June 2017 - keycloak-user - Jboss List Archives

by Antoine Carton

Hello, Is there any news regarding user creation support from Keycloak to FreeIPA LDAP (i.e. "Sync registration" feature in Keycloak) ? Last thread seems to be http://lists.jboss.org/pipermail/keycloak-user/2016-June/006607.html Thanks!

7 years, 7 months

2
2
0 / 0

UTF8 encoding prior v2.5

by Marc Tempelmeier

Hi, we updated our Keycloak 2.4 to 3.1, there was a bug in 2.4: https://issues.jboss.org/browse/KEYCLOAK-3439 Our database is still latin 1 though after the update, does anyone know what we should change that the data gets correctly into mysql? Best regards Marc

7 years, 7 months

2
3
0 / 0

Authorization settings can't be exported more than once on 3.1.0.Final

by Stephane Granger

I am running into a weird issue. After creating a client which uses the Authorization settings, the settings can only be exported 1 time. Rebooting the key cloak server doesn't clear the problem. Steps to reproduce. Create TEST realm Create TEST client, make sure the Authorization Enabled slider is set to ON, click save. Create the following Roles for the client role1 role2 role3 Go on the Authorization tab create 3 policies: policy1, policy2, policy3 with corresponding required role1...3 from the TEST client create Authorization Scopes: scope1, scope2, scope3 create Resources: resource1 with scope2, resource2/scope2 and resource3/scope3 finally, create the permissions resource based: permission1/resource1/policy1 resource based: permission2/resource2/policy2 scope based: permission3/scope3/policy3 On the Authorization tab of the TEST client, click on the Export button. This will work. Navigate back to a different realm, and back again to the Authorization tab of the TEST client, try exporting again, this time it will fail. Restarting the Keycloak server does not clear the problem. Here are the logs: 2017-06-02 17:20:07,859 ERROR [io.undertow.request] (default task-37) UT005023: Exception handling request to /auth/admin/realms/TEST/clients/411eea34-dbc1-4227-ac4a-1c6afb22f7a5/authz/resource-server/settings: org.jboss.resteasy.spi.UnhandledException: java.lang.RuntimeException: Error while exporting policy [policy1]. at org.jboss.resteasy.core.ExceptionHandler.handleApplicationException(ExceptionHandler.java:76) at org.jboss.resteasy.core.ExceptionHandler.handleException(ExceptionHandler.java:212) at org.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:168) at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:411) at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:202) at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:221) at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56) at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51) at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85) at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129) at org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:90) at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60) at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84) at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131) at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46) at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64) at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60) at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77) at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50) at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:284) at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:263) at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81) at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:174) at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202) at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:793) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:748) Caused by: java.lang.RuntimeException: Error while exporting policy [policy1]. at org.keycloak.exportimport.util.ExportUtils.createPolicyRepresentation(ExportUtils.java:386) at org.keycloak.exportimport.util.ExportUtils.lambda$exportAuthorizationSettings$3(ExportUtils.java:313) at java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:193) at java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:175) at java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1374) at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:481) at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:471) at java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:708) at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234) at java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:499) at org.keycloak.exportimport.util.ExportUtils.exportAuthorizationSettings(ExportUtils.java:313) at org.keycloak.authorization.admin.ResourceServerService.exportSettings(ResourceServerService.java:133) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:139) at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:295) at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:249) at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:138) at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:107) at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:133) at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:107) at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:133) at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:107) at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:133) at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:107) at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:133) at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:107) at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:133) at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:101) at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:395) ... 37 more Caused by: java.lang.NullPointerException at org.keycloak.exportimport.util.ExportUtils.lambda$createPolicyRepresentation$7(ExportUtils.java:351) at java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:193) at java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1374) at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:481) at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:471) at java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:708) at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234) at java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:499) at org.keycloak.exportimport.util.ExportUtils.createPolicyRepresentation(ExportUtils.java:353) ... 68 more

