Role Delegation by Users
by Mike Wakim
Hello,
If a user has been assigned a certain role by an admin, is there any way to allow this user to delegate his role to other users that he trusts?
I don't see a direct configuration for this in Keycloak, are there any known solutions / configurations to achieve such behaviour?
Thanks,
Mike
6 years, 7 months
Setting the Domain name used for outgoing password reset emails, etc.
by Reed Lewis
All,
I have Keycloak running in a Kubernetes Container and it works well. We are creating users using the admin API which also works well. The issue is that when we call the Admin API using the inside the Kubernetes route (a 10.x.x.x address), the email sent out has a link to click for the user that has that same 10.x.x.x address.
I have one solution which is to put an entry into the hosts file on the calling machine which translates to the internal IP address, so the address would be correct for the customer delivered email.
But is there a simpler way to do this? Is there a setting in Keycloak which represents the FQDN it is running on and that is used for everything?
Thanks,
Reed Lewis
Principal Software Engineer
This message is the property of CARBONITE, INC. and may contain confidential or privileged information.
If this message has been delivered to you by mistake, then do not copy or deliver this message to anyone. Instead, destroy it and notify me by reply e-mail
6 years, 7 months
How do I run a test from keycloak testsuite on a server outside IDE?
by Online User
Hi,
I need debug something on a server. I found good test cases that are in the
keycloak testsuite but they run only on the bootstrapped keycloak server
started by arquillian.
Is it possible for me to point the test case to run on a specific server?
thanks in advance,
Pradeep
6 years, 7 months
Fetch user with administration REST API
by Pakira, Ranjan
Hi,
We are facing one issue to get users with administration REST API: GET /{realm}/users
Default value of "max" parameter for this REST API is 100. In our database there are millions of users. But using the REST API we are unable to fetch all users, even if we set value of the "max" parameter to 10000, it is throwing following error:
Exception in thread "main" java.lang.Exception: http://keycloak.skf.com/auth/admin/realms/SKF/users?max=10000 returns status code: 404
Please let us know how to traverse all the users.
Is there any way to fetch all the usernames or user ids other than fetching UserRepresentation?
Thanks & Regards,
Ranjan
This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.
6 years, 7 months
management of refresh token lifetime
by Matuszak, Eduard
Hello
Is there a way how to get informtion about the lifetime settings for refresh tokens of a realm or even to customize the lifetime?
Best regards, Eduard Matuszak
6 years, 7 months
Image Customization to add Oracle RAC Datasource
by Marcelo Ohashi
Hi all,
I have been analysing the redhat-sso72-openshift Dockerfile and the image
internal scripts to customize the standalone.xml with necessary XML
elements to add new data sources.
We need some guidance here to make this image customization and add this
entry along with the driver's module.
I've found that inside the image's /opt/eap/bin/launch folder there's a
datasource.sh, which is part of the configuration step, responsible to add
the data sources entries to the standalone-openshift.xml file.
So, despite this script has a third option that seems to be capable to
create a new data source entry for other types of databases (besides MySQL
and PostgreSQL), I am not sure if this is recommended. We didn't find any
guidance in the docs on how to use it and we don't know if this will be
backward compatible in future RH-SSO releases.
Do you think this is the right approach or it's better to create new
scripts to do the necessary customizations, without using the
datasources.sh script, and call it from the openshift-launch.sh script
after the configuration have been finished?
Best regards,
--
Marcelo Ohashi
Middleware Architect | Red Hat Brasil
M: +55 11 9 7338-6338 Av. Brigadeiro Faria Lima 3900, 8° Andar. São Paulo,
Brasil.
RED HAT | TRIED. TESTED. TRUSTED. Saiba porque em redhat.com
<https://www.redhat.com/pt-br/about/trusted>
<http://www.redhat.com/es/about/trusted> <http://www.redhat.com.br>[image:
Red Hat] <http://www.redhat.com.br>
6 years, 7 months
Keycloak Standalone HA Cluster Behind Zenloadbalancer
by Aaron Echols
Hello,
I'm working on setting up a standalone ha cluster behind a LB cluster. I'm
using ZenLoadBalancer in this instance.
I'm trying to track down some issues, I've enabled the logging for DEBUG as
well.
If I access any of the 2 hosts in the cluster through the UI on their
individual IP addresses, I'm able to change and modify any configuration
options, and everything is synced instantly between the hosts. I'm using
MariaDB Galera cluster for the database server.
When I go through the LB, I can access and use the GUI just fine; however,
when I need to modify anything I just get the following error:
*Error!* An unexpected server error has occurred
Nothing shows up in the server.log, even though DEBUG is enabled. Again,
this doesn't happen when going to the individual hosts webui, just through
the VIP on the LB cluster.
I'm looking for other ideas on how to debug the issue or if anyone else has
run into something similar. Thank you. :)
--
6 years, 7 months
custom password policies
by Nhut Thai Le
Hello,
We have some special need regarding the password policies:
1. user must use the password within X days
2. user can not change password within Y days
3. lock out user after password has been expired for N days
I don't know if these are supported in Keycloak since i dont see them in
the password policy. Is it possible add my own password policies and if
yes, can I have some guideline?
Thai
6 years, 7 months
