March 2019 - keycloak-user - Jboss List Archives

Performance issues when creating users with keycloak-admin-client

by Lengenfeld, Jan

Hello, are there any performance issues known regarding the following method? Keycloak.realm("someRealm").users().create(someUserRepresentation); We want to create a batch of users in a loop. After every tenth user it lasts approximately 10 minutes for the call to return. Is this behavior known or did we miss to configure something? Kind regards Jan Lengenfeld

5 years, 10 months

2
2
0 / 0

Having trouble with Keycloak Performance Testsuite

by Zak Horose

Hello, I'm having trouble getting the test suite to work. I'm following the Getting started for the impatient instructions. I am running: centos 7 docker version 1.13.1, build 07f3374/1.13.1 docker-compose version 1.18.0, build 8dd22a9 openjdk version "1.8.0_201" maven 3.5.4 Going through the steps I am successful until mvn verify -Pgenerate-data -Ddataset=1r_10c_100u -DnumOfWorkers=10 I have tried maven 3.1.1, 3.2.5, 3.6.0 and haven't gotten as far. Below is the output with maven 3.5.4. The first error encountered is 500, is this a permissions issue or am I missing some software? Any help is appreciated. reated entities: Realm 1 14:35:23 Time: +5 s Created entities: Realm 1 RealmRole 10 Client 10 ClientRole 100 14:35:24 Time: +6 s Created entities: Realm 1 RealmRole 10 Client 10 ClientRole 100 User 3 14:35:24 Error occured: javax.ws.rs.WebApplicationException: Create method returned status Internal Server Error (Code: 500); expected status: Created (201) 14:35:24 Exception thrown from executor service. Shutting down. Exception in thread "main" java.lang.RuntimeException: javax.ws.rs.WebApplicationException: Create method returned status Internal Server Error (Code: 500); expected status: Created (201) at org.keycloak.performance.dataset.DatasetLoader.processEntities(DatasetLoader.java:149) at org.keycloak.performance.dataset.DatasetLoader.processDataset(DatasetLoader.java:75) at org.keycloak.performance.dataset.DatasetLoader.main(DatasetLoader.java:35) Caused by: javax.ws.rs.WebApplicationException: Create method returned status Internal Server Error (Code: 500); expected status: Created (201) at org.keycloak.admin.client.CreatedResponseUtil.getCreatedId(CreatedResponseUtil.java:43) at org.keycloak.performance.dataset.Creatable.createCheckingForConflict(Creatable.java:51) at org.keycloak.performance.dataset.Creatable.createOrUpdateExisting(Creatable.java:69) at org.keycloak.performance.dataset.DatasetLoader.lambda$processEntities$0(DatasetLoader.java:118) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748) [ERROR] Command execution failed. org.apache.commons.exec.ExecuteException: Process exited with an error: 1 (Exit value: 1) at org.apache.commons.exec.DefaultExecutor.executeInternal (DefaultExecutor.java:404) at org.apache.commons.exec.DefaultExecutor.execute (DefaultExecutor.java:166) at org.codehaus.mojo.exec.ExecMojo.executeCommandLine (ExecMojo.java:804) at org.codehaus.mojo.exec.ExecMojo.executeCommandLine (ExecMojo.java:751) at org.codehaus.mojo.exec.ExecMojo.execute (ExecMojo.java:313) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:208) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:154) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:146) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:954) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:288) at org.apache.maven.cli.MavenCli.main (MavenCli.java:192) at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke (Method.java:498) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:289) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:229) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:415) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:356) [INFO] ------------------------------------------------------------------------ [INFO] Reactor Summary: [INFO] [INFO] Keycloak Performance TestSuite 6.0.0-SNAPSHOT ...... SUCCESS [ 1.317 s] [INFO] Keycloak Performance TestSuite - Keycloak Server ... SUCCESS [ 2.089 s] [INFO] Keycloak Performance TestSuite - Wildfly ModCluster Load Balancer SUCCESS [ 0.873 s] [INFO] Keycloak Performance TestSuite - Infinispan Server . SUCCESS [ 1.358 s] [INFO] Keycloak Performance TestSuite - Tests 6.0.0-SNAPSHOT FAILURE [ 12.429 s] [INFO] ------------------------------------------------------------------------ [INFO] BUILD FAILURE [INFO] ------------------------------------------------------------------------ [INFO] Total time: 18.582 s [INFO] Finished at: 2019-03-07T14:35:24-07:00 [INFO] ------------------------------------------------------------------------ [ERROR] Failed to execute goal org.codehaus.mojo:exec-maven-plugin:1.6.0:exec (load-data) on project performance-tests: Command execution failed.: Process exited with an error: 1 (Exit value: 1) -> [Help 1] org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute goal org.codehaus.mojo:exec-maven-plugin:1.6.0:exec (load-data) on project performance-tests: Command execution failed. at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:213) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:154) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:146) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:954) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:288) at org.apache.maven.cli.MavenCli.main (MavenCli.java:192) at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke (Method.java:498) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:289) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:229) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:415) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:356) Caused by: org.apache.maven.plugin.MojoExecutionException: Command execution failed. at org.codehaus.mojo.exec.ExecMojo.execute (ExecMojo.java:326) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:208) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:154) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:146) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:954) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:288) at org.apache.maven.cli.MavenCli.main (MavenCli.java:192) at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke (Method.java:498) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:289) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:229) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:415) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:356) Caused by: org.apache.commons.exec.ExecuteException: Process exited with an error: 1 (Exit value: 1) at org.apache.commons.exec.DefaultExecutor.executeInternal (DefaultExecutor.java:404) at org.apache.commons.exec.DefaultExecutor.execute (DefaultExecutor.java:166) at org.codehaus.mojo.exec.ExecMojo.executeCommandLine (ExecMojo.java:804) at org.codehaus.mojo.exec.ExecMojo.executeCommandLine (ExecMojo.java:751) at org.codehaus.mojo.exec.ExecMojo.execute (ExecMojo.java:313) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:208) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:154) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:146) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:954) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:288) at org.apache.maven.cli.MavenCli.main (MavenCli.java:192) at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke (Method.java:498) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:289) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:229) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:415) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:356) [ERROR] [ERROR] [ERROR] For more information about the errors and possible solutions, please read the following articles: [ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException [ERROR] [ERROR] After correcting the problems, you can resume the build with the command [ERROR] mvn <goals> -rf :performance-tests Zak

