October 2015 - keycloak-user - Jboss List Archives

Additional jpaConnectionProvider for UserFederation via database

by Matuszak, Eduard

Hello I am trying to implement a userfederation-provider based on a jpa-connection. My approach was: According to an additional datasource-defintion for the federated DB in the standalone.xml <datasource jta="true" jndi-name="java:jboss/datasources/CCPDS" pool-name="CCPDS" enabled="true" use-ccm="true"> <connection-url>jdbc:oracle:thin:@servername:1521:schemaname</connection-url> .. , I tried to register this datasource as an additional connectionJpa-entry in keycloak-server.json as follows: .. "connectionsJpa": { "default": { "dataSource": "java:jboss/datasources/CCPKCDS", "databaseSchema": "update" }, "FED-DB": { "dataSource": "java:jboss/datasources/CCPDS" } }, .. According to these configuration I hoped to be able to establish the appropriate entity manager by coding: // Get the appropriate entity manager from the KeycloakSession EntityManager em = session.getProvider(JpaConnectionProvider.class, "FED-DB").getEntityManager(); This did not work, indeed there is still only one (default) JpaConnectionProvider available in the session (JpaConnectionProviderList size is 1): Set<JpaConnectionProvider> JpaConnectionProviderList = session.getAllProviders(JpaConnectionProvider.class); My question is: isn't it in principle possible to register a second jpaConnector additionally to the default one or is there something missing or wrong in my approach? Thanks for any help in advance. Best regards, Eduard Matuszak Dr. Eduard Matuszak Worldline, an atos company T +49 (211)399 398 63 M +49 (163)166 23 67 F +49(211) 399 22 430 eduard.matuszak(a)atos.net<mailto:eduard.matuszak@atos.net> Max-Stromeyer-Straße 116 78467 Konstanz Germany de.worldline.com<http://worldline.com/de/1/Home.html> worldline.jobs.de<http://worldline.jobs.de> facebook.com/WorldlineKarriere<http://www.facebook.com/WorldlineKarriere> Worldline GmbH Geschäftsführer: Wolf Kunisch Aufsichtsratsvorsitzender: Christophe Duquenne Sitz der Gesellschaft: Frankfurt/Main Handelsregister: Frankfurt/Main HRB 40 417 * * * * * * * * L E G A L D I S C L A I M E R * * * * * * * * This e-mail and the documents attached are confidential and intended solely for the addressee; it may also be privileged. If you receive this e-mail by error, please notify the sender immediately and destroy it. As its integrity cannot be secured on the internet, the Atos group liability cannot be triggered for the message content. Although the sender endeavors to maintain a computer virus-free network, the sender does not warrant that this transmission is virus-free and shall not be liable for any damages resulting from any virus transmitted. * * * * * * * * L E G A L D I S C L A I M E R * * * * * * * *

10 years

3
6
0 / 0

Documentation on website

by Mark Hayen

10 years, 2 months

3
3
0 / 0

Accessing authenticated user's details

by Tim Dudgeon

In the case of a web application (e.g. Tomcat app secured by the keycloak adapter) the web app might need to access details of the authenticated user (e.g. full name or email). I've found that this information is available from the session like this: KeycloakSecurityContext session = (KeycloakSecurityContext)request.getAttribute(KeycloakSecurityContext.class.getName()); IDToken idToken = session.getIdToken(); String email = idToken.getEmail(); One issue with this is that all your web apps are tied to keycloak. Is this the right way to handle this? Are there alternatives? Tim

10 years, 2 months

4
6
0 / 0

Generate offline token

by Pål Orby

We have two clients registered in our realm; frontend and backend. Frontend is defined openid-connect/public (HTML/Javascript app) and backend is openid-connect/bearer-only. How can we generate an offline token for a given user that can be used towards our backend (which is bearer only)? We have a lot of customers that is integrated to our API (which is our backend client). *Pål Orby* UNIT4 Agresso AS DevOps Tlf: 22 58 85 00 Mobil: 900 91 705 SendRegning - Gjør det enkelt! http://www.sendregning.no http://facebook.com/sendregning http://twitter.com/sendregning http://faktura.no

10 years, 2 months

5
14
0 / 0

Getting Started with Keycloak blog posts

by Stian Thorgersen

For anyone struggling to get started with Keycloak. I've started a new series of blog posts there's two posts so far: * Installing the Server * Securing a REST Service If you're not already watching our blog <http://blog.keycloak.org/> do it now.

10 years, 2 months

1
0
0 / 0

Multivalued user attributes mapping

by Sascha Skorupa

Hi, we are currently evaluating Keycloak as IDM solution for our company. In doing so we encountered the following questions according to storing authorization data: 1) In the "Mapper" section it is possible to configure how user attributes are mapped to tokens/claims. It is also possible to turn on "Multivalued" mapping, so that every value of one attribute is set as claim. But, how you can configure multiple values for one attribute? If you save another value with the same key the existing one is overwritten. 2) One of requirements is to persist custom authorization data hierarchically and to map this data into access tokens. Is there any recommendation how to realize this in keycloak or is the only way to use flat user attributes (key/value). Thanks, Sascha

10 years, 2 months

4
8
0 / 0

Failed to import IDP meta data into keycloak

by Mai Zi

Hi, there, 1) We failed to import idp meta data into keycloak (see attachment for the sample xml). Pls help taka a look what's going on. 2) Suppose we can not import the metadata , based on the sample xml given in the attachment, which fields should we fill? 3) In the user guide, there is one sentence: "Once you create a SAML provider, there is an EXPORT button that appears when viewing that provider. Clicking this button will export a SAML entity descriptor which you can use to" Here "That provider" means the keycloak as a SP provider ? From the demo exported data , it seems so. Am I right? To work with the 3rd party IDP, we should provide the exported metadata to idp, shouldn't we? I am not familiar with saml concept so any help will be greatly appreciated. Mai

10 years, 2 months

2
4
0 / 0

info about sso without login prompt

by Notarnicola, Mara

Dear all, I'm using keycloak js adapter in order to log in user into an application. I need to integrate a previous system of authentication with this new one. To do this, I use user's credentials passed by the old system, to automatically retrieve keycloak grant calling the related web service. So I have the session data but I'm not able to use single-sign-on in fact when I open another tab the user isn't logged in anymore. I need to know if there is a way to create a sso session, if I must use cookies or browser local storage. Thank you for your time Sincerely, Marianna Notarnicola

10 years, 2 months

2
2
0 / 0

Login from Native App.

by Revanth Ayalasomayajula

Hi, I am using Keycloak1.5.0 to secure my applications and have an android application that requests data from these applications and displays that information. I wanted to know if it possible using keycloak that after a user log's in, that user persists forever like in Gmail android app where in it never asks the user to login again once he log's in. Thanks.

10 years, 2 months

2
1
0 / 0

Keycloak 1.6.1.Final Released

by Stian Thorgersen

We've just released Keycloak 1.6.1.Final. After releasing 1.6.0.Final we discovered some issues with migration that has been resolved in this release. There's also a fix to a medium security issue that was introduced in 1.6.0.Final. For the full list of issues resolved check out JIRA <https://issues.jboss.org/issues/?jql=project%20%3D%20keycloak%20and%20fix...> and to download the release go to the Keycloak homepage <http://keycloak.org/downloads>.

10 years, 2 months

2
2
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

keycloak-user October 2015