7 years, 7 months

2
3
0 / 0

NoRouteToHostException - Using external Infinispan with Keycloak on OpenShift platform

by Vikrant Singh

Hi, I am running Keycloak(3.1.0.Final) on Openshift platform. I am using external infinispan(9.0.1-Final) for sessions, work and offlineSessions cache to achieve multi datacenter failover. Below is configuration for infinispan remote-store in Keycloak > <local-cache name="sessions"> > <remote-store passivation="false" fetch-state="false" purge="false" > preload="false" shared="true" cache="sessions" > remote-servers="remote-cache"> > <property name="rawValues">true</property> > <property > name="marshaller">org.keycloak.cluster.infinispan.KeycloakHotRodMarshallerFactory</property> > </remote-store> > </local-cache> <outbound-socket-binding name="remote-cache"> > <remote-destination host="${env.INFINISPAN_HOST}" > port="${env.INFINISPAN_PORT:11222}"/> > </outbound-socket-binding> External Infinispan cluster is front ended by a load-balancer(kubernetes service) which provides a static hostname for infinispan and this hostname is configured in keycloak for keycloak to infinispan communication. The setup work fine but if all instances(pods) in external infinispan goes down and we bring up the cluster again, keycloak is not able to get to new infinispan instance and it keeps trying on old ip address with below error. The issue seems to be keycloak trying to use ip address instead of load balancer hostname provided in configuration. As we are running on openshift, infinispan instances will get new ip address each time it is restarted. ERROR [org.infinispan.client.hotrod.impl.operations.RetryOnFailureOperation] (persistence-thread--p8-t108) ISPN004007: Exception encountered. Retry 10 out of 10: org.infinispan.client.hotrod.exceptions.TransportException:: Could not fetch transport at org.infinispan.client.hotrod.impl.transport.tcp.TcpTransportFactory.borrowTransportFromPool(TcpTransportFactory.java:405) at org.infinispan.client.hotrod.impl.transport.tcp.TcpTransportFactory.getTransport(TcpTransportFactory.java:244) at org.infinispan.client.hotrod.impl.operations.BulkGetKeysOperation.getTransport(BulkGetKeysOperation.java:29) at org.infinispan.client.hotrod.impl.operations.RetryOnFailureOperation.execute(RetryOnFailureOperation.java:53) at org.infinispan.client.hotrod.impl.RemoteCacheImpl.keySet(RemoteCacheImpl.java:670) at org.infinispan.persistence.remote.RemoteStore.process(RemoteStore.java:135) at org.infinispan.persistence.manager.PersistenceManagerImpl.processOnAllStores(PersistenceManagerImpl.java:447) at org.infinispan.persistence.manager.PersistenceManagerImpl.processOnAllStores(PersistenceManagerImpl.java:432) at org.infinispan.persistence.util.PersistenceManagerCloseableSupplier.lambda$get$261(PersistenceManagerCloseableSupplier.java:115) at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at java.lang.Thread.run(Unknown Source) Caused by: org.infinispan.client.hotrod.exceptions.TransportException:: Could not connect to server: /10.0.34.100:11222 at org.infinispan.client.hotrod.impl.transport.tcp.TcpTransport.<init>(TcpTransport.java:78) at org.infinispan.client.hotrod.impl.transport.tcp.TransportObjectFactory.makeObject(TransportObjectFactory.java:37) at org.infinispan.client.hotrod.impl.transport.tcp.TransportObjectFactory.makeObject(TransportObjectFactory.java:16) at org.apache.commons.pool.impl.GenericKeyedObjectPool.borrowObject(GenericKeyedObjectPool.java:1220) at org.infinispan.client.hotrod.impl.transport.tcp.TcpTransportFactory.borrowTransportFromPool(TcpTransportFactory.java:400) ... 11 more Caused by: java.net.NoRouteToHostException: No route to host at sun.nio.ch.SocketChannelImpl.checkConnect(Native Method) at sun.nio.ch.SocketChannelImpl.finishConnect(Unknown Source) at sun.nio.ch.SocketAdaptor.connect(Unknown Source) at org.infinispan.client.hotrod.impl.transport.tcp.TcpTransport.<init>(TcpTransport.java:68) ... 15 more Is there anyway we can force keycloak to use hostname instead of resolving to ip address? Thanks, Vikrant

7 years, 7 months

1
0
0 / 0

Access client session in Freemarker template

by John Kalantzis

Hello, Is there a way to access the client session in the FreeMarker login template? I'm looking for a way to display redirect_uri and possibly an extra parameter in the page (which are stored in the client session, if I'm not mistaken) but I don't see them anywhere in the available beans. Thanks!