5 years, 10 months

2
2
0 / 0

Not able to add roles

by kapil joshi

Hi team, I have a user with roles of view realm, manage users and manage authorization. I logged in with the above user credentials and tried to access admin console, there I could to navigate to roles section, could see the roles and edit too, BUT cannot ADD new roles,v as well as cannot add attributes to the existing roles. Can some one from team guide me to provide which client role to this logged in user, such that I can enable ADD roles button and add attributes to the existing roles. Thanks Kapil

5 years, 10 months

2
1
0 / 0

Password policy update automatic trigger

by Wim Vandenhaute

Hello list, In the documentation, it is stated that @ https://www.keycloak.org/docs/latest/server_admin/index.html#_password-po... "If the password policy is updated, an Update Password action must be set for every user. An automatic trigger is scheduled as a future enhancement." I was wondering if there is any schedule of such a feature in the pipeline? Related to that, might there be an enhancment in the pipeline to force a keycloak user to update his password when his current credential violates the policy? This if no automatic trigger was done when the password policy was updated. I realize this can be easily added via a custom user storage provider implementing the CredentialInputValidator SPI by adding something like private boolean isValidKeycloakPassword(String username, String password) { PasswordPolicyManagerProvider provider = keycloakSession.getProvider(PasswordPolicyManagerProvider.class); return provider.validate(username, password) == null; } But might this not be a valid, possibly configurable, option?

