Forward Keycloak Events to Kafka
by Thomas Darimont
Hello,
just wanted to know if someone on this mailinglist has already built a
keycloak extension that forwards Keycloak user / admin events to Kafka?
Cheers,
Thomas
7 years
login-status-iframe.html returning 403 with init parameters
by Oleg Gusakov (ogusakov)
I am trying to use the keycloak js adapter to manage the OIDC session. I am able to load the login-status-iframe.html page by itself when not using any init parameters.
However, when the init parameters are added: login-status-iframe.html/init?client_id=someclient&origin=https%3A%2F%2Flocalhost%3A8443, the iframe receives a 403 response.
7 years
CORS in Keycloak 3.4
by Jonas Schönenberger
Hey there
I’ve been trying to figure out how to enable CORS in the later versions of
KeyCloak. I can’t seem to find a valid way to achieve this besides
hardcoding response headers in the standalone.xml. I’m using a standalone
deployment.
I know the functionality to handle preflight and other CORS scenarios is
there, so there must be surely a way to activate it?
Could somebody enlighten me please?
Thanks a lot
Jonas
7 years
changing password not working with api
by Juan Diego
Hi,
I did some tests months ago, and I was pretty sure the following code
worked. Now when I am trying to implement a password change it doesnt
work. I am using basically the same way to change the last name of the
users, and it works. I can see the last name change in the keycloak
server. But when i try to login to the user that i just changed the
password I have to use and the old password.
Anyway this is my code:
UserResource ur = kc.realm(realm).users().get(id);
UserRepresentation user = ur.toRepresentation();
CredentialRepresentation credential = new CredentialRepresentation();
credential.setType(CredentialRepresentation.PASSWORD);
credential.setValue(password);
credential.setTemporary(false);
user.setCredentials(asList(credential));
ur.update(user);
7 years
OpenID Connect IdP and nonce parameter
by Raphaël HOAREAU
Hi,
I'm facing an issue where I use an external oidc IdP (FranceConnect) for
my users to log in.
When trying to login with this provider, i have this error :
{"status":"fail","message":"The following fields are missing or empty : nonce"}
If i put, manually, &nonce=someRandomInt, in the URL, the process continues.
Am i missing something in my Identity Provider configuration ? Is there
a way to add a parameter when requesting the external provider ?
Regards,
Raphaël HOAREAU.
7 years
Re: [keycloak-user] Unable to register provider implementation: not a subtype exception
by Alessandro Tundo
Hi folks!
Someone could help me out with this?
Best regards,
Alessandro
2017-12-20 16:52 GMT+01:00 Alessandro Tundo <aletundo(a)wikitolearn.org>:
> Hi folks!
>
> I followed the documentation for implementing and registering a SPI but
> I'm not able to deploy it correctly.
>
> The raised exception is:
>
> *java.util.ServiceConfigurationError:
> org.keycloak.credential.hash.PasswordHashProviderFactory: Provider
> org.wikitolearn.keycloak.provider.MediaWikiBTypePasswordHashProviderFactory
> not a subtype*
>
> I tried both registration ways but the outcome is the same. The .jar I'm
> trying to deployt has the following structure:
>
>
> - META-INF/services/org.keycloak.credential.hash.
> PasswordHashProviderFactory
> - org/wikitolearn/keycloak/provider/MediaWikiBTypePasswor
> dHashProviderFactory.class
> - org/wikitolearn/keycloak/provider/MediaWikiBTypePasswor
> dHashProvider.class
>
> The factory and the provider implements respectively PasswordHashProviderFactory
> and PasswordHashProvider.
>
> I would like also to point out that the SPI works correctly in my Keycloak
> fork. But as you can imagine, a fork is not a good option. Especially when
> are available more elegant ways to extend the software programatically
> without a fork.
>
> I'm looking forward to receiving your reply asap.
>
> Thank you!
