IPhone turns off local storage by default and that causes Keycloak.js to fail.
by Dean Peterson
IPhones are in private mode by default. When in private mode, they do not
allow localstorage. Any application secured with the pure js keycloak file
fails. When I turn private mode off, the application works. Will Keycloak
be supporting IPhones with the pure javascript client in the future without
requiring users turn private mode off?
I get the following error in private mode. The highlighted code is what
causes the error:
QuotaExceededError: DOM Exception 22: An attempt was made to add something
to storage that exceeded the quota.
Jessicakc.createLoginUrl = function(options) {
var state = createUUID();
var redirectUri = adapter.redirectUri(options);
if (options && options.prompt) {
if (redirectUri.indexOf('?') == -1) {
redirectUri += '?prompt=' + options.prompt;
} else {
redirectUri += '&prompt=' + options.prompt;
}
}
sessionStorage.oauthState = state;
var url = getRealmUrl()
+ '/tokens/login'
+ '?client_id=' + encodeURIComponent(kc.clientId)
+ '&redirect_uri=' + encodeURIComponent(redirectUri)
+ '&state=' + encodeURIComponent(state)
+ '&response_type=code';
if (options && options.prompt) {
url += '&prompt=' + options.prompt;
}
if (options && options.loginHint) {
url += '&login_hint=' + options.loginHint;
}
return url;
}
10 years, 10 months
Keycloak 1.1.0.Final Released
by Stian Thorgersen
The Keycloak team is proud to announce the release of Keycloak 1.1.0.Final. Highlights in this release includes:
* SAML 2.0
* Clustering
* Jetty, Tomcat and Fuse adapters
* HTTP Security Proxy
* Automatic migration of db schema
We’re already started working on features for the next release. Some exiting features coming soon includes:
* Identity brokering
* Custom user profiles
* Kerberos
* OpenID Connect interop
10 years, 10 months
ClassNotFoundException: org.xnio.OptionMap
by Pablo N
Hello,
I was running my web application in Wildfly 8.2 and Keycloak 1.0.4.Final
and everything worked as expected.
After updating Keycloak to version 1.1.0.Final (also wildfly adapter
version) I get the following error when I try to access my application:
08:32:41,271 ERROR [io.undertow.request] (default task-11) UT005023:
Exception handling request to /gui/main/home: java.lang.NoClassDefFo
undError: org/xnio/OptionMap
at
org.keycloak.adapters.undertow.SavedRequest.trySaveRequest(SavedRequest.java:49)
[keycloak-undertow-adapter-1.1.0.Final.jar:1.1.0.Fina
l]
at
org.keycloak.adapters.undertow.ServletSessionTokenStore.saveRequest(ServletSessionTokenStore.java:111)
[keycloak-undertow-adapter-1.1.
0.Final.jar:1.1.0.Final]
at
org.keycloak.adapters.OAuthRequestAuthenticator$2.challenge(OAuthRequestAuthenticator.java:182)
[keycloak-adapter-core-1.1.0.Final.jar
:1.1.0.Final]
at
org.keycloak.adapters.undertow.AbstractUndertowKeycloakAuthMech.sendChallenge(AbstractUndertowKeycloakAuthMech.java:68)
[keycloak-unde
rtow-adapter-1.1.0.Final.jar:1.1.0.Final]
at
io.undertow.security.impl.SecurityContextImpl$ChallengeSender.transition(SecurityContextImpl.java:330)
[undertow-core-1.1.0.Final.jar:
1.1.0.Final]
at
io.undertow.security.impl.SecurityContextImpl$ChallengeSender.transition(SecurityContextImpl.java:349)
[undertow-core-1.1.0.Final.jar:
1.1.0.Final]
at
io.undertow.security.impl.SecurityContextImpl$ChallengeSender.access$300(SecurityContextImpl.java:314)
[undertow-core-1.1.0.Final.jar:
1.1.0.Final]
at
io.undertow.security.impl.SecurityContextImpl.sendChallenges(SecurityContextImpl.java:135)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
at
io.undertow.security.impl.SecurityContextImpl.authTransition(SecurityContextImpl.java:109)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
at
io.undertow.security.impl.SecurityContextImpl.authTransition(SecurityContextImpl.java:114)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
at
io.undertow.security.impl.SecurityContextImpl.authenticate(SecurityContextImpl.java:99)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
at
io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:54)
[undert
ow-servlet-1.1.0.Final.jar:1.1.0.Final]
at
io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:33)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
at
io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:51)
[undertow-core-1.
