Authenticate user without using login page
by Rodrigo Sasaki
Is there a way to authenticate the user without having to input username
and password on the login page?
For example:
Say there's a situation in my application where I request the user for his
username and password, and I wouldn't like to redirect that to the keycloak
login page to authenticate him, would there be a way for me to do that?
--
Rodrigo Sasaki
10 years, 3 months
Multitenancy for WAR
by Nils Preusker
Hi,
first of all, congrats on the beta 1 release!
Here's my question: I have a WAR with a REST API that I'm securing with
Keycloak. Now I'd like to add multitenancy support.
If I understand the concept in keycloak correctly, I would somehow have to
have several realms in the keycloak.json and the web.xml of the war, right?
However there is just one realm-name attribute in the web.xml and the
structure of keycloak.json also looks like it is intended for one realm. Am
I missing something?
Cheers,
Nils
10 years, 3 months
"Remember Me" feature on Social Login
by Rodrigo Sasaki
Hi,
I know this doesn't exist now, but I was wondering if it is something that
is planned to be implemented, or if there's a particular reason why it
isn't.
Thanks!
--
Rodrigo Sasaki
10 years, 3 months
Bearer Only Application access with token
by Rodrigo Sasaki
Hi,
I'm trying to secure a bearer-only application with keycloak, to access it
with access tokens, but I think I'm missing something.
I tried it with the database-service of the unconfigured demo.
1. I created the user role in the application.
2. I assigned that role to my user
3. I copied the contents of the installation json to
*webapp/META-INF/keycloak.json*
{
"realm": "demo",
"realm-public-key":
"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCwRayjzh7W+EfPaeSdyXWLyXof7c3fwD7vb0AEtG+ogLHtMkYiTdX9y/JXOmXwWDzGhx7NM3Q6vkCG0F3lZqOVsSlYH56c5+Ev4QmSGK/+6e+WcZMcgmscoz1OoXKom4+pzqMey42hqdwwMhkvCq/jxJSmUGnZJQuqEKVH00NZ1wIDAQAB",
"bearer-only": true,
"ssl-not-required": true,
"resource": "database-service",
"use-resource-role-mappings": true
}
4. Set the auth-method to *KEYCLOAK* on web.xml
5. Started the server deploying the *database-service*
6. Generated a token using *security-admin-console* client_id and my user
7. Submitted a GET request to *localhost:8080/database/customers*
After these steps I get a 403 error, saying that I'm not authorized to
access the resource, wasn't this supposed to work?
--
Rodrigo Sasaki
10 years, 4 months
How can I customize the New User Registration workflow?
by Christina Lau
Is it possible to add a call to call my own code before a new user is added to the system using the New User Registration form? I need to call some other services when onboarding a new user. Thx.
Christina
10 years, 4 months
Re: [keycloak-user] Bower for keycloak.js
by Stian Thorgersen
I think you got the 403 due to it already being registered.
There should be two versions available 1.0-beta3 and 1.0-beta4-pre. Once we release 1.0.final it'll be tagged as 1.0. The 1.0-beta3 syntax should work as jQuery uses it ;)
----- Original Message -----
> From: "Joshua Bellamy-Henn" <josh(a)psidox.com>
> To: "Stian Thorgersen" <stian(a)redhat.com>
> Cc: "Josh" <smysnk(a)gmail.com>, keycloak-user(a)lists.jboss.org
> Sent: Wednesday, 30 July, 2014 9:13:21 PM
> Subject: Re: [keycloak-user] Bower for keycloak.js
>
> So I've tried to register this package for you guys using bower:
>
> ~/play/keycloak-js-bower master 14:08:22
>
> $ bower register keycloak git://github.com/keycloak/keycloak-js-bower.git
>
> bower keycloak#* resolve git://
> github.com/keycloak/keycloak-js-bower.git#*
>
> bower keycloak#* checkout master
>
> bower keycloak#* resolved git://
> github.com/keycloak/keycloak-js-bower.git#923dccb251
>
> [?] Registering a package will make it installable via the registry (
> https://bower.herokuapp.com), continue? Yes
>
> bower keycloak register git://
> github.com/keycloak/keycloak-js-bower.git
>
> bower EUNKNOWN Unknown error: 403
>
>
> I am afraid this could be due to the version number possibly being in an
> incorrect format.
