October 2014 - keycloak-user - Jboss List Archives

by Juraci Paixão Kröhling

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hello, I'm assisting on a project that is about to implement Keycloak for user auth. They also need to authenticate/authorize non-interactive users (as in: nodes talking to a server) and are considering using Keycloak for that as well. My first thought was to use OAuth, performing the initial OAuth flow during the first boot of the server and then publishing the refresh token to the nodes, so that they can get bearer tokens whenever they need to talk to the server. While the above works in my PoC, it's not ideal: - - there has to be an unprotected resource, so that the node can get the refresh token - - the refresh token is related to the admin that first installed the server - - related to the above: auditing is harder, as the requests were appear to come from said admin - - node and server are the same application from the user's perspective, so, it makes no sense to have an "OAuth client" and an "Application" on Keycloak. - - having an extra code for the initial OAuth flow seems a bit counter productive There are some examples where part of this scenario could be covered, like the "KeycloakInstalled" from the integration project, but it also doesn't seems to quite fit into this. So, my questions would be: - - Would there be a better solution based on the latest Keycloak? - - If not, is this scenario something that would be interesting implementing? The advantage I see in having this implemented on Keycloak instead of baking a new solution is that the application wouldn't need to care if the request is coming from a non-interactive user or a real user, as long as the proper roles are set. Also, having one single auth mechanism for both non-interactive and interactive users is far better than mixing mechanisms based on the path. Juca. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBCgAGBQJUOAMvAAoJEDnJtskdmzLMf6cH/2LqY4owURTI3mMaw8n3U1Ws XARiU+QiXHeEaQ2BiMySIxHHZCC0kmi6z3eVv2Ku28daDjVUJmS+VlqLg7ogbt6J jUH1SHAWtEvcJu32SsxJOzKkFQcEndv/FThABBa8Z4KW91SgWJdSPYbGWKVOyc72 XICPlD73l9zmnO4oJwr1oxy79pMbeX1/eiLox3ZgDgGwCKh/r5F8+LzhzPKWRWhM RkcGzwaIclTysBlYjx1RrFObrEs2oK4gQ2TBSvmIjurSQVs7xrwb78xzTqGOrU5a z7cInMQh5/4FJcFwRBKFjXQ8FcbyuLWTQ2elJsnD8VC2HTxRBecPKmD3Fa98WqM= =DWdv -----END PGP SIGNATURE-----

10 years, 2 months

3
3
0 / 0

Keycloak-tomcat adapter

by robinfernandes .

Hi, I know there is a keycloak-tomcat adapter that is present but has anyone tried to install that adapter? I want to secure some WAR files deployed on TOMCAT 6.0 Is there a guide on how to install and configure the adapter on TOMCAT? Any help is appreciated. Thanks, Robin

10 years, 2 months

2
1
0 / 0

Link to Account Page

by Rodrigo Sasaki

Hello, I am trying to create a link on our application to go directly to Keycloak's Account Page, so the user can alter his information, but it doesn't work. I saw that there is a validation that assures that the referrer is the same as the server, for example: I can only access the account app inside my localhost:8080 if the referrer is also in localhost:8080. Is it supposed to be like this? Is there a way for me to create a hyperlink from my application directly to Keycloak's Account Page? Given that my own application is secured by Keycloak, I think it should be possible. Is this the correct behavior? Thanks again! -- Rodrigo Sasaki

10 years, 2 months

3
10
0 / 0

Pure Client Javascript Adapter - fragment problem - KEYCLOAK-546

by Travis De Silva

Hi, Not sure if anyone else has faced this issue but I don't seem to be able to get the Pure client javascript adapter working. I am sort of following the same style as per the example angular-product-app but unlike the example, my application has many routers and I use the angular ui-router to manage my routers in angular. The Keycloak login page comes up properly and once I provide the valid credentials, it authenticates properly as well but the issue is with the redirect. I tried many different things and one common issue I noticed was that the redirect_uri and redirect_fragment query parameters does not seem to be correct. In fact it seems to be identical to this Jira issue raised by Bill sometime back https://issues.jboss.org/browse/KEYCLOAK-546 I wonder if this issue is still present in the 1.0.1 final release or if its resolved and maybe I am not doing something right. Appreciate any help. Cheers Travis