1.0.Final.jar:1.1.0.Final]
at
io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:45)
[undertow-core-1.1.
0.Final.jar:1.1.0.Final]
at
io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.ja
va:63) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
at
io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:56)
[undert
ow-servlet-1.1.0.Final.jar:1.1.0.Final]
at
io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58)
[undertow-core-1.
1.0.Final.jar:1.1.0.Final]
at
io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:70)
[unde
rtow-servlet-1.1.0.Final.jar:1.1.0.Final]
at
io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76)
[undertow-core-1.1.0.Final.jar:1.1.
0.Final]
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
at
org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
at
org.keycloak.adapters.undertow.ServletPreAuthActionsHandler.handleRequest(ServletPreAuthActionsHandler.java:69)
[keycloak-undertow-ada
pter-1.1.0.Final.jar:1.1.0.Final]
at
org.keycloak.adapters.undertow.ServletPreAuthActionsHandler.handleRequest(ServletPreAuthActionsHandler.java:69)
[keycloak-undertow-ada
pter-1.1.0.Final.jar:1.1.0.Final]
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
at
io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:261)
[undertow-servlet-1.1.0.Final.ja
r:1.1.0.Final]
at
io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:247)
[undertow-servlet-1.1.0.Final.jar:1
.1.0.Final]
at
io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:76)
[undertow-servlet-1.1.0.Final.jar:1.1.0.F
inal]
at
io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:166)
[undertow-servlet-1.1.0.Final.jar:1
.1.0.Final]
at
io.undertow.server.Connectors.executeRootHandler(Connectors.java:197)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
at
io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:759)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
[rt.jar:1.8.0_11]
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
[rt.jar:1.8.0_11]
at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_11]
Caused by: java.lang.ClassNotFoundException: org.xnio.OptionMap from
[Module "deployment.gui-web-0.14.0-SNAPSHOT.war:main" from Service M
odule Loader]
at
org.jboss.modules.ModuleClassLoader.findClass(ModuleClassLoader.java:213)
[jboss-modules.jar:1.3.3.Final]
at
org.jboss.modules.ConcurrentClassLoader.performLoadClassUnchecked(ConcurrentClassLoader.java:459)
[jboss-modules.jar:1.3.3.Final]
at
org.jboss.modules.ConcurrentClassLoader.performLoadClassChecked(ConcurrentClassLoader.java:408)
[jboss-modules.jar:1.3.3.Final]
at
org.jboss.modules.ConcurrentClassLoader.performLoadClass(ConcurrentClassLoader.java:389)
[jboss-modules.jar:1.3.3.Final]
at
org.jboss.modules.ConcurrentClassLoader.loadClass(ConcurrentClassLoader.java:134)
[jboss-modules.jar:1.3.3.Final]
... 36 more
As I can see this error was discovered and solved (
https://issues.jboss.org/browse/KEYCLOAK-899) so I dont know if any
migration change is pending from my side.
Thank you very much for your help
10 years, 10 months
Rest endpoint and AngularJS client
by Mohan.Radhakrishnan@cognizant.com
Hi,
This is my first post. We have a large HealthCare domain Rest application with an AngularJS client. We may require role-based access control of HTML views. We can consult LDAP to get these. But due to some internal reasons we are not going to use OAuth now. It may be a future enhancement.
Are these types of HTML5/JS applications still protected effectively based on roles ? I wanted to know before I start reading more about Keycloak because OAuth is not used now.
Thanks,
Mohan
This e-mail and any files transmitted with it are for the sole use of the intended recipient(s) and may contain confidential and privileged information. If you are not the intended recipient(s), please reply to the sender and destroy all copies of the original message. Any unauthorized review, use, disclosure, dissemination, forwarding, printing or copying of this email, and/or any action taken in reliance on the contents of this e-mail is strictly prohibited and may be unlawful. Where permitted by applicable law, this e-mail and other e-mail communications sent to and from Cognizant e-mail addresses may be monitored.
