Notifying clients after session creation in Keycloak
by Daniel Radzikowski
Hi,
I'm working on custom SSO, which uses Direct Grant API to store sessions in
Keycloak. The SSO creates own cookie and data related to it and then
creates session in Keycloak calling /protocol/openid-connect/token, hiding
returned tokens behind the cookie. I'm aware that solution isn't the best
one, but that's not the case now.
What I need now is to provide OpenID Connect Authorization Code Flow to
external clients of my custom SSO. The easiest solution would be if they
called Keycloak directly, but then the session in custom SSO is not created
and the Keycloak session in not related to the user data stored in custom
SSO.
The question is if there is any way to notify clients (custom SSO) after
successful session creation in Keycloak? It would need to call the custom
SSO with the contents of /protocol/openid-connect/token response, allowing
the custom SSO to store tokens behind the cookie. What if I implemented
such a feature and merged it to Keycloak?
--
Pozdrawiam,
Daniel Radzikowski.
7 years, 10 months
Using another name than Keycloak's?
by Guus der Kinderen
Hi,
We're attempting to protect a service using Keycloak. We've noticed that
some values that are valid usernames in Keycloak, are not valid in our
service.
We'd like to be able to use a username in our service that's different from
the username that is used in Keycloak. Preferably, we'd like Keycloak to
store the association between 'our' username and the Keycloak user.
Is something like this feasible with the existing integration features that
are offered by Keycloak?
Regards,
Guus
7 years, 10 months
keycloak.js library, init callback never called?
by David Delbecq
Hello,
I have a strange issue with the keycloak.js library. I have this code
var loader = $q.defer();
var keycloakAuth = new Keycloak(keycloakConfig);
var keycloakInit = ......
keycloakAuth.init(keycloakInit).success(function (authenticated) {
auth.loggedIn = authenticated;
if (authenticated){
KeycloakStorage.setStatus(keycloakAuth);
}
auth.authz = keycloakAuth;
loader.resolve('loaded');
}).error(function () {
loader.reject('Failed to load keycloak settings');
});
The init is in check-sso mode and include the refresh and access token last
saved in borwser storage.
However, when there is some keycloak misconfiguration (here CORS value were
bad in client config of keycloak), the iframe generates a 404 without any
log event in keycloak, and on javascript side, neither the success nor the
error callback get called. I had the feeling, reading the doc, that i
should have the guarantee that either error or success will be called. Am i
understanding the documentation wrong or is it a bug in Keycloak.js ?
Best regards.
--
<http://www.trimble.com/>
David Delbecq
Software engineer, Transport & Logistics
Geldenaaksebaan 329, 1st floor | 3001 Leuven
+32 16 391 121 <+32%2016%20391%20121> Direct
david.delbecq(a)trimbletl.com
<http://www.trimbletl.com/>
7 years, 10 months
Auth SPI being refactored in 3.0
by Bill Burke
The Authentication SPI is being refactored in 3.0. Like what happened
in Keycloak 2.x and the User Storage SPI, the Authentication SPI will be
refactored and improved through various 3.x releases. We'll clean up
areas, rewrite certain areas, and get the SPI ready so that it can be
stable and supportable for the foreseeable future. We are also doing
this work so that we can support things like step-up authentication and
FIDO etc. although the latter is for much later down the road.
The first area that will be tackled will be the Form SPI.
Regards,
Bill
7 years, 10 months
OAuth token introspection
by Jason B
Hi,
I am trying to understand the OAuth 2.0 capabilities of Keycloak server and
I have a few questions with respective to the implementation of OAuth
introspection spec.
This is how a sample introspection response looking like
{
"jti": "7e0a2c4b-9725-432b-a0fd-594f21686108",
"exp": 1485492229,
"nbf": 0,
"iat": 1485491929,
"iss": "http://localhost:8080/auth/realms/nkadali",
"aud": "proxy",
"sub": "e89175d5-94fd-453a-8abb-9953d59d04cf",
"typ": "Bearer",
"azp": "proxy",
"auth_time": 1485487408,
"session_state": "c05ea410-6f0a-458d-9b2c-debafba732b7",
"name": "",
"preferred_username": "jason",
"acr": "0",
"client_session": "5d761332-97eb-404d-8624-3de4eca967cd",
"allowed-origins": [],
"realm_access": {
"roles": [
"uma_authorization"
]
},
"resource_access": {
"account": {
"roles": [
"manage-account",
"view-profile"
]
}
},
"client_id": "proxy",
"username": "jason",
"active": true
}
I have two question based on this response.
