September 2019 - keycloak-user - Jboss List Archives

keycloak theming - Realm name instead of logo in login page

by Wilfried Anuzet

Hello all, I just have a little question about theming keycloak. I copy the default theme folder and modify a bit the css and logo to make a custom login page. After I import the newly created theme I apply it and it works well for the master Realm, but when I apply this theme to another Realm I've the Realm name that appears on the login page instead of my logo. How can I make my logo appears instead of the realm name ? Is it something to configure in keycloak ? or a property to change in the theme.properties ? Bests regards. Wilfried Anuzet

6 years, 1 month

2
1
0 / 0

Keycloak does not found Provider Factory

by Alfonso Vidal García

I have configured a Spring Boot project with connection to Keycloak, and also I want to install a Custom SPI User Provider external to Keycloak. I did all the steps to do the Provider and ProviderFactory, and also the file in META-INF/services, and now Wildfly fails with, 14:20:43,656 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-2) MSC000001: Failed to start service jboss.deployment.unit."focusoc-0.0.1-SNAPSHOT.jar".POST_MODULE: org.jboss.msc.service.StartException in service jboss.deployment.unit."focusoc-0.0.1-SNAPSHOT.jar".POST_MODULE: WFLYSRV0153: Failed to process phase POST_MODULE of deployment "focusoc-0.0.1-SNAPSHOT.jar" at org.jboss.as.server@9.0.2.Final//org.jboss.as.server.deployment.DeploymentUnitPhaseService.start(DeploymentUnitPhaseService.java:183) at org.jboss.msc@1.4.8.Final//org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1737) at org.jboss.msc@1.4.8.Final//org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1699) at org.jboss.msc@1.4.8.Final//org.jboss.msc.service.ServiceControllerImpl$ControllerTask.run(ServiceControllerImpl.java:1557) at org.jboss.threads@2.3.3.Final//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35) at org.jboss.threads@2.3.3.Final//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982) at org.jboss.threads@2.3.3.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486) at org.jboss.threads@2.3.3.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377) at java.base/java.lang.Thread.run(Thread.java:834) Caused by: java.util.ServiceConfigurationError: org.keycloak.storage.UserStorageProviderFactory: Provider gcs.fds.focusoc.keycloak.spi.LoginStorageProviderFactory not found at java.base/java.util.ServiceLoader.fail(ServiceLoader.java:588) at java.base/java.util.ServiceLoader$LazyClassPathLookupIterator.nextProviderClass(ServiceLoader.java:1211) at java.base/java.util.ServiceLoader$LazyClassPathLookupIterator.hasNextService(ServiceLoader.java:1220) at java.base/java.util.ServiceLoader$LazyClassPathLookupIterator.hasNext(ServiceLoader.java:1264) at java.base/java.util.ServiceLoader$2.hasNext(ServiceLoader.java:1299) at java.base/java.util.ServiceLoader$3.hasNext(ServiceLoader.java:1384) at org.keycloak.keycloak-services@7.0.0//org.keycloak.provider.DefaultProviderLoader.load(DefaultProviderLoader.java:60) at org.keycloak.keycloak-services@7.0.0//org.keycloak.provider.ProviderManager.load(ProviderManager.java:92) at org.keycloak.keycloak-services@7.0.0//org.keycloak.services.DefaultKeycloakSessionFactory.loadFactories(DefaultKeycloakSessionFactory.java:214) at org.keycloak.keycloak-services@7.0.0//org.keycloak.services.DefaultKeycloakSessionFactory.deploy(DefaultKeycloakSessionFactory.java:115) at org.keycloak.keycloak-services@7.0.0//org.keycloak.provider.ProviderManagerRegistry.deploy(ProviderManagerRegistry.java:42) at org.keycloak.keycloak-wildfly-server-subsystem@7.0.0//org.keycloak.subsystem.server.extension.KeycloakProviderDeploymentProcessor.deploy(KeycloakProviderDeploymentProcessor.java:55) at org.jboss.as.server@9.0.2.Final//org.jboss.as.server.deployment.DeploymentUnitPhaseService.start(DeploymentUnitPhaseService.java:176) ... 8 more 14:20:43,657 ERROR [org.jboss.as.controller.management-operation] (management-handler-thread - 4) WFLYCTL0013: Operation ("add") failed - address: ([("deployment" => "focusoc-0.0.1-SNAPSHOT.jar")]) - failure description: {"WFLYCTL0080: Failed services" => {"jboss.deployment.unit.\"focusoc-0.0.1-SNAPSHOT.jar\".POST_MODULE" => "WFLYSRV0153: Failed to process phase POST_MODULE of deployment \"focusoc-0.0.1-SNAPSHOT.jar\" Caused by: java.util.ServiceConfigurationError: org.keycloak.storage.UserStorageProviderFactory: Provider gcs.fds.focusoc.keycloak.spi.LoginStorageProviderFactory not found"}} 14:20:43,658 ERROR [org.jboss.as.server] (management-handler-thread - 4) WFLYSRV0021: Deploy of deployment "focusoc-0.0.1-SNAPSHOT.jar" was rolled back with the following failure message: {"WFLYCTL0080: Failed services" => {"jboss.deployment.unit.\"focusoc-0.0.1-SNAPSHOT.jar\".POST_MODULE" => "WFLYSRV0153: Failed to process phase POST_MODULE of deployment \"focusoc-0.0.1-SNAPSHOT.jar\" Caused by: java.util.ServiceConfigurationError: org.keycloak.storage.UserStorageProviderFactory: Provider gcs.fds.focusoc.keycloak.spi.LoginStorageProviderFactory not found"}} Anyone knows what it is happening? P Please consider the environment before printing this e-mail.