>
>
> On Mon, Jul 14, 2014 at 10:46 AM, Joshua Bellamy-Henn <josh(a)psidox.com>
> wrote:
>
> > I removed the "keycloak" package, the name should be open for registration
> > now.
> >
> > Still bit skeptical it will accept anything other than "x.x.x" notation
> > for versioning but give it a try. :)
> >
> > - Josh
> >
> >
> > On Mon, Jul 14, 2014 at 5:10 AM, Stian Thorgersen <stian(a)redhat.com>
> > wrote:
> >
> >> Have you contacted the Bower guys to get this changed yet?
> >>
> >> By the way we're going to stick with the same versioning that we use for
> >> Keycloak except we'll remove -final from the final release. So versions
> >> would be:
> >>
> >> 1.0-beta4
> >> 1.0-rc1
> >> 1.0
> >>
> >> That should mean that versions such as ">=1.0" will work, and will only
> >> use stable versions, while if someone wants to use a beta or rc they can
> >> explicitly specify the version.
> >>
> >> ----- Original Message -----
> >> > From: "Josh" <smysnk(a)gmail.com>
> >> > To: "Stian Thorgersen" <stian(a)redhat.com>
> >> > Cc: keycloak-user(a)lists.jboss.org
> >> > Sent: Thursday, 3 July, 2014 4:46:09 PM
> >> > Subject: Re: [keycloak-user] Bower for keycloak.js
> >> >
> >> > I do think there is a problem using that version format, I think I
> >> tried it
> >> > originally and bower was having none of it. This could be because they
> >> use
> >> > version for auto upgrade purposes, where one can use a "~" character to
> >> > prefix the version to allow upgrades in version minors in the bower.json
> >> > file.
> >> >
> >> > eg.
> >> > "dependencies": {
> >> > "keycloak": "~0.3.12"
> >> > },
> >> >
> >> >
> >> > I have to admit I've been pulled to the dark side a little bit, it do
> >> enjoy
> >> > npm / bower for doing javascript type build processes (sometimes a
> >> > necessary evil). I was never a a fan of 'grunt' but found that 'gulp'
> >> is
> >> > much better. I have a hybrid build process in my java apps where I
> >> > sometimes break out of maven to execute some gulp build processes.
> >> >
> >> > But I understand for project like keycloak 'npm / gulp' adds a lot of
> >> > complexity to build process and is not desirable.
> >> >
> >> > I'll talk to the bower guys to get keycloak switched over to your fork
> >> :D
> >> >
> >> >
> >> >
> >> > On Thu, Jul 3, 2014 at 7:08 AM, Stian Thorgersen <stian(a)redhat.com>
> >> wrote:
> >> >
> >> > > I've pulled in your stuff to
> >> https://github.com/keycloak/keycloak-js-bower
> >> > >
> >> > > I'd prefer the versions to match with Keycloak versions (1.0-beta-2,
> >> > > 1.0-beta-3, 1.0-final). Do you know if that'll be a problem?
> >> > >
> >> > > Also, I'm going to add minification of keycloak.js to our Maven build.
> >> > > We'll need it there as well + we're mainly Java/Maven guys ;)
> >> > >
> >> > > ----- Original Message -----
> >> > > > From: "Josh" <smysnk(a)gmail.com>
> >> > > > To: "Stian Thorgersen" <stian(a)redhat.com>
> >> > > > Cc: keycloak-user(a)lists.jboss.org
> >> > > > Sent: Monday, 23 June, 2014 10:38:44 PM
> >> > > > Subject: Re: [keycloak-user] Bower for keycloak.js
> >> > > >
> >> > > > Looks like it's a manual process at the moment to get registry
> >> moved to a
> >> > > > different github endpont. Let me know when you have the project
> >> setup
> >> > > and
> >> > > > I'll contact the bower guys.
> >> > > >
> >> > > > - Josh
> >> > > >
> >> > > >
> >> > > > On Mon, Jun 23, 2014 at 12:56 PM, Josh <smysnk(a)gmail.com> wrote:
> >> > > >
> >> > > > > You bet, I actually had the thought that it would be better as
> >> part of
> >> > > the
> >> > > > > release cycle. I'll have to figure out how to transfer bower
> >> > > repositories
> >> > > > > because there was no login required to register a bower repo and
> >> > > currently
> >> > > > > I have taken "keycloak" which would be optimal for the project.
