keycloak multi tenant
by Pablo Martin Gore
Just one question , does keycloak supports or will support in a future
multi tenant behavior.?
10 years, 2 months
multi-company
by Pablo Martin Gore
Hi
It is possible to share user between the realm , I mean
pablo is admin in realm 1 and in the realm 2 should be a single user.
My app have to work in a multi-company environments
Thanks again.
10 years, 2 months
Registration
by Pablo Martin Gore
Hi
I want to know if it is possible to add more information into the
registration process .
I saw a table USER_ATTRIBUTES , could I used it for this purpose and how I
could change the registration page layout?
Thanks
Pablo Gore
10 years, 2 months
SAML functionality
by Raghuram
Bill - in your blog you mentioned that you will provide SAML functionality in the future versions of key cloak. Can you provide more information about that? Will key cloak be a full fledged IDP like picketlink or does it act as a STS throwing either openid connect or SAML tokens?
Thanks
10 years, 2 months
Find out if user has a password
by Rodrigo Sasaki
Hello,
I was wondering if there's a way to know if the user has a password
associated with it, I don't need to know the password, I just want to know
if one exists.
Is it possible within the existent API? I didn't see a method to give me
that information. Maybe I missed something.
Thanks!
--
Rodrigo Sasaki
10 years, 2 months
SPNEGO with Keycloak
by Raghuram
> Has anyone tried out SPNEGO (Kerberos) authentication with key cloak 1.0.2? If so, appreciate any input on how it can be achieved?
Sent from my iPhone
10 years, 2 months
Key Value Pair List Attributes for Realms
by Travis De Silva
Hi,
Currently on a Keycloak realm level, we have only the realm name and if its
enabled or not as attributes.
I am throwing out the idea if its possible to add additional key/value pair
attribute lists.
My use case is that currently, the realm name is used in the login form and
also is part of the uri. I prefer the URI to be a short name without any
spaces but when I display the name in the login form or anywhere else, I
would like it to be a user friendly long name. E.g. realm name for url
could be "accounts" and the name that comes up in the login page to be
"Accounting System" I know I can customize the login page with my own theme
but if I can pull that info directly from the realm would be great as
opposed to keeping the info somewhere else.
The reason for a key/value attribute list is so that if there are other
requirements like the above, we can use it without having to add realm
level fields again.
Any thoughts?
10 years, 2 months
Is there a secret maximum SSO Idle Timeout
by Alarik Myrin
A while ago I raised KEYCLOAK-686 about the fact that there is a secret
maximum SSO Session Max Lifespan that is not evident or validated by the
admin web application.
I think the same thing is probably true of SSO Idle Timeout. If I set this
to something like 30 days, and I leave something idle overnight, I hit the
SSO Idle Timeout anyway. I'm not sure what the real maximum is for SSO
Idle Timeout, but it seems like it is maybe measured in hours.
Alarik
10 years, 2 months
org.keycloak.util.PemUtils.pemToDer Bad Base64 input character decimal
by Alexander Chriztopher
Hi all,
I keep on having this error when i start my application :
19:45:36,232 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-8)
MSC000001: Failed to start service
jboss.undertow.deployment.default-server.default-host./cv-web:
*org.jboss.msc.service.StartException* in service
jboss.undertow.deployment.default-server.default-host./cv-web: Failed to
start service
at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(
*ServiceControllerImpl.java:1904*) [jboss-msc-1.2.2.Final.jar:1.2.2.Final]
at java.util.concurrent.ThreadPoolExecutor.runWorker(
*ThreadPoolExecutor.java:1142*) [rt.jar:1.8.0_11]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(
*ThreadPoolExecutor.java:617*) [rt.jar:1.8.0_11]
at java.lang.Thread.run(*Thread.java:745*) [rt.jar:1.8.0_11]
Caused by: *java.lang.RuntimeException*: *java.io.IOException*: Bad Base64
input character decimal 36 in array position 0
at org.keycloak.adapters.KeycloakDeploymentBuilder.internalBuild(
*KeycloakDeploymentBuilder.java:37*)
at org.keycloak.adapters.KeycloakDeploymentBuilder.build(
*KeycloakDeploymentBuilder.java:84*)
at org.keycloak.adapters.undertow.KeycloakServletExtension.handleDeployment(
*KeycloakServletExtension.java:104*)
at io.undertow.servlet.core.DeploymentManagerImpl.handleExtensions(
*DeploymentManagerImpl.java:240*)
at io.undertow.servlet.core.DeploymentManagerImpl.deploy(
*DeploymentManagerImpl.java:149*)
at
org.wildfly.extension.undertow.deployment.UndertowDeploymentService.startContext(
*UndertowDeploymentService.java:87*)
at
org.wildfly.extension.undertow.deployment.UndertowDeploymentService.start(
*UndertowDeploymentService.java:72*)
at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(
*ServiceControllerImpl.java:1948*) [jboss-msc-1.2.2.Final.jar:1.2.2.Final]
at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(
*ServiceControllerImpl.java:1881*) [jboss-msc-1.2.2.Final.jar:1.2.2.Final]
... 3 more
Caused by: *java.io.IOException*: Bad Base64 input character decimal 36 in
array position 0
at net.iharder.Base64.decode(*Base64.java:1201*)
at net.iharder.Base64.decode(*Base64.java:1256*)
at net.iharder.Base64.decode(*Base64.java:1224*)
at org.keycloak.util.PemUtils.pemToDer(*PemUtils.java:91*)
at org.keycloak.util.PemUtils.decodePublicKey(*PemUtils.java:49*)
at org.keycloak.adapters.KeycloakDeploymentBuilder.internalBuild(
*KeycloakDeploymentBuilder.java:35*)
... 11 more
Anyone knows where does this come from.
Everything was working finely until today where i started getting this
error. When i comment out my security stuff in web.xml it disappears.
Thanks for any help.
10 years, 2 months
Session destruction listener
by Jason Rodis
Good morning,
I am trying to set up an application that uses:
1. Spring 3.2.x
I used to have spring security for the authentication of the users, and I could have a logout listener, triggering the SessionDestroyedEvent like this (whenever a session was destroyed) :
@Service
public class LogoutListener implements ApplicationListener<SessionDestroyedEvent> {
@Autowired
private SessionRegistryImpl sessionRegistry;
@Override
public void onApplicationEvent(SessionDestroyedEvent event) {
List<SecurityContext> lstSecurityContext = event.getSecurityContexts();
AuthenticateUser authenticateUser;
for (SecurityContext securityContext : lstSecurityContext) {
authenticateUser = (AuthenticateUser) securityContext.getAuthentication().getPrincipal();
logger.trace("Current session destroyed from user [{}]", authenticateUser.getEmail());
//Handle the session destruction event..
}
}
}
Is there any way I could have that functionality with Keycloak?
Thanks in advance,
Jason
10 years, 2 months
