Here and then we are getting this error on a server that used to work
nicely and without any apparent reason :
14:33:58,380 ERROR [io.undertow.request] [handleFirstRequest] (default
task-2) UT005022: Exception generating error page /error.cv:
java.lang.RuntimeException: java.lang.RuntimeException: Unable to resolve
realm public key remotely, status = 500
at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_11]
Caused by: java.lang.RuntimeException: Unable to resolve realm public key
remotely, status = 500
This happens on dev servers and we don't know what is causing this as it
happens very rarely and the only workout found till now is to restart with
a fresh install.
We are using Wildfly with keycloak war.
Thanks for any help.
With the upcoming Keycloak 1.10, I see SAML support has been added to
KeyCloak. Will it be possible to have Keycloak delegate to another IDP such
as MS Azure ADFS or OneLogin? Ideally, I'd like to use KeyCloak by
default for our JBoss deployments, but in certain cases, customers are
asking for integration with the MS Azure cloud authentication mechanisms.
Thanks in advance,
Hi, I'm new to keycloak and I recently installed the war distribution on my
For this I had to tweak some configurations on wildfly and
*when I finally got it working I zipped the server and copied it to an
amazon instance. I logged in to the console and fired up the server with
*Then I accessed http://<amazon instance url>:8080/auth and clicked the
Admin console link.*
*The server then threw an exception:*
We're *sorry* ...
On my local machine I never set up https and I have been looking through
the configuration files both of keycloak and the standalone.xml and see no
configuration regarding ssl anywere.
The only difference between both installations is that I have the amazon
instance pointing to an empty Mongo repo and my local config has a mongo
connection to other server already populated with keycloak collections.
Could this be the problem?
Should I migrate the local mongo database to my amazon instance for
keycloak admin console to stop needing ssl?
Thanks in advance
I have an scenario for Keycloak that I'm not able to solve in an easy way,
so any help will be more than appreciated.
In apiman (http://www.apiman.io) we are using Keycloak for securing the
apiman rest endpoints. We are in the process of creating some demos with
docker and for that one of the demos is having keycloak as a separate
server to which the wildfly instances holding the apiman rest endpoint will
redirect for authentication.
So far, I've configured in this wildfly instances the auth-server-url to be
the keycloakserver. Internal communication to this server is resolved by
name, as it is docker links providing the accesibility, but this is an
"internal ip to docker"
The problem comes when I try to log into the escured resource, and I get a
redirection to this "internal" ip, which my browser can not access, so I
get an error.
Is there a way to:
a) Use a different URL for browser redirection as for internal redirection?
b) Use a different redirection strategy?
c) do it in any other way?
Thanks for any help you can provide on this.
We are using keycloak with our own user provider and are looking for a way
to hook user's login.
The idea is to log each user login into the database for later reports.
Any idea about the best place to handle/hook each login ?
Thanks for your help.
I was just curious to know if there is a way to have an unattended session
using OAuth, like CLI sessions, without prompting for the credentials
This is just a general OAuth related question. I just wanted to know if
anyone has come across this use case before.
I am in the process of setting up a cluster of keycloak instances, all of which are accessible by a single url (fronted by a reverse proxy or an alias). So when a client application communicates with the single url using either SAML or Openid Connect, how do we ensure that all the keycloak instances use the same set of certificates/keys to sign/encrypt the SAML/OpenID Connect response?
Noticed that we can generate a new set of keys for each realm within Keycloak instance but they are different across different instances. Is there a way of using the same certificate/keys across all the instances?
Appreciate any input.
I tried out the Saml feature in 1.1beta2 using Spring Saml 1.0 as service provider. While the overall flow worked like a charm, had a problem with the global logout. While I was logged out by Keycloak, the Saml xml that was returned by Keycloak did not have "context issuer" and it failed validation done at SP.
Any pointers on how to resolve it?
Sent from my iPhone