Keycloak 2.2.1.Final HTTPS new XML setup versus old JSON
by Joe Thielen
I'm trying to figure out how to configure HTTPS on 2.2.1.Final. I've done
it on 2.1.0.Final and had it functioning. I used to put the following into
*standalone/configuration/keycloak-server.json*
"connectionsHttpClient": {
"default": {},
"client-keystore":
"${jboss.home.dir}/standalone/configuration/keycloak.jks",
"client-keystore-password": "TPF-KCVM-KCKEYSTOREPASS",
"client-key-password": "TPF-KCVM-KCKEYSTOREPASS"
},
Now I understand there is no more JSON file. I'm having issues getting the
XML version running in standalone/configuration/standalone.xml.
I looked at
https://keycloak.gitbooks.io/server-installation-and-configuration/conten...
and now I've got this:
<spi name="connectionsHttpClient">
<provider name="default" enabled="true"/>
<properties>
<property name="client-keystore"
value="${jboss.home.dir}/standalone/configuration/keycloak.jks"/>
<property name="client-keystore-password"
value="Test1234"/>
<property name="client-key-password"
value="Test1234"/>
</properties>
</spi>
And also:
<spi name="truststore">
<provider name="file" enabled="true">
<properties>
<property name="file"
value="${jboss.home.dir}/standalone/configuration/keycloak.jks"/>
<property name="password"
value="Test1234"/>
<property
name="hostname-verification-policy" value="WILDCARD"/>
<property name="disabled"
value="false"/>
</properties>
</provider>
</spi>
However, when I start Keycloak I get this error:
18:07:46,305 ERROR [org.jboss.as.server] (Controller Boot Thread)
WFLYSRV0055: Caught exception during boot:
org.jboss.as.controller.persistence.ConfigurationPersistenceException:
WFLYCTL0085: Failed to parse configuration
at
org.jboss.as.controller.persistence.XmlConfigurationPersister.load(XmlConfigurationPersister.java:131)
at org.jboss.as.server.ServerService.boot(ServerService.java:356)
at
org.jboss.as.controller.AbstractControllerService$1.run(AbstractControllerService.java:299)
at java.lang.Thread.run(Thread.java:745)
Caused by: javax.xml.stream.XMLStreamException: Unknown keycloak-server
subsystem tag: property
at
org.keycloak.subsystem.server.extension.KeycloakSubsystemParser.readElement(KeycloakSubsystemParser.java:82)
at
org.keycloak.subsystem.server.extension.KeycloakSubsystemParser.readElement(KeycloakSubsystemParser.java:56)
at
org.jboss.staxmapper.XMLMapperImpl.processNested(XMLMapperImpl.java:110)
at
org.jboss.staxmapper.XMLExtendedStreamReaderImpl.handleAny(XMLExtendedStreamReaderImpl.java:69)
at
org.jboss.as.server.parsing.StandaloneXml_4.parseServerProfile(StandaloneXml_4.java:546)
at
org.jboss.as.server.parsing.StandaloneXml_4.readServerElement(StandaloneXml_4.java:242)
at
org.jboss.as.server.parsing.StandaloneXml_4.readElement(StandaloneXml_4.java:141)
at
org.jboss.as.server.parsing.StandaloneXml.readElement(StandaloneXml.java:103)
at
org.jboss.as.server.parsing.StandaloneXml.readElement(StandaloneXml.java:49)
at
org.jboss.staxmapper.XMLMapperImpl.processNested(XMLMapperImpl.java:110)
at
org.jboss.staxmapper.XMLMapperImpl.parseDocument(XMLMapperImpl.java:69)
at
org.jboss.as.controller.persistence.XmlConfigurationPersister.load(XmlConfigurationPersister.java:123)
... 3 more
18:07:46,306 FATAL [org.jboss.as.server] (Controller Boot Thread)
WFLYSRV0056: Server boot has failed in an unrecoverable manner; exiting.
See previous messages for details.
Did I do it wrong?
8 years, 3 months
Have adapter expose RelayState?
by Jared Blashka
Is the RelayState parameter exposed to the client application in any way
after a login request?
I couldn't find anything in the documentation or the code mentioning it.
I ended up having to write a valve for my application that captured the
RelayState parameter and storing it in the session for use. I think it
would make sense if the adapters automatically did something similar.
