keycloak multi tenant
by Pablo Martin Gore
Just one question , does keycloak supports or will support in a future
multi tenant behavior.?
9 years, 6 months
multi-company
by Pablo Martin Gore
Hi
It is possible to share user between the realm , I mean
pablo is admin in realm 1 and in the realm 2 should be a single user.
My app have to work in a multi-company environments
Thanks again.
9 years, 6 months
Registration
by Pablo Martin Gore
Hi
I want to know if it is possible to add more information into the
registration process .
I saw a table USER_ATTRIBUTES , could I used it for this purpose and how I
could change the registration page layout?
Thanks
Pablo Gore
9 years, 6 months
SAML functionality
by Raghuram
Bill - in your blog you mentioned that you will provide SAML functionality in the future versions of key cloak. Can you provide more information about that? Will key cloak be a full fledged IDP like picketlink or does it act as a STS throwing either openid connect or SAML tokens?
Thanks
9 years, 6 months
Find out if user has a password
by Rodrigo Sasaki
Hello,
I was wondering if there's a way to know if the user has a password
associated with it, I don't need to know the password, I just want to know
if one exists.
Is it possible within the existent API? I didn't see a method to give me
that information. Maybe I missed something.
Thanks!
--
Rodrigo Sasaki
9 years, 6 months
SPNEGO with Keycloak
by Raghuram
> Has anyone tried out SPNEGO (Kerberos) authentication with key cloak 1.0.2? If so, appreciate any input on how it can be achieved?
Sent from my iPhone
9 years, 6 months
Key Value Pair List Attributes for Realms
by Travis De Silva
Hi,
Currently on a Keycloak realm level, we have only the realm name and if its
enabled or not as attributes.
I am throwing out the idea if its possible to add additional key/value pair
attribute lists.
My use case is that currently, the realm name is used in the login form and
also is part of the uri. I prefer the URI to be a short name without any
spaces but when I display the name in the login form or anywhere else, I
would like it to be a user friendly long name. E.g. realm name for url
could be "accounts" and the name that comes up in the login page to be
"Accounting System" I know I can customize the login page with my own theme
but if I can pull that info directly from the realm would be great as
opposed to keeping the info somewhere else.
The reason for a key/value attribute list is so that if there are other
requirements like the above, we can use it without having to add realm
level fields again.
Any thoughts?
9 years, 6 months
Is there a secret maximum SSO Idle Timeout
by Alarik Myrin
A while ago I raised KEYCLOAK-686 about the fact that there is a secret
maximum SSO Session Max Lifespan that is not evident or validated by the
admin web application.
I think the same thing is probably true of SSO Idle Timeout. If I set this
to something like 30 days, and I leave something idle overnight, I hit the
SSO Idle Timeout anyway. I'm not sure what the real maximum is for SSO
Idle Timeout, but it seems like it is maybe measured in hours.
Alarik
9 years, 6 months
org.keycloak.util.PemUtils.pemToDer Bad Base64 input character decimal
by Alexander Chriztopher
Hi all,
I keep on having this error when i start my application :
19:45:36,232 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-8)
MSC000001: Failed to start service
jboss.undertow.deployment.default-server.default-host./cv-web:
*org.jboss.msc.service.StartException* in service
jboss.undertow.deployment.default-server.default-host./cv-web: Failed to
start service
at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(
*ServiceControllerImpl.java:1904*) [jboss-msc-1.2.2.Final.jar:1.2.2.Final]
at java.util.concurrent.ThreadPoolExecutor.runWorker(
*ThreadPoolExecutor.java:1142*) [rt.jar:1.8.0_11]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(
*ThreadPoolExecutor.java:617*) [rt.jar:1.8.0_11]
at java.lang.Thread.run(*Thread.java:745*) [rt.jar:1.8.0_11]
Caused by: *java.lang.RuntimeException*: *java.io.IOException*: Bad Base64
input character decimal 36 in array position 0
at org.keycloak.adapters.KeycloakDeploymentBuilder.internalBuild(
*KeycloakDeploymentBuilder.java:37*)
at org.keycloak.adapters.KeycloakDeploymentBuilder.build(
*KeycloakDeploymentBuilder.java:84*)
at org.keycloak.adapters.undertow.KeycloakServletExtension.handleDeployment(
*KeycloakServletExtension.java:104*)
at io.undertow.servlet.core.DeploymentManagerImpl.handleExtensions(
*DeploymentManagerImpl.java:240*)
at io.undertow.servlet.core.DeploymentManagerImpl.deploy(
*DeploymentManagerImpl.java:149*)
at
org.wildfly.extension.undertow.deployment.UndertowDeploymentService.startContext(
*UndertowDeploymentService.java:87*)
at
org.wildfly.extension.undertow.deployment.UndertowDeploymentService.start(
*UndertowDeploymentService.java:72*)
at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(
*ServiceControllerImpl.java:1948*) [jboss-msc-1.2.2.Final.jar:1.2.2.Final]
at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(
*ServiceControllerImpl.java:1881*) [jboss-msc-1.2.2.Final.jar:1.2.2.Final]
... 3 more
Caused by: *java.io.IOException*: Bad Base64 input character decimal 36 in
array position 0
at net.iharder.Base64.decode(*Base64.java:1201*)
at net.iharder.Base64.decode(*Base64.java:1256*)
at net.iharder.Base64.decode(*Base64.java:1224*)
at org.keycloak.util.PemUtils.pemToDer(*PemUtils.java:91*)
at org.keycloak.util.PemUtils.decodePublicKey(*PemUtils.java:49*)
at org.keycloak.adapters.KeycloakDeploymentBuilder.internalBuild(
*KeycloakDeploymentBuilder.java:35*)
... 11 more
Anyone knows where does this come from.
Everything was working finely until today where i started getting this
error. When i comment out my security stuff in web.xml it disappears.
Thanks for any help.
9 years, 6 months
Session destruction listener
by Jason Rodis
Good morning,
I am trying to set up an application that uses:
1. Spring 3.2.x
I used to have spring security for the authentication of the users, and I could have a logout listener, triggering the SessionDestroyedEvent like this (whenever a session was destroyed) :
@Service
public class LogoutListener implements ApplicationListener<SessionDestroyedEvent> {
@Autowired
private SessionRegistryImpl sessionRegistry;
@Override
public void onApplicationEvent(SessionDestroyedEvent event) {
List<SecurityContext> lstSecurityContext = event.getSecurityContexts();
AuthenticateUser authenticateUser;
for (SecurityContext securityContext : lstSecurityContext) {
authenticateUser = (AuthenticateUser) securityContext.getAuthentication().getPrincipal();
logger.trace("Current session destroyed from user [{}]", authenticateUser.getEmail());
//Handle the session destruction event..
}
}
}
Is there any way I could have that functionality with Keycloak?
Thanks in advance,
Jason
9 years, 6 months