How to enable grant logging
by Michal Hajas
Hi,
I would like to ask, which event type, in Login Events Settings form ->
Saved Types input, stands for grant access?
Michal.
9 years, 2 months
No user data in the access-token
by Mai Zi
Hi, there
We add a user ( with name and email ) via the endpoint : /admin/realms/demo/users
and then we want to get the name and the email from the accesstoken,
KeycloakSecurityContext session = (KeycloakSecurityContext) request.getAttribute(KeycloakSecurityContext.class.getName()); AccessToken token=session.getToken();
but nothing there.
Can anyone help on this?
T.I.A
Mai
9 years, 2 months
Findings about keycloak--Important
by Satyajit Das
Hi Team,
1) I have the keycloak(1.4.0 final) set up in windows OS.
2) I have 2 services that i have secured using keycloak. The services are
registered in keycloak and the respective keycloak.json is placed in
resource folder.
3) When the services are are deployed in Ubuntu OS the authentication works
as expected. by sharing the tokenid
but then the services are deployed in centos machine the authentication
fails.
The error is Invalid token: Token is inactive.
I tried the same setup and the same war files of services on different
instances of centos , we are facing the same issue but the issue is not
replicated on ubuntu different instances.
Please let me know your thoughts.
Regards,
Satya.
9 years, 2 months
Re: [keycloak-user] angularjs example for 1.4
by Tair Sabirgaliev
Here is what we did for angular 1.4 :
"use strict";
var module = angular.module('hello.world', ['ngRoute', 'ngResource']);
var auth = {};
var logout = function(){
console.log('*** LOGOUT');
auth.loggedIn = false;
auth.authz = null;
window.location = auth.logoutUrl;
};
angular.element(document).ready(["$http", function ($http) {
var keycloakAuth = new Keycloak('js/keycloak.json');
auth.loggedIn = false;
keycloakAuth.init({ onLoad: 'login-required' }).success(function () {
auth.loggedIn = true;
auth.authz = keycloakAuth;
auth.logoutUrl = keycloakAuth.authServerUrl + "/realms/demo/tokens/logout?redirect_uri=http://localhost:9080/hello-world/";
module.factory('Auth', function() {
return auth;
});
angular.bootstrap(document, ["hello.world"]);
}).error(function () {
window.location.reload();
});
}]);
module.factory('authInterceptor', ["$q", "Auth", function($q, Auth) {
return {
'request': function (config) {
var deferred = $q.defer();
if (Auth.authz.token) {
Auth.authz.updateToken(5).success(function() {
config.headers = config.headers || {};
config.headers.Authorization = 'Bearer ' + Auth.authz.token;
deferred.resolve(config);
}).error(function() {
deferred.reject('Failed to refresh token');
});
}
return deferred.promise;
},
'requestError': function(rejection) {
return $q.reject(rejection);
},
'response': function(response) {
return response;
},
'responseError': function(response) {
if (response.status == 401) {
console.log('session timeout?');
logout();
} else if (response.status == 403) {
alert("Forbidden");
} else if (response.status == 404) {
alert("Not found");
} else if (response.status) {
console.log(response.status);
if (response.data && response.data.errorMessage) {
alert(response.data.errorMessage);
} else {
alert("An unexpected server error has occurred");
}
} else if (response === 'Failed to refresh token') {
logout();
}
return $q.reject(response);
}
};
}]);
module.config(['$httpProvider', function($httpProvider) {
$httpProvider.interceptors.push('authInterceptor');
}]);
--
Tair Sabirgaliev
Bee Software, LLP
On October 5, 2015 at 02:57:31, keycloak-user-request(a)lists.jboss.org (keycloak-user-request@lists.jboss.org(mailto:keycloak-user-request@lists.jboss.org)) wrote:
> Date: Sat, 3 Oct 2015 20:17:04 +0200(http://airmail.calendar/2015-10-04%2000:17:04%20GMT+6)
> From: "Kevin Hirschmann"
> Subject: [keycloak-user] angularjs example for 1.4
> To: "'keycloak-user'"
> Message-ID: <00cd01d0fe07$b4ab5d60$1e021820$@huebinet.de(mailto:00cd01d0fe07$b4ab5d60$1e021820$@huebinet.de)>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Hello,
>
>
>
> I am trying to use the example provided here
>
>
>
> https://github.com/keycloak/keycloak/tree/master/examples/demo-template/angu
> lar-product-app
>
>
>
> to connect from an angularjs client to a REST Endpoint. Both frontend and
> backend are protected by keycloak.
>
> My problem is, that the example provided by the link above uses angularjs
> 1.2 and doesn?t work with newer versions.
>
> (see
> http://stackoverflow.com/questions/28212837/keycloak-unknown-provider-error)
>
>
>
> Has anyone on the mailing list been able to adapt the example to angular
> 1.4? What steps are necessary?
>
>
>
> Kind Regards
>
>
>
> Kevin Hirschmann
>
>
>
> HUEBINET Informationsmanagement GmbH & Co. KG
>
>
>
>
>
> Der Nachrichtenaustausch mit HUEBINET Informationsmanagement GmbH & Co. KG,
> Koblenz via E-Mail dient lediglich zu Informationszwecken.
> Rechtsgesch?ftliche Erkl?rungen mit verbindlichem Inhalt k?nnen ?ber dieses
> Medium nicht ausgetauscht werden, da die Manipulation von E-Mails durch
> Dritte nicht ausgeschlossen werden kann.
>
>
>
> Email communication with HUEBINET Informationsmanagement GmbH & Co. KG is
> only intended to provide information of a general kind, and shall not be
> used for any statement with binding contents in respect to legal relations.