10 years, 2 months

2
2
0 / 0

How to get current user in my application

by Alexander Chriztopher

Hi, Am using Keycloak with my JEE 7 application deployed on Wildfly. I would like to get a handle on the currently authenticated user by doing this : *import* javax.ejb.LocalBean; *import* javax.faces.bean.SessionScoped; *import* javax.inject.Named; *import* javax.ws.rs.core.Context; *import* javax.ws.rs.core.SecurityContext; *import* org.keycloak.KeycloakPrincipal; @LocalBean @Named @SessionScoped *public* *class* SessionController { @Context *private* SecurityContext securityContext; *public* *void* method() { KeycloakPrincipal *principal* = (KeycloakPrincipal)securityContext. *getUserPrincipal*(); } } Unfortunately i get a NullPointerException on the call to securityContext. Am i doing things right ? Shouldn't i get a security context this way ? Thanks for any help.

10 years, 2 months

3
5
0 / 0

Problem Updating Account

by Rodrigo Sasaki

Hi. I'm having some trouble with the account page. I try updating my profile at http://serverUrl/auth/realms/{realm}/account When I try editing my account info (firstName, email...) I have a problem when I hit save. the processAccountUpdate method inside AccountService.java invokes a csrfCheck method, that checks if a stateChecker variable is present on my post, but it's always null, so I can never update my account info. Is this a known bug? Thanks again -- Rodrigo Sasaki

10 years, 2 months

2
4
0 / 0

reset password over REST request.

by Сергій Дзюбін

Hello. What is the role of a user to reset a password of another user by calling a REST request: /reset-passschord? For example: $scope.setCredential = function(loginname) { $http.put("/admin/realms/" + auth.authz.realm + "/users/"+loginname+"/reset-password",{PASSWORD : loginname, SECRET : loginname, temporary : true }).success(function() { console.log("Reset password to temporary OK!"); }) }; $scope.createUser = function() { $http.post("http://localhost-auth:8080/auth/admin/realms/" + auth.authz.realm + "/users",{username:"bob", enabled: true, firstName:"Bob",lastName:"Ivanov",emailVerified:false}).success(function() { $scope.setCredential("bob"); }); }; Thank you.

10 years, 2 months

2
1
0 / 0

Keycloak 1.0.2.Final released

by Stian Thorgersen

This is a maintenance release and contains only bug fixes and one minor security fix. For full details look in JIRA (https://issues.jboss.org/issues/?jql=project%20%3D%20KEYCLOAK%20AND%20fix...)

10 years, 2 months

1
0
0 / 0

Still can access application after logout

by Alexander Chriztopher

Hi, I logout from my application either by a redirect to the logout url : http://auth-server/auth/realms/{realm-name}/tokens/logout?redirect_uri=en... or from the Keycloak console by ending all active sessions with the "logout all" button but i still can go and navigate in my application everytime. It is only when i stay idle for sometime that am forced to login again in order to access my application. Anyone knows what this behaviour means ? I was expecting that i would be forced to login as soon as i logout from my application. Regards.

10 years, 2 months

3
5
0 / 0

How to get online users

by Jason Rodis

Good morning, I am trying to set up an application that uses: 1. Spring 3.2.x I used to have spring security for the authentication of the users, and I could get all the online users by a bean called SpringRegistryImpl. Here is an example how I could get all the logged in users: In the controller class I had: @Autowired private SessionRegistryImpl sessionRegistry; and then: List<Object> principals = sessionRegistry.getAllPrincipals(); for (Object principal : principals) { if (principal instanceof UserDetails) { //Add user to the list with the logged in users (in session). } } Now, I have configured my application’s authentication with keycloak and removed spring-security. How can I retrieve all the users in session with keycloak? Thanks in advance, Jason

10 years, 2 months

2
1
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

keycloak-user October 2014