keycloak gatekeeper samples
by Meissa M'baye Sakho
Hello all,
I've read the doc related to keycloak gatekeeper but I would like to see
running example configurations.
Is there a chance we have ones in the keycloak example repos or somewhere
else?
Regards,
Meissa
6 years
Using Keycloak admin client on a web browser
by Vikram Eswar
Hi all,
is it possible to implement a keycloak admin client to add / delete/ update
users from a web browser or is it just available for node js ? If it is
possible with a browser, could someone please give me some support on how
to do that ?
Regards,
Vikram
6 years
LDAP role mapper loses client on client renaming
by Peemöller, Björn
Hi all,
in our Keycloak installation we have connected Keycloak to an internal AD using user federation and configured a role-ldap-mapper as described in https://www.keycloak.org/docs/latest/server_admin/index.html#_ldap_mappers .
We now discovered that if we rename a client, than the associated LDAP mapper loses the connection to the client, as it stores only the client name but not its internal id in the mapper configuration.
Currently, we therefore need to reconfigure all associated mappers once we rename a client.
Is it possible to avoid this problem (or wouldn't it be even better to store the internal UUID)?
Kind regards,
Björn
Björn Peemöller
IT & IT Operations
BERENBERG
Joh. Berenberg, Gossler & Co. KG
Neuer Jungfernstieg 20
20354 Hamburg
Telefon +49 40 350 60-8548
Telefax +49 40 350 60-900
E-Mail bjoern.peemoeller(a)berenberg.de<mailto:bjoern.peemoeller@berenberg.de>
www.berenberg.de<http://www.berenberg.de/>
Sitz: Hamburg - Amtsgericht Hamburg HRA 42659
Bei Berenberg hat der Schutz Ihrer Daten seit jeher höchste Priorität. Informationen zum Umgang mit personenbezogenen Daten finden Sie hier: https://www.berenberg.de/files/Rechtliche%20Hinweise/DSGVO/DSGVO-Kundenin...
Diese Nachricht einschliesslich etwa beigefuegter Anhaenge ist vertraulich und kann dem Bank- und Datengeheimnis unterliegen oder sonst rechtlich geschuetzte Daten und Informationen enthalten. Wenn Sie nicht der richtige Adressat sind oder diese Nachricht irrtuemlich erhalten haben, informieren Sie bitte sofort den Absender über die Antwortfunktion. Anschliessend moechten Sie bitte diese Nachricht einschliesslich etwa beigefuegter Anhaenge unverzueglich vollstaendig loeschen. Das unerlaubte Kopieren oder Speichern dieser Nachricht und/oder der ihr etwa beigefuegten Anhaenge sowie die unbefugte Weitergabe der darin enthaltenen Daten und Informationen sind nicht gestattet. Wir weisen darauf hin, dass rechtsverbindliche Erklaerungen namens unseres Hauses grundsaetzlich der Unterschriften zweier ausreichend bevollmaechtigter Vertreter unseres Hauses beduerfen. Wir verschicken daher keine rechtsverbindlichen Erklaerungen per E-Mail an Dritte. Demgemaess nehmen wir per E-Mail auch keine rechtsverbindlichen Erklaerungen oder Auftraege von Dritten entgegen.
Sollten Sie Schwierigkeiten beim Oeffnen dieser E-Mail haben, wenden Sie sich bitte an den Absender oder an info(a)berenberg.de. Please refer to https://www.berenberg.de/files/Rechtliche%20Hinweise/DSGVO/DSGVO-Kundenin... for our confidentiality notice.
6 years
Keycloak Multi Tenancy implementation with login through javascript (a webpage)
by Vikram Eswar
Hello all,
I want to assign different realms to different clients (organisations) in
keycloak. The login to keycloak is achieved through a webpage which
acquires a valid token from keycloak which is then passed with the rest
requests that I make from my website to a springboot server that uses a
keycloak adapter for authentication.
