Mail System Error - Returned Mail
by Automatic Email Delivery Software
This message was not delivered due to the following reason(s):
Your message could not be delivered because the destination computer was
unreachable within the allowed queue period. The amount of time
a message is queued before it is returned depends on local configura-
tion parameters.
Most likely there is a network problem that prevented delivery, but
it is also possible that the computer is turned off, or does not
have a mail system running right now.
Your message was not delivered within 7 days:
Mail server 39.68.177.219 is not responding.
The following recipients could not receive this message:
<keycloak-user(a)lists.jboss.org>
Please reply to postmaster(a)lists.jboss.org
if you feel this message to be in error.
6 years, 10 months
Unable to log in to admin console Keycloak 3.4.1
by Phil Evans
Hi all,
I've recently upgrade the version of Keycloak we're running from 2.5.5 to
3.4.1.
In a single instance environment everything works fine.
In a clustered environment, when I try logging in to the admin console, I'm
logged out again as soon as I've logged in.
It seems like I'm logging in to one cluster instance successfully, but then
I'm sent to a page on another instance and my session information hasn't
been shared with that instance so it kicks me out.
This worked fine with 2.5.5.
I've attached the standalone-ha.xml I'm using.
Kind regards,
Phil Evans
6 years, 10 months
Admin-Cli create user with user define userid?
by Subodh Joshi
Hi
I am trying to create a user with user define userid but below command
throwing 400 error
* ./kcadm.sh create users -s username=admin123 -s
userid=f544f379-5dc4-49e5-8a8d-5cxb71f46f53 -s type=password -s
value=admin@123 -s enabled=true -srealm=master*
Can some one please help me what is wrong with the above command?
--
Subodh Chandra Joshi
<subodh1_joshi82(a)yahoo.co.in>
http://www.questioninmind.com
6 years, 10 months
SAML quickstart example
by tdtappe
Doing my first steps with keycloak I successfully setup a keycloak
(3.4.3.Final) instance and explored the vanilla sample app. Now I want to
try the SAML sample app (app-profile-saml-jee-jsp).
After modifying the web.xml to use KEYCLOAK instead of KEYCLOAK-SAML as the
auth-method (I was getting an error: "Unknown authentication mechanism
KEYCLOAK-SAML") I was able to build and deploy the app to my Wildfly 10.1
instance.
Question: Was it correct to change the auth-method to KEYCLOAK?
If I now access the sample app and click on "Login" (or trying to access
profile.jsp) I get a "Forbidden" error.
AFAICT, I set up keycloak for the sample app as decribed in the
documentation/readme.
Any ideas?
--Heiko
--
Sent from: http://keycloak-user.88327.x6.nabble.com/
6 years, 10 months
Curl Commands to create Realm/User/AdminUsergroup
by Subodh Joshi
Hi ,
Rather than using UI of keycloak some basic thing i will want to create
dynamically so i am thinking to create a shell script file for linux
server which will able to do following
1. Create realm
2. Create admin user group
3. Create Admin Role
How to automate these feature through CURL ? Can someone please guide me?
--
Subodh Chandra Joshi
subodh1_joshi82(a)yahoo.co.in
http://www.trendsinnews.com
6 years, 10 months
Keycloak issue 6115 workaround
by Dominik Guhr
Hi everyone,
so I made a comment here:
https://issues.jboss.org/browse/KEYCLOAK-6115?_sscc=t explaining my
problem, which is, in short terms, the bug issued in 6115 (localization
with readonly ldap).
Would be very nice to get some help here for a workaround, for this
stops me to change the whole landscape to kc as authprovider.
In short points:
- I don't want to build kc sources myself, for the root cause is issued
and will hopefully be worked on in near future
- I want to create a custom provider spi module which does exactly the
same than the "built-in", but want to apply the workaround(!) - catching
the readonlyexception when its thrown.
- This SPI seems not to have the same structure than the custom SPIs
which are described in the docs for extending server
Any help would be highly appreciated!
Best regards,
Dominik
6 years, 10 months
Migrate from Sql Server users authentication to keycloak
by Hadhemi Jebnoun
Hello,
I have to migrate my user's table in SQL SERVER to Keycloak.
We migrate from .NET application to microservices architecture running
in minikube.
We use postgres to store keycloak data. I would load all my users into
the keycloak database.
How i can do that? Should I write an implementation of user federation?
Is there an option to load data from Sql script into Keycloak database?
Environment : minikube (kubernetes)
User table using SHA512cng
--
Hadhemi JEBNOUN
6 years, 10 months
How to differentiate between invalid credentials and a blocked user?
by Scott Finlay
Hi,
When using the Brute Force Detection it seems if a user is blocked the error message returned by the
Keycloak API is "invalid_grant: Invalid user credentials" which is the same error message returned
if the password was wrong. I understand the idea here is to prevent an attacker from knowing the difference
but from a usability perspective it would be much nicer if we could somehow inform the user if his account
is currently locked. Is there any reasonable way to do this? I'd rather not have to make an additional
API call after every failed login attempt to see if the user is blocked.
Regards,
Scott
6 years, 10 months
Keycloak: Get Locale used at loginpages localeswitch in application via Wildfly adapter
by Dominik Guhr
Hi everyone,
another day, another question:
So I am using Keycloak w/ the wildfly adapter and internationalization
enabled for my application.
What I want to achieve:
1. User gets to kc loginpage
2. user switches the locale (using keycloaks ftl locale dropdown here on
a custom theme)
3. user logs in
4. a phaselistener (jsf used) is set up and checks the kc login. Here I
have access to idToken and securityContext etc. via clientadapter.
My Problem:
In the app itself, there's a locale witch, too. I want to use the locale
provided at login in my app, therefor I need to sync these two locales
(keycloak is leading system).
What I've tried:
1. Setting up a mapper for the builtin locale and check it in my
phaselistener. Problem: this locale doesn't change, even when I switch
languages before login. e.g.:
- I switch language to "en" in loginpage
- I login with my credentials
- getIdToken().getLocale() says "de"
2. looking in the context for another localefield, but didn't find one
Could anyone tell me how to achieve this? I really don't like to add a
cookie to the request myself via js or something, for this should work
with the adapter I think.
Thanks and best regards,
Dominik
6 years, 10 months