> It is not totally possible to prevent a third party from manipulating emails
> and email contents.
>
>
>
>
>
>
9 years, 2 months
angularjs example for 1.4
by Kevin Hirschmann
Hello,
I am trying to use the example provided here
https://github.com/keycloak/keycloak/tree/master/examples/demo-template/angu
lar-product-app
to connect from an angularjs client to a REST Endpoint. Both frontend and
backend are protected by keycloak.
My problem is, that the example provided by the link above uses angularjs
1.2 and doesnt work with newer versions.
(see
http://stackoverflow.com/questions/28212837/keycloak-unknown-provider-error)
Has anyone on the mailing list been able to adapt the example to angular
1.4? What steps are necessary?
Kind Regards
Kevin Hirschmann
HUEBINET Informationsmanagement GmbH & Co. KG
Der Nachrichtenaustausch mit HUEBINET Informationsmanagement GmbH & Co. KG,
Koblenz via E-Mail dient lediglich zu Informationszwecken.
Rechtsgeschäftliche Erklärungen mit verbindlichem Inhalt können über dieses
Medium nicht ausgetauscht werden, da die Manipulation von E-Mails durch
Dritte nicht ausgeschlossen werden kann.
Email communication with HUEBINET Informationsmanagement GmbH & Co. KG is
only intended to provide information of a general kind, and shall not be
used for any statement with binding contents in respect to legal relations.
It is not totally possible to prevent a third party from manipulating emails
and email contents.
9 years, 2 months
Customization in template ftl file or other file
by Bhanu Kiran
Hello Team,
1.Need to add new functionality like (forgot User Id)to keycloak template
page. If this link is click it should call an action and then navigate to
new ftl file.
the url's like loginUrl, registration, forgot password are generated in URL
bean and this don’t have functionality to added new links which can be
mapped from ftl file to action class.
Let us know how to proceed with this requirement?
Thanks,
Bhanu
9 years, 2 months
Unable to get required user data from facebook and store the data in keycloak
by Revanth Ayalasomayajula
Hi,
I am using keycloak 1.5.0 and want to use login via facebook. So i created
a facebook app and provided all the details in the keycloak facebook
identity provider settings. When i login from facebook, the user is created
if not existing in keycloak and is authenticated.
But the created user details are all null and in the server log, the
response from facebook contains only the name and id but not the email but
the default scope of my application is email. Also, when trying to store
the returned details using mappers is not happening.
Could anyone please help me on how to return more details from facebook and
also store those details using mappers.
9 years, 2 months
Keycloak Logger
by Chen Keong Yap
Hi Guys,
Running into an issue when compiling the source code, can share how to
resolve it?
Tests run: 4, Failures: 0, Errors: 1, Skipped: 0, Time elapsed: 1.262 sec
<<< FAILURE! - in
org.keycloak.subsystem.server.extension.SubsystemParsingTestCase
testSubsystem(org.keycloak.subsystem.server.extension.SubsystemParsingTestCase)
Time elapsed: 0.683 sec <<< ERROR!
java.lang.Exception: java.lang.ExceptionInInitializerError
at
org.jboss.as.model.test.ModelTestModelControllerService.boot(ModelTestModelControllerService.java:329)
at
org.jboss.as.controller.AbstractControllerService.boot(AbstractControllerService.java:308)
at
org.jboss.as.controller.AbstractControllerService$1.run(AbstractControllerService.java:271)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.ExceptionInInitializerError: null
at
org.keycloak.subsystem.server.extension.KeycloakExtension.initialize(KeycloakExtension.java:69)
at
org.jboss.as.subsystem.test.TestModelControllerService.preBoot(TestModelControllerService.java:134)
at
org.jboss.as.model.test.ModelTestModelControllerService.boot(ModelTestModelControllerService.java:316)
at
org.jboss.as.controller.AbstractControllerService.boot(AbstractControllerService.java:308)
at
org.jboss.as.controller.AbstractControllerService$1.run(AbstractControllerService.java:271)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.IllegalArgumentException: Invalid logger interface
org.keycloak.subsystem.server.logging.KeycloakLogger (implementation not
found in sun.misc.Launcher$AppClassLoade
r@42a57993)
at org.jboss.logging.Logger$1.run(Logger.java:2254)
at java.security.AccessController.doPrivileged(Native Method)
at org.jboss.logging.Logger.getMessageLogger(Logger.java:2227)
at org.jboss.logging.Logger.getMessageLogger(Logger.java:2214)
at
org.keycloak.subsystem.server.logging.KeycloakLogger.<clinit>(KeycloakLogger.java:38)
at org.keycloak.subsystem.server.ex
9 years, 2 months
Multi-tenant REST api
by Vito Vessia
Hi all,
I have to create some multi-tenant rest apis secured by keycloak, following
the multi-tenant example provided by the keycloak documentation.
So, in the same way the example shows, I have some rest api like:
/rest/api1/name/{id}
and I wold like to let these api to be multi tenant using urls like this
one:
/tenant1/rest/api1/name/{id} or /tenant2/rest/api1/name/{id}
I am using Jersey as Jax-RS implementation and the AS is Wildfly 9.
My KeycloakConfigResolver derived implementation seems to work well,
because it receives the requests from KC and returns the
correct KeycloakDeployment instance, but the rest service is never called.
If I temporary disable the resolver and I define a fixed realm, everything
is ok calling the url without the tenant name part.
Please. do you have some idea?
Where do I can get a complete example?
--Vito
9 years, 2 months
FIPS compliant
by Bhanu Kiran
Team,
Please let us know if Keycloak is FIPS complained or how we can implement
FIPS in keycloak ?
Thanks
9 years, 2 months
