help
by Mohamad KHAYAT
Hi All,
I am trying to run keycloak quickstart 6.0.1 but it keeps failing.
The attached file shows the error I receive when I run "mvn clean wildfly:deploy"
The wildfly version is 16 and I tried different maven versions (3.3.1, 3.3.9, 3.5.4, 3.6.0, 3.6.1) and I am using Centos 7.
Any idea why this is happening?
Please help!
5 years, 7 months
SPI - Verifying user's password in UserStorageProvider
by Soroush Shirali
Hi,
I have created a userStorageProvider in keycloak's SPI by implementing several interfaces as follows:
public class MigrationStorageProvider
implements UserStorageProvider,CredentialProvider,
UserLookupProvider,
CredentialInputValidator,
CredentialInputUpdater
{
But to my surprise the only method which keycloak calls during login flow is "getUserByUsername()". It does not call "isValid()"
Method. The problem is that I don't have access to CredentialInput to verify user's password in "getUserByUsername()".
Anyone knows what I am doing wrong?
Thanks,
Soroush Shirali
Software Developer
[ph] 08 8232 2828
[at] Soroush.Shirali(a)flexigroup.com.au
[image003]
Please consider the environment before printing this e-mail
The information contained in this email is confidential. It is intended only for the stated addressee(s) and access to it by any other person is unauthorised. If you are not an addressee, you must not disclose, copy or circulate this information. Such unauthorised use may be unlawful. If you have received this email in error, please inform FlexiGroup Limited immediately and delete it and all copies from your system. While FlexiGroup Limited makes every effort to keep our network free from viruses we take no responsibility for any computer virus which might be transferred by way of this email. The views expressed in this email are those of the sender and may not be representative of the views of FlexiGroup Limited or any subsidiary of the group
5 years, 7 months
LDAP User Storage Provider web interface
by Ryan Slominski
On the admin web interface what do the buttons at the bottom of the LDAP User Storage Provider settings page do? Specifically the buttons:
Synchronize changed users
Synchronize all users
Remove imported
Unlink users
I don't want Keycloak caching much / anything so I've configured Cache Policy NO_CACHE, Edit Mode READ_ONLY, and Import Users OFF. It seems like these buttons should not be shown with this configuration as it isn't clear they do anything. I'm especially mystified by Unlink users button since I can't find any reference on what the heck that does.
5 years, 7 months
Re: [keycloak-user] help
by Mohamad KHAYAT
Issue resolved. Keycloak.jason was missing
Kr. MK
From: Mohamad KHAYAT
Sent: Monday, May 20, 2019 1:47 PM
To: 'keycloak-user(a)lists.jboss.org'
Subject: help
Hi All,
I am trying to run keycloak quickstart 6.0.1 but it keeps failing.
The attached file shows the error I receive when I run "mvn clean wildfly:deploy"
The wildfly version is 16 and I tried different maven versions (3.3.1, 3.3.9, 3.5.4, 3.6.0, 3.6.1) and I am using Centos 7.
Any idea why this is happening?
Please help!
5 years, 7 months
Keycloak 4.3 could not use sssd federation after upgrade to Fedora 30
by Patrick Dung
Hello,
I was using Fedora 29 with Keycloak, FreeIPA and sssd on the same machine.
After upgrading to Fedora 30. All service can start normally but sssd
federation is not loaded when Keycloak is started. It is missing from the
list for user federation. It only have LDAP and Kerberos authentication to
choose from.
On the problem local machine, I can run "sssctl user-checks admin -s
keycloak" without problem.
Any help would be appreciated, thanks.
Patrick
5 years, 7 months
app-authz-rest-employee example generates error during mvn spring-boot:run
by Olivier Rivat
Hi,
I am trying to bring the app-authz-rest-employee example, but is failing
when trying to luanch mvn spring-boot:run
https://github.com/keycloak/keycloak-quickstarts/tree/latest/app-authz-re...
