Re: [keycloak-user] Use keycloak classes from a custom Authenticator: NoClassDefFoundError
by Daniel.Meyerholt@eventim.de
Hi,
I do not know your exact project setup but you have to declare any dependencies as wildfly isolates classloaders.
As AbstractIdpAuthenticator is included in the keycloak-services module, you can use this In the jar's META-INF/MANIFEST.MF:
Dependencies: org.keycloak.keycloak-services
Maybe additional Modules have to be included as well.
See appropriate documentation of how to do this in your favourite build tool.
See http://docs.wildfly.org/17/Developer_Guide.html#ear-class-loading (applies to keycloak's jar mechanism as well)
Best
Daniel
-----Ursprüngliche Nachricht-----
Von: keycloak-user-bounces(a)lists.jboss.org <keycloak-user-bounces(a)lists.jboss.org> Im Auftrag von Christophe de Vienne
Gesendet: Mittwoch, 4. September 2019 11:32
An: keycloak-user(a)lists.jboss.org
Betreff: [keycloak-user] Use keycloak classes from a custom Authenticator: NoClassDefFoundError
Hi everyone,
I want to write a custom Authenticator that borrow code from AbstractIdpAuthenticator (or better, extends it).
However, as soon as my authenticator attempts to load a class from the keycloak-services package, I get a NoClassDefFoundError. For example:
08:24:53,608 ERROR [org.keycloak.services.error.KeycloakErrorHandler]
(default task-6) Uncaught server error: java.lang.NoClassDefFoundError:
org/keycloak/authentication/authenticators/broker/util/SerializedBrokeredIdentityContext
I used the authenticator example provided in the examples directory as a base for writing the pom.xml file.
Should I be able to use or extend keycloak classes from within my provider (packaged as a jar, I also tried wildfly:deploy)?
If so, what am I missing?
I also posted a question on stackoverflow, you may find some relevant detail in it:
https://stackoverflow.com/questions/57778240/noclassdeffounderror-in-a-pr...
Thanks,
Christophe
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
5 years, 4 months
Mapping Claims from Identity providers
by Konsulent Thomas Isaksen (TNO)
I have configured Azure as my identity provider and I am assigning roles to my users in Keycloak based on claims I get from Azure.
Once I have defined one or more Role Mappers and sign in with my Keycloak user for the first time the mapping is done and working as expected, however,
once I create additional mappings the roles of the user are no longer updated. The only way to get an updated mapping is to delete my Keycloack user and sign in again.
I tried to look it up in the documentation:
Mapping Claims and Assertions
https://www.keycloak.org/docs/3.2/server_admin/topics/identity-broker/map...
..
"Each new user that logs into your realm via an external identity provider will have an entry for it created in the local Keycloak database. The act of importing metadata from the SAML or OIDC assertions and claims will create this data with the local realm database."
...
Does this mean that I cannot expect new claim mappings to apply to existing users? Is there any way to do this ?
( I did send this message in April but it never showed up in the mailing list)
--
Thomas Isaksen
5 years, 4 months
[keycloak-dev] How to add custom LDAP attribute mapper
by Shiva Prasad Thagadur Prakash
Hi Guys,
I want to add a custom LDAP user attribute mapper to Keycloak. How can I do
this?
Actually I wanted to have an LDAP attribute mapper which would have some
initial value hardcoded for an LDAP attribute but the attribute value can
be edited/changed later.
Thanks,
Shiva
5 years, 4 months
Testing Application Security
by Vikram
Hi All,
I am currently trying to test the security of my website. Assuming that
a hacker gets through Keycloak, is there a way to test how secure my web
application (website) is ? Or is it necessary to test this ?
Regards,
Vikram
5 years, 4 months
Prior consent for keycloak cookies
by Vikram
Hi all,
Is there any documentation on how to set up prior consent for cookie
usage for a website secured by keycloak ?
