Re: [keycloak-user] Forgot password flow + TOTP
by Johan Heylen
Bill,
I've indeed managed to get it working, when using the forget password
functionality you now have to enter your OTP key first before being able to
choose a new password.
See screenshot
Tnx,
Johan Heylen
DNS Belgium
8 years, 5 months
Re: [keycloak-user] Forgot password flow + TOTP
by Johan Heylen
Tnx Bill,
I've attached two screenshots of my current settings.
We haven't done any custom flows (yet) just, only some changes from
optional to disabled or required in existings out of the box flows, which
worked as expected.
To be able to do the customization I need, should I add the 'OTP Form' used
in browser flow to the last part of the reset credential flow? Do I need to
add the Forms element as well?
You think that's possible in keycloak 1.6 or do I need to create a ticket?
Johan
8 years, 5 months
Hybrid flow
by David Hay
Hi,
Newbie here...
We're needing to secure an AngularJS application hitting our REST API (and
supporting customers hitting it directly).
I believe in this situation we need to utilize the Hybrid flow as there is
no way to secure the secret in AngularJS.
Does Keycloak support this?
Thanks!
8 years, 5 months
Custom Login
by Ataraxus
Hello,
I need to build a custom login where the user inputs more than username
and pw. Also I need the pw checked against a custom service. Is this
possible with keycloak?
My first attempt was to modify the
"org.keycloak.examples.authenticator.SecretQuestionAuthenticator" but
then i realised i need an already loggedin user, which i then
authenticate with an additional step.
8 years, 5 months
Keycloak WildFly9 Adapter ClassNotFoundException for org.keycloak.adapters.spi.HttpFacade
by alex orl
hi to all,i'm facing up to a class loading issue after i migrated from keycloak 1.5.0 final to keycloak 1.6.1 final.My application server is jboss WF9.Specifically i developed my multitenant module following your example.On Keycloak 1.5.0 adapter i saw that interface
org.keycloak.adapters.spi.HttpFacade
was in the keycloak-adapter-core dependency while in the 1.6.1 it was moved into keycloak-adapter-spi.
I've referenced these depencencies as provided scoped in my project pom (as showed in the example too):
<dependency> <groupId>org.keycloak</groupId> <artifactId>keycloak-adapter-core</artifactId> <version>1.6.1.Final</version> <scope>provided</scope> </dependency> <dependency> <groupId>org.keycloak</groupId> <artifactId>keycloak-adapter-spi</artifactId> <version>1.6.1.Final</version> <scope>provided</scope> </dependency>
I have installed the wf9 adapter adding:<extensions> <extension module="org.keycloak.keycloak-adapter-subsystem"/> ...</extensions>... <profile> <subsystem xmlns="urn:jboss:domain:keycloak:1.1"/> ...</profile>
and
<server xmlns="urn:jboss:domain:1.4"> <subsystem xmlns="urn:jboss:domain:security:1.2"> <security-domains> ... <security-domain name="keycloak"> <authentication> <login-module code="org.keycloak.adapters.jboss.KeycloakLoginModule" flag="required"/> </authentication> </security-domain></security-domains>
and eventually by copying the modules folder into the wf9 modules directory.When i deploy my
org.keycloak.adapters.KeycloakConfigResolver
