PAM Module with Keycloak
by Mike Wakim
Has anyone used a PAM module with keycloak in the past? Essentially we are
interested in allowing Linux systems to authenticate with Keycloak. The PAM
module would be used for multiple system level use cases such as Login,
sFTP, SSH, LDAP, etc.
I raised KEYCLOAK-9001 but the ticket got rejected as it falls outside of
the scope of the Keycloak project. I am wondering if any one else in the
community has had a similar usecase or is aware of any current modules for
PAM and Keycloak?
Thanks,
Mike
6 years
UserStorageProvider for an external database
by Steffen Kreutz
Hey guys,
I am trying to implement a custom UserStorageProvider that loads users from
an external database. I wonder how I can make the database connection
parameters configurable and I thought of adding another datasource to
WildFly. But I don't know how I can 'inject' this datasource into my
module. Do you have any recommendations for me?
Best,
Steffen
6 years
Backward compatibility on Clients using Keycloak v3.0.0
by Deepti Tyagi
Hi Team,
Do we support backward compatibility on clients like Wildfly 10.1.0, JavaScript.js, Node.js that are using Keycloak v3.0.0 client adapters?
We would like to upgrade Keycloak to v4.6 and keep existing client adapters on v3.0.0 for now to allow them to upgrade it on later point of time.
Is there any known regression issue in this scenario?
Thanks,
Deepti
----------------------------------------------------------------------
This e-mail, including any attached files, may contain confidential and privileged information for the sole use of the intended recipient. Any review, use, distribution, or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorized to receive information for the intended recipient), please contact the sender by reply e-mail and delete all copies of this message.
6 years
Keycloak Jar plugin issue
by Pulkit Srivastava
Hey,
We are facing issues with custom jar plugin in keycloak.
We used the following approach:
<providers>
<provider>classpath:${jboss.home.dir}/providers/*</provider>
<provider>module:com.identity-bridge.authentication-api
</provider>
<provider>module:com.identity-bridge.login-rest-api</provider>
<provider>module:com.identity-bridge.registration-spi </provider>
</providers>
And placed these jars inside module folder of keycloak.
But when we tried placing the jars inside "providers" folder in keycloak as
mentioned in first line(so that we don't have to make any change in
standalone.xml for jars), keycloak stated giving "NoClassDefFound" error
for some classes. Any idea as to why this happening.?
Thanks,
Pulkit
6 years
Version upgrade issue
by Pulkit Srivastava
Hey,
We are facing issues on working with new version of keycloak. The jar we
created using the old version of keycloak are not compatible with the new
version. Some of the classes we extended to make custom spi's have been
changes. For example:
IdentityProviderBean
KeycloakContext
Old version: 3.4.3
New Version: 4.6.0
Does anyone has any idea as to why keycloak does not supports backward
compatibility?.
Thanks,
Pulkit
6 years
Cryptic error VFS000002: Failed to clean existing content for temp file provider of type temp while starting docker image
by Lukasz Lech
Hello,
When I'm trying to start keycloak 4.5.0 docker image, I'm getting cryptic error message:
[org.jboss.vfs] (MSC service thread 1-1) VFS000002: Failed to clean existing content for temp file provider of type temp. Enable DEBUG level log to find what caused this
I've tried setting the environment variable KEYCLOAK_LOGLEVEL to DEBUG, as described in https://hub.docker.com/r/jboss/keycloak/ , but it didn't change anything. I still get that cryptic error log and nothing more.
I can't log into docker image to check log files, because it got killed afterwards, so it makes finding the problem hardly possible.
Has the name of the ENV variable changed, or it's generally not possible to change log level using official docker image?
Best regards,
Lukasz Lech
6 years
logout from keycloak security proxy not possible
by Dimitris Charlaftis
Greetings,
i would like to post the following issue:
I have set up a docker security proxy container: (from image
jboss/keycloak-proxy ) and a test application behind that proxy that
authenticates users through a keykloak docker container (jboss/keycloak
image).
When i *logout *from keycloak central realm pahe, the session with the
test application DOES NOT FINISH and the client test application is not
logged out.