10 years, 10 months
Email verification : failed to turn code into token: java.net.SocketException
by Stephen Flynn
Hi guys,
Struggling with an odd problem here - will try my best to explain. Scenario is
as follows (KC 1.1.Beta2 / Wildfly 8.2.0.Final)...
* KeyCloak running on 'host1', app is running on 'host2' (with multi-tenancy)
* Created a user with credentials.
* Checked that user login/logout/timeout works fine - it does.
* Leave the user logged out.
* From the KeyCloak user interface on host1 I update the user to 'Email
verified' = 'Off' and required user action to 'Verify email'
* On next login attempt app landing page redirects to KeyCloak login page *-
as expected*.
* After I enter username/password I get the 'EMAIL VERIFICATION' page and
receive an email with a verification link***- as expected*.
* Following the email link verifies the KC user account (now 'Email verified'
= 'On' and required user actions are empty)*- as expected*.
* KeyCloak redirects back to the correct app landing page on 'host2' *- as
expected*.
* User is now authenticated but no principal or roles have been propagated to
the app (principal is 'anonymous').
* An exception (see below) is logged by the KeyCloak adapter on 'host2'
Can't find any similar issues in JIRA/mailing lists - any thoughts ? Or where I
should be looking for more detail to clarify this ?
best rgds
Steve F.
THIS EXCEPTION IS LOGGED ON THE APP HOST
2015-01-26 11:00:00,006 ERROR [org.keycloak.adapters.OAuthRequestAuthenticator]
(default task-21) failed to turn code into token: java.net.SocketException:
Connection reset
at java.net.SocketInputStream.read(SocketInputStream.java:196)
[rt.jar:1.7.0_51]
at java.net.SocketInputStream.read(SocketInputStream.java:122)
[rt.jar:1.7.0_51]
at sun.security.ssl.InputRecord.readFully(InputRecord.java:442)
[jsse.jar:1.7.0_51]
at sun.security.ssl.InputRecord.read(InputRecord.java:480) [jsse.jar:1.7.0_51]
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:927)
[jsse.jar:1.7.0_51]
at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:884)
[jsse.jar:1.7.0_51]
at sun.security.ssl.AppInputStream.read(AppInputStream.java:102)
[jsse.jar:1.7.0_51]
at
org.apache.http.impl.io.AbstractSessionInputBuffer.fillBuffer(AbstractSessionInputBuffer.java:166)
at
org.apache.http.impl.io.SocketInputBuffer.fillBuffer(SocketInputBuffer.java:90)
at
org.apache.http.impl.io.AbstractSessionInputBuffer.readLine(AbstractSessionInputBuffer.java:281)
at
org.apache.http.impl.conn.DefaultHttpResponseParser.parseHead(DefaultHttpResponseParser.java:92)
at
org.apache.http.impl.conn.DefaultHttpResponseParser.parseHead(DefaultHttpResponseParser.java:62)
at
org.apache.http.impl.io.AbstractMessageParser.parse(AbstractMessageParser.java:254)
at
org.apache.http.impl.AbstractHttpClientConnection.receiveResponseHeader(AbstractHttpClientConnection.java:289)
at
org.apache.http.impl.conn.DefaultClientConnection.receiveResponseHeader(DefaultClientConnection.java:252)
at
org.apache.http.impl.conn.AbstractClientConnAdapter.receiveResponseHeader(AbstractClientConnAdapter.java:219)
at
org.apache.http.protocol.HttpRequestExecutor.doReceiveResponse(HttpRequestExecutor.java:300)
at
org.apache.http.protocol.HttpRequestExecutor.execute(HttpRequestExecutor.java:127)
at
org.apache.http.impl.client.DefaultRequestDirector.tryExecute(DefaultRequestDirector.java:712)
at
org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:517)
at
org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906)
at
org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:805)
at
org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:784)
at
org.keycloak.adapters.ServerRequest.invokeAccessCodeToToken(ServerRequest.java:122)
[keycloak-adapter-core-1.1.0.Beta2.jar:1.1.0.Beta2]
at
org.keycloak.adapters.ServerRequest.invokeAccessCodeToToken(ServerRequest.java:95)
[keycloak-adapter-core-1.1.0.Beta2.jar:1.1.0.Beta2]
at
org.keycloak.adapters.OAuthRequestAuthenticator.resolveCode(OAuthRequestAuthenticator.java:261)
[keycloak-adapter-core-1.1.0.Beta2.jar:1.1.0.Beta2]
at
org.keycloak.adapters.OAuthRequestAuthenticator.authenticate(OAuthRequestAuthenticator.java:208)
[keycloak-adapter-core-1.1.0.Beta2.jar:1.1.0.Beta2]
at
org.keycloak.adapters.RequestAuthenticator.authenticate(RequestAuthenticator.java:90)
[keycloak-adapter-core-1.1.0.Beta2.jar:1.1.0.Beta2]
at
org.keycloak.adapters.undertow.AbstractUndertowKeycloakAuthMech.keycloakAuthenticate(AbstractUndertowKeycloakAuthMech.java:93)
[keycloak-undertow-adapter-1.1.0.Beta2.jar:1.1.0.Beta2]
at