1) keycloak is started with
cd {KEYCLOAK_HOME}/bin
./standalone.sh -Djboss.socket.binding.port-offset=100
2) wilfly is started with
sh stanalone.sh (port 8080)
3)launching maven
mvn spring-boot:run
I obtain following errors
at java.lang.Thread.run (Thread.java:745)
Caused by:
org.springframework.boot.web.embedded.tomcat.ConnectorStartFailedException:
Connector configured to listen on port 8080 failed to start
at
org.springframework.boot.web.embedded.tomcat.TomcatWebServer.checkThatConnectorsHaveStarted
(TomcatWebServer.java:228)
[INFO]
------------------------------------------------------------------------
[ERROR] Failed to execute goal
org.springframework.boot:spring-boot-maven-plugin:2.1.3.RELEASE:run
(default-cli) on project app-authz-rest-employee: An exception occurred
while running. null: InvocationTargetException: Connector configured to
listen on port 8080 failed to start -> [Help 1]
org.apache.maven.lifecycle.LifecycleExecutionException: Failed to
execute goal
org.springframework.boot:spring-boot-maven-plugin:2.1.3.RELEASE:run
(default-cli) on project app-authz-rest-employee: An exception occurred
while running. null
at org.apache.maven.lifecycle.internal.MojoExecutor.execute
(MojoExecutor.java:215)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute
(MojoExecutor.java:156)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute
(MojoExecutor.java:148)
at
org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject
(Lifecyc
What do you think about it ? Did I mistake following README fiel of
example ?
Regards,
Olivier
=============================================================================================================================
Full stack trace
mvn spring-boot:run
[INFO] Scanning for projects...
[WARNING]
[WARNING] Some problems were encountered while building the effective
model for org.keycloak.quickstarts:app-authz-rest-employee:jar:6.0.1
[WARNING] 'build.plugins.plugin.version' for
org.springframework.boot:spring-boot-maven-plugin is missing. @
org.keycloak.quickstarts:app-authz-rest-employee:[unknown-version],
/home/orivat/dev/keycloak_6.01/keycloak-quickstarts-latest/app-authz-rest-employee/pom.xml,
line 106, column 21
[WARNING]
[WARNING] It is highly recommended to fix these problems because they
threaten the stability of your build.
[WARNING]
[WARNING] For this reason, future Maven versions might no longer support
building such malformed projects.
[WARNING]
[INFO]
[INFO] ----------< org.keycloak.quickstarts:app-authz-rest-employee
>----------
[INFO] Building Spring Boot Web Keycloak Authorization Services Sample 6.0.1
[INFO] --------------------------------[ jar
]---------------------------------
[INFO]
[INFO] >>> spring-boot-maven-plugin:2.1.3.RELEASE:run (default-cli) >
test-compile @ app-authz-rest-employee >>>
[INFO]
[INFO] --- maven-resources-plugin:2.6:resources (default-resources) @
app-authz-rest-employee ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 1 resource
[INFO]
[INFO] --- maven-compiler-plugin:3.1:compile (default-compile) @
app-authz-rest-employee ---
[INFO] Nothing to compile - all classes are up to date
[INFO]
[INFO] --- maven-resources-plugin:2.6:testResources
(default-testResources) @ app-authz-rest-employee ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 2 resources
[INFO]
[INFO] --- maven-compiler-plugin:3.1:testCompile (default-testCompile) @
app-authz-rest-employee ---
[INFO] Nothing to compile - all classes are up to date
[INFO]
[INFO] <<< spring-boot-maven-plugin:2.1.3.RELEASE:run (default-cli) <
test-compile @ app-authz-rest-employee <<<
[INFO]
[INFO]
[INFO] --- spring-boot-maven-plugin:2.1.3.RELEASE:run (default-cli) @
app-authz-rest-employee ---
[WARNING]
java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke
(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke
(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke (Method.java:498)
at org.springframework.boot.maven.AbstractRunMojo$LaunchRunner.run
(AbstractRunMojo.java:558)
at java.lang.Thread.run (Thread.java:745)
Caused by:
org.springframework.boot.web.embedded.tomcat.ConnectorStartFailedException:
Connector configured to listen on port 8080 failed to start
at
org.springframework.boot.web.embedded.tomcat.TomcatWebServer.checkThatConnectorsHaveStarted
(TomcatWebServer.java:228)
at
org.springframework.boot.web.embedded.tomcat.TomcatWebServer.start
(TomcatWebServer.java:203)
at
org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.startWebServer
(ServletWebServerApplicationContext.java:300)
at
org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.finishRefresh
(ServletWebServerApplicationContext.java:162)
at
org.springframework.context.support.AbstractApplicationContext.refresh
(AbstractApplicationContext.java:553)
at
org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.refresh
(ServletWebServerApplicationContext.java:140)