Can you help please?
proxy.json configuration
{
"target-url": "http://test_app <http://sandbox00.dev.extcloud0.ekt.gr:8205/>",
"bind-address": "0.0.0.0",
"send-access-token": true,
"http-port": "8180",
"https-port": "8443",
"applications": [
{
"base-path": "/",
"adapter-config": {
"realm": "internal_applications",
"auth-server-url": "http://keycloak_server/auth <http://sandbox00.dev.extcloud0.ekt.gr:8202/auth>",
"resource": "test_app",
"ssl-required": "external",
"credentials":{
"secret":"fgweggeg-ffff-fffff-fgfgff-fffffffffff"
}
},
"constraints": [
{
"pattern": "/*",
"authenticate": true
}
]
}
]
}
thank you!!!
--
_____________________________
Dimitris Charlaftis
Software Engineer
National Documentation Center
email: dharlaftis(a)ekt.gr
_____________________________
6 years
Outbound Proxy for Keycloak Server(backchannel calls)
by Lucian Ochian
Hi all,
I really need to setup an outbound proxy for the keycloak server(3.4.3) to be used in the back-channel calls back to the client nodes.
Can anybody help?
Thanks a lot,
Lucian
PS: sorry if this is a duplicate, I wasn't sure if the first email went through because I got membership confirmation email back
6 years
4.5.0.Final failing to start
by Graham Burgess
I am getting the follow stack trace from the logs when 4.5.0.Final tries to start on 2 of my Keycloak cluster (thankfully both non-production):
00:42:40,128 WARN [org.jboss.modules.define] (main) Failed to define class org.jboss.as.server.BootstrapImpl$ShutdownHook in Module "org.jboss.as.server" version 5.0.0.Final from local module loader @2b95e48b (finder: local module finde
r @4a3329b9 (roots: /opt/jboss/keycloak/modules,/opt/jboss/keycloak/modules/system/layers/keycloak,/opt/jboss/keycloak/modules/system/layers/base)): java.lang.NoClassDefFoundError: Failed to link org/jboss/as/server/BootstrapImpl$Shutdow
nHook (Module "org.jboss.as.server" version 5.0.0.Final from local module loader @2b95e48b (finder: local module finder @4a3329b9 (roots: /opt/jboss/keycloak/modules,/opt/jboss/keycloak/modules/system/layers/keycloak,/opt/jboss/keycloak/
modules/system/layers/base))): datadog/trace/agent/tooling/context/FieldBackedProvider$ContextAccessor$java$lang$Runnable$datadog$trace$bootstrap$instrumentation$java$concurrent$State
at java.lang.ClassLoader.defineClass1(Native Method)
at java.lang.ClassLoader.defineClass(ClassLoader.java:763)
at org.jboss.modules.ModuleClassLoader.doDefineOrLoadClass(ModuleClassLoader.java:423)
at org.jboss.modules.ModuleClassLoader.defineClass(ModuleClassLoader.java:519)
at org.jboss.modules.ModuleClassLoader.loadClassLocal(ModuleClassLoader.java:339)
at org.jboss.modules.ModuleClassLoader$1.loadClassLocal(ModuleClassLoader.java:126)
at org.jboss.modules.Module.loadModuleClass(Module.java:731)
at org.jboss.modules.ModuleClassLoader.findClass(ModuleClassLoader.java:247)
at org.jboss.modules.ConcurrentClassLoader.performLoadClassUnchecked(ConcurrentClassLoader.java:410)
at org.jboss.modules.ConcurrentClassLoader.performLoadClass(ConcurrentClassLoader.java:398)
at org.jboss.modules.ConcurrentClassLoader.loadClass(ConcurrentClassLoader.java:116)
at org.jboss.as.server.BootstrapImpl.<init>(BootstrapImpl.java:67)
at org.jboss.as.server.Bootstrap$Factory.newInstance(Bootstrap.java:275)
at org.jboss.as.server.Main.main(Main.java:105)
at org.jboss.modules.Module.run(Module.java:352)
at org.jboss.modules.Module.run(Module.java:320)
at org.jboss.modules.Main.main(Main.java:593)
