400 error email test connection behind nginx proxy
by Evan Clark
I am attempting to setup the email notifications through keycloak and am
getting a 400 error when I attempt to test connection. I looked at an
older post and made sure my admin user has an email assigned to them.
However, no matter which realm we use, test or master the same error
occurs. The Debug output doesn't produce any useful either. We are
running behind nginx with ssl termination.
6 years, 8 months
Client secret not provided in request
by valsaraj pv
Hi,
I am facing following issue after changing Access Type to confidential for
server-side client. It was working fine with public type.
Here is my adapter setting:
> <subsystem xmlns="urn:jboss:domain:keycloak:1.1">
> <secure-deployment name="appWEB.war">
> <realm>demo</realm>
> <resource>app</resource>
> <public-client>true</public-client>
> <auth-server-url>http://localhost:8180/auth</auth-server-url>
> <ssl-required>EXTERNAL</ssl-required>
> <principal-attribute>preferred_username</principal-attribute>
> <use-resource-role-mappings>true</use-resource-role-mappings>
> <credential
> name="secret">b35f1121-93a4-4483-a70a-0048b95fd250</credential>
> </secure-deployment>
> </subsystem>
Here is the error found in log during login:
> [Server:node-00] 17:29:06,924 ERROR
> [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-6) failed
> to turn code into token
[Server:-node-00] 17:29:06,924 ERROR
> [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-6) status
> from server: 400
[Server:node-00] 17:29:06,924 ERROR
> [org.keycloak.adapters.OAuthRequestAuthenticator]
> {"error":"unauthorized_client","error_description":"Client secret not
> provided in request"}
Any thoughts?
Thanks,
Valsaraj Viswanathan
6 years, 8 months
Mapping claims and assertions from second identity provide
by Christopher Schollar
Hi
I am trying to map assertions from 2 identity providers. I have users who
need to log in using their gmail accounts, but I would like to allow them
to have a "verified" github account linked to it. I get the users names,
emails and other info straight from google and need their github login name
from github.
I have successfully linked both identity providers, but the assertion
mapping only happens for whichever identity provider I use to first create
the account. If i use github first I get the github username and if I use
gmail I get the details from there. What I would like is for the mapper to
run for both identity providers. Is there a way to run mappers from each
identity provider as it is added to a user profile?
Thanks
6 years, 8 months
user spi
by Simon Payne
I would like to create an spi implementation to allow custom group / role
mapper, but authenticate using standard ldap user federation.
this custom mapping would involve a connection to a separate DB, which has
already been populated by internal tooling and would identify the user
using the same unique reference.
I can find example for altering the user storage, but not groups / role
mappings where standard user federation has been used.
is this possible?
many thanks
Simon.
6 years, 8 months
How to associate roles to users based on client
by valsaraj pv
Hi,
I would like to know how to associate roles to users based on client. For
example, if we have 2 client applications using a Keycloak server. Both the
applications have their set of users which are synced into Keyclock. All
users are shown together under Users page of KC. Similarly we can load
roles also. I wonder how to associate these application (client) specific
roles to only the users related to that client?
What currently I do is select user and go to Role Mappongs & choose Client
Roles & then set from available roles. I am looking for something like auto
sync for user which also does this role mapping as well.
Please share your thoughts.
Thanks,
Valsaraj Viswanathan
6 years, 8 months
How to periodically sync roles from LDAP to Keycloak
by valsaraj pv
Hi,
I am migrating LDAP based application to Keycloak. LDAP contains users &
roles. I am able to sync users in periodic manner from LDAP. But using
role-ldap-mapper , I can sync by clicking Sync button. Is there any option
to automatically sync roles like LDAP?
Thanks,
Valsaraj Viswanathan
6 years, 8 months
Custom registration attributes
by Bruno Palermo
Hi,
I would like to track the source of users using user attributes.
It's possible to pass query parameters like: utm_source, utm_medium,
utm_campaing and add them as custom attributes?
How can I access query parameters on a custom provider?
Thanks,
Bruno
6 years, 8 months
Re: [keycloak-user] Mapping claims and assertions from second identity provider
by Christopher Schollar
Hi
I am trying to map assertions from 2 identity providers. I have users who
need to log in using their gmail accounts, but I would like to allow them
to have a "verified" github account linked to it. I get the users names,
emails and other info straight form google and need their github login name
from github.
I have successfully linked both identity providers, but the assertion
mapping only happens for whichever identity provider I use to first create
the account. What I would like is for the mapper to run for both identity
providers. Is there a way to run mappers from each identity provider as it
is added to a user profile?
Thanks
Christopher
6 years, 8 months
(no subject)
by Pajeet Mugabe
Hi,
Is there any way to reset keycloak user password via REST call without
administrator privileges? I mean the situation when user himself changes
his password from my custom app (so I need REST endpoint). Assigning
manage-users role to users is not an option as it violates security issues
in my case.
Thanks,
Pajeet
6 years, 8 months
