Invoke interceptor to modify object created by adatper after reading keycloak json file
by Jitendra Chouhan
Hello,
Is there anyway we can use keep/invoke some kind of interceptor once
keycloak.json file has been read and object created by keycloak
adapter(code) for web application adapter. Which class get initialized and
create's object from installed JSON file?
While referring SPI section in there keycloak documentation found there is
Config class which has
hold that data but could not get much idea to write custom implementation
to inject data in object created by keycloak adapter.
Do not want to keep client key and keystore password in JSON file instead
can be pulled from somewhere else at run time and will inject into created
object with custom code.
Please do let me know if further information is required.
Thanks & Regards,
Jitendra Chouhan
8 years, 4 months
Keycloak 2.1.0 Random SQL Errors (Possible connection leaks)
by Sarp Kaya
Hello, after upgrading to Keycloak 2.1.0 I have started to see that Keycloak is logging warnings like this:
WARN [org.hibernate.engine.jdbc.spi.SqlExceptionHelper] (default task-224) SQL Error: 0, SQLState: null
I am using MySQL Database.
Another thing I noticed with this is that I listen to this JMX for metrics:
jboss.as.expr:subsystem=datasources,data-source=MySQLDS,statistics=pool
for the ActiveCount metric
and I constantly see this being 18 despite having nearly no Keycloak usage. So it’s making me to think that there is a connection leak in Keycloak, because I should not see 18 active connections, when there is no load on Keycloak.
Could you please have a look at this? I don’t really remember seeing this issue in Keycloak 2.0.0, so I’m just guessing it could be just 2.1.0 issue as well…
Kind Regards,
Sarp Kaya
8 years, 4 months
user credential and role pro grammatically
by yassine yas
Hi,
I'm creating users programmatically from my java code,but the users
credential and roles are note "persisted" (I think), when the user try to
authenticate he get *Invalid username or password (*even if he is visible
in the admin console), If I define (from the admin console) a passe Word
for the user and use it he can access his account, but here come the 2
problem, even if I give him the right (role) to use a resource he gets
forbidden.
here is the code that I use to define users credential and role :
* CredentialRepresentation credential = new
CredentialRepresentation();*
* credential.setType(CredentialRepresentation.PASSWORD);
*
* credential.setValue("123");
*
* user.setCredentials(Arrays.asList(credential));
*
* user.setRealmRoles(Arrays.asList("guest"));
*
Cordially
8 years, 4 months
Authentication level realm
by Steve Favez
Dear all,
I need to implement the following use case.
My web application is authenticated against a given realm on keycloak,
using a simple user / password authentication model. But a part of my web
app would require a stronger authentication mechanism (a second factor in
fact) based on the current user.
What's the "best" solution using keycloak ? I was thinking of two different
solutions
1. add an attibute in my OIDC token that could be named "level", and having
an adapter that would check the level of the token, and if not
corresponding, redirect to the realm that would ask for the second factor
of authentication
2. Create a "2FA" realm,that would rely on the simple authentication
realm... but is it possible in the same web app (I mean, to use two realms)
Open to any ideas
Thanks
St
8 years, 4 months
How to integrate or make use of KeyCloak user database in my own application?
by Ling
Hi, All:
So far I have been playing with KeyCloak and been able to set it up and
running the customer-portal example successfully. Now I need to actually
use it in my application, and I am not totally sure whether KeyCloak is the
thing that I am looking for, but I believe my need is just a common use
case and hopefully KeyCloak is the right software that I am looking for..
When a user comes to my website, he registers and makes a post. Both the
post and the user information is stored into databases, and the link
between the user and post, i.e. who made which post? So I have two tables
in my database: Post(id, post) and User(id,name), and another table
UserPost(PostID, UserID) to store linking information. This is all fine in
my own database.
But now when KeyCloak comes into play, the user first registers in KeyCloak
server and user information are stored in its own database there, which
seems unrelated to the database (Post and User) in my application. I don't
want to duplicate two User databases in two servers, right? Even if I can
tolerate the duplication, how to make the connection between KeyCloak
database and my application database? I am using JBoss, Hibernate/JPA in my
application.
Maybe I am missing something in the way how to connect KeyCloak with my own
application. Is there any tutorial or documentation that I can read?
Thank you.
8 years, 4 months
Fw: Any clue regarding javax.ws.rs.core.UriBuilderException: empty host name
by Kamal Jagadevan
Hi Folks.... We had gone with Keycloak implementation in one of our production instance with Keycloak 1.6.1.FinalAnd observing the empty host name log filling up the node consistently....
I know we have to upgrade to latest version but is there any clue or direction to find or block this error message filling up the node.Any help in this regards will be appreciated.