Now, the javascript adapter needs a keycloak configuration file that has
details about the realm that I want to log in to. But, the problem is that
I do not know which realm the user belongs to because he / she can be from
any organisation ie. the login page for all organisations is the same.
What is the best way to achieve this ? I assume that this kind of approach
is quite common these days but cannot find a solution..
Regards,
Vikram
6 years
Keeping JWT fields after token exchange
by Cristian Schuszter
Hi there,
I have an application which allows you to perform social login via
Keycloak. I get the JWT token back with some extra fields provided by
mappers. Once I do the token exchange for another application, the field
disappears from the exchanged JWT.
Is there a way of telling the policy to keep the field for the exchanged
token?
Best regards,
Cristian Schuszter
6 years
Unable to instantiate MessageBodyReader
by William Nankap
hello
when i tried to use the keycloak admin client 4.4.0 to connect to keycloak
4.4.0 i got this error right after
i don't understand where the error come. everything was working
my used dependices :
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-jpa</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
<exclusions>
<exclusion>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-tomcat</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
<version>4.0.1</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>servlet-api</artifactId>
<version>2.5</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-spring-security-adapter</artifactId>
<version>4.4.0.Final</version>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-spring-boot-starter</artifactId>
<version>4.4.0.Final</version>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-admin-client</artifactId>
<version>4.4.0.Final</version>
</dependency>
<dependency>
<groupId>org.jboss.resteasy</groupId>
<artifactId>resteasy-client</artifactId>
<version>3.6.1.Final</version>
</dependency>
<dependency>
<groupId>org.jboss.resteasy</groupId>
<artifactId>resteasy-jaxrs</artifactId>
<version>3.5.1.Final</version>
</dependency>
<dependency>
<groupId>org.jboss.resteasy</groupId>
<artifactId>resteasy-jackson2-provider</artifactId>
<version>3.6.1.Final</version>
</dependency>
<!-- <dependency>
<groupId>org.jboss.resteasy</groupId>
<artifactId>resteasy-multipart-provider</artifactId>
<version>4.0.0.Beta6</version>
</dependency> -->
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-core</artifactId>
<version>2.8.8</version>
</dependency>
<!-- <dependency>
<groupId>com.paypal.sdk</groupId>
<artifactId>rest-api-sdk</artifactId>
<version>1.13.1</version>
</dependency> -->
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt</artifactId>
<version>0.9.0</version>
</dependency>
<dependency>
<groupId>com.squareup.okhttp3</groupId>
<artifactId>okhttp</artifactId>
<version>3.10.0</version>
</dependency>
<dependency>
<groupId>com.squareup.okhttp3</groupId>
<artifactId>mockwebserver</artifactId>
<version>3.10.0</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>javax.json.bind</groupId>
<artifactId>javax.json.bind-api</artifactId>
<version>1.0</version>
</dependency>
<dependency>
<groupId>org.eclipse</groupId>
<artifactId>yasson</artifactId>
<version>1.0</version>
</dependency>
<dependency>
<groupId>org.glassfish</groupId>
<artifactId>javax.json</artifactId>
<version>1.1</version>
</dependency>
<dependency>
<groupId>javax.xml.bind</groupId>
<artifactId>jaxb-api</artifactId>
<version>2.3.0</version>
</dependency>
21:55:59,063 ERROR [io.undertow.request] (default task-1) UT005023:
Exception handling request to /StarmovesProject/signup:
org.springframework.web.util.NestedServletException: Request processing
failed; nested exception is java.lang.RuntimeException:
java.lang.RuntimeException: RESTEASY003940: Unable to instantiate
MessageBodyReader
at
org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:982)
at
org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:866)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:687)
at
org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:851)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
at
io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74)
at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
at
org.springframework.web.filter.CorsFilter.doFilterInternal(CorsFilter.java:96)
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:320)
at
org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:127)
at
org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:91)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at
org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:119)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at
org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:137)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at
org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at
org.keycloak.adapters.springsecurity.filter.KeycloakAuthenticatedActionsFilter.doFilter(KeycloakAuthenticatedActionsFilter.java:74)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at
