February 2017 - keycloak-user - Jboss List Archives

by Alabura Fgc

Hi everyoneam using the sample Vanilla application deployed on wildfly how can i retrieve the user attributes together with the token when i authenticate to keycloak. thank you P Save a tree! Print this message only if it's absolutely necessary

7 years, 9 months

1
0
0 / 0

Using Keycloak on Linux with A Microsoft SQL server

by Reed Lewis

Has anyone configured Keycloak to use Microsoft SQL server where Keycloak is running on a linux machine? I can make it work correctly with Postgres, but cannot get it to work with Microsoft SQL. Here is my part of the standalone-ha.xml file: <subsystem xmlns="urn:jboss:domain:datasources:4.0"> <datasources> <datasource jndi-name="java:/MSSQLDS" pool-name="MSSQLDS" enabled="true"> <connection-url>jdbc:sqlserver://(IP ADDRESS):1433;databaseName=keycloak</connection-url> <driver>sqlserver</driver> <security> <user-name>username</user-name> <password>password</password> </security> <validation> <valid-connection-checker class-name="org.jboss.jca.adapters.jdbc.extensions.mssql.MSSQLValidConnectionChecker"></valid-connection-checker> </validation> </datasource> <drivers> <driver name="sqlserver" module="com.microsoft"> <xa-datasource-class>com.microsoft.sqlserver.jdbc.SQLServerXADataSource</xa-datasource-class> </driver> </drivers> </datasources> </subsystem> and here is where I use the datasource. <spi name="connectionsJpa"> <provider name="default" enabled="true"> <properties> <property name="dataSource" value="java:/MSSQLDS"/> <property name="initializeEmpty" value="true"/> <property name="migrationStrategy" value="manual"/> <property name="migrationExport" value="${jboss.home.dir}/keycloak-database-update.sql"/> </properties> </provider> </spi> and I am using JDBC_PING to handle multiple systems since the environment I want to use does not support multicast. <protocol type="JDBC_PING"> <property name="datasource_jndi_name">java:/MSSQLDS</property> <property name="initialize_sql"> CREATE TABLE IF NOT EXISTS jgroupsping ( own_addr VARCHAR(200) NOT NULL, cluster_name VARCHAR(200) NOT NULL, ping_data BYTEA DEFAULT NULL, PRIMARY KEY (own_addr, cluster_name) ) </property> </protocol> And this is the error when I start it up. 13:39:48,758 WARN [org.jboss.jca.core.connectionmanager.pool.strategy.OnePool] (MSC service thread 1-6) IJ000604: Throwable while attempting to get a new connection: null: javax.resource.ResourceException: IJ031084: Unable to create connection at org.jboss.jca.adapters.jdbc.local.LocalManagedConnectionFactory.createLocalManagedConnection(LocalManagedConnectionFactory.java:343) at org.jboss.jca.adapters.jdbc.local.LocalManagedConnectionFactory.getLocalManagedConnection(LocalManagedConnectionFactory.java:350) at org.jboss.jca.adapters.jdbc.local.LocalManagedConnectionFactory.createManagedConnection(LocalManagedConnectionFactory.java:285) at org.jboss.jca.core.connectionmanager.pool.mcp.SemaphoreConcurrentLinkedDequeManagedConnectionPool.createConnectionEventListener(SemaphoreConcurrentLinkedDequeManagedConnectionPool.java:1319) at org.jboss.jca.core.connectionmanager.pool.mcp.SemaphoreConcurrentLinkedDequeManagedConnectionPool.getConnection(SemaphoreConcurrentLinkedDequeManagedConnectionPool.java:496) at org.jboss.jca.core.connectionmanager.pool.AbstractPool.getSimpleConnection(AbstractPool.java:626) at org.jboss.jca.core.connectionmanager.pool.AbstractPool.getConnection(AbstractPool.java:598) at org.jboss.jca.core.connectionmanager.AbstractConnectionManager.getManagedConnection(AbstractConnectionManager.java:590) at org.jboss.jca.core.connectionmanager.tx.TxConnectionManagerImpl.getManagedConnection(TxConnectionManagerImpl.java:429) at org.jboss.jca.core.connectionmanager.AbstractConnectionManager.allocateConnection(AbstractConnectionManager.java:747) at org.jboss.jca.adapters.jdbc.WrapperDataSource.getConnection(WrapperDataSource.java:138) at org.jboss.as.connector.subsystems.datasources.WildFlyDataSource.getConnection(WildFlyDataSource.java:66) at org.jgroups.protocols.JDBC_PING.getConnection(JDBC_PING.java:348) at org.jgroups.protocols.JDBC_PING.attemptSchemaInitialization(JDBC_PING.java:298) at org.jgroups.protocols.JDBC_PING.init(JDBC_PING.java:130) at org.jgroups.stack.ProtocolStack.initProtocolStack(ProtocolStack.java:860) at org.jgroups.stack.ProtocolStack.setup(ProtocolStack.java:481) at org.jgroups.JChannel.init(JChannel.java:853) at org.jgroups.JChannel.