> >> > > > >
> >> > > > >
> >> > > > > On Mon, Jun 23, 2014 at 2:40 AM, Stian Thorgersen <
> >> stian(a)redhat.com>
> >> > > > > wrote:
> >> > > > >
> >> > > > >> Hi Josh,
> >> > > > >>
> >> > > > >> That's great - thanks for contributing this. I would like to
> >> transfer
> >> > > > >> this to https://github.com/keycloak though, I hope your happy
> >> with
> >> > > that.
> >> > > > >>
> >> > > > >> Thanks,
> >> > > > >> Stian
> >> > > > >>
> >> > > > >> ----- Original Message -----
> >> > > > >> > From: "Josh" <smysnk(a)gmail.com>
> >> > > > >> > To: keycloak-user(a)lists.jboss.org
> >> > > > >> > Sent: Friday, 20 June, 2014 6:30:02 PM
> >> > > > >> > Subject: [keycloak-user] Bower for keycloak.js
> >> > > > >> >
> >> > > > >> > Hi guys,
> >> > > > >> >
> >> > > > >> > I have created a little github project to make keycloak.js
> >> > > available to
> >> > > > >> bower
> >> > > > >> > package manager .
> >> > > > >> >
> >> > > > >> > Project here:
> >> > > > >> > https://github.com/smysnk/keycloak-adapter-bower
> >> > > > >> >
> >> > > > >> > Usage:
> >> > > > >> > $ bower install keycloak
> >> > > > >> >
> >> > > > >> > - Josh
> >> > > > >> >
> >> > > > >> >
> >> > > > >> > _______________________________________________
> >> > > > >> > keycloak-user mailing list
> >> > > > >> > keycloak-user(a)lists.jboss.org
> >> > > > >> > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >> > > > >>
> >> > > > >
> >> > > > >
> >> > > >
> >> > >
> >> >
> >>
> >
> >
>
10 years, 4 months
Domain vs Standalone
by Patrick V. Madden
Hi,
I'm just curious if there are any limitations to deploying Keycloak in a Wildfly domain? I see most of the documentation mentions the standalone configuration.
Would installing Keycloak on the domain node be a good or bad idea?
Thanks in advance,
Patrick
10 years, 4 months
Disabling totp
by Vivek Srivastav (vivsriva)
Hi,
I enabled the totp for my realm but unable to remove the config. Even when I have removed the “totp” from Realm Credential Settings, the login process keeps asking for OTP.
How do I disable it.
Kind Regards,
Vivek
10 years, 4 months
Keycloak - Create Theme
by Vinicius Nakayama
Hello guys,
I'm developer and I am using the keycloak in my project.
I'd like use my layout. I saw in documentation that is necessary create
folder in the Jboss(.../standalone/configuration/themes/). That's all
right, but I noticed that in selection themes(My Realm -> General ->
Settings -> Optional Settings) the option from my theme not appear. It is
correct? Or the option it should show?
I'd also like know what is the best practice to create a new theme?
Thanks in advance.
Kind regards,
Vinicius Nakayama
10 years, 4 months
Implicit client login problem
by Vivek Srivastav (vivsriva)
I am trying to get the customer-portal-cli to work
customer-portal-cli has the following configuration:
access type: public
redirect URL: http://localhost
Keycloak Environment:
1.0-beta-3
The app is able to launch a browser, obtain the code, but I am getting invalid token signature. Following is the jboss log:
14:53:40,883 INFO [org.keycloak.services.resources.TokenService] (http-/127.0.0.1:8080-8) no authorization header
14:53:40,891 INFO [org.keycloak.audit] (http-/127.0.0.1:8080-8) event=CODE_TO_TOKEN, realmId=bd1320b5-7601-4056-8e30-4839f5bfdf8b, clientId=customer-portal-cli, userId=13598dc1-61d5-42e8-a6b1-86595548b384, ipAddress=127.0.0.1, refresh_token_id=784df1b7-8d6e-44de-80d7-b3ce44317007, code_id=d0ae1bc2-f66c-4d44-9a48-72059f5463f81406660020834, token_id=8170b67d-888f-4770-a4fd-691ece674214
Commands:
login - login with desktop browser if available, otherwise do manual login
login-manual - manual login
login-desktop - desktop login
token - show token details
id-token - show ID token details
profile - retrieve user profile
customers - retrieve customers listing
refresh - refresh token
exit - exit
$ login
Invalid token signature.
Appreciate any help.
Kind Regards,
Vivek
10 years, 4 months