at org.springframework.boot.SpringApplication.refresh
(SpringApplication.java:759)
at org.springframework.boot.SpringApplication.refreshContext
(SpringApplication.java:395)
at org.springframework.boot.SpringApplication.run
(SpringApplication.java:327)
at org.springframework.boot.SpringApplication.run
(SpringApplication.java:1255)
at org.springframework.boot.SpringApplication.run
(SpringApplication.java:1243)
at org.keycloak.quickstart.springboot.MyApplication.main
(MyApplication.java:31)
at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke
(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke
(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke (Method.java:498)
at org.springframework.boot.maven.AbstractRunMojo$LaunchRunner.run
(AbstractRunMojo.java:558)
at java.lang.Thread.run (Thread.java:745)
[INFO]
------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO]
------------------------------------------------------------------------
[INFO] Total time: 4.711 s
[INFO] Finished at: 2019-05-17T18:53:20+02:00
[INFO]
------------------------------------------------------------------------
[ERROR] Failed to execute goal
org.springframework.boot:spring-boot-maven-plugin:2.1.3.RELEASE:run
(default-cli) on project app-authz-rest-employee: An exception occurred
while running. null: InvocationTargetException: Connector configured to
listen on port 8080 failed to start -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the
-e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions,
please read the following articles:
[ERROR] [Help 1]
http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException
--
<http://www.janua.fr/images/logo-big-sans.png><http://www.janua.fr/images/LogoSignature.gif>
<http://www.janua.fr/images/6g_top.gif>
Olivier Rivat
CTO
orivat(a)janua.fr <mailto:dchikhaoui@janua.fr>
Gsm: +33(0)682 801 609
Tél: +33(0)489 829 238
Fax: +33(0)955 260 370
http://www.janua.fr <http://www.janua.fr/>
<http://www.janua.fr/images/6g_top.gif>
5 years, 7 months
Show Username in Admin Events / Login Events
by Guido Wimmel
Hi,
in the Admin Events / Login Events - View in the Administration Console
in Keycloak, I can see e.g. if users logged in or were assigned to a role.
However, the users are only referenced by their id.
I can determine the username by constructing an URL (e.g.
.../realms/<MY_REALM>/users/<UserId> ) and navigating to it.
Is there an easier way?
Best regards,
Guido
5 years, 7 months
HttpStatus 200 returned for unauthorized users
by Ali Ahmadzadeh Asl
Hi Dears
I'm using Keycloak 6.0.0 with SpringBoot. My java application serves both a web application and web services. The config is like this:
keycloak.realm=my-realm
keycloak.resource=my-app
keycloak.ssl-required=external
keycloak.enable-basic-auth=true
keycloak.autodetect-bearer-only=true
keycloak.use-resource-role-mappings=true
keycloak.principal-attribute=preferred_username
keycloak.auth-server-url=http://localhost:8080/auth
keycloak.credentials.secret=f3776b88-26c7-44fa-83ec-67cb72fa3111
keycloak.policy-enforcer-config.on-deny-redirect-to=/access-denied
keycloak.securityConstraints[0].authRoles[0] = user
keycloak.securityConstraints[0].securityCollections[0].name = default
keycloak.securityConstraints[0].securityCollections[0].patterns[0] = /*
Assume that '/rest/get-time' is a REST service served by my server for getting current date and time. When I get this address with 'Accept: application/json' header using tools like Postman, the server returns HttpStatus 200 with empty body. When I send same request without any header, the server returns HttpStatus 200 and HTML body of Keycloak login page.
How can I config Keycloak for returning HttpStatus 401 in the response of unauthorized REST or SOAP requests?
Best Regards
Ali Ahmadzdeh Asl
5 years, 7 months
Keycloak 5.0.0 SAML ID Brokering Provider User ID Problems
by Joel DuBien
Hello,
I'm investigating using Keycloak as an Identity Broker to connect to some
SAML IdPs. I'm running into a problem where the SAML IdP is returning a
response to Keycloak that somehow contains a unique Provider User ID and
Provider Username with each login, even when the same identity logins in
mulitple times. This results in a duplicate key error for keycloak, since
keycloak expects a single identity to have a single Provider User ID, not a
new one with each login.
I'm using Keycloak 5.0.0.
This is an example of the Provider User ID and the Provider Username that
Keycloak is seeing from the SAML response:
_0663be72e9e02b5d40f320b3a42ec757d6b842539f
I have verified that my SAML response is using a NameID Policy Format of
"Persistent", and that the NameID returned by the SAML response is based on
a consistent ID that wouldn't change for the same account.
Does anyone have experience with this? I'm at a loss as to how to proceed
to get this integration working correctly.
TYIA for your help!
-Joel
5 years, 7 months