<init>(JChannel.java:159) at org.jboss.as.clustering.jgroups.JChannelFactory$1.run(JChannelFactory.java:95) at org.jboss.as.clustering.jgroups.JChannelFactory$1.run(JChannelFactory.java:92) at org.wildfly.security.manager.WildFlySecurityManager.doChecked(WildFlySecurityManager.java:636) at org.jboss.as.clustering.jgroups.JChannelFactory.createChannel(JChannelFactory.java:98) at org.wildfly.clustering.jgroups.spi.service.ChannelBuilder.start(ChannelBuilder.java:78) at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1948) at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1881) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) Caused by: java.lang.NoClassDefFoundError: javax/xml/bind/DatatypeConverter at com.microsoft.sqlserver.jdbc.SQLServerConnection.sendLogon(SQLServerConnection.java:4098) at com.microsoft.sqlserver.jdbc.SQLServerConnection.logon(SQLServerConnection.java:3160) at com.microsoft.sqlserver.jdbc.SQLServerConnection.access$100(SQLServerConnection.java:43) at com.microsoft.sqlserver.jdbc.SQLServerConnection$LogonCommand.doExecute(SQLServerConnection.java:3123) at com.microsoft.sqlserver.jdbc.TDSCommand.execute(IOBuffer.java:7505) at com.microsoft.sqlserver.jdbc.SQLServerConnection.executeCommand(SQLServerConnection.java:2445) at com.microsoft.sqlserver.jdbc.SQLServerConnection.connectHelper(SQLServerConnection.java:1981) at com.microsoft.sqlserver.jdbc.SQLServerConnection.login(SQLServerConnection.java:1628) at com.microsoft.sqlserver.jdbc.SQLServerConnection.connectInternal(SQLServerConnection.java:1459) at com.microsoft.sqlserver.jdbc.SQLServerConnection.connect(SQLServerConnection.java:773) at com.microsoft.sqlserver.jdbc.SQLServerDriver.connect(SQLServerDriver.java:1168) at org.jboss.jca.adapters.jdbc.local.LocalManagedConnectionFactory.createLocalManagedConnection(LocalManagedConnectionFactory.java:319) ... 28 more Caused by: java.lang.ClassNotFoundException: javax.xml.bind.DatatypeConverter from [Module "com.microsoft:main" from local module loader @66133adc (finder: local module finder @7bfcd12c (roots: /opt/keycloak/modules,/opt/keycloak/modules/system/layers/keycloak,/opt/keycloak/modules/system/layers/base))] at org.jboss.modules.ModuleClassLoader.findClass(ModuleClassLoader.java:198) at org.jboss.modules.ConcurrentClassLoader.performLoadClassUnchecked(ConcurrentClassLoader.java:363) at org.jboss.modules.ConcurrentClassLoader.performLoadClass(ConcurrentClassLoader.java:351) at org.jboss.modules.ConcurrentClassLoader.loadClass(ConcurrentClassLoader.java:93) ... 40 more 13:39:48,760 ERROR [org.jgroups.protocols.JDBC_PING] (MSC service thread 1-6) Could not open connection to database: java.sql.SQLException: javax.resource.ResourceException: IJ000453: Unable to get managed connection for java:/MSSQLDS at org.jboss.jca.adapters.jdbc.WrapperDataSource.getConnection(WrapperDataSource.java:146) at org.jboss.as.connector.subsystems.datasources.WildFlyDataSource.getConnection(WildFlyDataSource.java:66) at org.jgroups.protocols.JDBC_PING.getConnection(JDBC_PING.java:348) at org.jgroups.protocols.JDBC_PING.attemptSchemaInitialization(JDBC_PING.java:298) at org.jgroups.protocols.JDBC_PING.init(JDBC_PING.java:130) at org.jgroups.stack.ProtocolStack.initProtocolStack(ProtocolStack.java:860) at org.jgroups.stack.ProtocolStack.setup(ProtocolStack.java:481) at org.jgroups.JChannel.init(JChannel.java:853) at org.jgroups.JChannel.