Getting 404 error while calling the create user API of keycloak 4.5
by Shubham Akodiya
Hi,
I'm getting the 404 error while calling the create user API. I've gone
through the steps which are explained in this link
<https://www.keycloak.org/docs-api/4.5/rest-api/index.html#_users_resource> but
still, it gives the 404 error.
URL - http://localhost:8080/auth/{realm_name}/users
METHOD - Post
Headers -
Content-Type = "application/json"
Authorization = "bearer <token>"
Body -
{
"username": "rodrigo.sasaki",
"enabled": true,
"totp": false,
"emailVerified": false,
"firstName": "Rodrigo",
"lastName": "Sasaki",
"email": "rodrigo.sasaki at email.com.br",
"credentials": [
{
"type": "password",
"value": "myPassword"
}
]
}
6 years, 1 month
Keycloak + JACC
by Luca Stancapiano
I'm trying out the quickstart example at https://github.com/keycloak/keycloak-quickstarts.
I use a keycloak 4.5.0.Final server distribution and a Wildfly 14.0.1 that opts the keycloak adapter and the web application.
Once the client is installed on the server distribution and added the correct keycloak.json as required in the README on https://github.com/keycloak/keycloak-quickstarts/blob/latest/app-authz-je... , the application works well.
I would like to understand though if JACC can be used as a standard in web applications. For example, if I try to use the PolicyContext class inside a controller class method:
public boolean isLoggedIn (HttpServletRequest req) throws PolicyContextException {
System.out.println ("subject:" + PolicyContext.getContext ("javax.security.auth.Subject.container"));
return getSession (req)! = null;
}
I get null. Also trying to configure a JACC policy like:
/Subsystem=elytron/policy=JACC:add(JACC-policy={})
/Subsystem=undertow/application-security-domain=other:write-attribute(name=enable-JACC,value=true)
I always get null. Is it possible to use JACC inside keycloak?
6 years, 1 month
Re: [keycloak-user] Keycloak 4.6.0.Final released
by Cédric Couralet
Le 2018-11-15 16:53, Pedro Ruivo a écrit :
> Hi Sebastian,
>
> Which ISPN version is shipped with 4.6.0?
>
> The StateRequestCommand changed its wire format in 9.3.1/9.4.0.
>
> From the exception, it looks like some nodes are using an older
> version and the "new" nodes can't deserialize it.
>
Thanks for the answers, I realize now that I the old version was not
entirely stopped before the new instance started. I'm guessing the
change in format caused those exceptions. I'll change my procedures for
future versions.
Sorry for the noise.
Cédric
6 years, 1 month
NullpointerException in AuthenticationManager
by Henning Waack
Dear all.
Using KC 4.5.0, I get the following exception in my Custom SPI:
2018-11-16 17:05:23,407 ERROR
[org.keycloak.services.error.KeycloakErrorHandler] (default task-3)
Uncaught server error: java.lang.NullPointerException
at
org.keycloak.keys.DefaultKeyManager.getProviders(DefaultKeyManager.java:249)
at org.keycloak.keys.DefaultKeyManager.getKey(DefaultKeyManager.java:104)
at
org.keycloak.crypto.ServerAsymmetricSignatureVerifierContext.getKey(ServerAsymmetricSignatureVerifierContext.java:29)
at
org.keycloak.crypto.ServerAsymmetricSignatureVerifierContext.<init>(ServerAsymmetricSignatureVerifierContext.java:25)
at
org.keycloak.crypto.AsymmetricSignatureProvider.verifier(AsymmetricSignatureProvider.java:39)
at
org.keycloak.services.managers.AuthenticationManager.verifyIdentityToken(AuthenticationManager.java:1138)
at
org.keycloak.services.managers.AppAuthManager.authenticateBearerToken(AppAuthManager.java:71)
at
org.keycloak.services.managers.AppAuthManager.authenticateBearerToken(AppAuthManager.java:66)
at
org.keycloak.services.managers.AppAuthManager.authenticateBearerToken(AppAuthManager.java:58)
at
de.sys.keycloak.spi.UserSearchResourceProvider.<init>(UserSearchResourceProvider.java:46)
The method invoking it is as follows:
* RealmManager realmManager = new RealmManager(session);*
* RealmModel realm = realmManager.getRealmByName(realmName);*
* this.auth = new AppAuthManager().authenticateBearerToken(session,
realm);*
Any pointer at what is happening here? Server did function before quite
nicely, don't know what could lead to this situation.
