September 2018 - keycloak-user - Jboss List Archives

Set custom theme by default during deployment

by Khyati Kataria

Hello, I am new to keycloak, As per one request we need to set our custom theme by default for all realms. Could you please explain or provide a procedure how to enable by default or set it up during deployment procedure our custom theme? Thank you khyati

6 years, 2 months

1
0
0 / 0

Keycloak extension using Admin Client

by Muhammad Hamza Shahid

Hi, I am trying to extend keycloak using Admin client my pom is as follow <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"> <parent> <artifactId>keycloak-examples-providers-parent</artifactId> <groupId>org.keycloak</groupId> <version>3.4.3.Final</version> </parent> <name>Authenticator Example</name> <description/> <modelVersion>4.0.0</modelVersion> <artifactId>authenticator-required-action-example</artifactId> <packaging>jar</packaging> <dependencies> <dependency> <groupId>org.keycloak</groupId> <artifactId>keycloak-core</artifactId> <scope>provided</scope> </dependency> <dependency> <groupId>org.keycloak</groupId> <artifactId>keycloak-server-spi</artifactId> <scope>provided</scope> </dependency> <dependency> <groupId>org.keycloak</groupId> <artifactId>keycloak-server-spi-private</artifactId> <scope>provided</scope> </dependency> <dependency> <groupId>org.jboss.logging</groupId> <artifactId>jboss-logging</artifactId> <scope>provided</scope> </dependency> <dependency> <groupId>org.keycloak</groupId> <artifactId>keycloak-services</artifactId> <scope>provided</scope> </dependency>  <dependency> <groupId>org.keycloak</groupId> <artifactId>keycloak-admin-client</artifactId> <version>4.0.0.Final</version> </dependency> </dependencies> <build> <finalName>authenticator-required-action-example</finalName> <plugins> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-compiler-plugin</artifactId> <configuration> <source>1.8</source> <target>1.8</target> </configuration> </plugin> <plugin> <groupId>org.wildfly.plugins</groupId> <artifactId>wildfly-maven-plugin</artifactId> <configuration> <skip>false</skip> </configuration> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-shade-plugin</artifactId> <version>3.2.0</version> <executions> <execution> <phase>package</phase> <goals> <goal>shade</goal> </goals> <configuration> <minimizeJar>true</minimizeJar> <filters> <filter> <artifact>org.keycloak:keycloak-admin-client</artifact> <includes> <include>org/keycloak/admin/client/**</include> <include>org/keycloak/admin/client/token/TokenManager.java</include> <include>org/keycloak/admin/client/token/TokenService.java</include> <include>org/keycloak/admin/client/resource/**</include> </includes> <excludes> <exclude>org/keycloak/admin/client/Keycloak$1.java</exclude> </excludes> </filter> </filters> </configuration> </execution> </executions> </plugin> </plugins> </build> </project> But while initiating admin client as follow Keycloak keycloak = KeycloakBuilder.builder() // .serverUrl("http://localhost:8080/auth") // .realm("master")// .username("admin") // .password("admin") // .clientId("admin-cli") // .resteasyClient(new ResteasyClientBuilder().connectionPoolSize(10).build()) // .build(); I am getting following exception 16:07:04,642 ERROR [org.keycloak.services.error.KeycloakErrorHandler] (default task-42) Uncaught server error: java.lang.IllegalArgumentException: interface org.keycloak.admin.client.token.TokenService is not visible from class loader at java.lang.reflect.Proxy$ProxyClassFactory.apply(Proxy.java:581) at java.lang.reflect.Proxy$ProxyClassFactory.apply(Proxy.java:557) at java.lang.reflect.WeakCache$Factory.get(WeakCache.java:230) at java.lang.reflect.WeakCache.get(WeakCache.java:127) at java.lang.reflect.Proxy.getProxyClass0(Proxy.java:419) at java.lang.reflect.Proxy.newProxyInstance(Proxy.java:719) at org.jboss.resteasy.client.jaxrs.ProxyBuilder.proxy(ProxyBuilder.java:79) at org.jboss.resteasy.client.jaxrs.ProxyBuilder.build(ProxyBuilder.java:131) at org.jboss.resteasy.client.jaxrs.internal.ClientWebTarget.proxy(ClientWebTarget.java:93) at org.keycloak.admin.client.token.TokenManager.<init>(TokenManager.java:55) at org.keycloak.admin.client.Keycloak.<init>(Keycloak.java:60) at org.keycloak.admin.client.KeycloakBuilder.build(KeycloakBuilder.java:147) at org.keycloak.examples.authenticator.SecretQuestionRequiredAction.processAction(SecretQuestionRequiredAction.java:68) at org.keycloak.services.resources.LoginActionsService.processRequireAction(LoginActionsService.java:927) at org.keycloak.services.resources.LoginActionsService.requiredActionPOST(LoginActionsService.java:880) at sun.reflect.GeneratedMethodAccessor384.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:140) at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:295) at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:249) at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:138) at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:101) at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:406) at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:213) at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:228) at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56) at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51) at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85) at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129) at org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:90) at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84) at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131) at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46) at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64) at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60) at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77) at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50) at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292) at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81) at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138) at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135) at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48) at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43) at org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105) at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508) at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508) at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508) at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508) at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272) at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81) at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104) at io.undertow.server.Connectors.executeRootHandler(Connectors.java:326) at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:812) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748)