org.keycloak.adapters.springsecurity.filter.KeycloakSecurityContextRequestFilter.doFilter(KeycloakSecurityContextRequestFilter.java:77)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at
org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:170)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at
org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at
org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:200)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at
org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at
org.keycloak.adapters.springsecurity.filter.KeycloakPreAuthActionsFilter.doFilter(KeycloakPreAuthActionsFilter.java:84)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at
org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:100)
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at
org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:66)
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at
org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at
org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at
org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215)
at
org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178)
at
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:357)
at
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:270)
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
at
org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99)
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
at
org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:109)
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
at
org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:93)
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
at
org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:200)
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
at
io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
at
io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
at
io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
at
io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
at
org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:132)
at
io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
at
io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
at
io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
at
io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
at
io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
at
io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
at
io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
at
io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
at
io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
at
io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
at
io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
at
org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)
at
org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1514)
at
org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1514)
at
org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1514)
at
org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1514)
at
org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1514)
at
io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)
at
io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
at
io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104)
at io.undertow.server.Connectors.executeRootHandler(Connectors.java:360)
at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:830)
at
org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
at
org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985)
at
org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487)
at
org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1378)
at java.lang.Thread.run(Thread.java:748)
Caused by: java.lang.RuntimeException: java.lang.RuntimeException:
RESTEASY003940: Unable to instantiate MessageBodyReader
at
org.jboss.resteasy.plugins.providers.RegisterBuiltin.register(RegisterBuiltin.java:49)
at
org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder.getProviderFactory(ResteasyClientBuilder.java:359)
at
org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder.build(ResteasyClientBuilder.java:392)
at org.keycloak.admin.client.Keycloak.<init>(Keycloak.java:58)
at org.keycloak.admin.client.Keycloak.getInstance(Keycloak.java:106)
at
org.starmove.projet.metier.KeycloakAccountImpl.saveUserKeycloak(KeycloakAccountImpl.java:70)
at
org.starmove.projet.metier.KeycloakAccountImpl$$FastClassBySpringCGLIB$$60efd169.invoke(<generated>)
at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
at
org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:746)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
at
org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:294)
at
org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:98)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:185)
at
org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:688)
at
org.starmove.projet.metier.KeycloakAccountImpl$$EnhancerBySpringCGLIB$$a64a83d3.saveUserKeycloak(<generated>)
