January 2019 - keycloak-user - Jboss List Archives

Run keycloak at root "/" context, not "/auth"

by Artem Grebenkin

Hi folks, is it possible to run keycloak at root "/" context, not "/auth" Kind regards Artem

6 years

2
1
0 / 0

Realm.toRepresentation results in com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException

by Frank Franz

Hello, I'm using the java admin client to create a realm and some other setting. In this process I like to update the realm (set authentication bindings for registration flow and credential flow) therefore I from my actual knowledge have to transfer the realm to the realm representation. Doing this calling realm.toRepresentation() results in the following error: javax.ws.rs.client.ResponseProcessingException: javax.ws.rs. ProcessingException: com.fasterxml.jackson.databind.exc. UnrecognizedPropertyException: Unrecognized field " offlineSessionMaxLifespanEnabled" (class org.keycloak.representations.idm. RealmRepresentation), not marked as ignorable (101 known properties: " directGrantFlow", "otpPolicyDigits", "identityProviderMappers", " revokeRefreshToken", "identityProviders", "userFederationMappers", " rememberMe", "duplicateEmailsAllowed", "dockerAuthenticationFlow", " otpSupportedApplications", "adminEventsDetailsEnabled", "registrationFlow", "editUsernameAllowed", "clients", "users", "emailTheme", "realm", " actionTokenGeneratedByAdminLifespan", "authenticatorConfig", "components", "certificate", "updateProfileOnInitialSocialLogin", "otpPolicyType", " accessCodeLifespanUserAction", "protocolMappers", "id", "accountTheme", " maxDeltaTimeSeconds", "enabledEventTypes", "verifyEmail", "applications", " waitIncrementSeconds", "eventsListeners", "eventsExpiration", " defaultDefaultClientScopes", "defaultOptionalClientScopes", "passwordPolicy", "clientTemplates", "registrationAllowed", "userManagedAccessAllowed", " notBefore", "otpPolicyAlgorithm", "actionTokenGeneratedByUserLifespan", " permanentLockout", "socialProviders", "otpPolicyInitialCounter" [truncated]]) Can you pleas give me a hint how to resolve this? Thanks in advance. Andreas

6 years

3
3
0 / 0

How to update a 'remember me' session?

by Alex Chatziparaskewas

Hi All, We are using the keycloak javascript adapter. In the same way as the token and refresh token can be updated gracefully in the background using its updateToken method, is there any means by which the same can be done to a 'remember me' session? Thanks & Regards, Alex

6 years

2
2
0 / 0

Authorization with javascript adapter

by Hariprasad N

Hi Alex Chatziparaskewas, *i know you are using javascript adapter for authentication(for login), can we use javascript adapter for authorization also like resource protection.* -- Thanks & Regards, Hari Prasad N Senior Software Engineer ------------------------------------------------- Ramyam Intelligence Lab Pvt. Ltd., Part of Arvato 3rd & 5th Floors, Mithra Towers, 10/4, Kasturba Road, Bangalore – 560001, Karnataka, India. Phone: +91 80 67269266 Mobile: +91 7022156319 E-Mail: *hariprasad.n(a)ramyamlab.co <http://ramyamlab.co>m* *www.ramyamlab.com* <http://www.ramyamlab.com/>

6 years

2
6
0 / 0

Request parameter in idp url

by Pulkit Srivastava

Need your help for some issue. I have configured an IDP in keycloak, i am sending a request parameter in single sign on url field in IDP as: url?ab=cd Issue i am facing is sometimes keycloak appends this parameter to the redirect url but sometimes it does not. Any idea as to why this is happening? Any help would be appreciated. Thanks in advance. Thanks, Pulkit

6 years

1
0
0 / 0

kcinit status

by Fox, Kevin M

Not much has happened with kcinit in a long time and it has a few outstanding bugs in the way of working for us. What is the status of the project? Thanks, Kevin

6 years

3
6
0 / 0

Get Authorization Permissions with Bearer Token

by Hariprasad N

Hi All, I have a client with authorization enabled. I am able to get Bearer token. My requirement is how can i get all authorization permissions with Java or JS or Angular. Is there any endpoint to get authorization permissions with Bearer token. -- Thanks & Regards, Hari Prasad N Senior Software Engineer ------------------------------------------------- Ramyam Intelligence Lab Pvt. Ltd., Part of Arvato 3rd & 5th Floors, Mithra Towers, 10/4, Kasturba Road, Bangalore – 560001, Karnataka, India. Phone: +91 80 67269266 Mobile: +91 7022156319 E-Mail: *hariprasad.n(a)ramyamlab.co <http://ramyamlab.co>m* *www.ramyamlab.com* <http://www.ramyamlab.com/>

