. I tried adding a new Identity Provider through KeyCloak admin console with following steps. 1. Login into KeyCloak's admin console. 2. Selecting required realm. 3. Selecting "SAML v2.0" from "Add Providers" dropdown in the "Identity providers" tab. 4. In create-Identity-Provider window, I used "Import External IDP configuration" by providing URL ( https://<hostname>/idp/shibboleth ) in "Import from URL" field. But this didn't work. I shall be grateful if someone could provide some resources on how this can be achieved and guide me. Thanks, Regards, Prashanth

8 years, 4 months

1
0
0 / 0

CN= is not being sent when creating users in LDAP

by Thomas Barcia

I have a user federation connected to Active Directory that works for authenticating users but I'm trying to create / modify LDAP users and it appears that I'm getting the error ENTRY_EXISTS because it's not filling the CN= attribute: Caused by: javax.naming.NameAlreadyBoundException: [LDAP: error code 68 - 00002071: UpdErr: DSID-0305038D, problem 6005 (ENTRY_EXISTS), data 0 In an attempt to get this working I've made the following changes to the federation: Changed Sync Registrations to ON Ensured RDN LDAP attribute set to cn Created a mapper called "fullname"; Mapper Type: "Full Name"; category "Attribute Mapper"; Type "Full Name"; LDAP Full Name Attribute: cn; read only OFF; write only: OFF Can anybody help me with what I missed? *** This communication has been sent from World Fuel Services Corporation or its subsidiaries or its affiliates for the intended recipient only and may contain proprietary, confidential or privileged information. If you are not the intended recipient, any review, disclosure, copying, use, or distribution of the information included in this communication and any attachments is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to this communication and delete the communication, including any attachments, from your computer. Electronic communications sent to or from World Fuel Services Corporation or its subsidiaries or its affiliates may be monitored for quality assurance and compliance purposes.***

8 years, 4 months

1
0
0 / 0

Keycloak integrated with Google Apps

by Marcelo Barbosa

Hi Guys, I'm try integrate my Keycloak together Google Apps, but I get the same error ever time and all documentation don't help me. Following my screen shots in attached. If someone help me I appreciate any collaboration. If fix this problem I create one post to help another Keycloak users. Cheers, Marcelo[image: Screen Shot 2016-09-02 at 11.11.35 PM.png][image: Screen Shot 2016-09-02 at 11.12.33 PM.png]

8 years, 4 months

2
2
0 / 0

SAML error for Google Apps

by Marcelo Barbosa

Hi all, I'm adjust my certificates and get another error in my integration(Keycloak and Google Apps), If someone see this same error in your environments ? Help <https://www.google.com/support/a>|Sign out <https://www.google.com/a/timer4docs.com.br/Logout> This service cannot be accessed because your login request contained invalid audience information. Please log in and try again. We are unable to process your request at this time, please try again later. Cheers,[image: Screen Shot 2016-09-06 at 1.08.07 AM.png] Marcelo …

8 years, 4 months

2
1
0 / 0

ClassNotFoundException when importing a resource server configuration JSON incl drools policy of 'photoz' example project

by FREIMUELLER Christian

Dear all, first of all - thanks for your effort for Keycloak - great product! I'm trying to do a POC for the authorization API in Keycloak and therefore I downloaded from the project's website the Demo distribution and tried to follow the readme instructions on the "photoz" example. The import of the realm was successful, but when I tried to load the resource server configuration JSON I received the following exception in the log file: Caused by: java.lang.ClassNotFoundException: org.apache.commons.codec.binary.Base64 from [Module "org.drools:main" from local module loader @1476ceae (finder: local module finder @1b4febf3 ( roots: D:\dev\software\keycloak\keycloak-demo-2.1.0.Final\keycloak\modules, D:\dev\software\keycloak\keycloak-demo-2.1.0.Final\keycloak\modules\system\layers\keycloak, D:\dev\software\keycloak\keycloak-demo-2.1.0.Final\keycloak\modules\system\layers\base ))] I was able to fix this issue by providing the following dependency entry in the drools module description for the commons-codec module at <KEYCLOAK_ROOT>\keycloak\modules\system\add-ons\keycloak\org\drools\main\module.xml After this I could successfully import the "photoz-restful-api-authz-service.json" finally. Could it be that this entry is also missing in the source code at https://github.com/keycloak/keycloak/tree/master/distribution/feature-pac... ? <dependencies> <module name="javax.api"/> <module name="javax.inject.api"/> <module name="javax.enterprise.api"/> <module name="org.slf4j"/> <module name="org.apache.commons.codec"/> <module name="org.apache.commons.logging"/> <module name="org.keycloak.keycloak-core"/> <module name="org.keycloak.keycloak-common"/> <module name="org.keycloak.keycloak-server-spi"/> </dependencies> I also found a related JIRA "KEYCLOAK-3279<https://issues.jboss.org/browse/KEYCLOAK-3279> Possible error with Drools policies when running on Windows" entry but this was closed without code fix, I think. Can you verify this finding? Thanks, Christian

8 years, 4 months

2
1
0 / 0

Bypass /identity page straight to linking to an Identity Provider?

by Chris Hairfield

Hello, We're building a mobile app with Keycloak pages loaded in webviews and would like to link directly to the following: http://localhost:8080/auth/realms/athlinks/account/federated-identity-upd... The problem is that stateChecker. We don't know how to obtain it. May we obtain it via API? I created a beautiful picture to illustrate. You may think of the left view as a native representation of the /auth/realms/athlinks/account/identity page. Does anyone know of any way to jump straight to the authorization page on the right? Thanks! Chris [image: desired-ux.jpg]

8 years, 4 months

2
1
0 / 0

Force the display of Keycloak login page when using "authenticate by default" external OIDC IdP

by Gabriel Lavoie

Hi, we are currently using Keycloak as a broker to do the SAML authentication to an external service for us. Keycloak is configured to authenticate the user with an external IdP (our application) that is set with the "Authenticate by default" flag to ON. Is it possible to still force the display of the Keycloak login page, but only for some scenarios? We would like to have system integration users that don't exist in our application (not exposed to our customers), but would still be usable to access the external service (with proper roles). Thanks, Gabriel -- Gabriel Lavoie glavoie(a)gmail.com

8 years, 4 months

2
1
0 / 0

Exposing the applications API

by Grégoire Paris

Hello! I'm trying to get a REST equivalent of /auth/realms/{my-realm}/account/applications , is there one and if yes, where is it documented? I've looked for it in the admin REST api doc, without luck, but maybe it's a separate API? The ultimate goal would be to be able to list applications a user has access to, from a special client application named "Dashboard", which aims at helping employees move easily from one application to another. If you're interested in fake internet points, you can answer this on SO: http://stackoverflow.com/questions/39333592/account-applications-api Have a nice day, -- G.Paris

8 years, 4 months

2
2
0 / 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

keycloak-user September 2016