Internal server error with event logging
by Matthias Kesternich
Hello,
with event detail logging enabled I keep getting 500 Internal Server Error. There was also a post on this list in May detailing the same problem (see http://lists.jboss.org/pipermail/keycloak-dev/2018-May/010807.html ).
As outlined in the post the problematic piece of code is
@Column(name="DETAILS_JSON", length = 2550)
private String detailsJson;
This hardcodes length to 2550 and apparently some of my event details get bigger than that.
Any idea what I can do about this? Manually changing the database column could work, but I’m afraid a future keycloak db migration will badly interfere with this.
Is there any “official” way to override values like this? E.g. some configuration setting or JPA way to overwrite this?
Thanks,
-Matthias
6 years, 3 months
How to specify redirect URL when reseting user password
by troger19
Hi guys
When reseting user password on Logged In User, after specifying user email
address and clicking submit button, user is redirected on Account
application. I would like to specify the redirection URL, so the user is
redirecting on the Login page (or on some other static page with the message
Password was reset, check the email). I am speculating about
session.invalidate, but maybe there is more elegant solution.
I have found the URL in login-reset-password.ftl, :
action="${url.loginAction}" .
*The user must be logged in when reseting password!!!. If the user is logged
out, after specifying email address he is redirected on Login which is OK.*
--
Sent from: http://keycloak-user.88327.x6.nabble.com/
6 years, 3 months
Handling long time running non interactive "sessions" (offline-tokens ?)
by keycloak-list@vergien.net
Hi list,
I wonder how to implement long running non interactive sessions. This is
whats works for me (both ui and data-service use the spring-stack):
- in the ui the user gets redirected to keycloak on login
- we pass the access token form the KeycloakSecurtyContext as an
"Authroization" Header to calls to the data-service
- the data-service validates that token and returns data
What I need extra is:
- the authorized user starts an action in the ui which access our
"im-export-service"
- the "im-export-service" starts a long running action using the
data-service
- this long running action must still run even the user has logged off
I wonder if offline tokens are the right thing to use here? As much as I
understand the docs the offline token must be requested on login - it
can not be created later by the "im-export-service" if its needed?
I hope my problem is clear...
Best wishes
Daniel
6 years, 3 months
Returned mail: Data format error
by MAILER-DAEMON
The original message was received at Mon, 3 Sep 2018 08:59:57 +0800
from 163.226.228.203
----- The following addresses had permanent fatal errors -----
<keycloak-user(a)lists.jboss.org>
6 years, 3 months
group membership policy was: How to implement this using Keycloak
by Milan Simonovic
Hi all,
there was a post in 2016 that kind of descibes my problem: http://lists.jboss.org/pipermail/keycloak-user/2016-July/007069.html <http://lists.jboss.org/pipermail/keycloak-user/2016-July/007069.html> unfortunately without any concrete pointers or examples.
To paraphrase:
there’s a protected resource called Project,
and an owner a Project Manager. Each project manager has access to only their own projects (owner-only policy).
Project Managers in turn report to one or more Portfolio Managers. A Portfolio Manager should be able to access all his/her project manager's projects (portforlio-manager policy).
Let’s assume the system design if flexible and this fact who are the Portfolio Managers for a particular Project Manager
can be either kept inside Keycloak or in the client app itself. How can this be implemented as a JavaScrtipt
authorization policy in Keycloak? I guess the request can be injected with this info somehow but can’t figure it out from the docs.
regards,
Milan
6 years, 3 months
Access to EntityManager/KeycloakSession from a MessageDrivenBean inside Keycloak
by Edwin Steiner
Hello All
We would like to extended our Keycloak instance with a MessageDrivenBean for user synchronization. Inside the MessageDrivenBean we need access to the EntityManager for storing the imported users in the database.
@MessageDriven(name = "ImportUserMessageHandler", activationConfig = {
@ActivationConfigProperty(propertyName = "destinationType", propertyValue = "javax.jms.Queue"),
@ActivationConfigProperty(propertyName = "destination", propertyValue = “ImportQueue"),
@ActivationConfigProperty(propertyName = "acknowledgeMode", propertyValue = "Auto-acknowledge") })
@ApplicationScoped
public class ImportUserMessageHandler extends AbstractMessageDrivenBean {
@PersistenceContext(unitName="keycloak-default")
private EntityManager entityManager;
}
But the above code results in the following error message:
————————
Caused by: org.jboss.as.server.deployment.DeploymentUnitProcessingException: WFLYEE0041: Component class com.inventage.iam.import.ImportUserMessageHandler for component ImportUserMessageHandler has errors:
WFLYJPA0033: Can't find a persistence unit named keycloak-default in deployment "keycloak-spi.jar"
at org.jboss.as.ee.component.deployers.ModuleJndiBindingProcessor$1.handle(ModuleJndiBindingProcessor.java:157)
at org.jboss.as.ee.component.ClassDescriptionTraversal.run(ClassDescriptionTraversal.java:54)
at org.jboss.as.ee.component.deployers.ModuleJndiBindingProcessor.processClassConfigurations(ModuleJndiBindingProcessor.java:186)
at org.jboss.as.ee.component.deployers.ModuleJndiBindingProcessor.deploy(ModuleJndiBindingProcessor.java:143)
at org.jboss.as.server.deployment.DeploymentUnitPhaseService.start(DeploymentUnitPhaseService.java:165)
... 5 more
————————
Normally the EntityManager is gotten via keycloakSession.getProvider(JpaConnectionProvider.class).getEntityManager(), but in the MessageDrivenBean we have no access a KeycloakSession instance.
Is there an other way to get the EntityManager? Or can we get somehow a KeycloakSession instance inside the MessageDrivenBean?
Thanks
Edwin
6 years, 3 months
Keycloak & SAML & Workplace By Facebook
by Rémi GOYARD
Hi everyone,
I’m trying to configure an SAML client for my Realm to enable SSO authentication in Workplace By Facebook
Facebook ask for the following :
URL SAML -> I Use the url of the client auth
URI SAML emitter => I use the same as above
Certificate : I get Certificate from client / SAML Keys
Facebook give me :
Audience URL (I don’t know where to use)
URL SAML : This is the web root (Master SAML Processing URL)
URL ACS : (Assertion Consumer Service POST Binding URL )
When, in workplace, I clic on Test SSO, It open a popup, ask me to login, then redirect to an error “SSO Unauthenticated” (SAML response is not valid) …
I don’t know why and do not have more informations.
Does anyone had the same problem ?
Any ideas ?
Or even try to configure Workplace and Keycloak working together ?
Regards
Rémi
6 years, 3 months