6 years

1
0
0 / 0

Authorization in Angular

by Hariprasad N

Hi All, I am using keycloak-angular to integrate our Angular App to keycloak. Authentication is working fine but authorization not working with angular. Authorization working fine with spring boot and normal java webapps. Please help to resolve authorization problem with angular. Regards Hari Prasad N -- Thanks & Regards, Hari Prasad N Senior Software Engineer ------------------------------------------------- Ramyam Intelligence Lab Pvt. Ltd., Part of Arvato 3rd & 5th Floors, Mithra Towers, 10/4, Kasturba Road, Bangalore – 560001, Karnataka, India. Phone: +91 80 67269266 Mobile: +91 7022156319 E-Mail: *hariprasad.n(a)ramyamlab.co <http://ramyamlab.co>m* *www.ramyamlab.com* <http://www.ramyamlab.com/>

6 years

1
0
0 / 0

Keycloak Admin Client: Unrecognized field "access_token"

by Nhut Thai Le

Hello, I'm using keycloak admin-client 4.6.0.Final to manage keycloak server. I'm getting this error when trying to remove a session: javax.ws.rs.client.ResponseProcessingException: javax.ws.rs.ProcessingException: java.io.IOException: java.security.PrivilegedActionException: com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException: Unrecognized field "access_token" (class org.keycloak.representations.AccessTokenResponse), not marked as ignorable (10 known properties: "tokenType", "notBeforePolicy", "otherClaims", "token", "sessionState", "refreshExpiresIn", "scope", "expiresIn", "refreshToken", "idToken"]) at [Source: (org.jboss.resteasy.client.jaxrs.internal.ClientResponse$InputStreamWrapper); line: 1, column: 18] (through reference chain: org.keycloak.representations.AccessTokenResponse["access_token"]) Here is my code (similar to https://github.com/keycloak/keycloak/blob/master/testsuite/integration-ar... ) SSLContext ssl = null; File trustore = new File("pathToKS.keystore"); ssl = getSSLContextWithTrustore(trustore, "ksPassword"); System.setProperty("javax.net.ssl.trustStore", trustore.getAbsolutePath()); ResteasyJackson2Provider jacksonProvider = null; jacksonProvider = new ResteasyJackson2Provider() {}; ObjectMapper objectMapper = new ObjectMapper(); jacksonProvider.setMapper(objectMapper); Keycloak connection = Keycloak.getInstance("https://kc.com:8543/auth", "master", "admin", "admin", "admin-cli", null, ssl, jacksonProvider); RealmResource realm = connection.realm(realmName); realm.deleteSession(kcSessionId); I did some search on google and mostly found that the issue is related to resteasy-jackson-provider being used instead of resteasy-jackson2-provider but as you can see from my code, i'm already using resteasy-jackson2-provider so i'm not sure what else could cause this. Here is the full stacktrace: javax.ws.rs.WebApplicationException: Cannot logout user wuth session cede2747-424c-405f-a4a2-c4d804ef5883 at com.castortech.util.keycloak.KeycloakAdminBroker.lambda$129(KeycloakAdminBroker.java:3729) at com.castortech.util.keycloak.KeycloakAdminBroker.ensureCL(KeycloakAdminBroker.java:3136) at com.castortech.util.keycloak.KeycloakAdminBroker.logout(KeycloakAdminBroker.java:3732) at com.castortech.iris.ba.webviewer.richlet.AppRichletHelper.service(AppRichletHelper.java:137) at com.castortech.iris.ba.webviewer.richlet.AppRichlet.service(AppRichlet.java:13) at org.zkoss.zk.ui.impl.UiEngineImpl.execNewPage0(UiEngineImpl.java:514) at org.zkoss.zk.ui.impl.UiEngineImpl.execNewPage(UiEngineImpl.java:365) at org.zkoss.zk.ui.http.DHtmlLayoutServlet.process(DHtmlLayoutServlet.java:205) at org.zkoss.zk.ui.http.DHtmlLayoutServlet.doGet(DHtmlLayoutServlet.java:140) at javax.servlet.http.HttpServlet.service(HttpServlet.java:687) at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) at com.castortech.iris.ba.webviewer.internal.ZkLayoutServlet.lambda$1(ZkLayoutServlet.java:59) at com.castortech.util.threading.ThreadingUtils.runWithContextClassLoader(ThreadingUtils.java:72) at com.castortech.iris.ba.webviewer.internal.ZkLayoutServlet.service(ZkLayoutServlet.java:58) at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:857) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1655) at com.castortech.iris.ba.webviewer.servletfilter.HeadersFilter.doFilter(HeadersFilter.java:67) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642) at com.castortech.iris.ba.web.filters.KeycloakSessionFilter.doFilter(KeycloakSessionFilter.java:78) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642) at org.keycloak.adapters.servlet.KeycloakOIDCFilter.doFilter(KeycloakOIDCFilter.java:206) at com.castortech.iris.ba.web.filters.AuthenticationFilterForWebViewer.doFilter(AuthenticationFilterForWebViewer.java:61) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642) at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:533) at