Thanks & greetings
Henning
--
Henning Waack | IT Consultant
codecentric AG | Hochstraße 11
<https://maps.google.com/?q=Hochstra%C3%9Fe+11%C2%A0+%7C+%C2%A0+42697+Soli...>
|
<https://maps.google.com/?q=Hochstra%C3%9Fe+11%C2%A0+%7C+%C2%A0+42697+Soli...>
<https://maps.google.com/?q=Hochstra%C3%9Fe+11%C2%A0+%7C+%C2%A0+42697+Soli...>42697
Solingen
<https://maps.google.com/?q=Hochstra%C3%9Fe+11%C2%A0+%7C+%C2%A0+42697+Soli...>
|Deutschland
<https://maps.google.com/?q=Hochstra%C3%9Fe+11%C2%A0+%7C+%C2%A0+42697+Soli...>
tel: +49 (0)151 108 515 29
www.codecentric.de | blog.codecentric.de | www.meettheexperts.de
Sitz der Gesellschaft: Solingen | HRB 25917 | Amtsgericht Wuppertal
Vorstand: Michael Hochgürtel . Ulrich Kühn . Rainer Vehns
Aufsichtsrat: Patric Fedlmeier (Vorsitzender) . Klaus Jäger . Jürgen Schütz
Diese E-Mail einschließlich evtl. beigefügter Dateien enthält vertrauliche
und/oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige
Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie
bitte sofort den Absender und löschen Sie diese E-Mail und evtl.
beigefügter Dateien umgehend. Das unerlaubte Kopieren, Nutzen oder Öffnen
evtl. beigefügter Dateien sowie die unbefugte Weitergabe dieser E-Mail ist
nicht gestattet.
6 years, 1 month
End user sharing of his resource removes permission to his resource
by Geoffrey Cleaves
I'm experiencing unexpected results and believe there is a bug. I am losing
permissions to my resource after sharing my resource with another user.
Resource owner rs1 has read and edit rights to his resource1 through a JS
policy and permission which grants the resource owner the rights.
If rs1 uses the My resources screen to grant another user, rs2, the read
scope to resource1, rs1 looses the right to the read scope.
Please see JIRA https://issues.jboss.org/browse/KEYCLOAK-8794 and the
screen cast within the JIRA.
6 years, 1 month
How to package a provider as EAR
by Mike Keith
Hi Marco,
I'm currently exploring this exact thing, and so far haven't gotten it
right just yet. Today I plan to figure more about about the maven ear
plugin:
https://maven.apache.org/plugins/maven-ear-plugin/
I'll reply back if I find anything, and definitely would be interested in
your own progress as well if you find anything useful or make progress as
well.
-Mike
--
----
> Hi together,
> do you have any example how to package a provider implementation as an EAR
> file?
> I packaged it as JAR and it works but then I added some external libs
> (JARS) so I have the requirement to
> package it as an EAR.
> Thank you,
> Marco
> Marco Scheuermann
6 years, 1 month
Spring Boot Multitenancy
by Ondrej Scerba
Hi,
I'm trying to implement multitenant Spring Boot application using Spring Security Adapter.
I'm able to authenticate based on path to correct realm. Now I want to protect endpoints based on realm.
How can I achieve it? E.g. endpoint /realm/Customer1/users will be accessible only for authenticated user which belongs to realm Customer1 and endpoint /realm/Customer2/users will be accessible only for authenticated user which belongs to realm Customer2?
Thanks,
Ondrej
6 years, 1 month
Spring Boot Multitenancy
by Ondrej Scerba
Hi,
I'm trying to implement multitenant Spring Boot application using Spring Security Adapter.
I'm able to authenticate based on path to correct realm. Now I want to protect endpoints based on realm.
How can I achieve it? E.g. endpoint /realm/Customer1/users will be accessible only for authenticated user which belongs to realm Customer1 and endpoint /realm/Customer2/users will be accessible only for authenticated user which belongs to realm Customer2?
Thanks,
Ondrej
6 years, 1 month