at
org.starmove.projet.controller.AccountRestController.register(AccountRestController.java:42)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at
org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:209)
at
org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:136)
at
org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:102)
at
org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:877)
at
org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:783)
at
org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87)
at
org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:991)
at
org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:925)
at
org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:974)
... 109 more
Caused by: java.lang.RuntimeException: RESTEASY003940: Unable to
instantiate MessageBodyReader
at
org.jboss.resteasy.spi.ResteasyProviderFactory.registerProvider(ResteasyProviderFactory.java:1711)
at
org.jboss.resteasy.spi.ResteasyProviderFactory.registerProvider(ResteasyProviderFactory.java:1637)
at
org.jboss.resteasy.plugins.providers.RegisterBuiltin.registerProviders(RegisterBuiltin.java:133)
at
org.jboss.resteasy.plugins.providers.RegisterBuiltin.register(RegisterBuiltin.java:45)
... 137 more
Caused by: java.lang.TypeNotPresentException: Type
javax.ws.rs.sse.OutboundSseEvent not present
at
sun.reflect.generics.factory.CoreReflectionFactory.makeNamedType(CoreReflectionFactory.java:117)
at
sun.reflect.generics.visitor.Reifier.visitClassTypeSignature(Reifier.java:125)
at
sun.reflect.generics.tree.ClassTypeSignature.accept(ClassTypeSignature.java:49)
at sun.reflect.generics.visitor.Reifier.reifyTypeArguments(Reifier.java:68)
at
sun.reflect.generics.visitor.Reifier.visitClassTypeSignature(Reifier.java:138)
at
sun.reflect.generics.tree.ClassTypeSignature.accept(ClassTypeSignature.java:49)
at
sun.reflect.generics.repository.ClassRepository.getSuperInterfaces(ClassRepository.java:108)
at java.lang.Class.getGenericInterfaces(Class.java:913)
at
org.jboss.resteasy.util.Types.searchForInterfaceTemplateParameter(Types.java:56)
at
org.jboss.resteasy.util.Types.getTemplateParameterOfInterface(Types.java:43)
at
org.jboss.resteasy.spi.ResteasyProviderFactory$SortedKey.<init>(ResteasyProviderFactory.java:160)
at
org.jboss.resteasy.spi.ResteasyProviderFactory$SortedKey.<init>(ResteasyProviderFactory.java:143)
at
org.jboss.resteasy.spi.ResteasyProviderFactory.addMessageBodyReader(ResteasyProviderFactory.java:978)
at
org.jboss.resteasy.spi.ResteasyProviderFactory.addMessageBodyReader(ResteasyProviderFactory.java:954)
at
org.jboss.resteasy.spi.ResteasyProviderFactory.registerProvider(ResteasyProviderFactory.java:1706)
... 140 more
Caused by: java.lang.ClassNotFoundException:
javax.ws.rs.sse.OutboundSseEvent from [Module
"org.jboss.resteasy.resteasy-jaxrs" version 3.5.1.Final from local module
loader @3b81a1bc (finder: local module finder @64616ca2 (roots:
/opt/keycloak-4.4.0.Final/modules,/opt/keycloak-4.4.0.Final/modules/system/layers/keycloak,/opt/keycloak-4.4.0.Final/modules/system/layers/base))]
at org.jboss.modules.ModuleClassLoader.findClass(ModuleClassLoader.java:255)
at
org.jboss.modules.ConcurrentClassLoader.performLoadClassUnchecked(ConcurrentClassLoader.java:410)
at
org.jboss.modules.ConcurrentClassLoader.performLoadClass(ConcurrentClassLoader.java:398)
at
org.jboss.modules.ConcurrentClassLoader.loadClass(ConcurrentClassLoader.java:116)
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:348)
at
sun.reflect.generics.factory.CoreReflectionFactory.makeNamedType(CoreReflectionFactory.java:114)
... 154 more
6 years
Data filtering in SQL
by Byrd, Rob M
I am comparing OPA authorization to Keycloak - how could I enforce Keycloak policy in the SQL closest to the data for good performance, including returning subsets of lists? OPA discusses this at https://blog.openpolicyagent.org/write-policy-in-opa-enforce-policy-in-sq....
Thanks!
Rob Byrd
DST
Solutions Lead
SS&C Technologies Inc. | 1055 Broadway, Kansas City, MO 64105
t: (816) 435-7286 | m (816) 509-0119
rmbyrd(a)dstsystems.com<mailto:rmbyrd@dstsystems.com> | www.ssctech.com<http://www.ssctech.com/>
Follow us: [cid:image001.png@01D412C1.A14C5770] <https://www.linkedin.com/company/ss-c-technologies/> | [cid:image002.png@01D412C1.A14C5770] <https://twitter.com/ssctechnologies> | [cid:image003.png@01D412C1.A14C5770] <https://www.facebook.com/ssctechnologies/>
Please consider the environment before printing this email and any attachments.
This e-mail and any attachments are intended only for the individual or company to which it is addressed and may contain information which is privileged, confidential and prohibited from disclosure or unauthorized use under applicable law. If you are not the intended recipient of this e-mail, you are hereby notified that any use, dissemination, or copying of this e-mail or the information contained in this e-mail is strictly prohibited by the sender. If you have received this transmission in error, please return the material received to the sender and delete all copies from your system.