Jared Blashka
8 years, 3 months
Custom rest endpoint
by Mariusz Chruscielewski - Info.nl
I can't make REST endpoint work, I'm using exactly code supplied in example, I tried also to check how standard endpoints in keycloak code are created, all looks similar:
/**
* @author <a href="mailto:sthorger@redhat.com<mailto:sthorger@redhat.com>">Stian Thorgersen</a>
*/
public class HelloResourceProvider implements RealmResourceProvider {
private KeycloakSession session;
public HelloResourceProvider(KeycloakSession session) {
this.session = session;
}
@GET
@Produces(MediaType.TEXT_HTML)
@Path("/{action}")
public String get(@PathParam("action") String action) {
//String requestUri = session.getContext().getUri().getRequestUri().toString();
String title = "APP_REQUEST";
if (action.equals("auth")) {
title = "AUTH_RESPONSE";
} else if (action.equals("logout")) {
title = "LOGOUT_REQUEST";
}
StringBuilder sb = new StringBuilder();
sb.append("<html><head><title>" + title + "</title></head><body>");
UriBuilder base = UriBuilder.fromUri("http://localhost:8180/auth");
sb.append("<a href=\"" + RealmsResource.accountUrl(base).build("test").toString() + "\" id=\"account\">account</a>");
sb.append("</body></html>");
return sb.toString();
}
@Override
public Object getResource() {
return this;
}
@Override
public void close() {
}
}
But I'm still getting:
RESTEASY003815: Subresource for target class has no jax-rs annotations.: nl.vi.keycloak.providers.rest.HelloResourceProvider
Can you please help me? Thanks
Kind Regards,
Mariusz Chruscielewski
Software Engineer | mariusz(a)info.nl<mailto:mariusz@info.nl>
+31 (0)20 530 91 13 | +48 695 555 292
info.nl <http://www.info.nl/> making platforms work<http://www.info.nl/nl?utm_source=e-mail_sig&utm_medium=e-mail&utm_term=co...>
Sint Antoniesbreestraat 16 | 1011 HB Amsterdam | +31 (0)20 530 91 11
Facebook<https://www.facebook.com/infonl> | Twitter<https://twitter.com/infonl> | LinkedIn<https://www.linkedin.com/company/info-nl> | Google+<https://plus.google.com/+infonl/>
8 years, 3 months
Loading extra info in the access token
by Aritz Maeztu
I'm developing the authorization part for my application with keycloak,
but I need to include some extra info when the authentication is performed.
Each user in my application has permissions for a set of organizations
and I want to have the organization ids loaded in the access token (I
think this might be convenient?). The users themselves might be stored
in the keycloak database itself, but the organizations they have access
to might change in runtime, that's why I want to store them in the
access token, to have them reloaded each time a user logs in. Do I need
to implement a custom SPI for this?
Regards
--
Aritz Maeztu Otaño
Departamento Desarrollo de Software
<https://www.linkedin.com/in/aritz-maeztu-ota%C3%B1o-65891942>
<http://www.tesicnor.com>
Pol. Ind. Mocholi. C/Rio Elorz, Nave 13E 31110 Noain (Navarra)
Telf. Aritz Maeztu: 948 68 03 06
Telf. Secretaría: 948 21 40 40
Antes de imprimir este e-mail piense bien si es necesario hacerlo: El
medioambiente es cosa de todos.
8 years, 3 months
NOT_ATTEMPTED: bearer only error while trying to access server from client
by Ganga Lakshmanasamy
Hi,
We are getting the "NOT_ATTEMPTED: bearer only" error while trying to
access our backend rest service which has access type as bearer only from
our public angular js based client.
We are setting the "Authorization" header in our request but looks like the
adapter is not able to recognize the header with the bearer token.
Please help us resolving the issue.
*Note*: We are able to invoke the rest services with same bearer token from
other rest clients like post man and advanced rest client for chrome. The
issue comes up only when we try from our angular js code.
Regards,
Ganga Lakshmanasamy
8 years, 3 months
Mapping saml attributes to roles in keycloak
by Manuel Palacio
Hello,
I have a Java application that talks openid-connect with Keycloak and then
Keycloak uses the SAML 2.0 Identity provider to redirect to a 3rd party
SAML idp, acting as an identity broker.
So far so good, I can login into my application with a user existing in the
3rd party idp. Great! but where I am bit stuck is when I try to map
attributes in the SAML response from the idp.
Basically, I would like Keycloak to populate the roles in the access token
that my application gets in the web request with the information coming in
the SAML attribute. In other words, I want the 3rd party SAML idp to decide
what role/s should be assigned to the user.
Is my assumption correct that all I need is the attribute importer mapper
in the SAML provider to do this? So far I could not get it to work L What
is the appropriate way to do this?
Thank you!
Manuel Palacio
8 years, 3 months
Remember me doesn't work after keycloak restart
by Mariusz Chruscielewski - Info.nl
Hi. Is it possible to persist sessions after keycloak restart? We are using remember me functionality, and after keycloak server is restarted, all users have to login again (I'm not sure if this is about session, or maybe some other remember-me-session). Is there any way to configure that? Thanks in advance.
Kind Regards,
Mariusz Chruscielewski
8 years, 3 months
Returned mail: Data format error
by MAILER-DAEMON
The original message was received at Wed, 28 Sep 2016 13:19:06 +0530 from lists.jboss.org [94.121.4.41]
----- The following addresses had permanent fatal errors -----
<keycloak-user(a)lists.jboss.org>
----- Transcript of the session follows -----
... while talking to server lists.jboss.org.:
>>> RCPT To:<keycloak-user(a)lists.jboss.org>
<<< 550 MAILBOX NOT FOUND
8 years, 3 months
