December 2015 - keycloak-user - Jboss List Archives

Re: [keycloak-user] [JBoss JIRA] (KEYCLOAK-2063) Not working link generated via REST API - Send an email-verification email to the user

by Andrej Prievalsky

Hi all, I tried to validate this issue on 1.7.0.Final, but I have question: After send two different REST-APIs: 1.) PUT http://172.31.32.216:8080/auth/admin/realms/universities/users/0ee34d46-6... and 2.) PUT http://172.31.32.216:8080/auth/admin/realms/universities/users/0ee34d46-6... with body ["VERIFY_EMAIL"] I got for both REST APIs email with Subject "Update Your Account" and link generated in email: http://172.31.32.216:8080/auth/realms/universities/login-actions/execute-... What is in different when I generate Verify Email via GUI when Subject is "Verify email" and link generated in email: http://172.31.32.216:8080/auth/realms/universities/login-actions/email-ve... Should it be so now correct or something was changed or something is incorrect on my side? Thanks. On Mon, Nov 30, 2015 at 1:18 PM, Stian Thorgersen (JIRA) <issues(a)jboss.org> wrote: > Stian Thorgersen > <https://issues.jboss.org/secure/ViewProfile.jspa?name=stianst> *updated* [image: > Bug] KEYCLOAK-2063 <https://issues.jboss.org/browse/KEYCLOAK-2063> > Keycloak <https://issues.jboss.org/browse/KEYCLOAK> / [image: Bug] > <https://issues.jboss.org/browse/KEYCLOAK-2063> KEYCLOAK-2063 > <https://issues.jboss.org/browse/KEYCLOAK-2063> Not working link > generated via REST API - Send an email-verification email to the user > <https://issues.jboss.org/browse/KEYCLOAK-2063> Change By: Stian > Thorgersen <https://issues.jboss.org/secure/ViewProfile.jspa?name=stianst> Status: > Pull Request Sent Resolved Resolution: Done [image: Add Comment] > <https://issues.jboss.org/browse/KEYCLOAK-2063#add-comment> Add Comment > <https://issues.jboss.org/browse/KEYCLOAK-2063#add-comment> This > message was sent by Atlassian JIRA (v6.4.11#64026-sha1:78f6ec4) [image: > Atlassian logo] >

10 years, 3 months

2
12
0 / 0

Cannot access the keycloak standalone server using the machine hostname

by Aritz Maeztu

I am launching keycloak 1.7.0.Final using the default configuration on a Windows 7 machine (standalone.bat). However, when I try to access it with some host name different than localhost (let's say http://myhostname.mycompany.com:8080/auth/ or http://192.168.0.155:8080/auth/), the server doesn't respond. This makes some client I have configured work properly when I login in my host machine but not when I am in another one, since I need to have http://localhost:8080/auth/ as "auth-server-url" in my client, but when performing redirection the url is not available obviously from a remote machine. That could sound a trivial question, but still I don't know how to solve it having looked the documentation up. Thanks in advance. -- Aritz Maeztu Otaño Departamento Desarrollo de Software <https://www.linkedin.com/profile/preview?vpa=pub&locale=es_ES> <http://www.tesicnor.com> Pol. Ind. Mocholi. C/Rio Elorz, Nave 13E 31110 Noain (Navarra) Telf.: 948 21 40 40 Fax.: 948 21 40 41 Antes de imprimir este e-mail piense bien si es necesario hacerlo: El medioambiente es cosa de todos.

