That's exactly what I was asking two hours ago. I've found a temporary workaround:
In the keycloak services module I patched the method loginBase in Urls.java to replace hostname. I added a nullcheck and used an Uribuilder to keep everything else as is, otherwise it failed to reset password. I built the module with maven and replaced just the keycloak-services jar on my server. Maybe this causes issues somewhere else, I don't know...
-------- Ursprüngliche Nachricht --------
Von: Fabio Monteiro <fmrage(a)hotmail.com>
Datum:21.10.2015 18:57 (GMT+01:00)
Betreff: [keycloak-user] Changing url in reset-password emails
We use keycloak API rest to send email password reset to users. But we would need to change the host part of the url used in the email link presented to users in the email sent to them.
Is there an easy way to do so, you guys know??
This is quite critical right now for our app so any help would be MUCH appreciated. THANKS A LOT
We're pleased to announce the release of Keycloak 1.6.0.Final.
- *SAML SP* - in the past we only had client libraries for OpenID
Connect, now we also have client libraries for SAML
- *Offline Tokens* - if your applications need long term access outside
of the users session you should take a look at the new offline tokens
support we've added
- *Client Registration* - we introduced a new rest api that can be used
to automate the registration of clients, this includes a java client
library. This feature will be further polished in a future release,
including documentation and examples
- *Import Clients in Admin Console* - it's now possible to import
clients through the admin console using the Keycloak JSON client
representation or OpenID Connect descriptions
- *Added Root URL to Clients* - we've added a root url to clients. For
clients that have a root url defined you can use relative urls for redirect
uris and other urls
- *Internationalization support in Admin Console* - we've added support
for internationalization of the Admin Console. Around half the pages now
support translation and the rest will be added in the next release
For the full list of issues resolved check out JIRA
to download the release go to the Keycloak homepage
I'm trying to integrate keycloak in a federation of indentities
(shibolleth) using the SAMLv2 Identity Provider. The problem is that the
federation count something like 100 Identity Providers and I'm afraid of
the L&F of the GUI as for now, adding 3 of them is creating a button for
each. Is there is a limit or something that creates a drop down menu ?
(like this list https://discovery.renater.fr/renater)
The goal for me is to create a kind of parser for this idps list :
in order to parse this list and maintain my IDPs in keycloak up to date.
Another question is : is each client in keycloak has to be declared as a
Service Provider or only the keycloak server ?
If you have any feedback for shibolleth federation integration using
keycloak I'll be very glad to share them.
Thanks a lot, Best Regards, Jérôme.
I am using Keycloak1.5.0 to secure my application. I want to perform login
using a rest api. I was able to see that they are two parameters that are
sent in the call and wanted to know how i will be able to achieve this
functionality using a rest api.
I'm having issues migrating my application from keycloak 1.2.1.Final to
I already had working code that enables us to create users and assign
role mappings to those users via the REST api. However, whiles testing
the application for migrating to 1.5.1, I get a 404 when application
attempts to add rolemappings to users via the REST api. The REST
invocation to create the user actually works, its the subsequent
invocation to add role-mappings that fails with the 404.
Do you have any idea what has changed?
I have an environment with an AngularJS app client, which authenticates
user and keeps its data, and a server app that receive some requests for
For some webservices I need, on the server side, to translate the token
into the user information. For that I use the url:
with the Authorization token.
The problem is that the server is behind a load balance and access keycloak
thru port 8080. While AngularJS access the same server thru port 80.
Keycloak complains that the Token was issued from a different url than I'm
querying on the server side. Forcing me to use the same hostname and port
on the server and on the client.
Is that correct? How will I deploy on a distribuited environment?
ps. I'm using my own HTTP client to make that request to userinfo.
ps2. I have added "auth-server-url-for-backend-requests" however I don't
see any difference.
Professional profile: www.linkedin.com/in/rafaelcoutinho
It looks like Wildfly 10 changes a method interface in undertow and the keycloak is still linking against the old method. Going across a redirect, I get this exception:
Looking at this commit:
the parameters changed type (from Pooled<ByteBuffer> to PooledByteBuffer).
This is called from here:
I'm guessing the call on 112 needs to make the new object type?
Should I file a bug in the JIRA?
Some previous posts discuss about the error you get when you use the Admin
Client in Jackson2 environments.
The current solution seems to be
1. Revert to Jackson 1 by specifying it in the jboss deployment xml
2. Use the Admin REST API directly.
Option 1 is possible if your application does not depend on any jackson2
feature (which is not the case for me and I suspect many others as well)
So we end using using the Admin REST API directly which is a shame as the
AdminClient looks a more elegant option that we can use out of the box.
There also seems to be a Jira issue present for this
Any idea if this will get resolved anytime in the near future.
I already had <module name="javax.api”/> in my module.xml
I did find a workaround that I do not like and I am hoping that you can help me do it right
Ok so I first set jaxp debug to true,
and I was getting the following error
JAXP: using thread context class loader (ModuleClassLoader for Module "deployment.keycloak-server.war:main" from Service Module Loader) for search
11:03:40,517 ERROR [stderr] (default task-2) JAXP: Looking up system property 'javax.xml.xpath.XPathFactory:http://java.sun.com/jaxp/xpath/dom' <http://java.sun.com/jaxp/xpath/dom'>
11:03:40,517 ERROR [stderr] (default task-2) JAXP: The value is '__redirected.__XPathFactory'
11:03:40,517 ERROR [stderr] (default task-2) JAXP: createInstance(__redirected.__XPathFactory)
11:03:40,518 ERROR [stderr] (default task-2) JAXP: loaded __redirected.__XPathFactory from jar:file:/Users/Carmen/software/keycloak-demo-1.5.0.Final/keycloak/jboss-modules.jar!/__redirected/__XPathFactory.class
11:03:40,518 ERROR [stderr] (default task-2) JAXP: could not instantiate __redirected.__XPathFactory
11:03:40,519 ERROR [stderr] (default task-2) java.lang.ClassCastException: __redirected.__XPathFactory cannot be cast to javax.xml.xpath.XPathFactory
11:03:40,519 ERROR [stderr] (default task-2) at javax.xml.xpath.XPathFactoryFinder.createInstance(XPathFactoryFinder.java:306)
11:03:40,519 ERROR [stderr] (default task-2) at javax.xml.xpath.XPathFactoryFinder._newFactory(XPathFactoryFinder.java:184)
11:03:40,519 ERROR [stderr] (default task-2) at javax.xml.xpath.XPathFactoryFinder.newFactory(XPathFactoryFinder.java:157)
So it looked like there was a class loader issue and the ClassCast was not working.
I did not know how to fix that, so I went ahead and I changed the property javax.xml.xpath.XPathFactory:http://java.sun.com/jaxp/xpath/dom <http://java.sun.com/jaxp/xpath/dom> back to the default, to override looking for __redirected.__XPathFactory
The default implementation is a com.sun….. class that lives in rt.jar and when I tried that I was getting a ClassNotFound, so I went ahead, added Xalan to my module and changed the property to use the Xalan class: org.apache.path.jaxp.XPathFactoryImpl
I had that same issue with another class that was also overriden with a __redirected class (DocumentBuilderFactory), and once I set the default value to the default implementation, the implementation cannot be loaded because it is in rt.jar. I went around that by adding crimsom to my module.
So it looks like even though there is a dependency defined of java.api, those jars (at least for xml) do not contain implementations, just the interfaces, and the actual providers are in rt.jar and I get an error trying to load them.
So I really do not like what I have done. There’s got to be a way to be able to use the implementations in rt.jar, right?