September 2014 - keycloak-user - Jboss List Archives

Re: [keycloak-user] Unable to start Keycloak beta on AWS VM - HTTPS required

by Christina Lau

Thx. I was able to zip up my laptop version and ssh over to make it work (i.e. bring up admin console). With RHEL VMs, there is no easy way to bring up a local browser so the old defaults were more convenient for those that do dev/test in the cloud.

9 years, 10 months

4
5
0 / 0

OpenID Connect support

by Iván Perdomo

Hi all, I'm looking for a SSO solution that can help me with the need of having a single set of user credentials for several applications (Web and mobile - Android) Looking at the list of features in Keycloack I see that there is support for OpenID Connect. I would like to know your opinion if Keycloack could be used for handling SSO on several applications built on different technology stacks, e.g. Wordpress [1], Django Web app [2], Android [3], Java [1] https://github.com/jumbojett/Wordpress-OpenID-Connect-Login [2] https://github.com/intelie/django-oidc-auth [3] https://github.com/learning-layers/android-openid-connect-sample Thanks, -- Iván

10 years, 4 months

5
16
0 / 0

Integration Keycloak with phyton application

by Pablo N

Hello, I am starting to use Keycloak as IDM inside my actual Project. I have to projects, Java and Phyton projects and I want to use Keycloak as SSO. I manage to integrate Java project with Keycloak running in Wildfly, but I don´t know how I should proceed with Phyton project. Currently we are using this Phyton plugin to connect with Django: http://python-social-auth.readthedocs.org/en/latest/ Could you help us about what steps should be done to use Keycloak with this plugin? Thank you in advanced, Pablo Nuño

10 years, 5 months

3
3
0 / 0

Realm update through REST API

by Alexander Chriztopher

Hi guys, Just wondering wether you have an example to do any kind of update on a realm through REST. Many thanks for any help. Regards.

10 years, 5 months

2
7
0 / 0

Query about SP & IDP

by Kamal Jagadevan

Hello, We are doing a feasibility study to replace one of the existing OAUTH solution with Keycloak. And we were wondering if the following things are possible 1.) Can Keycloak act as Service Provider 2.) In the previous post Stian mentioned keycloak can act as IDP (Identity provider). But can Keycloak be integrated with external IDP over SAML. Please advise Thanks Kamal

10 years, 5 months

2
1
0 / 0

Removing totp authentication in a realm doesn't disable it in the realm.

by Ricardo Martinelli de Oliveira

Hello, I created a realm for my applications and just for testing purposes I added totp as a required user credentials and it worked (I could use Google Authenticator to login to my applications) but after removing it the keycloak login page still asks for the Google Authenticator token. Is it required to remove the token configuration in Google Authenticator to definitely remove this step or there's something else I'm missing? Regards, Ricardo Martinelli de Oliveira

10 years, 5 months

2
1
0 / 0

Admin REST API - create new user problem

by Marko Radinovic

Hi, I'm trying to make REST call to create new user account. HttpPost post = new HttpPost(KeycloakUriBuilder .fromUri(getBaseUrl(request) + "/auth") .path("/admin/realms/{realm-name}/users") .build("EHR Cloud")); UserRepresentation userRepresentation = new UserRepresentation(); userRepresentation.setUsername("radinovic.marko"); userRepresentation.setEmail("markoradinovic79(a)gmail.com"); userRepresentation.setEnabled(true); userRepresentation.credential(CredentialRepresentation.PASSWORD, "marko"); userRepresentation.attribute("institutionId", "4"); userRepresentation.attribute("institution", "ZipSoft"); userRepresentation.setRealmRoles(Arrays.asList(new String[] {"ehr -user-doctor"})); After executing post, user is created, but user credentials and realm roles are not saved. Also, I try to update user, but still there is no credentials and realm roles. HttpPost post = new HttpPost(KeycloakUriBuilder .fromUri(getBaseUrl(request) + "/auth") .path("/admin/realms/{realm-name}/users") .build("EHR Cloud")); I check in database, and there is no credentials and roles.

10 years, 5 months

1
1
0 / 0

Restful client Obtaining bearer tokens via the OAuth2 protocol

by Weikun Wen

Hi all, May I know where can I find the example project or dev guide for the following scenario which I think should be a common use scenario for Keycloak? Regards & Thanks Kun

10 years, 5 months

3
3
0 / 0

Keycloak 1.0.1.Final finally in Maven Central

by Stian Thorgersen

Keycloak 1.0.1.Final is finally in Maven Central. I forgot to mark it as released in JBoss Nexus, which is why it never synced to Central. Sorry for any inconvenience, Stian

10 years, 5 months

1
0
0 / 0

1.0.1 Problems & Questions

by Conrad Winchester

Hi all, I have just upgrade from 1.0-beta 3 to 1.0.1 final and am running into some serious issues. First a question: when will keycloak-core 1.0.1 be available from maven central? I am having to use 1.0-final in my war - is that compatible with 1.0.1 keycloak war - which is running on my server. I upgraded by doing a complete wipe of the keycloak database, and reinstalling 1.0.1 over my wildly configuration. I am able to use the keycloak admin screens flawlessly. Now onto my problem. In 1.0.3-beta I used to have a access type bearer-only application which used the rest api to register and login users to keycloak. After upgrading I have found that even if I set the application to be bearer-only, keycloak still throws an invalid redirect uri error whenever I try to use the rest end points (surely this should not happen with a bearer-only application). In order to fix this I have moved the application over to access type confidential (it is sitting on the same server as keycloak) - are there any pointers to the correct config for this in 1.0.1? Basically my application is the backend to a mobile app that is using keycloak for access control - at the moment I am not allowed to use the keycloak login/register screens so must proxy it through the server. I am now able to register users using this configuration, but would prefer to go back to bearer-only I also have a Direct Grant Only client which I use for the mobile application itself. I am able to get an access token by using the TOKEN_SERVICE_DIRECT_GRANT_PATH via the proxy server but when I try to access a resource with that bearer token set in the header I am still getting an unauthorised response. My applications keycloak.json looks like this { "realm": "shift", "realm-public-key": “**", "auth-server-url": "http://.../auth", "ssl-required": "none", "resource": "shift-server", "credentials": { "secret": “**" } } and my client JSON looks like this (although this is not put anywhere in my application war) { "realm": "shift", "realm-public-key": “***", "auth-server-url": "http://.../auth", "ssl-required": "none", "resource": "shift-ios", "public-client": true } I can login in with a correct username and password setting the client id to ‘shift-ios’. However when I try to access a protected resource like this GET /shift/feed HTTP/1.1 Host: www…..com Connection: keep-alive Accept: */* User-Agent: shift-ios-client/1.0 CFNetwork/711.0.6 Darwin/14.0.0 Accept-Language: en-us Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJuYW………...5lXDBvPGu3bI7msV6Xh34g2PG1E2-d0GchWLFb4kGWofDbexDgIJoP1eeSHnKmahAHHbcl_LZkI3ayKYCgF-o3vfk0yh4T-zptEdK1EHFDndz4SkJlrPsyawueekf1mJD-drilFlL55nLIfFqjpaNdQDr5R3lAjUb0 Accept-Encoding: gzip, deflate where the Bearer header is the access token I get from logging in, then I get a 403 unauthorised response. This used to work perfectly in beta 3, but I seem unable to make this work in 1.0(.1) final. Could this be because I am using 1.0-core instead of 1.0.1-core Please help, as this has stopped all work on the product, and I am completely stuck. Whats the best way to go about debugging this? Conrad

10 years, 5 months

2
8
0 / 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

keycloak-user September 2014