10 years, 3 months

3
2
0 / 0

Issue during Import of Realm via startup in domain mode

by Andrej Prievalsky

My environment: keycloak-demo-1.7.0.Final running in domain mode with main server group: server-one and server-two OracleLinux 7 (Java version 1.8.0_45) machine connect with Oracle Database 12c Enterprise Edition Release 12.1.0.2.0 - 64bit Production With the Partitioning, OLAP, Advanced Analytics and Real Application Testing options and Oracle JDBC driver 11.2.0.3.0 After import Realm during keycloak startup in console: ./domain.sh -Dkeycloak.migration.action=import -Dkeycloak.migration.provider=singleFile -Dkeycloak.migration.file=/opt/keycloak-1.7.0.Final/export_demo.json I got only on server-two this ERROR, server-one is OK: *[Server:server-two] 14:25:30,037 ERROR [org.keycloak.exportimport.ExportImportManager] (ServerService Thread Pool -- 64) Error during export/import: org.keycloak.models.ModelException: javax.persistence.OptimisticLockException: Batch update returned unexpected row count from update [0]; actual row count: 0; expected: 1* *[Server:server-two] at org.keycloak.connections.jpa.PersistenceExceptionConverter.convert(PersistenceExceptionConverter.java:44)* *[Server:server-two] at org.keycloak.connections.jpa.PersistenceExceptionConverter.invoke(PersistenceExceptionConverter.java:34)* *[Server:server-two] at com.sun.proxy.$Proxy117.flush(Unknown Source)* *[Server:server-two] at org.keycloak.models.jpa.JpaRealmProvider.removeRealm(JpaRealmProvider.java:114)* *[Server:server-two] at org.keycloak.models.cache.infinispan.DefaultCacheRealmProvider.removeRealm(DefaultCacheRealmProvider.java:221)* *[Server:server-two] at org.keycloak.exportimport.util.ImportUtils.importRealm(ImportUtils.java:76)* *[Server:server-two] at org.keycloak.exportimport.util.ImportUtils.importRealms(ImportUtils.java:45)* *[Server:server-two] at org.keycloak.exportimport.singlefile.SingleFileImportProvider$1.runExportImportTask(SingleFileImportProvider.java:45)* *[Server:server-two] at org.keycloak.exportimport.util.ExportImportSessionTask.run(ExportImportSessionTask.java:18)* *[Server:server-two] at org.keycloak.models.utils.KeycloakModelUtils.runJobInTransaction(KeycloakModelUtils.java:264)* *[Server:server-two] at org.keycloak.exportimport.singlefile.SingleFileImportProvider.importModel(SingleFileImportProvider.java:41)* *[Server:server-two] at org.keycloak.exportimport.ExportImportManager.checkExportImport(ExportImportManager.java:67)* *[Server:server-two] at org.keycloak.services.resources.KeycloakApplication.<init>(KeycloakApplication.java:86)* *[Server:server-two] at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)* *[Server:server-two] at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)* *[Server:server-two] at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)* *[Server:server-two] at java.lang.reflect.Constructor.newInstance(Constructor.java:422)* *[Server:server-two] at org.jboss.resteasy.core.ConstructorInjectorImpl.construct(ConstructorInjectorImpl.java:148)* *[Server:server-two] at org.jboss.resteasy.spi.ResteasyProviderFactory.createProviderInstance(ResteasyProviderFactory.java:2211)* *[Server:server-two] at org.jboss.resteasy.spi.ResteasyDeployment.createApplication(ResteasyDeployment.java:295)* *[Server:server-two] at org.jboss.resteasy.spi.ResteasyDeployment.start(ResteasyDeployment.java:236)* *[Server:server-two] at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.init(ServletContainerDispatcher.java:112)* *[Server:server-two] at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.init(HttpServletDispatcher.java:36)* *[Server:server-two] at io.undertow.servlet.core.LifecyleInterceptorInvocation.proceed(LifecyleInterceptorInvocation.java:117)* *[Server:server-two] at org.wildfly.extension.undertow.security.RunAsLifecycleInterceptor.init(RunAsLifecycleInterceptor.java:78)* *[Server:server-two] at