<init>(JChannel.java:159) at org.jboss.as.clustering.jgroups.JChannelFactory$1.run(JChannelFactory.java:95) at org.jboss.as.clustering.jgroups.JChannelFactory$1.run(JChannelFactory.java:92) at org.wildfly.security.manager.WildFlySecurityManager.doChecked(WildFlySecurityManager.java:636) at org.jboss.as.clustering.jgroups.JChannelFactory.createChannel(JChannelFactory.java:98) at org.wildfly.clustering.jgroups.spi.service.ChannelBuilder.start(ChannelBuilder.java:78) at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1948) at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1881) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) Caused by: javax.resource.ResourceException: IJ000453: Unable to get managed connection for java:/MSSQLDS at org.jboss.jca.core.connectionmanager.AbstractConnectionManager.getManagedConnection(AbstractConnectionManager.java:656) at org.jboss.jca.core.connectionmanager.tx.TxConnectionManagerImpl.getManagedConnection(TxConnectionManagerImpl.java:429) at org.jboss.jca.core.connectionmanager.AbstractConnectionManager.allocateConnection(AbstractConnectionManager.java:747) at org.jboss.jca.adapters.jdbc.WrapperDataSource.getConnection(WrapperDataSource.java:138) ... 18 more Caused by: javax.resource.ResourceException: IJ031084: Unable to create connection at org.jboss.jca.adapters.jdbc.local.LocalManagedConnectionFactory.createLocalManagedConnection(LocalManagedConnectionFactory.java:343) at org.jboss.jca.adapters.jdbc.local.LocalManagedConnectionFactory.getLocalManagedConnection(LocalManagedConnectionFactory.java:350) at org.jboss.jca.adapters.jdbc.local.LocalManagedConnectionFactory.createManagedConnection(LocalManagedConnectionFactory.java:285) at org.jboss.jca.core.connectionmanager.pool.mcp.SemaphoreConcurrentLinkedDequeManagedConnectionPool.createConnectionEventListener(SemaphoreConcurrentLinkedDequeManagedConnectionPool.java:1319) at org.jboss.jca.core.connectionmanager.pool.mcp.SemaphoreConcurrentLinkedDequeManagedConnectionPool.getConnection(SemaphoreConcurrentLinkedDequeManagedConnectionPool.java:496) at org.jboss.jca.core.connectionmanager.pool.AbstractPool.getSimpleConnection(AbstractPool.java:626) at org.jboss.jca.core.connectionmanager.pool.AbstractPool.getConnection(AbstractPool.java:598) at org.jboss.jca.core.connectionmanager.AbstractConnectionManager.getManagedConnection(AbstractConnectionManager.java:590) ... 21 more Caused by: java.lang.NoClassDefFoundError: javax/xml/bind/DatatypeConverter at com.microsoft.sqlserver.jdbc.SQLServerConnection.sendLogon(SQLServerConnection.java:4098) at com.microsoft.sqlserver.jdbc.SQLServerConnection.logon(SQLServerConnection.java:3160) at com.microsoft.sqlserver.jdbc.SQLServerConnection.access$100(SQLServerConnection.java:43) at com.microsoft.sqlserver.jdbc.SQLServerConnection$LogonCommand.doExecute(SQLServerConnection.java:3123) at com.microsoft.sqlserver.jdbc.TDSCommand.execute(IOBuffer.java:7505) at com.microsoft.sqlserver.jdbc.SQLServerConnection.executeCommand(SQLServerConnection.java:2445) at com.microsoft.sqlserver.jdbc.SQLServerConnection.connectHelper(SQLServerConnection.java:1981) at com.microsoft.sqlserver.jdbc.SQLServerConnection.login(SQLServerConnection.java:1628) at com.microsoft.sqlserver.jdbc.SQLServerConnection.connectInternal(SQLServerConnection.java:1459) at com.microsoft.sqlserver.jdbc.SQLServerConnection.connect(SQLServerConnection.java:773) at com.microsoft.sqlserver.jdbc.SQLServerDriver.connect(SQLServerDriver.java:1168) at org.jboss.jca.adapters.jdbc.local.LocalManagedConnectionFactory.createLocalManagedConnection(LocalManagedConnectionFactory.java:319) ... 28 more Caused by: java.lang.ClassNotFoundException: javax.xml.bind.DatatypeConverter from [Module "com.microsoft:main" from local module loader @66133adc (finder: local module finder @7bfcd12c (roots: /opt/keycloak/modules,/opt/keycloak/modules/system/layers/keycloak,/opt/keycloak/modules/system/layers/base))] at org.jboss.modules.ModuleClassLoader.findClass(ModuleClassLoader.java:198) at org.jboss.modules.ConcurrentClassLoader.performLoadClassUnchecked(ConcurrentClassLoader.java:363) at org.jboss.modules.ConcurrentClassLoader.performLoadClass(ConcurrentClassLoader.java:351) at org.jboss.modules.ConcurrentClassLoader.loadClass(ConcurrentClassLoader.java:93) ... 40 more