6 years
Client in VERIFY_EMAIL event is "account" when doing in different browser
by Libor Krzyzanek
Hi,
I just realised that when user do verification email in restarted browser (or incognito mode or on different device) then the client is always “account”.
I expect that client in this event would be always the client during which user has been asked to verify e-mail and received the verification e-mail.
It works in this way only if user do email verification on same device and same browser.
Is my expectation correct?
I’m using Keycloak 3.4.3.Final
Should I fire a ticket?
Thanks,
Libor Krzyžanek
Principal Software Engineer
Middleware Engineering Services
6 years
Customize OpenID/OAuth token
by Francisco Javier Crujeiras
Hi,
We're thinking on using Keycloak as our main IDP and SSO solution. At this
time, we're using a "custom" IDP server based on Spring and we are
investigating if we can migrate our client database to Keycloak without
disturbing our users.
So, we have seen that, by default, Keycloak answers a token request with a
complete JWT token, like this one:
{
"access_token":
"eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJEWk4wX1liZUZGNFZMUVdxQ2NWMGFWd0VFbXBlUGlnX1NFaWk3dkozSGRvIn0.eyJqdGkiOiI5YTc4MTY5NC04MGUwLTQ2OTEtOGY3Yi00MzQ5MzA3ZTBkYWIiLCJleHAiOjE1NDM1NzMxMDgsIm5iZiI6MCwiaWF0IjoxNTQzNTcyODA4LCJpc3MiOiJodHRwOi8vMTcyLjE4LjAuMzo4MDgwL2F1dGgvcmVhbG1zL3Rlc3QtcmVhbG0iLCJhdWQiOlsiaHR0K3EySUdZQkFHOHBkTDF4bHF4M0xxa1dtciIsImFjY291bnQiXSwic3ViIjoiYzgxNzYzNjgtMGI5NS00MWFmLTgzZDUtZTk4N2Y0ZWVlYTg3IiwidHlwIjoiQmVhcmVyIiwiYXpwIjoiaHR0K3EySUdZQkFHOHBkTDF4bHF4M0xxa1dtciIsImF1dGhfdGltZSI6MCwic2Vzc2lvbl9zdGF0ZSI6IjcyZWNiNzk4LWRiNTgtNDE2MS04ZTA5LTRhYWVkYjJlYWI4ZiIsImFjciI6IjEiLCJyZWFsbV9hY2Nlc3MiOnsicm9sZXMiOlsib2ZmbGluZV9hY2Nlc3MiLCJ1bWFfYXV0aG9yaXphdGlvbiJdfSwicmVzb3VyY2VfYWNjZXNzIjp7Imh0dCtxMklHWUJBRzhwZEwxeGxxeDNMcWtXbXIiOnsicm9sZXMiOlsidW1hX3Byb3RlY3Rpb24iXX0sImFjY291bnQiOnsicm9sZXMiOlsibWFuYWdlLWFjY291bnQiLCJtYW5hZ2UtYWNjb3VudC1saW5rcyIsInZpZXctcHJvZmlsZSJdfX0sInNjb3BlIjoicHJvZmlsZSBlbWFpbCIsImVtYWlsX3ZlcmlmaWVkIjpmYWxzZSwiY2xpZW50SG9zdCI6IjE3Mi4xOC4wLjEiLCJjbGllbnRJZCI6Imh0dCtxMklHWUJBRzhwZEwxeGxxeDNMcWtXbXIiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJzZXJ2aWNlLWFjY291bnQtaHR0K3EyaWd5YmFnOHBkbDF4bHF4M2xxa3dtciIsImNsaWVudEFkZHJlc3MiOiIxNzIuMTguMC4xIiwiZW1haWwiOiJzZXJ2aWNlLWFjY291bnQtaHR0K3EyaWd5YmFnOHBkbDF4bHF4M2xxa3dtckBwbGFjZWhvbGRlci5vcmcifQ.BgF6v7VQGO4vH4Z0VLFZmiO1CARpaoE1V7MjaNIJB85QORfk3L431VFQr3WJdT5ZBeC0Q5mB5LB7f9gLAd2lso4P9AegYAi8PmjJRvI-oL59Qe0PfDn8fjfZdaC8i3K0ZrZNDS9ivTdqL-8Gvq2C1l8x4tZaSxw1Yu8hxrWEfgOfATdn9XL5cbYXWRkm6AoJkVFVd300fPr0k6f67Jb4WOJP72692g8QRTWkqCrZyz0DrJxgg7fSX6M_0bxOa-JOidmGuJIwScciT1b5IVvvcQi3hx4UMwRQFunq1j2T7iRCT_LB99oP480KtoSXyCUS3dDzj6wCp4BEHb5K792isg"
,
"expires_in": 300,
"refresh_expires_in": 1800,
"refresh_token":
"eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJhNmQzZTgzZi1iZGUxLTQ3YjgtYmQ4Yy1hMjVhNDdjMmExZTYifQ.eyJqdGkiOiJmZWZhNTRjZS1hMjA0LTQ2NjAtODNkMC1kNDE0OWQwOTU0YWMiLCJleHAiOjE1NDM1NzQ2MDgsIm5iZiI6MCwiaWF0IjoxNTQzNTcyODA4LCJpc3MiOiJodHRwOi8vMTcyLjE4LjAuMzo4MDgwL2F1dGgvcmVhbG1zL3Rlc3QtcmVhbG0iLCJhdWQiOiJodHRwOi8vMTcyLjE4LjAuMzo4MDgwL2F1dGgvcmVhbG1zL3Rlc3QtcmVhbG0iLCJzdWIiOiJjODE3NjM2OC0wYjk1LTQxYWYtODNkNS1lOTg3ZjRlZWVhODciLCJ0eXAiOiJSZWZyZXNoIiwiYXpwIjoiaHR0K3EySUdZQkFHOHBkTDF4bHF4M0xxa1dtciIsImF1dGhfdGltZSI6MCwic2Vzc2lvbl9zdGF0ZSI6IjcyZWNiNzk4LWRiNTgtNDE2MS04ZTA5LTRhYWVkYjJlYWI4ZiIsInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJvZmZsaW5lX2FjY2VzcyIsInVtYV9hdXRob3JpemF0aW9uIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnsiaHR0K3EySUdZQkFHOHBkTDF4bHF4M0xxa1dtciI6eyJyb2xlcyI6WyJ1bWFfcHJvdGVjdGlvbiJdfSwiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsIm1hbmFnZS1hY2NvdW50LWxpbmtzIiwidmlldy1wcm9maWxlIl19fSwic2NvcGUiOiJwcm9maWxlIGVtYWlsIn0.WTW9TwMnx4DSzRlLkDj_uXgabFAAUD4wDB5D084GMdY"
,
"token_type": "bearer",
"not-before-policy": 0,
"session_state": "72ecb798-db58-4161-8e09-4aaedb2eab8f",
"scope": "profile email"
}
But, we'd like to send a "non-JWT" token, like this one:
{
"access_token": "laskddjfnasdf7-fas45nfdsa-56kr-8uy7-fasd87fyasdf",
"token_type": "bearer",
"expires_in": 3600,
"scope": "scope-1 scope-2 scope-n"
}
We're not very experienced in Keycloak and we do not know if this is even
possible, but any help will make us very happy.
Thanks in advance!
Regards,
6 years
Keycloak user sessions persistence
by marco.scheuermann@daimler.com
Hello Community,
after redeployment of keycloak we mentioned that all existing session are gone. Is there any way to persist the session, so that the also exist after server restart or redeployment?
Thank you,
Marco
If you are not the addressee, please inform us immediately that you have received this e-mail by mistake, and delete it. We thank you for your support.
6 years