io.undertow.servlet.core.LifecyleInterceptorInvocation.proceed(LifecyleInterceptorInvocation.java:103)* *[Server:server-two] at io.undertow.servlet.core.ManagedServlet$DefaultInstanceStrategy.start(ManagedServlet.java:230)* *[Server:server-two] at io.undertow.servlet.core.ManagedServlet.createServlet(ManagedServlet.java:131)* *[Server:server-two] at io.undertow.servlet.core.DeploymentManagerImpl.start(DeploymentManagerImpl.java:511)* *[Server:server-two] at org.wildfly.extension.undertow.deployment.UndertowDeploymentService.startContext(UndertowDeploymentService.java:101)* *[Server:server-two] at org.wildfly.extension.undertow.deployment.UndertowDeploymentService$1.run(UndertowDeploymentService.java:82)* *[Server:server-two] at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)* *[Server:server-two] at java.util.concurrent.FutureTask.run(FutureTask.java:266)* *[Server:server-two] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)* *[Server:server-two] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)* *[Server:server-two] at java.lang.Thread.run(Thread.java:745)* *[Server:server-two] at org.jboss.threads.JBossThread.run(JBossThread.java:320)* *[Server:server-two] Caused by: javax.persistence.OptimisticLockException: Batch update returned unexpected row count from update [0]; actual row count: 0; expected: 1* *[Server:server-two] at org.hibernate.jpa.spi.AbstractEntityManagerImpl.wrapStaleStateException(AbstractEntityManagerImpl.java:1800)* *[Server:server-two] at org.hibernate.jpa.spi.AbstractEntityManagerImpl.convert(AbstractEntityManagerImpl.java:1705)* *[Server:server-two] at org.hibernate.jpa.spi.AbstractEntityManagerImpl.convert(AbstractEntityManagerImpl.java:1677)* *[Server:server-two] at org.hibernate.jpa.spi.AbstractEntityManagerImpl.convert(AbstractEntityManagerImpl.java:1683)* *[Server:server-two] at org.hibernate.jpa.spi.AbstractEntityManagerImpl.flush(AbstractEntityManagerImpl.java:1338)* *[Server:server-two] at sun.reflect.GeneratedMethodAccessor278.invoke(Unknown Source)* *[Server:server-two] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)* *[Server:server-two] at java.lang.reflect.Method.invoke(Method.java:497)* *[Server:server-two] at org.keycloak.connections.jpa.PersistenceExceptionConverter.invoke(PersistenceExceptionConverter.java:32)* *[Server:server-two] ... 35 more* *[Server:server-two] Caused by: org.hibernate.StaleStateException: Batch update returned unexpected row count from update [0]; actual row count: 0; expected: 1* *[Server:server-two] at org.hibernate.jdbc.Expectations$BasicExpectation.checkBatched(Expectations.java:81)* *[Server:server-two] at org.hibernate.jdbc.Expectations$BasicExpectation.verifyOutcome(Expectations.java:73)* *[Server:server-two] at org.hibernate.engine.jdbc.batch.internal.NonBatchingBatch.addToBatch(NonBatchingBatch.java:63)* *[Server:server-two] at org.hibernate.persister.entity.AbstractEntityPersister.delete(AbstractEntityPersister.java:3400)* *[Server:server-two] at org.hibernate.persister.entity.AbstractEntityPersister.delete(AbstractEntityPersister.java:3630)* *[Server:server-two] at org.hibernate.action.internal.EntityDeleteAction.execute(EntityDeleteAction.java:114)* *[Server:server-two] at org.hibernate.engine.spi.ActionQueue.executeActions(ActionQueue.java:465)* *[Server:server-two] at org.hibernate.engine.spi.ActionQueue.executeActions(ActionQueue.java:351)* *[Server:server-two] at org.hibernate.event.internal.AbstractFlushingEventListener.performExecutions(AbstractFlushingEventListener.java:350)* *[Server:server-two] at org.hibernate.event.internal.DefaultFlushEventListener.onFlush(DefaultFlushEventListener.java:56)* *[Server:server-two] at org.hibernate.internal.SessionImpl.flush(SessionImpl.java:1258)* *[Server:server-two] at org.hibernate.jpa.spi.AbstractEntityManagerImpl.flush(AbstractEntityManagerImpl.java:1335)* *[Server:server-two] ... 39 more*