7 years, 9 months

3
3
0 / 0

Possible bug when trying to modifying custom storage provider configuraiton?

by Jared Blashka

I'm not sure if this is an issue with my implementation of UserStorageProvider, but I'm running into an issue when trying to edit blank fields in the provider configuration after initial creation. If I create a new instance of my provider and define values for all of the configuration properties there's no issue. But if I leave some of the configuration properties blank, save my configuration, and then try to supply values for those properties later the form submission errors. It looks like the entirely new values in the update get submitted as a JSON object but any modified value gets submitted as a String array. I tried replicating this behavior with the provided ldap provider but it doesn't happen there. Empty input boxes are still present in $scope.instance.config as an empty String array. But when working with my custom provider empty input boxes aren't present in $scope.instance.config at all after the initial provider creation. I'm also not sure how to mark any of my properties as required. I see that the ldap provider has required fields but it looks like this was hard-coded into the HTML form rather than set in the provider configuration. Is that correct? I'm using the lastest code on the 2.5.x branch, it's 2.5.4.Final-SNAPSHOT currently. Thanks

7 years, 9 months

1
0
0 / 0

[Revoke grants] Application without roles

by Yann Jacobs

Hi, In reference to an old message sent into maillist : http://lists.jboss.org/pipermail/keycloak-user/2016-November/008346.html I got an application who all users can access (no roles defined/requested) with request consent activated. All seems to be fine but 'Applications' tab into Account don't display my application. According to the ApplicationsBean.java file @ L56 https://github.com/keycloak/keycloak/blob/d941e0716982502ee84255e196f8efb... // Don't show applications, which user doesn't have access into (any > available roles) > if (availableRoles.isEmpty()) { > continue; > } Isn't it too restrictive ? Can we imagine an more permisive condition ? Like that : > if (availableRoles.isEmpty() && realmRolesGranted.isEmpty() && > resourceRolesGranted.isEmpty() && claimsGranted.isEmpty() && > additionalGrants.isEmpty()) { > continue; > } Can we consider that we can revoke grants without availableRoles ? Is it a bug or a missing/not supported use-case ? Thx