6 years, 1 month

1
0
0 / 0

Token Exchange

by James Mitchell

Where should I look for the code for token exchange? I am getting an invalid token error for one particular identity provider, and wI want to see what sort of logic the code uses to decide whether to validate and swap tokens. I have my code working ok for a standard Google oauth provider, so I have already fixed issues with users not being enabled when I try to exchange tokens, and making sure I have a valid userinfo url. My suspicion is I have an error with the userinfo url - which is not a standard oidc endpoint, but it is returning a 200 OK status when I hit it by hand with the access token. Thanks, James ---- *James Mitchell* Developer e: jamesm(a)suitebox.com w: www.suitebox.com *SuiteBox |* Level 4, 8 Mahuhu Crescent, Auckland 1010, NZ

6 years, 1 month

1
1
0 / 0

Keycloak 404s and issues after 4.3.0 upgrade/restore

by Nathan McGinnis

Hi, I am running the Keycloak 4.3.0 docker image in standalone mode with a PostgreSQL 10.4 backend. In attempt to migrate this system to one of our Kubernetes clusters, I took a backup of the keycloak database and restored it to the new instance. Starting a newer version of keycloak (I've tried 4.8, 5.x, 6.x all with the same issue) which connects to the newly restored DB runs the liquibase scripts successfully and all appears well in the startup logs. When I navigate to my instance in the browser I can login to the master realm using my existing credentials, however selecting any realm (or any link after that) results in a 404. I see the URL is malformed which is why I get the 404: https://keycloak.example.com/auth/admin/master/console/#/realms//clients Notice the "realms//clients" part. If you correct this URL manually the page spins/loads until Keycloak's transaction reaper kills the request. I have attached the full startup log. Has anyone ran into this before or possibly have any insight/suggestions? Thank you!

6 years, 1 month

1
0
0 / 0

User admin on master not found

by Henning Waack

Hi. Using KC 5.0.0 (migrated from 4.x, long running since then), we suddenly have the problem that we cannot login with the "admin" user to the master realm. Using another master user, when listing all users in the console we do not see the admin user. Searching for the admin user explicitly, the user is listed. Clicking on the user results in a 404. The user is also listed in the database table USER_ENTITY and just looks fine to me. No entry is shown in the server.log (with log level DEBUG). Any ideas? Thanks & greetings Henning -- Henning Waack | IT Consultant codecentric AG | Hochstraße 11 <https://maps.google.com/?q=Hochstra%C3%9Fe+11%C2%A0+%7C+%C2%A0+42697+Soli...> | <https://maps.google.com/?q=Hochstra%C3%9Fe+11%C2%A0+%7C+%C2%A0+42697+Soli...> <https://maps.google.com/?q=Hochstra%C3%9Fe+11%C2%A0+%7C+%C2%A0+42697+Soli...>42697 Solingen <https://maps.google.com/?q=Hochstra%C3%9Fe+11%C2%A0+%7C+%C2%A0+42697+Soli...> |Deutschland <https://maps.google.com/?q=Hochstra%C3%9Fe+11%C2%A0+%7C+%C2%A0+42697+Soli...> tel: +49 (0)151 108 515 29 www.codecentric.de | blog.codecentric.de | www.meettheexperts.de Sitz der Gesellschaft: Solingen | HRB 25917 | Amtsgericht Wuppertal Vorstand: Michael Hochgürtel . Ulrich Kühn . Rainer Vehns Aufsichtsrat: Patric Fedlmeier (Vorsitzender) . Klaus Jäger . Jürgen Schütz Diese E-Mail einschließlich evtl. beigefügter Dateien enthält vertrauliche und/oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und löschen Sie diese E-Mail und evtl. beigefügter Dateien umgehend. Das unerlaubte Kopieren, Nutzen oder Öffnen evtl. beigefügter Dateien sowie die unbefugte Weitergabe dieser E-Mail ist nicht gestattet.