10 years, 3 months

2
3
0 / 0

Use SMS for login/register

by ha.hamed＠gmail.com

I'm living in China for years now. Most of Chinese services here work with SMS for login (OTP) and registration. If you force them to fill form, you will lose most of your users. I'm wondering who I can add this capability to Keycloak. Regards,

10 years, 3 months

3
2
0 / 0

Problem running keycloak cluster on EC2 with S3_ping

by charles-edouard gagnaire

hi, I'm having trouble configuring a Keycloak cluster running on AWS' EC2. The database configuration is OK no problem, but i can't manage to get the invalidation cache working correctly. I configured Infinispan to work with S3_ping plugin (the relevant part of my configuration is below). When i run both server, the connection with the database is Ok, but the infinispan logs look like this : On Server 1 : ... 11:00:17,592 INFO [stdout] (MSC service thread 1-1) GMS: address=ip-10-1-7-103, cluster=ee, physical address=10.1.7.103:7600 ... 11:00:18,057 INFO [org.infinispan.remoting.transport.jgroups.JGroupsTransport] (ServerService Thread Pool -- 62) ISPN000094: Received new cluster view for channel keycloak: [ip-10-1-7-103|0] (1) [ip-10-1-7-103] ... On Server 2 : ... 11:03:41,159 INFO [stdout] (MSC service thread 1-1) GMS: address=ip-10-1-1-245, cluster=ee, physical address=10.1.1.245:7600 ... 11:03:41,783 INFO [org.infinispan.remoting.transport.jgroups.JGroupsTransport] (ServerService Thread Pool -- 62) ISPN000094: Received new cluster view for channel keycloak: [ip-10-1-1-245|0] (1) [ip-10-1-1-245] ... In my S3 bucket, i have 2 files created : 402ea329-c135-f1e9-2782-02768779e02f.ip-10-1-1-245.list a584321f-408b-b2ae-e2dd-d19333db96c4.ip-10-1-7-103.list And the content of the files is like this : File 1 : ip-10-1-1-245 402ea329-c135-f1e9-2782-02768779e02f 10.1.1.245:7600 T File 2 : ip-10-1-7-103 a584321f-408b-b2ae-e2dd-d19333db96c4 10.1.7.103:7600 T When i read the logs, it looks like the infinispan's cache can't contact each other. I double check my network config, and i tried connecting from one server to the other using nc (like this: nc -vvv 10.1.7.103 7600) and this works fine. Is there a way to check the infinispan status of the servers? Do you guys got any clue on how to make this works? Thank you, Charles-Edouard My config looks like this : - Standalone-ha.xml ... <datasources> <driver name="postgresql" module="org.postgresql"> <datasource-class>org.postgresql.Driver</datasource-class> <xa-datasource-class>org.postgresql.xa.PGXADataSource</xa-datasource-class> </driver> <datasource jndi-name="java:jboss/datasources/PgDskeycloak" pool-name="PgDskeycloak" enabled="true" use-java-context="true"> <connection-url>jdbc:postgresql://****:5432/keycloak?ApplicationName=keycloak</connection-url> <driver>postgresql</driver> <pool> <min-pool-size>5</min-pool-size> <initial-pool-size>5</initial-pool-size> <max-pool-size>100</max-pool-size> <prefill>true</prefill> </pool> <validation> <valid-connection-checker class-name="org.jboss.jca.adapters.jdbc.extensions.postgres.PostgreSQLValidConnectionChecker"></valid-connection-checker> <exception-sorter class-name="org.jboss.jca.adapters.jdbc.extensions.postgres.PostgreSQLExceptionSorter"></exception-sorter> </validation> <security> <user-name>****</user-name> <password>****</password> </security> </datasource> ... <stacks default="tcp"> <stack name="udp"> <transport type="UDP" socket-binding="jgroups-udp"/> <protocol type="PING"/> <protocol type="MERGE3"/> <protocol type="FD_SOCK" socket-binding="jgroups-udp-fd"/> <protocol type="FD_ALL"/> <protocol type="VERIFY_SUSPECT"/> <protocol type="pbcast.NAKACK2"/> <protocol type="UNICAST3"/> <protocol type="pbcast.STABLE"/> <protocol type="pbcast.GMS"/> <protocol type="UFC"/> <protocol type="MFC"/> <protocol type="FRAG2"/> <protocol type="RSVP"/> </stack> <stack name="tcp"> <transport type="TCP" socket-binding="jgroups-tcp"/> <protocol type="S3_PING" > <property name="location">****</property> <property name="access_key">****</property> <property name="secret_access_key">****</property> </protocol>  <protocol type="MERGE3"/> <protocol type="FD_SOCK" socket-binding="jgroups-tcp-fd"/> <protocol type="FD"/> <protocol type="VERIFY_SUSPECT"/> <protocol type="pbcast.NAKACK2"/> <protocol type="UNICAST3"/> <protocol type="pbcast.STABLE"/> <protocol type="pbcast.GMS"/> <protocol type="MFC"/> <protocol type="FRAG2"/> <protocol type="RSVP"/> </stack> ... <interfaces> <interface name="management"> <nic name="eth0"/> </interface> <interface name="public"> <nic name="eth0"/> </interface>  <interface name="unsecure">  <nic name="eth0"/> </interface> </interfaces> - keycloak-server.json { "providers": [ "classpath:${jboss.server.config.dir}/providers/*" ], "admin": { "realm": "master" }, "eventsStore": { "provider": "jpa", "jpa": { "exclude-events": [ "REFRESH_TOKEN" ] } }, "realm": { "provider": "jpa" }, "user": { "provider": "jpa" }, "userSessionPersister": { "provider": "jpa" }, "timer": { "provider": "basic" }, "theme": { "default": "keycloak", "staticMaxAge": 2592000, "cacheTemplates": true, "cacheThemes": true, "folder": { "dir": "${jboss.server.config.dir}/themes" } }, "scheduled": { "interval": 900 }, "connectionsHttpClient": { "default": { "disable-trust-manager": true } }, "connectionsJpa": { "default": { "dataSource": "java:jboss/datasources/PgDskeycloak", "databaseSchema": "update" } }, "connectionsInfinispan": { "default" : { "cacheContainer" : "java:jboss/infinispan/Keycloak" } } } CHARLES-EDOUARD GAGNAIRE SysAdmin c.gagnaire(a)kreactive.com p. 06.27.80.28.53LYON "Le Capitole" 97, cours Gambetta 69481 Lyon Cedex 03 PARIS 16, rue de Turbigo 75002 Paris [image: Kreactive] <http://www.kreactive.com/> [image: Facebook] <https://www.facebook.com/kreactive> [image: Twitter] <https://twitter.com/kreactive>

