silentCheckSsoRedirectUri
by Christophe Lehingue
Hello,
I use keycloak and it works fine.
I have a question about "on login: check-sso (plugin: js)".
Is there a way to prevent the page from loading 2 times in a row?
I tried with the silentCheckSsoRedirectUri
var initOptions = {
responseMode: 'query',
flow: 'standard',
checkLoginIframe: true,
onLoad: 'check-sso',
silentCheckSsoRedirectUri: 'https:
//www.mapage/identityserver-sample-silent.html'
};
But it does not seem to work (certainly that I do it wrong).
Can you help me ?
Regards,
Christophe
====== IN FRENCH =============================
BOnjour,
J'utilise keycloak et cela fonctionne correctement.
J'ai une question concernant "on login: check-sso (pluging : js) ".
Y' a t'il une possibilité d'empêcher la page de se charger 2 fois de suite ?
J'ai essayé avec le silentCheckSsoRedirectUri
var initOptions = {
responseMode: 'query',
flow: 'standard',
checkLoginIframe: true,
onLoad: 'check-sso',
silentCheckSsoRedirectUri: '
https://www.mapage/identityserver-sample-silent.html'
};
Mais ça n'a pas l'air de fonctionner (certainement que je m'y prends mal).
Pouvez-vous m'aider ?
Cordialement,
Christophe
5 years, 3 months
Resource sharing using Keycloak
by Vishnu Prakash
Hi,
I am new to keycloak. I am trying to do resources sharing using Permission
Management feature in Protection API.
The resource server is accessed from a public client app(keycloak public
client). But using the token issued to the client app, I am not able to do
resource sharing from my resource server. It is throwing following error.
{"error":"invalid_clientId","error_description":"Client application
[CALL-CENTER-UI] is not registered as a resource server."}
Please find my code below,
PermissionTicketRepresentation permissionTicketRepresentation = new
PermissionTicketRepresentation();
permissionTicketRepresentation.setRequester(
"5cb1f43c-d28c-457f-9491-b358f63a8362");
permissionTicketRepresentation.setRequesterName("vishnu");
permissionTicketRepresentation.setOwner("albin");
permissionTicketRepresentation.setResource(
"0fb7bfe1-78de-46eb-9e75-4632a67d1afb");
permissionTicketRepresentation.setResourceName("Pro-02-05091019");
permissionTicketRepresentation.setScope("project:view");
permissionTicketRepresentation.setScopeName("project:view");
permissionTicketRepresentation.setGranted(true);
AuthzClient.create().protection(token).permission().create(permissionTicketRepresentation);
Is to possible to share resources between users without using “Keycloak
account app”.
Any help will be appreciated.
Thanks & Regards,
Vishnu Prakash
5 years, 3 months
gatekeeper - refresh access token on every access
by Julien Goux
Hello,
I'm using gatekeeper behind a nginx server.
Gatekeeper's logs are pretty obvious until my first access token expired (5 min lifetime). After this period, it seems that gatekeeper is refreshing the token on every access.
Here are the logs for *3 * accesses after the first access token has expired, I have the same log for every further access :
1.5687944022004497e+09 info accces token for user has expired, attemping to refresh the token {"client_ip": "127.0.0.1:40312", "email": "julien.goux(a)live.fr"}
1.5687944022271063e+09 info injecting the refreshed access token cookie {"client_ip": "127.0.0.1:40312", "cookie_name": "kc-access", "email": " julien.goux(a)live.fr ", "refresh_expires_in": 1800, "expires_in": 299.772897193}
1.5687944027145464e+09 info accces token for user has expired, attemping to refresh the token {"client_ip": "127.0.0.1:40318", "email": " julien.goux(a)live.fr "}
1.5687944027320542e+09 info injecting the refreshed access token cookie {"client_ip": "127.0.0.1:40318", "cookie_name": "kc-access", "email": " julien.goux(a)live.fr ", "refresh_expires_in": 1800, "expires_in": 299.26794899}
1.568794442552826e+09 info accces token for user has expired, attemping to refresh the token {"client_ip": "127.0.0.1:40328", "email": " julien.goux(a)live.fr "}
1.568794442570195e+09 info injecting the refreshed access token cookie {"client_ip": "127.0.0.1:40328", "cookie_name": "kc-access", "email": " julien.goux(a)live.fr ", "refresh_expires_in": 1800, "expires_in": 299.429808309}
Why does gatekeeper keeps refreshing the access token on every access instead of deliverying a new one for 5 min ?
Thanks for your help.
5 years, 3 months
Keycloak Share a resource with other User
by Nicola
Hi, i'm new to keycloak, i'm watching the *photoz uma example*, in this
example a user can *create *a resource and then *share *with other user, i'm
interested to this feature.
Checking in the JavaDOC i've found that from a PermissionResource i can
create a *PermissionTicketRepresentation*, where i can set the resource, the
scope, the owner and the requester of the resource, i've tried this, but i
get
/{"error":"not_authorised","error_description":"permissions for
[3707be30-6e85-4d48-92c9-afaf0750eaec] can be only created by the owner"}/
so, how can i do this via code?
kind regards
--
Sent from: http://keycloak-user.88327.x6.nabble.com/
5 years, 3 months
Support multiple authentication mechanism in a single war
by Kavis Pandey
Hi,
We have JSP+Servlet application (running on wildfly-10) that is
configured with Keycloak using keycloak-wildfly adapter. We have used
multi-tenancy feature of Keycloak and create the Keycloak Deployment
object during runtime by implementing KeycloakConfigResolver. That
works fine.
Now we have a requirement where our application needs to fall-back to
FORM based authentication instead of Keycloak based on certain
conditions. So basically we need to support multiple authentication
mechanisms during runtime (BASIC + KEYCLOAK)
Is it possible ?
Thanks in advance,
Kavis
5 years, 3 months
Display only external identity providers on login page (no login passwd fields)
by Sylvere RICHARD
Hi,
i was trying to configure keycloak so that only the external identity
providers are displayed on the login page for a given realm. I do not want
to display the login / passwords fields and ideally this authentication
mode based on login/password should be deactivated.
Is there any way to achieve this?
Thanks
S.
5 years, 3 months
Re: [keycloak-user] [EXTERNAL] Specifying LDAP/AD domain in token endpoint
by Ajinkya Thakare
Hi team,
Can someone update on this please?
Regards,
Ajinkya Thakare
On 9/10/19, 4:33 PM, "keycloak-user-bounces(a)lists.jboss.org on behalf of Ajinkya Thakare" <keycloak-user-bounces(a)lists.jboss.org on behalf of Ajinkya.Thakare(a)veritas.com> wrote:
Hi team,
Is there anyway for the user to specify which LDAP/AD domain to point to while logging in, i.e. while using the token endpoint?
The scenario is for a multi-tenant environment, where the same username can be a part of multiple LDAP/AD domains but with different authorization roles setup in each. Here we don’t want our Keycloak instance to sequentially check into every LDAP/AD configuration added, like it does now, but rather check for validating the credentials in only specified domain.
Also, if there are different passwords in different domains for same username, the Keycloak instance returns invalid credential error if the user provides the password for a later LDAP/AD config. In this case, an ability to specify the domain will really be helpful.
Example:
Suppose username ‘athakare’ is a part of two different domains – ‘domain1’ & ‘domain2’, with different passwords, it would be easier if the user can specify something like ‘athakare@domain1’ as his username while logging in.
Please let me know if this is already possible in any way using Keycloak. Thanks!
Regards,
Ajinkya Thakare
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
5 years, 3 months