5 years, 10 months

1
0
0 / 0

Idp hint in keyclok

by gowtham kannan

Hi everyone. We are trying to integrate keycloak to Galaxy ( https://github.com/galaxyproject). In galaxy, we are supposed to include a custom identity platform (like CILogon) which provides federated identity managements for the users. But our requirement is that we need to restrict access to only certain research collaborations or federated authentication providers ; but we if enroll CILogon as an idp provider in keycloak, then we are providing access to all the authentication providers supported by CILogon. The other alternative is we create IDPs for each federated identity within our keycloak server, but it might lead to a poor management of the keycloak server. So, is their a way to give the auth-provider url after the user has selected the specific authentication scheme from the client (dynamic idp hinting)? Thanks a lot in advance. -- Regards, Gowtham Kannan B Graduate Student, Computer Science Indiana university, Bloomington

5 years, 10 months

1
0
0 / 0

Priority order of OIDC Token mappings

by David Erie (US)

Hi, I am trying to create two sets of OIDC Token mappers in my OIDC client. One set are "user attribute" mappers, and the other set are "hardcoded" mappers. I want the hardcoded ones to take precedence over the user attribute ones. However, the Priority Order seems to be random. It's not based on the type of mapper as the documentation and initial experimentation led me to believe, and it's not based on the order in which they are created. How can I guaranteed the order in which these mappers are applied? Thank you for the help, Dave

5 years, 10 months

1
0
0 / 0

IDP Mapper Mapping User defined attribute to JWT Claim

by Anand Joshi

Hello, I am using KeyCloak as IDP allowing my application to login with Google, Facebook or Linkedin I have and in-house API service which maintains certain IDs which can be looked up with Google, Facebook, Linked in usernames. I want to make these Ids available as part of the Custom JWT Claim. I want to know if I can handle this solely at IDP Mapper level without introducing any Client specific mapper. This way I can avoid replicating mappers for every client i create if I can achive it at the IDP Mapper Level itself. Please let me know Anand

5 years, 10 months

1
0
0 / 0

Custom error message in "Authenticator Execution" Script

by Felix Gustavsson

Hi I'm trying to create a Browser Authentication flow in Keycloak which rejects the user if it does not have the required role, however I am unable to show the user a customized message on a rendered error page. How does one show a custom error message defined in the script? I've been able to show custom error in JSON using the code below, however I would like it to be rendered using for example the error.ftl template i.e keycloak/themes/src/main/resources/theme/base/login/error.ftl AuthenticationFlowError = Java.type("org.keycloak.authentication.AuthenticationFlowError"); ErrorRepresentation = Java.type("org.keycloak.representations.idm.ErrorRepresentation"); Response = Java.type("javax.ws.rs.core.Response"); MediaType = Java.type("javax.ws.rs.core.MediaType"); function authenticate(context) { /* CODE FOR AUTH CHECK */ if (authShouldFail) { var errorRep = new ErrorRepresentation(); errorRep.setErrorMessage("You are not authorized to use this application"); var response = Response.status(401).entity(errorRep).type(MediaType.APPLICATION_JSON_TYPE ).build(); LOG.info(script.name + " failed auth for: " + username); context.failure(AuthenticationFlowError.INVALID_USER, response); return; } context.success(); }

5 years, 10 months

1
0
0 / 0

Realm admins that can only create users (but not list/query them)

by Rafael Weingärtner

Hello Keycloakers, I was wondering, is it possible to create a policy to authorize certain users to create other users, but not list the users that we already have in the realm? I know that I can control the groups listed for user-group management for certain realm admins, but we want/need something different. We need to allow specific users to add new users and assign them to groups (some restricted groups). Ideally, they should be able to manage all users in its own group as well. Is something like this possible? I am reading about authorization scopes, and authorization service, but I am kind of lost on how to manage scope and policies to keycloak actions (create/delete/update/list resources[users/clients/groups]). -- Rafael Weingärtner

5 years, 10 months

1
0
0 / 0

Keycloak Saml Client ID

by Victor Alejo

Hi, I am integrating Keycloak with my service using a saml client but I got all the time *unknown login requester" *error. My service: - Uses Saml 2.0 - SSO URL pointing to: https://sso.develop.stentle.com/auth/realms/my_realm_keycloak_app/protoco... <https://sso.develop.stentle.com/auth/realms/customer-support/protocol/saml> - Certificate X.509 Added Working. *- Identity Provider Issuer: This is the value we I know how to set. * - The client_ID value in the saml client of Keycloak: "Specified ID referrenced in URI and tokens. For example 'my-client' This is also the expected issuer value from auth request" Anyone knows what should be in this value and how to related to the Identity Provider Issuer? Thank you!

5 years, 10 months

2
3
0 / 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

keycloak-user March 2019