February 2015 - keycloak-user - Jboss List Archives

by Juraci Paixão Kröhling

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 All, In our project, we plan to have a distribution where we ship our application with a Wildfly bundled, a la Keycloak Appliance. My main concern is shipping our distribution with a default pair of realm keys or with a pre-filled database. I know it's possible to import a realm on the first boot and KC will generate the required keys if they are missing from the imported JSON template, but as we are shipping our own WAR, we would need to get the public key into our application's keycloak.json (or subsystem) before it gets deployed. I wonder if this is a common situation and what would be the best practices for such case. I think Stian mentioned before that a future version of KC would allow auto registration of applications, but until that is available, I'd be interested in hearing your experiences about it. Another situation is for a contributor of the project or for users who would want to build from the source: what would be the best practice for generating new keys at each build? If there's no easy solution for that now, I'd be interested in building a "keycloak-cli" utility that would generate realm and application JSON files, possibly with a Maven plugin wrapper to make it easier to consume from maven projects. Would something like that be interesting for the project? Best, Juca. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJUz20DAAoJEDnJtskdmzLMbUYH/A0bclPFHI5FhL85lAXUrJ+a DT0PLdm9nMSzCJS23Auey4XSfk3YMxaGqve0yiEAstkfkro4AsPsvmQz1H/zyyUX csZduMlo8zzXox1n0uK8Mz95dnikSMD4MzAqXM3g8l3a7ORiw25Gg51REBMOJPUL YzX0qRQlEq+MDCJw/L0G5KUZWqmrCYy5GpJ8e3wibK/MzPg/vhs7KLgxr0jh8Eee gjlG/H4K37crDZrRE2ILGi7xV6GZYTw6AKgm03QFqt0/9HluJFcU9vPUs4JWMKfu O7Nf4qQ7OJWnVijepQ1Jdcg7uRnX1a019v0kbIZT3g6YSoYT6nCRow9kCEQ0DGo= =wYHW -----END PGP SIGNATURE-----

9 years, 3 months

5
9
0 / 0

Unable to access Administration console on first run, due to https required

by Marcel Koster

Good morning, I am trying to deploy the keycloak standalone server, but I cannot access the Administration console as specified in the tutorial on our external linux server that we use as a development environment. We have no certificate for that server and no need for ssl, because it is used for development only. I can run the server on my localhost just fine and access the Administration console. How can I disable the ssl check on the standalone keycloak server? Greetings, Marcel Koster [image: Tizin] 0642044604 *Peizerstate* <http://www.twitter.com/TizinMobile> koster(a)tizin.nl Peizerweg 87A www.tizin.nl 9727AH Groningen

9 years, 3 months

2
1
0 / 0

Long Ugly Urls

by Dean Peterson

It seems keycloak concatenates a few request parameters to every request. Is there a way to prevent keycloak from making my urls long and ugly? Ex. http://trade.abecorn.com/?redirect_fragment=%2F&code=1sUsCF6MdwpWCiNiSqT1... It should just be: http://trade.abecorn.com/#/trade/54d0623ca8095b56971408ce

9 years, 3 months

2
1
0 / 0

authenticate EJB remote clients

by Brett Meyer

http://docs.jboss.org/keycloak/docs/1.1.0.Final/userguide/html/ch08.html#... I'm probably mis-reading that chapter, but is it implying that Keycloak can handle authenticating EJB *remote* clients? I haven't had success, so far, even after setting up the security-domain in standalone.xml and referencing it with @SecurityDomain. Even with concepts from https://github.com/wildfly/quickstart/tree/master/ejb-security, I continue to receive "Invalid user". Is that a use case that's supported, or am I misunderstanding? Thanks!

9 years, 3 months

2
1
0 / 0

OAuth grant page

by Dmytro Stropalov

Hello! I want to use Keycloak for SSO and IDM mainly for a services/applications in the intranet. But I have a strong requirement to work only via OAuth protocol. So, is there any possibility to skip or disable OAuth grant page on user login, because it's not really necessary in my case? Thank you! All the best, Dmitry

9 years, 3 months

2
1
0 / 0

Upgrading from 1.0.4 to 1.1.0: Role(s) not found

by Dimitris Keramidas

Hello, I am currently deploying Keycloak version 1.0.4 as a war, in a WildFly app-server. I am using oracle 11g as the database for the datatore and schema. I've followed the relevant guide to install version 1.1.0, and the schema seemed to be upgraded normally. However, I found two problems: 1. The war distribution bundle, does not contain the themes that need to be placed in wildfly's configuration directory. I downloaded the appliance bundle and used those, instead. 2. After logging into the administration console, I could see the list of roles I created for my realms, but could not access/edit any. I am only getting a "Error! Not found" message. Furthermore, If I try to assign a new role to a user, the "available roles" list is empty. Please note though, that users that already have roles assigned to them, work/log in properly. Any help would be appreciated.

9 years, 3 months

2
1
0 / 0

Rest endpoint and AngularJS client

by Mohan.Radhakrishnan＠cognizant.com

Hi, This is my first post. We have a large HealthCare domain Rest application with an AngularJS client. We may require role-based access control of HTML views. We can consult LDAP to get these. But due to some internal reasons we are not going to use OAuth now. It may be a future enhancement. Are these types of HTML5/JS applications still protected effectively based on roles ? I wanted to know before I start reading more about Keycloak because OAuth is not used now. Thanks, Mohan This e-mail and any files transmitted with it are for the sole use of the intended recipient(s) and may contain confidential and privileged information. If you are not the intended recipient(s), please reply to the sender and destroy all copies of the original message. Any unauthorized review, use, disclosure, dissemination, forwarding, printing or copying of this email, and/or any action taken in reliance on the contents of this e-mail is strictly prohibited and may be unlawful. Where permitted by applicable law, this e-mail and other e-mail communications sent to and from Cognizant e-mail addresses may be monitored.

9 years, 3 months

2
2
0 / 0

Keycloak Roles

by Raghu Prabhala

It appears that the current "manage" roles in Keycloak seem to be cover all clients/apps meaning app1 or client1 created by user1 can be deleted or user2. Is that correct? If so, is there any realm specific role that would allow users to manage only the client or applications created by them? Taking this further, can a group of users create and manage only their applications but not the ones created by another group of users? If not, how can I setup or create new roles to meet that functionality which would be provided to all uses

9 years, 3 months

2
1
0 / 0

How to get UserRepresentation by subject id

by Dean Peterson

I remember reading that the correct way to uniquely identify a keycloak user is by the subject id. That is what I associate with objects in my application. I need to get a UserRepresentation using the admin client by that subject id. However, the only option allowed is to use username. Ex. realm.users().get("username"). I need realm.users().get("subjectid"). Is there a way to get UserRepresentation by subject?

9 years, 3 months

2
1
0 / 0

Upgrade To 1.1.0.Final from 1.1.0-Alpha1-SNAPSHOT causes Javascript Client infinite loop and failed login

by Dean Peterson

Going from 1.1.0-Alpha1-SNAPSHOT causes an infinite loop when logging in. First, it successfully transitions to the login page. When I log in, the application transitions back to the application and keeps calling keycloak.init over and over and over and over again. It keeps pasting codes to the url: http://localhost:9001/?redirect_fragment=%2F&code=2yUSElT2JIocE_X2oT1Ch3t... I am running an angularjs javascript client running on a separate domain from the wildfly server. Everything was working prior to the "upgrade".

9 years, 3 months

3
3
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

keycloak-user February 2015