June 2018 - keycloak-user - Jboss List Archives

How to generate OIDC Token for users originating from a saml identity provider?

by Renato Silveira - Totvs

Hello, I'm using saml identity provider and version 3.4.0-final of Keycloak. I made the necessary settings so that these users were persisted as valid users in Keycloak, until this point I had no problem. My application has some modules that work with services authenticated by tokens. Is it possible to generate tokens with the saml assertion of the user who logged in via saml identity provider? Is there any specific grant_type or client_assertion_type for this? I made a series of attempts but without success. Has anyone here needed to implement a similar implementation? https://tools.ietf.org/html/draft-ietf-oauth-saml2-bearer-20#page-5

6 years, 7 months

1
0
0 / 0

Host Header Attack behind Load Balancer

by Hylton Peimer

A Google Load balancer is proxying HTTP request to a Keycloak instance [container running in Kubernetes]. A penetration test revealed that its possible to inject "X-FORWARDED-HOST" with a malicious host name, and Keycloak will accept this (login page). Is there a way to tell Keycloak (3.4) to only access web requests matching a given host? Thanks Hylton Peimer

6 years, 7 months

2
1
0 / 0

throwing error after running this command adapter-elytron-install.cli

by vandana thota

Hello When I was trying to run the command to install keycloak adapter on wildfly server from the path its showing below error . May I know how to resolve this error nl00000:/srv/apps/appsrv/wildfly/keycloak/keycloak-4.0.0.Beta3/bin> ./jboss-cli.sh --file=adapter-elytron-install.cli --connect --controller= 0.0.0.0: 8080 Authenticating against security realm: ManagementRealm Username: XXXXX Password: { "outcome" => "failed", "failure-description" => "WFLYCTL0310: Extension module org.keycloak.keycloak-adapter-subsystem not found", "rolled-back" => true } nl00000:/srv/apps/appsrv/wildfly/keycloak/keycloak-4.0.0.Beta3/bin> Thanks.

6 years, 7 months

1
0
0 / 0

Start keycloak docker image with ssl disabled (or run other kcadm commands?)

by Ryan Dawson

I’m wondering what is the best way to disable ssl when starting the keycloak docker image. I’m thinking it would be convenient to be able to run this when starting the keycloak docker image: /opt/jboss/keycloak/bin/kcadm.sh update realms/master -s sslRequired=NONE There already ways to turn off ssl - I could change the master realm’s json or run a db script (https://stackoverflow.com/questions/38337895/globally-disable-https-keycloak) but ideally I want to run a kcadm script as that would be more flexible. I’d also like it to be an install option rather than having to exec/shell in after deploy and change it. I am interested because the helm chart has a preStartScript but that is effectively too early to modify the realm (https://stackoverflow.com/questions/50685882/setting-up-realms-in-keycloa...). I tried adding something to run after docker-entrypoint.sh invokes standalone.sh but realised that is effectively too late (https://github.com/kubernetes/charts/blob/master/stable/keycloak/template...). I’m wondering if it would be a good idea to change the startup script (docker-entrypoint.sh and maybe standalone.sh) to expose this as a argument? Or to provide a hook for any custom script to be run? Anyone got any thoughts or suggestions on this? Ryan

6 years, 7 months

1
1
0 / 0

How to include SMTP server details from admin-cli

by Subodh Joshi

Hi All As a automation of keycloak we want to automate to include the keycloak SMTP server details .What will be command to include the SMTP server details with realm. For realm creation i am using this command /opt/keycloak/bin/kcadm.sh create realms -s realm=realm_name-s enabled=true -- Subodh Chandra Joshi subodh1_joshi82(a)yahoo.co.in http://www.trendsinnews.com

6 years, 7 months

1
1
0 / 0

Multiple user stores / Domain separation

by T. Papke

Hi all, In case multiple user stores are connected (e.g. different Active Directories). Is there any build-in option to provide some kind of domain discriminator (e.g. drop down menu) on the login page? If not, are there any proposals or best practices howto achieve this? How does Keycloak handle the issue that a the username is not unique in case of multiple userstores? Thank you, Regards, Thomas

6 years, 7 months

2
2
0 / 0

OpenShift Commons Briefing #129: KeyCloak for Cloud Natives

by Stian Thorgersen

https://www.youtube.com/watch?v=j6PgJIV1UNI

6 years, 7 months

1
0
0 / 0

Keycloak 4.0.0.Final is out

by Stian Thorgersen

https://www.keycloak.org/downloads.html

6 years, 7 months

3
3
0 / 0

Re: [keycloak-user] Display app name on keycloak login page

by Neujahr, Jana

Hello Pulkit, if you have defined a realm for each application, you can also use one theme for all realms/applications and pass the realm name (parameter is named "realmName") to the template. Kind regards Jana Treffen Sie GISA auf folgenden Veranstaltungen! 15.06.2018 WEBINAR: GISA 365 – Wie sieht Ihr Weg in die Cloud aus? 19.06.2018 Energieforen: Fachtag SAP HANA, Leipzig 19.-20.06.2018 PraxisForum Digitale Prozesse - GoBD & Püfungen, Leipzig 23.-24.10.2018 metering days 2018, Fulda Aufsichtsratsvorsitzender: Norbert Rotter Geschäftsführung: Michael Krüger Sitz der Gesellschaft: Halle/Saale Registergericht: Amtsgericht Stendal | Handelsregister-Nr. HRB 208414 UST-ID-Nr. DE 158253683 Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Empfänger sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail oder des Inhalts dieser Mail sind nicht gestattet. Diese Kommunikation per E-Mail ist nicht gegen den Zugriff durch Dritte geschützt. Die GISA GmbH haftet ausdrücklich nicht für den Inhalt und die Vollständigkeit von E-Mails und den gegebenenfalls daraus entstehenden Schaden. Sollte trotz der bestehenden Viren-Schutzprogramme durch diese E-Mail ein Virus in Ihr System gelangen, so haftet die GISA GmbH - soweit gesetzlich zulässig - nicht für die hieraus entstehenden Schäden.

6 years, 7 months

1
0
0 / 0

Using java admin client with Wildfly

by Pedro Pedro

Hi all, I am trying to use the admin client in maven project, but on startup fails with this: Caused by: java.lang.RuntimeException: Could not find constructor for class: org.keycloak.admin.client.resource.ServerInfoResource at org.jboss.resteasy.spi.metadata.ResourceBuilder.constructor(ResourceBuilder.java:683) at org.jboss.resteasy.plugins.server.resourcefactory.POJOResourceFactory.registered(POJOResourceFactory.java:41) at org.jboss.resteasy.core.ResourceMethodRegistry.addResourceFactory(ResourceMethodRegistry.java:207) at org.jboss.resteasy.core.ResourceMethodRegistry.addResourceFactory(ResourceMethodRegistry.java:193) at org.jboss.resteasy.core.ResourceMethodRegistry.addResourceFactory(ResourceMethodRegistry.java:179) at org.jboss.resteasy.core.ResourceMethodRegistry.addResourceFactory(ResourceMethodRegistry.java:156) at org.jboss.resteasy.core.ResourceMethodRegistry.addPerRequestResource(ResourceMethodRegistry.java:75) at org.jboss.resteasy.spi.ResteasyDeployment.registration(ResteasyDeployment.java:400) at org.jboss.restea sy.spi.ResteasyDeployment.start(ResteasyDeployment.java:241) Any ideas about this?

6 years, 7 months

3
5
0 / 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

keycloak-user June 2018