October 2015 - keycloak-user - Jboss List Archives

by Hristo Stoyanov

Hi all, has anyone seen a situation where this KC declaration in a WEB.XML: <security-constraint> <web-resource-collection> <web-resource-name>Login</web-resource-name> <url-pattern>/app-login</url-pattern> </web-resource-collection> <auth-constraint> <role-name>*</role-name> </auth-constraint> </security-constraint> will suppress any filters with the same usrl-pattern and under what circumstances could this happen: <filter-mapping> <filter-name>ErraiLoginRedirectFilter</filter-name> <url-pattern>/app-login</url-pattern> </filter-mapping> You can see the full details of my issue in this thread: https://developer.jboss.org/message/941862#941862

9 years, 2 months

2
1
0 / 0

Help on admin console

by Mai Zi

Hi, There, Is there a doc to introduce the admin console ? Even there are some tips which can be shown on the UI, it is not helpful enough for me , a newbie , to know what I should do for each item. T.I.A. Mai

9 years, 2 months

2
1
0 / 0

Connecting to ADFS via SAML2.0

by Akanksha Mishra

Hi, I am trying to add Microsoft ADFS as an external identity provider but I am not able to import the metadata files on both Keycloak and ADFS side. The fields remain unfilled when I try to import ADFS metadata file on Keycloak. Also, I get a format validation error while I try to import Keycloak metadata file on ADFS. Please suggest. Regards, Akanksha

9 years, 2 months

1
0
0 / 0

gateway hangs forever on bad requests

by Tim Dudgeon

I've noticed that requests to the apiman gateway for an invalid organisation or service etc. hang forever. e.g. a request to https://localhost:8443/apiman-gateway/OrganisationThatDoesntExist/service... Shouldn't this return a 404 error (or some other error) immediately? Tim

9 years, 2 months

1
1
0 / 0

How to deploy the "customer-app-js" app in a tomcat ?

by Mai Zi

Hi, There, I am trying to understand the public client app and manage to deploy the "customer-app-js" into a tomcat server and keep the keycloak 1.5 demo server as is. Is there anyone kindly to tell me what I should modify on the original "customer-app-js" to make it work. Thanks a million. Mai

9 years, 2 months

1
0
0 / 0

Re: [keycloak-user] retrieving custom user attributes

by Arjan Lamers

Hi, Well, as far as I can see, the unmarshalled AccessToken does not contain any custom attributes. I would expect something like a Map<String,Object> where you can access additional attributes. Just to be clear: the custom attribute I configured does appear in the JWT token, I am simply searching for an easy way to access them from Java. There is an 'otherClaims' in the JsonWebToken, should they appear there? (They don't). Kind regards, Arjan Lamers > > What do you want for an interface? KeycloakSecurityContext has the > unmarshalled IDToken and AccessToken. > > KeycloakPrincipal.getKeycloakSecurityContext().getToken() > > On 9/30/2015 11:12 AM, Arjan Lamers wrote: > > Hi, > > > > I am trying to find an easy way to access custom attributes as defined > > for a client. For a Keycloak client, I?ve defined a new Mapper for a > > /user attribute/ to store some additional authorisation data. This then > > is managed by some user domain that uses the keycloak-admin-client to > > write that property. > > > > The problem arises when I want to access that property in an JEE > > application.The way I do it right now to use the KeycloakPrincipal found > > in the javax.ejb.SessionContext. From there, I get the JWT token as a > > String, deserialize the JSON and access the custom attribute from there. > > This feels like a very roundabout way to get to the token but somehow I > > am not able to find an easier way. Is it a missing feature or is it > > simply too close to the weekend for me ;)? > >

9 years, 2 months

2
2
0 / 0

Best practice for database access in a keycloak custom provider?

by Valerij Timofeev

Hi, in order to import users having encrypted passwords from existing user storage I'm implementing user federation provider based on the keycloak example *keycloak-examples-1.5.0.Final/providers/federation-provider* *.* Additionally I considered hints provided by Scott Rossillo in the keycloak-user Digest, Vol 22, Issue 18 Above example works properly when retrieving users from a properties file. The next step in the implementation would be access to the database where users data is stored. *My question: *What would be the best practice for accessing database from a custom keycloak provider? Something like this? // KeycloakSession session.getProvider(JpaConnectionProvider.class, "myTS") .getEntityManager() .createQuery("SELECT... ? *keycloak-server.json:"connectionsJpa": { "default": { "dataSource": "java:jboss/datasources/KeycloakDS", "databaseSchema": "update" },* *"myTS": { "dataSource": "java:jboss/datasources/myTsDS" } }*Thank you, Valerij Timofeev Software Engineer Trusted Shops GmbH