org.ops4j.pax.web.service.jetty.internal.HttpServiceServletHandler.doHandle(HttpServiceServletHandler.java:71) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:146) at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:548) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:257) at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1595) at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255) at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1340) at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doHandle(HttpServiceContext.java:293) at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:203) at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:473) at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1564) at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:201) at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1242) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:144) at org.ops4j.pax.web.service.jetty.internal.JettyServerHandlerCollection.handle(JettyServerHandlerCollection.java:80) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) at org.eclipse.jetty.server.Server.handle(Server.java:503) at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:364) at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:260) at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:305) at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103) at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:411) at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:305) at org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:159) at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103) at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:118) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:333) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:310) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:168) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:126) at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:366) at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:765) at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:683) at java.lang.Thread.run(Unknown Source) Caused by: javax.ws.rs.client.ResponseProcessingException: javax.ws.rs.ProcessingException: java.io.IOException: java.security.PrivilegedActionException: com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException: Unrecognized field "access_token" (class org.keycloak.representations.AccessTokenResponse), not marked as ignorable (10 known properties: "tokenType", "notBeforePolicy", "otherClaims", "token", "sessionState", "refreshExpiresIn", "scope", "expiresIn", "refreshToken", "idToken"]) at [Source: (org.jboss.resteasy.client.jaxrs.internal.ClientResponse$InputStreamWrapper); line: 1, column: 18] (through reference chain: org.keycloak.representations.AccessTokenResponse["access_token"]) at org.jboss.resteasy.client.jaxrs.internal.ClientInvocation.extractResult(ClientInvocation.java:156) at org.jboss.resteasy.client.jaxrs.internal.proxy.extractors.BodyEntityExtractor.extractEntity(BodyEntityExtractor.java:60) at org.jboss.resteasy.client.jaxrs.internal.proxy.ClientInvoker.invokeSync(ClientInvoker.java:150) at org.jboss.resteasy.client.jaxrs.internal.proxy.ClientInvoker.invoke(ClientInvoker.java:112) at org.jboss.resteasy.client.jaxrs.internal.proxy.ClientProxy.invoke(ClientProxy.java:76) at com.sun.proxy.$Proxy46.grantToken(Unknown Source) at org.keycloak.admin.client.token.TokenManager.grantToken(TokenManager.java:89) at org.keycloak.admin.client.token.TokenManager.getAccessToken(TokenManager.java:69) at org.keycloak.admin.client.token.TokenManager.getAccessTokenString(TokenManager.java:64) at org.keycloak.admin.client.resource.BearerAuthFilter.filter(BearerAuthFilter.java:52) at org.jboss.resteasy.client.jaxrs.internal.ClientInvocation.filterRequest(ClientInvocation.java:587) at org.jboss.resteasy.client.jaxrs.internal.ClientInvocation.invoke(ClientInvocation.java:436) at org.jboss.resteasy.client.jaxrs.internal.proxy.ClientInvoker.invokeSync(ClientInvoker.java:148) at org.jboss.resteasy.client.jaxrs.internal.proxy.ClientInvoker.invoke(ClientInvoker.java:112) at org.jboss.resteasy.client.jaxrs.internal.proxy.ClientProxy.invoke(ClientProxy.java:76) at com.sun.proxy.$Proxy51.deleteSession(Unknown Source) at com.castortech.util.keycloak.KeycloakAdminBroker.lambda$129(KeycloakAdminBroker.java:3724) ... 58 more Caused by: javax.ws.rs.ProcessingException: java.io.IOException: java.security.PrivilegedActionException: com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException: Unrecognized field "access_token" (class org.keycloak.representations.AccessTokenResponse), not marked as ignorable (10 known properties: "tokenType", "notBeforePolicy", "otherClaims", "token", "sessionState", "refreshExpiresIn", "scope", "expiresIn", "refreshToken", "idToken"]) at [Source: (org.jboss.resteasy.client.jaxrs.internal.ClientResponse$InputStreamWrapper); line: 1, column: 18] (through reference chain: org.keycloak.representations.AccessTokenResponse["access_token"]) at org.jboss.resteasy.client.jaxrs.internal.ClientResponse.readFrom(ClientResponse.java:368) at org.jboss.resteasy.client.jaxrs.internal.ClientResponse.readEntity(ClientResponse.java:261) at org.jboss.resteasy.specimpl.BuiltResponse.readEntity(BuiltResponse.java:231) at org.jboss.resteasy.client.jaxrs.internal.ClientInvocation.extractResult(ClientInvocation.java:120) ... 