1. According to the OAuth OAuth 2.0 Token Introspection (
https://tools.ietf.org/html/rfc7662) the json response body may contain
"token_type" member. But why keycloak representing "token_type" as "typ"?
Is there any specific reason?
2. I don't see any "scope" attribute in the response body even though I
supplied scope parameter while requesting for the access token. Any idea on
how to get scopes associated with the supplied access token?
Thanks!
7 years, 10 months
Re: [keycloak-user] Keycloak using HTTPS, error login Facebook
by LEONARDO NUNES
I¹m sorry everyone, the server I was testing the HTTPS didn¹t have access
to the Internet.
After fixing the Internet connection everything is working fine.
--
Leonardo
On 09/02/17 14:47, "keycloak-user-bounces(a)lists.jboss.org on behalf of
LEONARDO NUNES" <keycloak-user-bounces(a)lists.jboss.org on behalf of
leo.nunes(a)gjccorp.com.br> wrote:
>[Este remetente foi reprovado em nossas verificações de detecção de
>fraude e pode não ser quem ele parece ser. Saiba mais sobre falsificação
>em http://aka.ms/LearnAboutSpoofing]
>
>Hi Everyone,
>
>I¹m using Keycloak 1.9.8 in production.
>Everything was working fine before I configured to use HTTPS.
>Now when I try to login using Facebook, I get the error below.
>Normal login with email and password is working fine.
>
>Steps:
>
> * Go to a restricted page
> * On Keycloak login page click on the Facebook icon
> * Login at Facebook
> * When Facebook tries to redirect back, after a couple minutes I get
>the error below
>
>
>2017-02-09 14:36:22,502 ERROR
>[org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider] (default
>task-1) Failed to make identity provider oauth callback:
>java.net.ConnectException: Connection timed out
>at java.net.PlainSocketImpl.socketConnect(Native Method)
>at
>java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:35
>0)
>at
>java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.
>java:206)
>at
>java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)
>at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
>at java.net.Socket.connect(Socket.java:589)
>at sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:668)
>at sun.security.ssl.BaseSSLSocketImpl.connect(BaseSSLSocketImpl.java:173)
>at sun.net.NetworkClient.doConnect(NetworkClient.java:180)
>at sun.net.www.http.HttpClient.openServer(HttpClient.java:432)
>at sun.net.www.http.HttpClient.openServer(HttpClient.java:527)
>at sun.net.www.protocol.https.HttpsClient.<init>(HttpsClient.java:264)
>at sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:367)
>at
>sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpCl
>ient(AbstractDelegateHttpsURLConnection.java:191)
>at
>sun.net.www.protocol.http.HttpURLConnection.plainConnect0(HttpURLConnectio
>n.java:1105)
>at
>sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection
>.java:999)
>at
>sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Abst
>ractDelegateHttpsURLConnection.java:177)
>at
>sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(HttpURLConnec
>tion.java:1283)
>at
>sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnect
>ion.java:1258)
>at
>sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURL
>ConnectionImpl.java:250)
>at
>org.keycloak.broker.provider.util.SimpleHttp.asString(SimpleHttp.java:141)
>at
>org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider$Endpoint.authRespo
>nse(AbstractOAuth2IdentityProvider.java:228)
>at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>at
>sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:
>62)
>at
>sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorIm
>pl.java:43)
>at java.lang.reflect.Method.invoke(Method.java:498)
>at
>org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:
>139)
>at
>org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMetho
>dInvoker.java:295)
>at
>org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker
>.java:249)
>at
>org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(Resour
>ceLocatorInvoker.java:138)
>at
>org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvok
>er.java:107)
>at
>org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(Resour
>ceLocatorInvoker.java:133)
>at
>org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvok
>er.java:101)
>at
>org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher
>.java:395)
>at
>org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher
>.java:202)
>at
>org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.servi
>ce(ServletContainerDispatcher.java:221)
>at
>org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(Ht
>tpServletDispatcher.java:56)
>at
>org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(Ht
>tpServletDispatcher.java:51)
>at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
>at
>io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.j
>ava:85)
>at
>io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(Filter
>Handler.java:129)
>at
>org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(Keyclo
>akSessionServletFilter.java:88)
>at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)
>at
>io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(Filter
>Handler.java:131)
>at
>io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.jav
>a:84)
>at
>io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleReq
>uest(ServletSecurityRoleHandler.java:62)
>at
>io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(Servl
>etDispatchingHandler.java:36)
>at
>org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.