ThanksKamal
specific bothering log
12:46:23 xxx docker/"keycloak"[1051]: #033[0m#033[33m12:46:23,285 WARN [org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher] (default task-16) Failed to parse request.: javax.ws.rs.core.UriBuilderException: Failed to create URI: null
12:46:23 xxx docker/"keycloak"[1051]: #011at org.jboss.resteasy.specimpl.ResteasyUriBuilder.buildFromValues(ResteasyUriBuilder.java:746)
12:46:23 xxx docker/"keycloak"[1051]: #011at org.jboss.resteasy.specimpl.ResteasyUriBuilder.build(ResteasyUriBuilder.java:718)
12:46:23 xxx docker/"keycloak"[1051]: #011at org.jboss.resteasy.spi.ResteasyUriInfo.initialize(ResteasyUriInfo.java:58)
12:46:23 xxx docker/"keycloak"[1051]: #011at org.jboss.resteasy.spi.ResteasyUriInfo.<init>(ResteasyUriInfo.java:53)
12:46:23 xxx docker/"keycloak"[1051]: #011at org.jboss.resteasy.plugins.server.servlet.ServletUtil.extractUriInfo(ServletUtil.java:41)
12:46:23 xxx docker/"keycloak"[1051]: #011at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:199)
12:46:23 xxx docker/"keycloak"[1051]: #011at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
12:46:23 xxx docker/"keycloak"[1051]: #011at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
12:46:23 xxx docker/"keycloak"[1051]: #011at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
12:46:23 xxx docker/"keycloak"[1051]: #011at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:86)
12:46:23 xxx docker/"keycloak"[1051]: #011at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:130)
12:46:23 xxx docker/"keycloak"[1051]: #011at org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:61)
12:46:23 xxx docker/"keycloak"[1051]: #011at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)
12:46:23 xxx docker/"keycloak"[1051]: #011at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132)
12:46:23 xxx docker/"keycloak"[1051]: #011at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:85)
12:46:23 xxx docker/"keycloak"[1051]: #011at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
12:46:23 xxx docker/"keycloak"[1051]: #011at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
12:46:23 xxx docker/"keycloak"[1051]: #011at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
12:46:23 xxx docker/"keycloak"[1051]: #011at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
12:46:23 xxx docker/"keycloak"[1051]: #011at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
12:46:23 xxx docker/"keycloak"[1051]: #011at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
12:46:23 xxx docker/"keycloak"[1051]: #011at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
12:46:23 xxx docker/"keycloak"[1051]: #011at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
12:46:23 xxx docker/"keycloak"[1051]: #011at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
12:46:23 xxx docker/"keycloak"[1051]: #011at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58)
12:46:23 xxx docker/"keycloak"[1051]: #011at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:72)
12:46:23 xxx docker/"keycloak"[1051]: #011at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
12:46:23 xxx docker/"keycloak"[1051]: #011at io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76)
12:46:23 xxx docker/"keycloak"[1051]: #011at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
12:46:23 xxx docker/"keycloak"[1051]: #011at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
12:46:23 xxx docker/"keycloak"[1051]: #011at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
12:46:23 xxx docker/"keycloak"[1051]: #011at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
12:46:23 xxx docker/"keycloak"[1051]: #011at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:282)
12:46:23 xxx docker/"keycloak"[1051]: #011at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:261)
12:46:23 xxx docker/"keycloak"[1051]: #011at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:80)
12:46:23 xxx docker/"keycloak"[1051]: #011at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:172)
12:46:23 xxx docker/"keycloak"[1051]: #011at io.undertow.server.Connectors.executeRootHandler(Connectors.java:199)
12:46:23 xxx docker/"keycloak"[1051]: #011at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:774)
12:46:23 xxx docker/"keycloak"[1051]: #011at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
12:46:23 xxx docker/"keycloak"[1051]: #011at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
12:46:23 xxx docker/"keycloak"[1051]: #011at java.lang.Thread.run(Thread.java:745)
12:46:23 xxx docker/"keycloak"[1051]: Caused by: javax.ws.rs.core.UriBuilderException: empty host name
12:46:23 xxx docker/"keycloak"[1051]: #011at org.jboss.resteasy.specimpl.ResteasyUriBuilder.buildString(ResteasyUriBuilder.java:537)
12:46:23 xxx docker/"keycloak"[1051]: #011at org.jboss.resteasy.specimpl.ResteasyUriBuilder.buildFromValues(ResteasyUriBuilder.java:740)
12:46:23 xxx docker/"keycloak"[1051]: #011... 40 more
12:46:23 xxx docker/"keycloak"[1051]:
8 years, 4 months