74 more Caused by: java.io.IOException: java.security.PrivilegedActionException: com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException: Unrecognized field "access_token" (class org.keycloak.representations.AccessTokenResponse), not marked as ignorable (10 known properties: "tokenType", "notBeforePolicy", "otherClaims", "token", "sessionState", "refreshExpiresIn", "scope", "expiresIn", "refreshToken", "idToken"]) at [Source: (org.jboss.resteasy.client.jaxrs.internal.ClientResponse$InputStreamWrapper); line: 1, column: 18] (through reference chain: org.keycloak.representations.AccessTokenResponse["access_token"]) at org.jboss.resteasy.plugins.providers.jackson.ResteasyJackson2Provider.readFrom(ResteasyJackson2Provider.java:145) at org.jboss.resteasy.core.interception.AbstractReaderInterceptorContext.readFrom(AbstractReaderInterceptorContext.java:66) at org.jboss.resteasy.core.interception.AbstractReaderInterceptorContext.proceed(AbstractReaderInterceptorContext.java:56) at org.jboss.resteasy.client.jaxrs.internal.ClientResponse.readFrom(ClientResponse.java:334) ... 77 more Caused by: java.security.PrivilegedActionException: com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException: Unrecognized field "access_token" (class org.keycloak.representations.AccessTokenResponse), not marked as ignorable (10 known properties: "tokenType", "notBeforePolicy", "otherClaims", "token", "sessionState", "refreshExpiresIn", "scope", "expiresIn", "refreshToken", "idToken"]) at [Source: (org.jboss.resteasy.client.jaxrs.internal.ClientResponse$InputStreamWrapper); line: 1, column: 18] (through reference chain: org.keycloak.representations.AccessTokenResponse["access_token"]) at java.security.AccessController.doPrivileged(Native Method) at org.jboss.resteasy.plugins.providers.jackson.ResteasyJackson2Provider.readFrom(ResteasyJackson2Provider.java:137) ... 80 more Caused by: com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException: Unrecognized field "access_token" (class org.keycloak.representations.AccessTokenResponse), not marked as ignorable (10 known properties: "tokenType", "notBeforePolicy", "otherClaims", "token", "sessionState", "refreshExpiresIn", "scope", "expiresIn", "refreshToken", "idToken"]) at [Source: (org.jboss.resteasy.client.jaxrs.internal.ClientResponse$InputStreamWrapper); line: 1, column: 18] (through reference chain: org.keycloak.representations.AccessTokenResponse["access_token"]) at com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException.from(UnrecognizedPropertyException.java:61) at com.fasterxml.jackson.databind.DeserializationContext.handleUnknownProperty(DeserializationContext.java:822) at com.fasterxml.jackson.databind.deser.std.StdDeserializer.handleUnknownProperty(StdDeserializer.java:1152) at com.fasterxml.jackson.databind.deser.BeanDeserializerBase.handleUnknownProperty(BeanDeserializerBase.java:1582) at com.fasterxml.jackson.databind.deser.BeanDeserializerBase.handleUnknownVanilla(BeanDeserializerBase.java:1560) at com.fasterxml.jackson.databind.deser.BeanDeserializer.vanillaDeserialize(BeanDeserializer.java:294) at com.fasterxml.jackson.databind.deser.BeanDeserializer.deserialize(BeanDeserializer.java:151) at com.fasterxml.jackson.databind.ObjectReader._bind(ObjectReader.java:1574) at com.fasterxml.jackson.databind.ObjectReader.readValue(ObjectReader.java:965) at org.jboss.resteasy.plugins.providers.jackson.ResteasyJackson2Provider$1.run(ResteasyJackson2Provider.java:140) ... 82 more Hope to get some hint. Thai Le

6 years

1
0
0 / 0

Incorrect UMA Policy Evaluation

by Lamina, Marco

Hi, I’m using the protection API to manage UMA policies for my Keycloak resources. However, I get false-positive results when requesting permissions for a resource via the token endpoint. Example: I have a resource with ID “dataset-42” and two scopes “view” and “delete”. I create a UMA policy granting my user “view” access to this resource. If I now call the token endpoint (as suggested in [1]) to obtain permissions for the “delete” scope by setting: response_mode=permissions permission=dataset-42#delete , I get the following (confusing) result: [{ "scopes": ["view"], "rsid": "dataset-42", "rsname": "urn:atlas-api:resources:dataset:42" }] When setting “response_mode=decision”, I get: { "result": true } There is no policy that gives my user access to the “delete” scope anywhere, so shouldn’t I get a negative result here? Links: [1] https://www.keycloak.org/docs/latest/authorization_services/index.html#_s... Thanks, Marco

6 years

3
8
0 / 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

keycloak-user January 2019