"Invalid state param" for KeycloakInstalled
by Juraci Paixão Kröhling
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hello,
I'm trying to use the KeycloakInstalled to authenticate an user via
CLI and I'm getting a "Invalid State param" message on the URL that it
asks the user to open.
Code:
KeycloakInstalled keycloak = new KeycloakInstalled();
keycloak.loginManual();
The generated URL is:
http://localhost:8080/auth/realms/acme-roadrunner-affairs/protocol/openid...
"acme-roadrunner-affairs" is the realm, and "installed" is an OAuth
client registered on this realm, with a "redirect URI" as
"urn:ietf:wg:oauth:2.0:oob"
Am I missing some configuration?
- - Juca.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBCgAGBQJUZhGWAAoJEDnJtskdmzLMRrQIAIsnyvrDcPbNGnCZ5J6iyb9K
yli+68XODuIvdVheihy27aODlKT5kEDPKtBF2VrcLwvnQW16ZCcsIBwKvB4DF587
+PpZZysuvvNQnXu9PY/X0THilPuIJCsCj1Pti5YK1Npp7WL1gGNn4OV7cwhsk+wT
xNbbWzsCh53eRistfCGuQ4f6cD/dZkIVEwjPSwP7UQnYuT3qeftsXWHAtWXdLmIa
6zoe8X9pJ/OfAyk1TPUJjM0vzhtRnZOXk1qecRFe7g+uEUnDG1kx5Vp9Mf7ri3J/
JSmJhhxVxpJyFeSPHx1cZrZXZbyrcl88TeonqG8D//x3t2y4dJil0DE/t/5Kmtw=
=qdUj
-----END PGP SIGNATURE-----
10 years, 1 month
Re: [keycloak-user] failed verification of token
by Pratik Parikh
Hi Bill,
Thanks i turned the scope off under the application but that did not
help. Could you please help us understand what is going on. I am trying
to look the code but seems like it is going to take be a bit to figure it
out. It seems like HttpFacade.Cookies is suppose to have state cookie
which is contained in KeycloakDeployment. I did try what you suggest was
that not correctly understood by me? I am new to keycloak but this is a
great project would like to understand it and use it to its fullest extend.
Can you help me get past this problem. Thanks in advance.
Regards,
--
Pratik Parikh
- Mantra - Keep It Simple and Straightforward
10 years, 1 month
oauth limited scope access tokens?
by Richard Rattigan
I noticed the following comment in TokenManager:
public static Set<RoleModel> getAccess(String scopeParam, ClientModel client, UserModel user) {
// todo scopeParam is ignored until we figure out a scheme that fits with openid connect
...
}
Am I right to assume this means it is not possible for an OAuth client to request an access token for a subset of the available scopes? I.e. The OAuth scope parameter is ignored?
If this is correct, is this a feature that will be added soon?
10 years, 1 month
No state cookie - Problem after authentication - What am i missing?
by Pratik Parikh
I am trying to setup Aerogear 1.0.2 (hosted on a separate server from
Keycloak) Integration with Keycloak 1.0.1-Beta1 (hosted on a separate
server then Aerogear) and in doing so i am running into a problem. Could
anyone provide me some direction, below is what is happening.
I was able to import the aerogear realm and configure appropriate
redirect URI. After doing so i am now presented with a login screen where
by i was able to login but after login when it tries to do a redirect i get
the following, am not sure that it mean and how to move forward. Any help
will be appreciated.
2014-11-13 13:15:52,061 WARN
[org.keycloak.adapters.OAuthRequestAuthenticator] (default task-60) No
state cookie -- This error is on aerogear server after the
authentication is done.
Do i need to upgrade the adapter on Aerogear server?
Regards, Thanks in advance.
--
Pratik Parikh
- Mantra - Keep It Simple and Straightforward
10 years, 1 month
LDAP Groups
by Lionel Orellana
Hi,
I am evaluating LDAP integration in version 1.1.0.Beta1. I don't see
anything in the LDAP provider settings regarding groups. I was
expecting something similar to the jboss ldap login module where there are
settings to populate the user principal with roles from LDAP groups. Is
there an alternative way to do this with Keycloak?
Thanks
Lionel.
10 years, 1 month
JWT signature verification failure
by Richard Rattigan
I'm trying to verify keycloak jwt signatures in a Java/Groovy, but I'm not succeeding. I'm new to crypto, so maybe I'm doing something stupid.
This is Groovy code. realmPublicKey is the publicKey string from the realm REST response. I'm using the jjwt library to parse the tokens, but I get the same result (signature verification failure) with the nimbus library:
Security.addProvider(new BouncyCastleProvider())
def publicKey = KeyFactory
.getInstance("RSA", "BC")
.generatePublic(new X509EncodedKeySpec(realmPublicKey.decodeBase64()))
def claims = Jwts.parser().setSigningKey(publicKey).parse(accessToken)
I get an exception during the parse:
io.jsonwebtoken.SignatureException: JWT signature does not match locally computed signature. JWT validity cannot be asserted and should not be trusted.
Is anyone able to see what I'm doing wrong here?
Richard Rattigan
Sonos | Sr. Software Engineer | Skype: Richard.RattiganSonos
10 years, 1 month
Api for adding roles to users
by Raghuram
How do we add users to the default roles? I am using the key cloak federation api to do custom authentication for a realm. Noticed that the users are not able to login to the application after being authenticated unless roles are added manually to them. Wondering if the roles can be added within the federation provider code after authenticating the users?
Sent from my iPhone
10 years, 1 month