>handleRequest(SecurityContextAssociationHandler.java:78)
>at
>io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandle
>r.java:43)
>at
>io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.han
>dleRequest(SSLInformationAssociationHandler.java:131)
>at
>io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.han
>dleRequest(ServletAuthenticationCallHandler.java:57)
>at
>io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandle
>r.java:43)
>at
>io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest
>(AbstractConfidentialityHandler.java:46)
>at
>io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHand
>ler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
>at
>io.undertow.security.handlers.AuthenticationMechanismsHandler.handleReques
>t(AuthenticationMechanismsHandler.java:60)
>at
>io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.ha
>ndleRequest(CachedAuthenticatedSessionHandler.java:77)
>at
>io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(No
>tificationReceiverHandler.java:50)
>at
>io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.ha
>ndleRequest(AbstractSecurityContextAssociationHandler.java:43)
>at
>io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandle
>r.java:43)
>at
>org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRe
>quest(JACCContextIdHandler.java:61)
>at
>io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandle
>r.java:43)
>at
>io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandle
>r.java:43)
>at
>io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(Serv
>letInitialHandler.java:284)
>at
>io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(Servlet
>InitialHandler.java:263)
>at
>io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletIniti
>alHandler.java:81)
>at
>io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(Servlet
>InitialHandler.java:174)
>at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
>at
>io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:793)
>at
>java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:
>1142)
>at
>java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java
>:617)
>at java.lang.Thread.run(Thread.java:745)
>
>2017-02-09 14:36:22,503 WARN [org.keycloak.events] (default task-1)
>type=LOGIN_ERROR, realmId=accounts, clientId=null, userId=null,
>ipAddress=10.112.0.28, error=identity_provider_login_failure
>
>
>
>
>--
>Leonardo Nunes
>________________________________
>Esta mensagem pode conter informação confidencial e/ou privilegiada. Se
>você não for o destinatário ou a pessoa autorizada a receber esta
>mensagem, não poderá usar, copiar ou divulgar as informações nela
>contidas ou tomar qualquer ação baseada nessas informações. Se você
>recebeu esta mensagem por engano, por favor avise imediatamente o
>remetente, respondendo o e-mail e em seguida apague-o. Agradecemos sua
>cooperação.
>
>This message may contain confidential and/or privileged information. If
>you are not the addressee or authorized to receive this for the
>addressee, you must not use, copy, disclose or take any action based on
>this message or any information herein. If you have received this message
>in error, please advise the sender immediately by reply e-mail and delete
>this message. Thank you for your cooperation
>_______________________________________________
>keycloak-user mailing list
>keycloak-user(a)lists.jboss.org
>https://lists.jboss.org/mailman/listinfo/keycloak-user
7 years, 10 months
Keycloak using HTTPS, error login Facebook
by LEONARDO NUNES
Hi Everyone,
I’m using Keycloak 1.9.8 in production.
Everything was working fine before I configured to use HTTPS.
Now when I try to login using Facebook, I get the error below.
Normal login with email and password is working fine.
Steps:
* Go to a restricted page
* On Keycloak login page click on the Facebook icon
* Login at Facebook
* When Facebook tries to redirect back, after a couple minutes I get the error below
2017-02-09 14:36:22,502 ERROR [org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider] (default task-1) Failed to make identity provider oauth callback: java.net.ConnectException: Connection timed out
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)
at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)
at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
at java.net.Socket.connect(Socket.java:589)
at sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:668)
at sun.security.ssl.BaseSSLSocketImpl.connect(BaseSSLSocketImpl.java:173)
at sun.net.NetworkClient.doConnect(NetworkClient.java:180)
at sun.net.www.http.HttpClient.openServer(HttpClient.java:432)
at sun.net.www.http.HttpClient.openServer(HttpClient.java:527)
at sun.net.www.protocol.https.HttpsClient.<init>(HttpsClient.java:264)
at sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:367)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(AbstractDelegateHttpsURLConnection.java:191)
at sun.net.www.protocol.http.HttpURLConnection.plainConnect0(HttpURLConnection.java:1105)
at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:999)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:177)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(HttpURLConnection.java:1283)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1258)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:250)
at org.keycloak.broker.provider.util.SimpleHttp.asString(SimpleHttp.java:141)
at org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider$Endpoint.authResponse(AbstractOAuth2IdentityProvider.java:228)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:139)
at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:295)
at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:249)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:138)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:107)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:133)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:101)
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:395)
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:202)
at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:221)
at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
at org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:88)
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:284)
at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:263)
at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:174)
at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:793)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
2017-02-09 14:36:22,503 WARN [org.keycloak.events] (default task-1) type=LOGIN_ERROR, realmId=accounts, clientId=null, userId=null, ipAddress=10.112.0.28, error=identity_provider_login_failure
--
Leonardo Nunes
________________________________
Esta mensagem pode conter informação confidencial e/ou privilegiada. Se você não for o destinatário ou a pessoa autorizada a receber esta mensagem, não poderá usar, copiar ou divulgar as informações nela contidas ou tomar qualquer ação baseada nessas informações. Se você recebeu esta mensagem por engano, por favor avise imediatamente o remetente, respondendo o e-mail e em seguida apague-o. Agradecemos sua cooperação.