9 years, 2 months

4
7
0 / 0

Keycloak 1.5 Compilation Error in windows

by Chen Keong Yap

Hi Guys, I was compiling the source codes using mvn clean install -Pdistribution but getting the following errors. Can advise? [INFO] Feature Pack Builds ................................ SUCCESS [ 0.014 s] [INFO] Keycloak Feature Pack: Server ...................... FAILURE [ 0.553 s] [INFO] Keycloak Server Distribution ....................... SKIPPED [INFO] Keycloak Server Overlay Distribution ............... SKIPPED [INFO] Keycloak Examples Distribution ..................... SKIPPED [INFO] Keycloak Docs Distribution ......................... SKIPPED [INFO] Keycloak Demo Distribution ......................... SKIPPED [INFO] Proxy Distro ....................................... SKIPPED [INFO] Keycloak EAP 6 Server Modules ...................... SKIPPED [INFO] Keycloak Server Overlay EAP 6 Distribution ......... SKIPPED [INFO] Keycloak Server Overlay EAP 6 ...................... SKIPPED [INFO] Keycloak Server Overlay Parent ..................... SKIPPED [INFO] Keycloak Source Distribution ....................... SKIPPED [INFO] Keycloak Feature Pack: Adapter ..................... SKIPPED [INFO] ------------------------------------------------------------------------ [INFO] BUILD FAILURE [INFO] ------------------------------------------------------------------------ [INFO] Total time: 02:12 min [INFO] Finished at: 2015-10-08T16:21:56+08:00 [INFO] Final Memory: 310M/900M [INFO] ------------------------------------------------------------------------ [ERROR] Failed to execute goal org.wildfly.build:wildfly-feature-pack-build-maven-plugin:1.0.0.Final:build (feature-pack-build) on project keycloak-server-feature-pack: Execution featur e-pack-build of goal org.wildfly.build:wildfly-feature-pack-build-maven-plugin:1.0.0.Final:build failed: java.lang.RuntimeException: java.lang.RuntimeException: Failed to create feature pack from org.wildfly:wildfly-feature-pack:9.0.1.Final: error in opening zip file -> [Help 1] [ERROR] [ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch. [ERROR] Re-run Maven using the -X switch to enable full debug logging. [ERROR] [ERROR] For more information about the errors and possible solutions, please read the following articles: [ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/PluginExecutionException [ERROR] [ERROR] After correcting the problems, you can resume the build with the command [ERROR] mvn <goals> -rf :keycloak-server-feature-pack --

9 years, 2 months

2
4
0 / 0

/protocol/openid-connect/userinfo

by Remi Cartier

Hey guys, I created a token with /protocol/openid-connect/token and got a JWT token back. Now I am trying to get the username of the logged user from the token via /userinfo. I get the 403 error code. When I was doing that request with the admin user, it worked. I am wondering if I have to set some roles to every user that want to be able to get back their info via /userinfo public User getUserFromToken(String iToken) { HttpClient httpClient = buildHttpClient(); HttpGet httpGet = new HttpGet(getKeycloakServerURL() + "/realms/" + getKeycloakRealm() + "/protocol/openid-connect/userinfo"); httpGet.addHeader("Authorization", "Bearer " + iToken); try { HttpResponse httpResponse = httpClient.execute(httpGet); if (httpResponse.getStatusLine().getStatusCode() != HttpStatus.SC_OK) { throw new IllegalStateException(httpGet.toString() + " returned " + httpResponse.getStatusLine().toString()); } String json = IOUtils.toString(httpResponse.getEntity().getContent()); UserInfo userInfo = JsonSerialization.readValue(json, UserInfo.class); return getUser(userInfo.getName(), getKeycloakRealm()); } catch (IOException e) { throw new IllegalStateException(e); } } java.lang.IllegalStateException: GET http://m4ib-idm:8080/auth/realms/imetrik/protocol/openid-connect/userinfo HTTP/1.1 returned HTTP/1.1 403 Forbidden anything I am missing ? cheers ! ________________________________ REMI CARTIER B.O.S.S. (Business & Operation Support Systems) P.O (Product Owner) IMETRIK GLOBAL INC. T : +1 514 448-6407 x2009 T : +1 866 276-5382 (toll free) F : +1 514 904-0611 740 Notre Dame St. West, Suite 1575 Montreal, Quebec, Canada H3C 3X6 imetrik.com<http://www.imetrik.com/>

9 years, 2 months

1
1
0 / 0

Unable to access admin API (Get Identity Provider Instance)

by robinfernandes .

Hi All, I was trying to call this API *GET /admin/realms/{realm}/identity-provider/instances/{alias} *and all I see in the error message is "Bearer". Can someone point me to what credentials I need to use to get the token in order to be able to access this API? Also any tests written for this API would also help. Am i missing something very obvious? Thanks, Robin

9 years, 2 months

2
1
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

keycloak-user October 2015