implementation i get this error:
...]13:02:55,997 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-6) MSC000001: Failed to start service jboss.deployment.unit."myapp.war".POST_MODULE: org.jboss.msc.service.StartException in service jboss.deployment.unit."myapp.war".POST_MODULE: WFLYSRV0153: Failed to process phase POST_MODULE of deployment "myapp.war" at org.jboss.as.server.deployment.DeploymentUnitPhaseService.start(DeploymentUnitPhaseService.java:163) at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1948) at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1881) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745)Caused by: java.lang.RuntimeException: WFLYSRV0177: Error getting reflective information for class multitenancy.keycloak.PathBasedKeycloakConfigResolver with ClassLoader ModuleClassLoader for Module "deployment.myapp.war:main" from Service Module Loader at org.jboss.as.server.deployment.reflect.DeploymentReflectionIndex.getClassIndex(DeploymentReflectionIndex.java:70) at org.jboss.as.ee.metadata.MethodAnnotationAggregator.runtimeAnnotationInformation(MethodAnnotationAggregator.java:57) at org.jboss.as.ee.component.deployers.InterceptorAnnotationProcessor.handleAnnotations(InterceptorAnnotationProcessor.java:107) at org.jboss.as.ee.component.deployers.InterceptorAnnotationProcessor.processComponentConfig(InterceptorAnnotationProcessor.java:92) at org.jboss.as.ee.component.deployers.InterceptorAnnotationProcessor.deploy(InterceptorAnnotationProcessor.java:77) at org.jboss.as.server.deployment.DeploymentUnitPhaseService.start(DeploymentUnitPhaseService.java:156) ... 5 moreCaused by: java.lang.NoClassDefFoundError: org/keycloak/adapters/spi/HttpFacade$Request at java.lang.Class.getDeclaredMethods0(Native Method) at java.lang.Class.privateGetDeclaredMethods(Class.java:2701) at java.lang.Class.getDeclaredMethods(Class.java:1975) at org.jboss.as.server.deployment.reflect.ClassReflectionIndex.<init>(ClassReflectionIndex.java:65) at org.jboss.as.server.deployment.reflect.DeploymentReflectionIndex.getClassIndex(DeploymentReflectionIndex.java:66) ... 10 moreCaused by: java.lang.ClassNotFoundException: org.keycloak.adapters.spi.HttpFacade$Request from [Module "deployment.myapp.war:main" from Service Module Loader] at org.jboss.modules.ModuleClassLoader.findClass(ModuleClassLoader.java:205) at org.jboss.modules.ConcurrentClassLoader.performLoadClassUnchecked(ConcurrentClassLoader.java:455) at org.jboss.modules.ConcurrentClassLoader.performLoadClassChecked(ConcurrentClassLoader.java:404) at org.jboss.modules.ConcurrentClassLoader.performLoadClass(ConcurrentClassLoader.java:385) at org.jboss.modules.ConcurrentClassLoader.loadClass(ConcurrentClassLoader.java:130) ... 15 more
Why the keycloak-adapter-spi-1.6.1.Final.jar is not loaded by keycloak-adapter-spi module?
If i decide to include the jar inside the myapp.war archive...after deployment i get a Linkage exception error.What am i doing wrong?
thanks
8 years, 5 months
Issue (500 Internal Server Error) with "Update the events provider" via Admin REST API
by Andrej Prievalsky
I report an issue with "Update the events provider
<http://keycloak.github.io/docs/rest-api/index.html#_update_the_client>"
via Admin REST API.