This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation
7 years, 10 months
Keycloak Admin Client, create user, error 500, Internal Server Error
by max.catarino@rps.com.br
I'm using Keycloak 2.5.1 Final, Keycloak Admin Client 2.5.1 Final,
Resteasy Client 3.1.0 Final and Resteasy Jacksom2 Provider 3.1.0 Final.
I'm using the code above to test create an user using the Admin Client.
When the application run the create method, the response returns error
500, Internal Server Error with the trace above on Undertown server.
I'm missing something?
Keycloak kc = KeycloakBuilder.builder()
.serverUrl("https://IP:8443/auth/realms/sgp/protocol/openid-connect/auth")
.realm("testrealm")
.username(adminUser)
.password(adminPassword)
.clientId("admin-cli")
.resteasyClient(new
ResteasyClientBuilder().connectionPoolSize(10).build())
.build();
userRep = new UserRepresentation();
userRep.setFirstName("John");
userRep.setLastName("Doe");
userRep.setEmail("john.doe(a)test.com");
userRep.setEnable(Boolean.TRUE);
Response response = kc.realm(realmId).users().create(userRep);
17:19:58,337 ERROR [io.undertow.request] (default task-14) UT005023:
Exception handling request to /auth/admin/realms/testrealm/users:
org.jboss.resteasy.spi.UnhandledException:
java.lang.NullPointerException
at
org.jboss.resteasy.core.ExceptionHandler.handleApplicationException(ExceptionHandler.java:76)
at
org.jboss.resteasy.core.ExceptionHandler.handleException(ExceptionHandler.java:212)
at
org.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:168)
at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:411)
at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:202)
at
org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:221)
at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
at
io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
at
org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:90)
at
io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)
at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
at
io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
at
io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
at
io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
at
org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
at
io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
at
io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
at
io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
at
io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
at
io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
at
io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:284)
at
io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:263)
at
io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
at
io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:174)
at
io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
at
io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:793)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.NullPointerException
at
org.keycloak.models.cache.infinispan.UserCacheSession.getUserByUsername(UserCacheSession.java:230)
at
org.keycloak.services.resources.admin.UsersResource.createUser(UsersResource.java:211)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at
org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:139)
at
org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:295)
at
org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:249)
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:138)
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:107)
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:133)
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:107)
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:133)
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:101)
at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:395)
... 37 more
7 years, 10 months
implement one way user sync from legacy db to keycloak
by Istvan Orban
Hi Guys,
I am in the process of moving to keycloak and I need to make a decision how
to migrate my users.
I think I have two options
1, migrate users using JSON import.
I can grab the password from the db as they are encrypted with a reversible
encryption :)
In this case I have one question. I need to generate an output JSON and for
that I need to see how keycloak salts and encrypts the passwords by
default. Can you point me to the class that does this ? Can I include
keycloak as a dependency and call the same class to do the work for me ?
2, migrate uses on-the-fly
I did find this example
-> examples/userstorage/readonly/PropertyFileUserStorageProvider.java which
is a great starting point although I have one question on this one.
Do I need to implement CredentialInputUpdater All I need to do is one way
import of the users from my DB which I will probably do via an API call I
do not wish to sync users back to the legacy db at all. Would it be enough
to simply just implement these interfaces ->
UserStorageProvider,
UserLookupProvider,
CredentialInputValidator,
Also I did find an enum in UserStorageProvider called EditMode and I could
not find out where to use this enum ? Do I need to worry about this at all?
Thanks for any help !
--
Kind Regards,
*----------------------------------------------------------------------------------------------------------------*
*Istvan Orban* *I *Skype: istvan_o *I *Mobile: +44 (0) 7956 122 144 *I *
7 years, 10 months
Change locale (language) for select list information.
by Gustavo Alvarez
Hi all.
I am using the keycloak 2.3.0 Final. I changed the language for a master
realm, created a client and the information is presented whit the new
language, except some list retrieved from database in English, for example
in the menu 'Authentication' tab 'Bindings' the select list in browser flow
Do not change the language, always is English.
Can I change the language of this information ??
Thanks for your help.
Gaalvarez.
7 years, 10 months