6 years, 2 months

1
0
0 / 0

Changing welcomeTheme with packaged theme

by Cédric Couralet

Hello, I am trying to define a welcomeTheme for keycloak server with a theme packaged and deployed in "/standalone/deployments". When trying the welcome page http://localhost:8080/auth/, I get an error page and the stack trace : 08:24:48,001 ERROR [org.keycloak.services.error.KeycloakErrorHandler] (default task-1) Uncaught server error: javax.ws.rs.WebApplicationException: HTTP 500 Internal Server Error at org.keycloak.services.resources.WelcomeResource.createWelcomePage(WelcomeResource.java:213) at org.keycloak.services.resources.WelcomeResource.getWelcomePage(WelcomeResource.java:98) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [...] I am guessing, it (something) doesn't find the theme. Is it supposed to be working? I am testing on keycloak 4.4.0.Final with the standalone conf as : <theme> <staticMaxAge>2592000</staticMaxAge> <cacheThemes>true</cacheThemes> <cacheTemplates>true</cacheTemplates> <welcomeTheme>myTheme</welcomeTheme> <dir>${jboss.home.dir}/themes</dir> </theme> I see my theme jar is deploying in the configuration and it works when I take the welcome folder from the jar and put it in the "themes" directory. Best regards, Cédric Couralet

6 years, 2 months

1
0
0 / 0

connection URL to your LDAP store should be single host?

by pkboucher801＠gmail.com

Hi, Using the LDAP/AD provider, if we set our connection URL to our LDAP store like this "ldaps://mydomain.local:636" and we have 3 domain controllers, then we get whichever one DNS says to use when we look up mydomain.local. Is there any way to get it to fail-over to another one if the first one fails to respond? Is it best practice to use the domain name, or should we specify one domain controller, by IP address, and stick to it (e.g., "ldaps://10.1.2.3:636")? Thanks! Regards, Peter Boucher

6 years, 2 months

2
1
0 / 0

Keycloak OAuth_Token_Request_State Cookie is not secure

by Hossein Doutaghy

Hi, I have observed that all the keycloak cookies are secured except the OAuth_Token_Request_State cookie. 1) Does this cookie need to be flagged as secure? 2) What kind of data is stored in this cookie? And what is it used for? This keycloak commit shows the work was done to set the secure flag on the OAuth_Token_Request_State cookie back in 2016 but I am not seeing this cookie to be secure in my keycloak server. https://github.com/keycloak/keycloak/commit/57b6ddbace135e4701f3d3e309282... Thanks, Moe

6 years, 3 months

1
0
0 / 0

keycloak installation doubts

by vandana thota

Hello Is it must to installe the keycloak server on top of the wildfly server ? or can we have saparate keycloak server without putting on top of wildfly ? which is best practice

6 years, 3 months

2
1
0 / 0

Do I need anything else besides a keycloak token to access a service secured with keycloak?

by Erik G. Haugen

hello all, <https://stackoverflow.com/questions/52332348/do-i-need-anything-else-besi...> I can get a valid token from keycloak, but I still get a 404 not found response from a service secured with keycloak when I try to access it with the token. What else do I have to do? What else is needed to access a service secured with keycloak? I am getting a bearer token back. Kind regards, Erik

6 years, 3 months

1
0
0 / 0

LDAP Authentication - Extended Errors

by Mark Hunt

Hi, I have been doing some development with Keycloak and specifically OpenID Connect, Password Grant and an LDAP user federation with Active Directory. Overall everything is working great but I am a little surprised that on a token refresh I get told that the user account is disabled but on a login I do not. The exception to this would be if I try to login with a disabled account after a user federation sync has occurred. Is this a configuration issue or do you need to implement LDAP diagnostic messages for login? Thanks for developing a fantastic product!! Regards Mark

6 years, 3 months

2
4
0 / 0

Issue with reset password mail link

by Remigio Di Muzio

Hi to everyone, I'm getting an issue with Keycloak 3.4.3. When clicking the reset password link, which I've been sent upon clicking on th "Forgot password" link in the login page, instead of being redirected to the change password page I'm always redirected to my application skipping the change password screen and even the login screen, despite being logged out. Did anyone experienced the same issue?

6 years, 3 months

1
0
0 / 0

Obtaining RPT with Keycloak installed

by keycloak demo

I am using keycloak installed through which I can obtain access token. like this: *keycloakinstalled.loginDesktop();* *AccessToken token = keycloak.getToken();* But how can I obtain RPT (Requesting Party Token) in case of keycloakinstalled? I have followed the doc: https://www.keycloak.org/docs/4.3/authorization_services/#obtaining-user-... which gives a way to request RPT by using AuthzClient. But how can it be done if I am using keycloakinstalled? Also by decoding the RPT and accessToken I can see that RPT has authorization & permissions info which Access Token does not have: "authorization": { "permissions": [..... In summary, I have 2 questions: 1. Which one (Access token or RPT) should be used if I want to use authorization in my client application? What is the exact difference in terms of usage between the two? 2. How can the RPT be obtained in case of Keycloak installed?

6 years, 3 months

2
2
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

keycloak-user September 2018