java.lang.NoClassDefFoundError: Failed to link org/jboss/as/server/BootstrapImpl$ShutdownHook (Module "org.jboss.as.server" version 5.0.0.Final from local module loader @2b95e48b (finder: local module finder @4a3329b9 (roots: /opt/jboss/
keycloak/modules,/opt/jboss/keycloak/modules/system/layers/keycloak,/opt/jboss/keycloak/modules/system/layers/base))): datadog/trace/agent/tooling/context/FieldBackedProvider$ContextAccessor$java$lang$Runnable$datadog$trace$bootstrap$ins
trumentation$java$concurrent$State
at java.lang.ClassLoader.defineClass1(Native Method)
at java.lang.ClassLoader.defineClass(ClassLoader.java:763)
at org.jboss.modules.ModuleClassLoader.doDefineOrLoadClass(ModuleClassLoader.java:423)
at org.jboss.modules.ModuleClassLoader.defineClass(ModuleClassLoader.java:519)
at org.jboss.modules.ModuleClassLoader.loadClassLocal(ModuleClassLoader.java:339)
at org.jboss.modules.ModuleClassLoader$1.loadClassLocal(ModuleClassLoader.java:126)
at org.jboss.modules.Module.loadModuleClass(Module.java:731)
at org.jboss.modules.ModuleClassLoader.findClass(ModuleClassLoader.java:247)
at org.jboss.modules.ConcurrentClassLoader.performLoadClassUnchecked(ConcurrentClassLoader.java:410)
at org.jboss.modules.ConcurrentClassLoader.performLoadClass(ConcurrentClassLoader.java:398)
at org.jboss.modules.ConcurrentClassLoader.loadClass(ConcurrentClassLoader.java:116)
at org.jboss.as.server.BootstrapImpl.<init>(BootstrapImpl.java:67)
at org.jboss.as.server.Bootstrap$Factory.newInstance(Bootstrap.java:275)
at org.jboss.as.server.Main.main(Main.java:105)
at org.jboss.modules.Module.run(Module.java:352)
at org.jboss.modules.Module.run(Module.java:320)
at org.jboss.modules.Main.main(Main.java:593)
00:42:40,251 FATAL [org.jboss.as.server] (main) WFLYSRV0239: Aborting with exit code 1
Thankfully my production cluster is up at the moment but I fear that if it restarts (for whatever reason) it too will fail.
Anyone else seen and solve this one?
For the record, I am already looking at upgrading to 4.7.0.Final but that has it's own set of issues that I am currently working through.
Best regards,
Graham Burgess
RΛZΞR|stormmore
Sr. DevOps Engineer (USA)
Email: graham.burgess(a)razer.com
DID: (415) 374 0639
[http://assets.razerzone.com/email/email-sig.jpg]
Razer.com<https://www.razer.com/> | Razer Game Store<https://gamestore.razer.com/> | Razer Insider<https://insider.razer.com/> | Razer zVault<https://zvault.razer.com/>
[https://upload.wikimedia.org/wikipedia/commons/thumb/c/c2/F_icon.svg/200p...]<https://www.facebook.com/Razer> [Twitter_Social_Icon_Rounded_Square_Color] <https://twitter.com/Razer> [glyph-logo_May2016] <https://www.instagram.com/razer/> [youtube_social_squircle_red] <https://www.youtube.com/Razer?sub_confirmation=1>
Razer Inc. (San Francisco)
201 3rd Street, Suite 900
San Francisco CA 94103, USA
Tel: +1 (415) 266 5300
Razer Inc. Stock Code: 1337.HK
IMPORTANT NOTICE: This e-mail may be confidential, legally privileged or otherwise protected from disclosure. If you are not an intended recipient, do not copy, distribute or use its contents. Do inform the sender that you have received the message in error and delete it from your system. E-mails are not secure and may suffer errors, computer viruses, delay, interception and amendment. Razer accepts neither risk nor liability for any damage or loss caused by this e-mail. To the extent permitted by applicable law, Razer reserves the right to retain, monitor and intercept e-mails to and from its systems.
6 years