7 years, 7 months

1
0
0 / 0

Browser tries to store the username "This is not a login form" after updating a temporary password

by Gregoire Jeanmart

Hello, One of my users raised an issue after he has been asked to change his password [action: Update password]. The browser asked him to store a couple username/password equals to "This is not a login form" / %new password% [see screenshot https://i.stack.imgur.com/c6dsi.png]. This behaviour isn't accepted by my users as it is very unusual and not user friendly. Is there a way to fix this issue ? Information: - Version: Keycloak 2.4.0-FINAL and Keycloak 3.1.0-FINAL - Browser: Google Chrome and Mozilla Firefox - Similar issue: https://stackoverflow.com/questions/43062703/this-is-not-a-login-form-is-... Thanks in advance. Gregoire Jeanmart

7 years, 7 months

6
9
0 / 0

Not before policy in accesstoken uses dash-separator (in json), why?

by Jakob Thun

Hello Keycloak gurus, Quick simple question out of curiosity. Since all other AccessToken fields use a underscore_separator, why is the not-before-policy with dashes. See: https://github.com/keycloak/keycloak/blob/3.1.x/core/src/main/java/org/ke... Anyone have a clue? Regards Jakob

7 years, 7 months

2
2
0 / 0

Could not find artifact org.keycloak:keycloak-testsuite-integration:jar:tests:3.2.0.CR1-SNAPSHOT

by Matthew Woolnough

Trying to compile Keycloak and running into numerous issues. Skipping tests like so currently as too many issues mvn -Dmaven.test.skip=true install -e How can I resolve this & whats the recommended environment for compiling? I need to code an SPI. I've tried all the major OS, a few variants of Linux, numerous branches, but they all throw errors during compilation. [ERROR] Failed to execute goal on project keycloak-testsuite-tomcat8: Could not resolve dependencies for project org.keycloak:keycloak-testsuite-tomcat8:jar:3.2.0.CR1-SNAPSHOT: Could not find artifact org.keycloak:keycloak-testsuite-integration:jar:tests:3.2.0.CR1-SNAPSHOT -> [Help 1] org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute goal on project keycloak-testsuite-tomcat8: Could not resolve dependencies for project org.keycloak:keycloak-testsuite-tomcat8:jar:3.2.0.CR1-SNAPSHOT: Could not find artifact org.keycloak:keycloak-testsuite-integration:jar:tests:3.2.0.CR1-SNAPSHOT at org.apache.maven.lifecycle.internal.LifecycleDependencyResolver.getDependencies(LifecycleDependencyResolver.java:221) at org.apache.maven.lifecycle.internal.LifecycleDependencyResolver.resolveProjectDependencies(LifecycleDependencyResolver.java:127) at org.apache.maven.lifecycle.internal.MojoExecutor.ensureDependenciesAreResolved(MojoExecutor.java:246) at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:200) at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:154) at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:146) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:117) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:81) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build(SingleThreadedBuilder.java:51) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute(LifecycleStarter.java:128) at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:309) at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:194) at org.apache.maven.DefaultMaven.execute(DefaultMaven.java:107) at org.apache.maven.cli.MavenCli.execute(MavenCli.java:993) at org.apache.maven.cli.MavenCli.doMain(MavenCli.java:345) at org.apache.maven.cli.MavenCli.main(MavenCli.java:191) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:497) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced(Launcher.java:289) at org.codehaus.plexus.classworlds.launcher.Launcher.launch(Launcher.java:229) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode(Launcher.java:415) at org.codehaus.plexus.classworlds.launcher.Launcher.main(Launcher.java:356) Caused by: org.apache.maven.project.DependencyResolutionException: Could not resolve dependencies for project org.keycloak:keycloak-testsuite-tomcat8:jar:3.2.0.CR1-SNAPSHOT: Could not find artifact org.keycloak:keycloak-testsuite-integration:jar:tests:3.2.0.CR1-SNAPSHOT at org.apache.maven.project.DefaultProjectDependenciesResolver.resolve(DefaultProjectDependenciesResolver.java:208) at org.apache.maven.lifecycle.internal.LifecycleDependencyResolver.getDependencies(LifecycleDependencyResolver.java:195) ... 23 more Caused by: org.eclipse.aether.resolution.DependencyResolutionException: Could not find artifact org.keycloak:keycloak-testsuite-integration:jar:tests:3.2.0.CR1-SNAPSHOT at org.eclipse.aether.internal.impl.DefaultRepositorySystem.resolveDependencies(DefaultRepositorySystem.java:393) at org.apache.maven.project.DefaultProjectDependenciesResolver.resolve(DefaultProjectDependenciesResolver.java:202) ... 24 more Caused by: org.eclipse.aether.resolution.ArtifactResolutionException: Could not find artifact org.keycloak:keycloak-testsuite-integration:jar:tests:3.2.0.CR1-SNAPSHOT at org.eclipse.aether.internal.impl.DefaultArtifactResolver.resolve(DefaultArtifactResolver.java:453) at org.eclipse.aether.internal.impl.DefaultArtifactResolver.resolveArtifacts(DefaultArtifactResolver.java:255) at org.eclipse.aether.internal.impl.DefaultRepositorySystem.resolveDependencies(DefaultRepositorySystem.java:376) ... 25 more Caused by: org.eclipse.aether.transfer.ArtifactNotFoundException: Could not find artifact org.keycloak:keycloak-testsuite-integration:jar:tests:3.2.0.CR1-SNAPSHOT at org.eclipse.aether.internal.impl.DefaultArtifactResolver.resolve(DefaultArtifactResolver.java:443) ... 27 more [ERROR] [ERROR] Re-run Maven using the -X switch to enable full debug logging. [ERROR] [ERROR] For more information about the errors and possible solutions, please read the following articles: [ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/DependencyResolutionExce... [ERROR] [ERROR] After correcting the problems, you can resume the build with the command [ERROR] mvn <goals> -rf :keycloak-testsuite-tomcat8