10 years, 3 months

5
11
0 / 0

Can't the the customer-portal tutorial running correctly

by Martin Min

Hello, I am new to keycloak and is having an issue to the the customer-portal tutorial running fully. After following all the instructions in the tutorial and running the customer-portal application, I received the following result: " Goto: products <http://localhost:8080/product-portal> | logout <http://localhost:8080/auth/realms/demo/protocol/openid-connect/logout?red...> | manage acct <http://localhost:8080/auth/realms/demo/account?referrer=customer-portal> *Caller IDToken values* (*You can specify what is returned in IDToken in the customer-portal claims page in the admin console*: Username: lingvisa Email: lingvisa(a)gmail.com Full Name: martin First: martin Customer ListingThere was a failure processing request. You either didn't configure Keycloak properly, or maybe you just forgot to secure the database service? Status from database service invocation was: 401 " My Json file in database-service application: { "realm": "demo", "realm-public-key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg3cFXIGDZzubQg+31kGsG6yYK+nsrkx4FB4BHnn9mCFjcan0LACZDt3rOqFuA2Z9J1sJsLACbrEZMgLoYl0XtnZyobs99lKrKJkSnwDi10ptQ24M1eYrqBs84VOv4t8xLLg34Em7033mPOXtEFVU0s1kcawZCD30vMwbYXyyOrK5peoLBoGeY9dUZLRPEJ/hrGZxkrWjNobd4Gkf5FTMdKAqTJtf/YqYsvBP5VrJT+yIuLBw8sq+cZKqBdAvb6nuOs6UEZpioEos9KWaTryxn0MYY1r75g9Udd0FSW+e+5Pm7+J+wDQVEkJ+tEXoiv9JADHc9BgHM6eqwzavpryPWwIDAQAB", "bearer-only": true, "ssl-required": "external", "resource": "database-service" } What might cause the 401 error message? Thank you. I am using the latest download "/keycloak-demo-1.7.0.Final" and admin console is a bit different from this in the tutorial. But there is no significant difference. In the keycloak console, I created the "database" client with only two fields filled: client protocol: openid-connect access type: barer-only Without any URLs used, as in customer-portal and product-portal. Thank you.

10 years, 3 months

2
1
0 / 0

Keycloak and HDFS?

by Johan Bos

Hi, I need to secure an access to HDFS (it comes with a REST API full access in a standalone webserver). The documentation on Hadoop is mainly providing security hint through Kerberos (kinit utility) using a Kerb Ticket-Granting-Ticket. Once the init is done, it is mapping a Kerberos Princip to an HDFS username. Can Keycloak take charge of this authentication part? Is there an example I can try? Still I did not make my way on understanding the current flow for this. Let say that I have App1 being J2EE app, secured with KeyCloak and as well as authenticating the user for this client, I would like at the same time, authenticate him to the HDFS (as a keycloak client in same realm or something else). What would be a good start through the example for this? Does anyone has a possible proposal and already make such things, probably trivial. -- Regards, Johan Bos

10 years, 3 months

1
0
0 / 0

Different theme for each client

by Helder dos S. Alves

Hi. I need to have a different theme for each of the clients of a realm. If a user came from one client, I have to show a keycloak page with the logo and skin of that client. Is it possible with Keycloak? How? Thanks in advance. Helder S. Alves

10 years, 3 months

5
11
0 / 0

New locale in login/registration pages

by Adrian Matei

Hi guys, Can you tell me how can I add a new locale, let's say Romanian ('ro') to the login/registration pages. In the admin console there is only support 'en', 'de', 'pt-BR', 'it', 'es', 'ca' (why is French not supported by default since all the translations seem to be there?) and if I look at the source code https://github.com/keycloak/keycloak/blob/master/forms/common-themes/src/... they are statically defined... Thanks Adrian

10 years, 3 months

2
1
0 / 0

out of box experiences and automation

by Dong Xie

Dear all, I wonder how do I work around needing to browse the web page and login with admin + admin to change the password? We are deploying keycloak in an automated flow thus no human interaction is expected. Thanks very much for your help! Best, Dong Sent from Mail for Windows 10

10 years, 3 months

4
16
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

keycloak-user December 2015