I want add Event Listeners: email. via
PUT http://<URL>:<PORT>/auth/admin/realms/universities/events/config
with body {"eventsListeners":[ "email" ]}
*But I got* Status Code: 500 Internal Server Error
*2015-11-13 15:06:53,182 ERROR [io.undertow.request] (default task-11)
UT005023: Exception handling request to
/auth/admin/realms/universities/events/config: java.lang.RuntimeException:
request path: /auth/admin/realms/universities/events/config*
* at
org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:75)*
* at
io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)*
* at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132)*
* at
io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:85)*
* at
io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)*
* at
io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)*
* at
org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)*
* at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)*
* at
io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)*
* at
io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)*
* at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)*
* at
io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)*
* at
io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)*
* at
io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58)*
* at
io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:72)*
* at
io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)*
* at
io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76)*
* at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)*
* at
org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)*
* at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)*
* at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)*
* at
io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:282)*
* at
io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:261)*
* at
io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:80)*
* at
io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:172)*
* at
io.undertow.server.Connectors.executeRootHandler(Connectors.java:199)*
* at
io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:774)*
* at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)*
* at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)*
* at java.lang.Thread.run(Thread.java:745)*
*Caused by: org.jboss.resteasy.spi.UnhandledException:
java.lang.NullPointerException*
* at
org.jboss.resteasy.core.ExceptionHandler.handleApplicationException(ExceptionHandler.java:76)*
* at
org.jboss.resteasy.core.ExceptionHandler.handleException(ExceptionHandler.java:212)*
* at
org.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:149)*
* at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)*
* at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)*
* at
org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)*
* at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)*
* at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)*
* at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)*
* at
io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:86)*
* at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:130)*
* at
org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:61)*
* ... 29 more*
*Caused by: java.lang.NullPointerException*
* at
org.keycloak.services.managers.RealmManager.updateRealmEventsConfig(RealmManager.java:225)*
* at
org.keycloak.services.resources.admin.RealmAdminResource.updateRealmEventsConfig(RealmAdminResource.java:397)*
* at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)*
* at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)*
* at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)*
* at java.lang.reflect.Method.invoke(Method.java:606)*
* at
org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:137)*
* at
org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:296)*
* at
org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:250)*
* at
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:140)*
* at
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:109)*
* at
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:135)*
* at
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:103)*
* at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:356)*
* ... 37 more*
8 years, 5 months
Keycloak saml authentication and authorization
by Jukka Sirviö
Hello all,
Is there any examples on how to get Keycloak SAML authorization up and running?
Keycloak SAML authentication is already up and running across two distinct web applications. My SAML authentication already includes a couple of user properties and attributes, but I'm not able to find any info about what is the right and correct way to establish authorization with keycloak saml, saml metadata perhaps?
Could you please point me to right direction? SAML authorization examples would be great, or is "picketlink-federation -saml-sp-with-metadata" example all that I need to know?
Reason for above question is that I want to get rid of our own web-application specific authorization mechanism!
Yes, and the answer to your follow-up question is, that our environment is wf 9.0.1 :) ==> wf saml adapter is in use..
Yours:
Jukka
________________________________
Tämä sähköpostiviesti (liitteineen) saattaa sisältää luottamuksellista tietoa, joka on tarkoitettu
vain vastaanottajalleen. Jos et ole oikea vastaanottaja, ilmoita viestin lähettäjälle tapahtuneesta
virheestä ja tuhoa viesti välittömästi. Viestin luvaton julkaiseminen, kopioiminen, jakelu tai muu
käyttö tai toimenpiteisiin ryhtyminen sen perusteella on ehdottomasti kielletty.
This message (including any attachments) may contain confidential information intended for
the person or entity to which it is addressed. If you are not the intended recipient, notify the
sender and delete this message immediately. Notice that disclosing, copying, distributing or any
other use of the message and its information, or taking any action based on it, is strictly prohibited.
________________________________
8 years, 5 months
(no subject)
by Frank van Veen
Hello,
I am trying to set-up a user federation. My project involves an external database.
Currently no user data has to be imported from the external database. Changes in keycloak need to be exported to the external database. We don't want to validate logins against the external database.
Could someone explain to me how to validate a user login against the keycloak database? This would be while using the "validCredentials(RealmModel realm, UserModel user, List<UserCredentialModel> input)" method.
Thanks in advance.
Sincerely,
Frank van Veen
8 years, 5 months
Accessing RelayState in login.ftl?
by Jeff Macomber
Hi,
Is it possible to access the Saml RelayState information in the login.ftl?
I would like to pass forward information to allow pre-filling fields in
login.ftl (I have customized the login to add more than just user/pass).
Since SAML is redirect based query parameters will not work and it seems
RelayState might be the correct approach here but i cant figure out how i
would get at it in the login.ftl. IF RelayState is not the correct
mechanism is there another approach for passing info from the client to the
login form?
Thanks
Jeff
8 years, 5 months