7 years, 7 months

2
1
0 / 0

Different URLs for front-end redirect and back-channel

by Manfred Duchrow

Hi, we're having a scenario with a Keycloak (OIDC) protected classic web application (no SPA) which has the restriction that it is not allowed to do any internet requests from its server within the DMZ it is located. Due to this restriction it cannot execute any back-channel requests (e.g. /token, /userinfo) to Keycloak because the configured "auth-server-url" is the front-end URL which is only visible through internet and actually points to Firewall/Loadbalancer component. Now the question: What do you think about an enhancement request for Keycloak (server and OIDC adapter) to allow different URLs for front-end (browser redirect) and back-channel URLs? That would imply several changes: 1. The server side endpoint implementations (UserInfoEndpoint, TokenIntrospectionEndpoint) are using TokenVerifier which by default checks the token issuer. This check will fail because the realmUrl of the back-channel request will be unequal to the token's issuer URL, which comes from the session created at login with the front-end URL. There are several variants to handle this: a) There is already a boolean varibale "checkRealmUrl" in TokenVerifier to disable this check, but no way to set it to false. It might be an option to support a switch per client to disable/enable this check. b) Instead of deriving the issuer name from the current request URL it might be possible to (optionally) provide an explicit issuer name field per realm. That would allow setting issuer names that are completely independent of any network infrastructure. c) When issuing a token through TokenEndpoint, set the issuer to the current /token request URI rather than using the one from the associated session. see TokenManager.initToken(): token.issuer(clientSession.getNote(OIDCLoginProtocol.ISSUER)); 2. The OIDC adapters must support a new (optional) configuration parameter (e.g. "auth-server-redirect-url") to allow setting a separate front-end URL. Do you see any security issue with such an enhancement? Cheers, Manfred

7 years, 7 months

1
0
0 / 0

User Group Admins

by Shanon Levenherz

Hi all, I’ve come across this post [1] which describes user group admins. I followed the thread to here [2] but don’t think it went further? I’m curious if this feature is in the roadmap or JIRA as I couldn’t find it. Implementing user group admins would be a huge step to supporting my requirements/desired architecture (some of which were summarized in my previous mail [3]). Thanks! Best, Shanon [1] http://lists.jboss.org/pipermail/keycloak-dev/2015-November/005792.html <http://lists.jboss.org/pipermail/keycloak-dev/2015-November/005792.html> [2] http://lists.jboss.org/pipermail/keycloak-dev/2015-November/005794.html <http://lists.jboss.org/pipermail/keycloak-dev/2015-November/005794.html> [3] http://lists.jboss.org/pipermail/keycloak-dev/2017-June/009496.html <http://lists.jboss.org/pipermail/keycloak-dev/2017-June/009496.html>

7 years, 7 months

2
1
0 / 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

keycloak-user June 2017