>
> Alessandro
>
7 years
cockroachdb
by Simon Payne
Hi,
has anyone successfully managed to use cockroachdb with keycloak?
if so, what steps were taken?
thanks
Simon.
7 years
[Feature request] Adding scheduled tasks / change order of required actions / searchable user attributes
by Tomás García
Hi,
I'm trying to fulfill the needs of the GDPR of my company in Keycloak
and I noticed these things:
- I cannot add a scheduled task. I don't know where to put code like you
have in KeycloakApplication like:
TimerProvider timer = session.getProvider(TimerProvider.class);
timer.schedule(new
ClusterAwareScheduledTaskRunner(sessionFactory, new ClearExpiredEvents(),
interval), interval, "ClearExpiredEvents");
, so I can add a recurrent task starting from the startup of Keycloak. My
use case is that I want to remove users that didn't verify their email or
accepted terms & conditions after a week of first registration. So I was
thinking to add a task to be run daily to do that.
- The order of required actions execution is in alphabetical order, so if I
wanted a custom required action to be run after the "Verify email" action I
need to be sure that the name of my custom required action starts with "W"
at least. An UI interface like what we already have in the Authenticators
part would be nice.
- There are no facilities inside Keycloak to search users with a specific
attribute key or value. It would be nice too to have long integers as
attibute values, in case we want to search for users with greater / less
than a specific timestamp attribute like the one you use in the terms &
conditions required action. For example, for the removal task, I'd like to
search for users without a custom attribute, then I'll remove those. I
guess I'll just extend the data model if needed to workaround this issue.
- If someone declines the terms & conditions, the user is redirected to a
blank page with an "error" in the screen. I don't care about this since I'm
going to make my custom required action if I can find an alternative for
the things I'm saying above.
If I'm wrong about something, please let me know.
Thanks,
Tomás
7 years
Add required action "Update Password" to all users after Password Policy change
by Steve Hoffman
Currently updating the Password Policy for a realm, and I was looking for an easier (safer) way of forcing users to update password on login once we've set our new preferences.
I'm aware that I can iterate through the users in the admin console (time/cost prohibitive) or POST/Update to the Admin REST API for each individual user after a GET for the user list.
Is there another simpler built-in mechanism that I'm overlooking?
Thanks,
Stephen Hoffman
--
XSB, Inc
Office (631) 371-8100 Ext. 8128
Mobile (631) 579-9857
Fax (631) 382-8228
http://www.xsb.com/
DISCLAIMER:
This e-mail is intended for the use of the addressee(s) only and may contain privileged, confidential, or proprietary information that is exempt from disclosure under law. If you are not the intended recipient, please do not read, copy, use or disclose the contents of this communication to others.
Please notify the sender that you have received this e-mail in error by replying to the e-mail. Please then delete the e-mail and destroy any copies of it. Thank you.
7 years
Keycloak JS + Cordova Adapter + iOS
by Jens Schliesser
Hello,
we have a Angular4 web application running with keycloak.js that works
great.
We are now trying to put this application into a cordova container running
on iOS, but in the login function of the keycloak cordova adapter
var loginUrl = kc.createLoginUrl(options);
var ref = window.open(loginUrl, '_blank', o);
ref is always null, so adding the event listener fails ?!?
We are bootstrapping (main.ts) our angular application like this:
function bootstrapKeyCloak() {
KeycloakService.init({
'url': environment.keycloakConfig.url,
'realm': environment.keycloakConfig.realm,
'clientId': environment.keycloakConfig.clientId,
}, {
onLoad: 'login-required',
flow: 'standard'
}).then(() => {
platformBrowserDynamic().bootstrapModule(AppModule);
}).catch((e: any) => {
alert(e);
});
}
if (typeof window['cordova'] !== 'undefined') {
if(document) {
document.addEventListener('deviceready', () => {
bootstrapKeyCloak();
}, false);
}
} else {
bootstrapKeyCloak();
}
Any ideas why window.open fails and how to fix this?
--
Kind Regards,
Jens Schliesser
7 years
