Error io.undertow with HTTPS
by Elie Ferron
Hello all
Since i access to my keycloak server in https, i have this kind of error. I don't understand where it comes from. Any ideas ?
Error :
ERROR [io.undertow] (default task-6) UT005085: Connection io.undertow.server.protocol.http2.Http2ServerConnection@772a5b27 for exchange HttpServerExchange{ GET /auth/resources/3.4.3.final/admin/keycloak/templates/kc-menu.html request {accept=[application/json, text/plain, */*], accept-language=[fr,fr-FR;q=0.8,en-US;q=0.5,en;q=0.3], accept-encoding=[gzip, deflate, br], user-agent=[Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0], referer=["host":/auth/admin/master/console/], Host=[host]} response {Cache-Control=[max-age=2592000], X-Powered-By=[Undertow/1], Server=[WildFly/11], Content-Type=[text/html;charset=UTF-8], Content-Length=[5670], Date=[Tue, 17 Apr 2018 14:48:25 GMT], :status=[200]}} was not closed cleanly, forcibly closing connection
Thanks
6 years, 8 months
logout implementation with KeycloakOIDCFilter
by fachhoch m
I am getting started with securing my webapp using KeycloakOIDCFilter ,
For logout my application redirects to url <raw>
http://auth-server/auth/realms/{realm-name}/protocol/openid-connect/logou...</raw>,
this clears the session in keycloack, but application continues to show
secured pages, and this filter pulls security information
(SerializableKeycloakAccount) from cache.
by removing KeycloakAccount.class.getName() attribute from session and
redirect to auth-server
is redirecting to login page , and preventing acces to secured pages
after logout,
Is this how logout should be implemented ?
This filter also has PreAuthActionsHandler, this has handleLogout ,
should application use this ?
6 years, 8 months
Keycloak 4 release date?
by Cedric Thiebault
Hello,
Do you have an idea of the release date for Keycloak 4.0?
I'm waiting for Spring Boot 2 support :-)
Cedric
6 years, 8 months
keycloak local database
by Giorgi Kinkladze
Hello,
Is there a way I can configure Keycloak to make it not use its local database I mean the H2 database, I don't want to change it with Mysql (I have already read that tutorial). We have already added our user database as external user federation and it works fine but we don't need keyclok local database. Is it even possible? If so how can I do that?
________________________________
Find out the latest about the Bank of Georgia Group products, services and recent developments from the Bank of Georgia monthly e-newsletter. If you wish to subscribe please simply send a request to enewsletter(a)bog.ge and write "subscribe" in the subject line.
This message (including any attachments) is confidential and may be privileged. If you have received it by mistake please notify the sender by return e-mail and delete this message from your system. Any unauthorized use or dissemination of this message in whole or in part is strictly prohibited. Please note that e-mails are susceptible to change. JSC Bank of Georgia shall not be responsible nor liable for the proper and complete transmission of the information contained in this communication nor for any delay in its receipt or damage to your system. JSC Bank of Georgia does not guarantee that the integrity of this communication has been maintained nor that this communication is free of viruses, interceptions or interference.
6 years, 8 months
Brute force detection kick in but login screen does not tell user
by Nhut Thai Le
Hello,
I set up brute force detection to lock out user after a few attempts and i
can see the user is temporarily disabled from the log:
11:39:16,217 WARN [org.keycloak.events] (default task-13)
type=LOGIN_ERROR, realmId=398525c4-fc1d-4d8c-905e-c5c116acfc9d,
clientId=blah, userId=575c7e61-5c16-437f-aca9-e20425804fc4,
ipAddress=127.0.0.1, error=user_temporarily_disabled,
auth_method=openid-connect, auth_type=code, redirect_uri=
http://localhost:8080/blah/, code_id=44355bdc-4a9f-4960-96f8-06157bfea2d0,
username=ntle(a)castortech.com
However, the login screen still displays the generic error "Invalid
username or password.". Is there anyway to customize this to tell the user
that he exceed the number of trials and need to wait X minutes before retry?
Thai
6 years, 8 months
enable CORS
by lists
Hi,
We are using keycloak as a SAML2 IdP for a web application (SOGo).
Logging on works fine, however, after a while SOGo stops working.
I asked SOGo support to take a look at this, and they told me: "You'll
need to enable CORS headers on our IdP keycloak.ourcompany.com so I can
continue the debugging. The redirect is currently blocked for this reason."
I cannot find any keycloak toggle that would enable CORS headers. Could
anyone tell me how to do this..?
MJ
6 years, 8 months
Defining a state of a Keycloak configuration: groups, users, roles, etc
by Pascan Marko (INST/ECS4)
Hi,
I was wondering if there is a recommended way to define a Keycloak setup/configuration state (users, groups, user groups memberships, roles, clients, etc) in some format (json, yaml...) and use this to re-configure/update Keycloak setup to bring it to the desired state (updates and deletions of elements including)? What I am looking for is to track the Keycloak resources in some format in a revision control system and use these artifacts (json, yaml) to update, delete and create Keycloak artifacts.
Best regards,
Marko Pasan
6 years, 8 months
Fwd: Reference users
by Stian Thorgersen
We would like to gather some information on what companies are currently
using or are planning to use Keycloak in production.
We are also looking for public references.
If you are able to share your story please contact me off list.
6 years, 8 months