6 years, 1 month

1
0
0 / 0

Support for OpenID Connect Federation 1.0

by Paul Templeman

Hi Just wondering if there are any plans for Keycloak to support OpenID Connect Federation 1.0? See https://openid.net/2019/06/25/openid-connect-federation-progress/ Regards Paul

6 years, 1 month

1
0
0 / 0

Re: [keycloak-user] Sign in with Apple?

by Hans Zandbelt

On Thu, Sep 26, 2019 at 6:01 PM <keycloak-user-request(a)lists.jboss.org> wrote: > it to start the process, goes to Apple's server and authenticates but then > when it redirects back to Keycloak, Apple uses a POST request to send back > the state and code instead of a GET. It looks like the OIDC provider only > supports GET ( > https://github.com/keycloak/keycloak/blob/master/services/src/main/java/o... > < > https://github.com/keycloak/keycloak/blob/master/services/src/main/java/o...>) > is there any way around this without creating a custom provider? > That looks like a configuration issue then. Sign in with Apple does support the regular response mode using query parameters for the "code" response type. Hans. -- hans.zandbelt(a)zmartzone.eu ZmartZone IAM - www.zmartzone.eu

6 years, 1 month

1
0
0 / 0

HS256 Shared Secret

by Sam Lewis

How do you retrieve and HS256 shared secret?

6 years, 1 month

4
5
0 / 0

Authenticator flows alternative processing - Keycloak 4.8.3

by Cliff MAURY

Hello, We have to implement an authenticator flow to handle the following scenarios : - EITHER user fills in the login form, he/she can be log into the app (Username Password Form) - OR users click on a new link 'First connection ?' on the login page, he/she sould be redirected to a flow with 'Choose User' and 'Send Email Validation' (custom authentificator). Here is the configuration of the custom browser flow : - Cookie : ALTERNATIVE - Custom Browser : ALTERNATIVE - Custom Username Password : REQUIRED - First Connection : ALTERNATIVE - Choose User : REQUIRED - Send Validation Email (custom authentificator) : REQUIRED We tried to override UsernamePasswordForm:action() (in a custom new class) in order to do context.attempted() and so ignore this step and go into the First Connection flow (ie display the "Choose User" Form) but it doesn't work at this time. We are lost into DefaultAuthenticationFlow (processFlow(), processAction()...) especially with processResult() (case ATTEMPTED) that throws an AuthenticationFlowException when execution is REQUIRED (line 278 / keycloak 4.8.3.Final) Does someone see what we can do please ? Regards, Cliff MAURY

6 years, 1 month

1
0
0 / 0

User roles are not updated when the user is already created

by Mehdi Bechiri

Hey there, This is related to KEYCLOAK-8690<https://issues.jboss.org/browse/KEYCLOAK-8690>. We are a few having some issues with regards to SSO, notably about the non-update of user roles when something is updated on the IdP side. Basically, when we set SSO up, at first login we go through the first broker login flow, which creates the user in the db and gives this user all the roles he should have depending on the mapping we created, in our case “Claim to role” mappers. In our case, each role in keycloak has a corresponding Azure AD group, where we manage all of our users and where our IAM strategy sits. Our problem begins when we update the groups on AAD. When we remove the user from a particular group, the role in keycloak is removed at the next login. Which is expected. But when we had this user in a new group, we expect the corresponding role to be added at the next login. Which is not the case. For me it is a strange behavior to allow remove but disallow add. Our workaround today – which is not sustainable on the long run – is to delete the user prior updating him in AAD with new group, so that each time he will go through the first broker login flow and gets the right roles. The Jira mentioned above is about that, and you reply that it is not a bug and therefore, it doesn’t need to fixed. Which we disagree on. Or maybe there is something in keycloak configuration that I’ve missed ? Could you expand on the rationale behind the logic ? Regards, Mehdi Bechiri Ops Lead +33.6.15.03.63.73 [Logo] Rue Adrien-Lachenal 20 » 1207 Genève » Switzerland komgo.io<http://www.komgo.io/> » LinkedIn<https://www.linkedin.com/company/komgo/> » Twitter<https://twitter.com/iokomgo>

6 years, 1 month

1
0
0 / 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

keycloak-user September 2019