Regards,
Vikram
5 years, 4 months
Automating user federation config on startup
by Gary Kennedy
Just about to dive into this, but wondering if anyone can share any information they have to save me some time/effort?
I'm looking to setup an isolated review instance of keycloak via automated build pipelines with isolated support dependencies (ldap, db, etc). The ldap, and db, host names are dynamic. Pointing to the database is easy (thanks to the environment variable support), however I don't know how (or if) it can be done for the user federation setup/config. I'm guessing/hoping I can use the subsystem cli config on startup, but that idea may just be showing my ignorance.
Has anyone done/tried this before and can share their experiences please?
Cheers,
Gary
5 years, 4 months
Extending User Account Service
by Michael Humphries
Hi all,
I want to know if it is possible to add email verification in front of the
User Account Service or if this feature is in the works at all?
If not, is it possible to extend the SPI in some way to leverage the User
Account Service to achieve this?
Essentially I want a situation where;
1. a user goes to update their TOTP information by clicking the link that
takes them to /account/totp.
2. they are presented with a screen saying that they have been sent an
email.
3. they click the link in the email.
4. they are taken to /account/totp where they can update their information.
It is probably important to note, but also pretty obvious, that the user
cannot just navigate to a static /account/totp as this would defeat the
purpose of this feature.
Any advice/help would be much appreciated.
Thanks
Mike
5 years, 4 months
Use keycloak classes from a custom Authenticator: NoClassDefFoundError
by Christophe de Vienne
Hi everyone,
I want to write a custom Authenticator that borrow code from
AbstractIdpAuthenticator (or better, extends it).
However, as soon as my authenticator attempts to load a class from the
keycloak-services package, I get a NoClassDefFoundError. For example:
08:24:53,608 ERROR [org.keycloak.services.error.KeycloakErrorHandler]
(default task-6) Uncaught server error: java.lang.NoClassDefFoundError:
org/keycloak/authentication/authenticators/broker/util/SerializedBrokeredIdentityContext
I used the authenticator example provided in the examples directory as a
base for writing the pom.xml file.
Should I be able to use or extend keycloak classes from within my
provider (packaged as a jar, I also tried wildfly:deploy)?
If so, what am I missing?
I also posted a question on stackoverflow, you may find some relevant
detail in it:
https://stackoverflow.com/questions/57778240/noclassdeffounderror-in-a-pr...
Thanks,
Christophe
5 years, 4 months
Permission fro token exchange
by James Mitchell
I am trying to use the token exchange preview feature.
I have enabled it OK, and can see it in the UI server info as a preview
feature (not a disabled feature).
But I'm getting an error, that the client is not allowed to perform the
exchange. The docs clearly say that I need to enable a permission on the
Identity Provider
https://www.keycloak.org/docs/6.0/securing_apps/index.html#_grant_permiss...
My problem is that I do not see the Permissions tab when I look at the
IDP... :(
Can anyone suggest why the Permissions tab might be hidden?
Thanks,
James
----
*James Mitchell*
Developer
e: jamesm(a)suitebox.com
w: www.suitebox.com
*SuiteBox |* Level 4, 8 Mahuhu Crescent, Auckland 1010, NZ
5 years, 4 months
Using CILogon as an Identity Provider inside Keycloak
by Dockendorf, Trey
I have Keycloak 6.0.1 setup with CILogon Identity Provider and the only flow I’m able to get working is “browser”. The goal is that when someone logs into CILogon and are redirected back to Keycloak they would have to somehow map their CILogon identity to their read-only LDAP identity in Keycloak. We do not allow creation of users in Keycloak, all users come from LDAP and the LDAP config is set to read-only. I’ve managed to get this working by using the “browser” first login flow. I’ve tried modifying the first broker login flow but that has not worked. I’m curious if anyone else has setup Keycloak with CILogon and if so how they handled mapping the CILogon identities to Keycloak users.
Thanks,
- Trey
5 years, 4 months
