keycloak-gatekeeper https question
by Sankar P
Hi,
I have setup keycloak and keycloak-gatekeeper as two pods in a kubernetes
setup. I have setup an nginx controller to frontend these.
Now, when keycloak-gatekeeper is getting launched, I pass:
helm install gatekeeper --set discovery_url="http://keycloak-svc"
Where `keycloak-svc` is the service URL for the keycloak service. However,
when a browser request is made, this url gets sent to the browser where
this cannot be resolved (as it is internal to the kubernetes cluster).
Instead of this url, if I pass:
helm install gatekeeper --set discovery_url="https://ingress_ip/auth"
which is the keycloak public url via the ingress, then there is a different
issue as:
https certificate for `https://ingress_ip` could not be verified.
How do I fix this ? Is there anyway I can ask kavach-gatekeeper to ignore
certificate validations for keycloak discovery_url ?
Thanks.
--
Sankar P
http://psankar.blogspot.com
6 years
Poll - should we have both a mailing list and a forum, or only one?
by Stian Thorgersen
We recently introduced a new Discourse forum as a place to ask for help in
the community. We believe a forum is better suited than a mailing list as
it will create a great resource of knowledge, while the mailing list is
very hard to search.
The plan was to continue with keycloak-user(a)lists.jboss.org at least for a
while to then revisit if we should drop a mailing list completely.
However, due to a lot of technical difficulties with
keycloak-user(a)lists.jboss.org (bouncing emails and users being
unsubscribed) we have decided to move away from lists.jboss.org completely.
Question now is should we only have the Discourse forum or should we also
have a Google Groups mailing list?
Downside of having both is that the community will be fragmented and there
is a good risk that with multiple places to ask questions there are less
people listening and ready to reply.
So we'd like to ask the community what you think? Please fill in the poll
at https://forms.gle/3URYHPU2wYToJcGh8 and let us know your opinion!
6 years
JBoss does not redirect to Keycloak login
by Alfonso Vidal García
I am using the Keycloak Quickstart app-authz-springboot to delegate all the authorization to Keycloak server,
https://github.com/keycloak/keycloak-quickstarts/tree/latest/app-authz-sp...
If I do mvn spring-boot:run into the project, and I put localhost:8080 it redirects to Spring login instead of the keycloak one. I read in other issues that including the web.xml into the project it solves it, but it returns me the next error,
[ERROR] Failed to execute goal org.springframework.boot:spring-boot-maven-plugin:2.2.0.RELEASE:run (default-cli) on project login-focusoc-web: Application finished with exit code: 1 -> [Help 1] org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute goal org.springframework.boot:spring-boot-maven-plugin:2.2.0.RELEASE:run (default-cli) on project login-focusoc-web: Application finished with exit code: 1 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:215) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:956) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:288) at org.apache.maven.cli.MavenCli.main (MavenCli.java:192) at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62) at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke (Method.java:566) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347) Caused by: org.apache.maven.plugin.MojoExecutionException: Application finished with exit code: 1 at org.springframework.boot.maven.RunMojo.runWithForkedJvm (RunMojo.java:108) at org.springframework.boot.maven.AbstractRunMojo.doRunWithForkedJvm (AbstractRunMojo.java:284) at org.springframework.boot.maven.AbstractRunMojo.run (AbstractRunMojo.java:249) at org.springframework.boot.maven.AbstractRunMojo.execute (AbstractRunMojo.java:205) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:956) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:288) at org.apache.maven.cli.MavenCli.main (MavenCli.java:192) at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62) at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke (Method.java:566) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347)
The web.xml I added is,
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
<module-name>login-provider-web</module-name>
<login-config>
<auth-method>KEYCLOAK</auth-method>
<realm-name>FocusocKeycloak</realm-name>
</login-config>
<security-role>
<role-name>ROLE_USER</role-name>
</security-role>
</web-app>
Anyone can help me?
P Please consider the environment before printing this e-mail.
6 years
Import realm issue (KC v7.0.1)
by Ondrej Scerba
Hi,
It seems that import realm in Keycloak 7.0.1 doesn't work properly. I'm importing realm with client with fullScopeAllowed set to true. Realm and client is imported but client has full scoper allowed set to false.
Ondrej
6 years
Missing claims from custom scope
by James Mitchell
I have some custom claims which are added to the access token at login.
This is working fine, verified the token has the claims etc...
Today I have added user impersonation to the client app - it is not using
the direct "naked grant" to request a token on behalf of a user.
I get a valid token back, but it is missing the claims from the custom
client scope.
I have tried with, and without adding a scope to the request, and also
adding the client scope as default for the realm and the client - but the
claims are still not added to the token.
Suggestions?
Thanks,
James
----
*James Mitchell*
Developer
e: jamesm(a)suitebox.com
w: www.suitebox.com
*SuiteBox |* Level 4, 8 Mahuhu Crescent, Auckland 1010, NZ
6 years
Keycloak Quickstart does not work
by Alfonso Vidal García
Hi everyone!
I just downloaded the quickstart example from git, and I am trying to deploy app-authz-springboot and it returns
Failed to execute goal org.springframework.boot:spring-boot-maven-plugin:2.2.0.RELEASE:run (default-cli) on project app-authz-springboot: Application finished with exit code: 1 -> [Help 1]
Anyone knows what it is happening?
P Please consider the environment before printing this e-mail.
6 years
Error when testing email connection
by Dave B
Hi,
Fairly new to keycloak so do help me out with logging etc.
I have logging set to info on a keycloak instance running in the docker
file with a postgres database behind an nginx proxy which terminates my ssl.
When I'm creating my realm, I want to set up an email address from which to
send update password requests etc. However when I test connection through
the admin console I get a box which says "Error: An unexpected server error
has occurred". and nothing is logged.
Need help with this as soon as anyone can as there've been a number of
issues we've had which have caused our keycloak config to go really long.
Dave
6 years
Authorization Example Web
by Alfonso Vidal García
Hello!
I am looking for a web Project example to apply the Authorization Policies from Keycloak. Anyone know where can I found anything?
Thanks in advance!
P Please consider the environment before printing this e-mail.
6 years