7 years, 9 months

1
0
0 / 0

Node.js Adapter usage

by Sandro Santilli

Hi all, I've just subscribed to this list as I'm working on adding keycloak support in a node.js project. Unfortunately, following the instructions on [1] I was unable to pass the `var keycloack = new Keycloak()` step, in that `Keycloak` class is not defined. [1] https://keycloak.gitbooks.io/securing-client-applications-guide/content/t... I guess I have to require the module, but when I try `var Keycloak = require('keycloak-connect')` I get a failure message: /usr/src/akvo/akvo-maps/akvo-maps/images/tiler/server/node_modules/keycloak-connect/index.js:254 .then(grant => { return this.grantManager.ensureFreshness(grant); }) ^ SyntaxError: Unexpected token > at Module._compile (module.js:439:25) at Object.Module._extensions..js (module.js:474:10) at Module.load (module.js:356:32) at Function.Module._load (module.js:312:12) at Module.require (module.js:364:17) at require (module.js:380:17) at Object.<anonymous> (/usr/src/akvo/akvo-maps/akvo-maps/images/tiler/server/http/server.js:10:16) at Module._compile (module.js:456:26) at Object.Module._extensions..js (module.js:474:10) at Module.load (module.js:356:32) This is with node-0.10 though, while node-4.2.6 does not complain there (but does in another place). So, a few questions: 1. Where to report the lack of `require('keycloak-connect')` instruction in the documentation ? 2. What's the least supported node version ? 3. Are there working examples I could look at ? Thanks in advance --strk; () ASCII ribbon campaign -- Keep it simple ! /\ https://strk.kbt.io/rants/ascii_mails.txt

7 years, 9 months

3
5
0 / 0

Re: [keycloak-user] JAX-RS Backend Service + Angular 2 Front-End + Role Authorization

by Gustavo Alvarez

Thanks for this valuable information. I will try using your lib. I tried with official js connector and the example for angular 2, and I get an error in backend if this is configured as confidential, when sends a request to protect resource whit barer token. Is this way incorrect of send token to backend server? Thank you so much. Gaalvarez.

7 years, 9 months

2
1
0 / 0

Keycloak Authorizaion with SaaS

by Adam Keily

Hi Guys, Just wondering if it's possible to do any implement any keycloak authorization controls for a SaaS app scenario where we don't have the ability to modify the application? e.g. We want to allow or deny access to an application based on role but no code can be added to the app.

7 years, 10 months

3
2
0 / 0

Re: [keycloak-user] JAX-RS Backend Service + Angular 2 Front-End + Role Authorization

by Gustavo Alvarez

Hello Ebondu. Thanks for you response. Can you said me if do you uses the Keycloak adapter for javascript provided or is necessary other implementation for the proccess that you describes. Thanks. Gaalvarez.

7 years, 10 months

2
1
0 / 0

dynamic client registration call idempotency

by Sven Thoms

When registering a client dynamically at the well-known registration endpoint: http://keycloak.domain/auth/realms/myrealm/clients-registrations/openid-c... with a given name, clientId and id returned are assigned a unique ID, e.g. id: "fa8eeac6-0fb3-4fa4-8a1b-7c1d091001dc" clientId: "fa8eeac6-0fb3-4fa4-8a1b-7c1d091001dc" name: "test_client" Is there a particular reason that within the same realm, when using OIDC dynamic client registration, registration calls to the URL above are not idempotent? When I make a client registration multiple times using the same client name, I end up getting many instances of the same client, making per-client management of permissions, roles, resources etc. tedious. Furthermore, when querying the Admin REST interface for all clients, no client_id_issued_at field indicating a timestamp is present, so determining which client is the latest one given same names is not possible either. This behavior breaks our automation pipeline.

7 years, 10 months

1
0
0 / 0

Initial Access Tokens disappear on Keycloak server restart

by andrew dwyer

I’ve run into the issue of initial access tokens disappearing after I restart my standalone keycloak server. I’ve confirmed this issue still occurs on the latest release (2.5.1.Final). I can see that this issue has been logged previously ( https://issues.jboss.org/browse/KEYCLOAK-3708) but is still unresolved. We’re keen to get this fixed and I’d like to help if I can. Can anyone suggest why this occurs? Thanks Andrew Dwyer

7 years, 10 months

2
1
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

keycloak-user February 2017