org.keycloak.adapters.undertow.ServletKeycloakAuthMech.authenticate(ServletKeycloakAuthMech.java:60)
[keycloak-undertow-adapter-1.1.0.Beta2.jar:1.1.0.Beta2]
at
io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:281)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
at
io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:298)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
at
io.undertow.security.impl.SecurityContextImpl$AuthAttempter.access$100(SecurityContextImpl.java:268)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
at
io.undertow.security.impl.SecurityContextImpl.attemptAuthentication(SecurityContextImpl.java:131)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
at
io.undertow.security.impl.SecurityContextImpl.authTransition(SecurityContextImpl.java:106)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
at
io.undertow.security.impl.SecurityContextImpl.authenticate(SecurityContextImpl.java:99)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
at
io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:54)
[undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
at
io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:33)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
at
io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:51)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
at
io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:45)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
at
io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:63)
[undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
at
io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:56)
[undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
at
io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
at
io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:70)
[undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
at
io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
at
org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
at
org.keycloak.adapters.undertow.ServletPreAuthActionsHandler.handleRequest(ServletPreAuthActionsHandler.java:69)
[keycloak-undertow-adapter-1.1.0.Beta2.jar:1.1.0.Beta2]
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
at
io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:261)
[undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
at
io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:247)
[undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
at
io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:76)
[undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
at
io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:166)
[undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
at io.undertow.server.Connectors.executeRootHandler(Connectors.java:197)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:759)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
[rt.jar:1.7.0_51]
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
[rt.jar:1.7.0_51]
at java.lang.Thread.run(Thread.java:744) [rt.jar:1.7.0_51]
--
===================================================
*Stephen Flynn*
*Director, JF Technology (UK) Ltd*
Cell (UK) : +44 7768 003 882
Phone : +44 20 7833 8346
IM : xmpp:stephen.flynn@jftechnology.com
IM : aim:stephen.flynn@jftechnology.com
Website : http://www.jftechnology.com
Tech support : support(a)jftechnology.com <mailto:support@jftechnology.com>
===================================================
10 years, 10 months
Best practice: timeouthandling
by Christoph Machnik
I have a keycloak web-application in that objects can be created and changed. This objects are saved in a databse. When someone logged in at the application and open one of this objects to change it. this object gets markes as locked in the database, so no other user can make changes to this object wihle someone else is editing it.
Th problem, i have, is that, when someone is editig one of this objects and then runs in a session timeout the object has to marked as unlocked. So i have a javascript-method in the application that sends a ajax-request to a servlet to trigger a function that unlock this object. But i have to call this method BEFORE the timeout loggs the user out.
What is the best practice in this case and how i can be sure the method is performed before the user comes to the login screen again ?
10 years, 10 months
Keycloak 1.1 final issues
by Raghu Prabhala
Downloaded and tried 1.1 final today. Something is wrong - the web pages refresh every few seconds and they don't show any updates/ inserts made previously.
Sent from my iPhone
10 years, 10 months
