-----BEGIN PGP SIGNED MESSAGE-----
In our project, we plan to have a distribution where we ship our
application with a Wildfly bundled, a la Keycloak Appliance.
My main concern is shipping our distribution with a default pair of
realm keys or with a pre-filled database. I know it's possible to
import a realm on the first boot and KC will generate the required
keys if they are missing from the imported JSON template, but as we
are shipping our own WAR, we would need to get the public key into our
application's keycloak.json (or subsystem) before it gets deployed.
I wonder if this is a common situation and what would be the best
practices for such case. I think Stian mentioned before that a future
version of KC would allow auto registration of applications, but until
that is available, I'd be interested in hearing your experiences about it.
Another situation is for a contributor of the project or for users who
would want to build from the source: what would be the best practice
for generating new keys at each build? If there's no easy solution for
that now, I'd be interested in building a "keycloak-cli" utility that
would generate realm and application JSON files, possibly with a Maven
plugin wrapper to make it easier to consume from maven projects. Would
something like that be interesting for the project?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
-----END PGP SIGNATURE-----
I am trying to deploy the keycloak standalone server, but I cannot access
the Administration console as specified in the tutorial on our external
linux server that we use as a development environment. We have no
certificate for that server and no need for ssl, because it is used for
development only. I can run the server on my localhost just fine and access
the Administration console.
How can I disable the ssl check on the standalone keycloak server?
<http://www.twitter.com/TizinMobile> koster(a)tizin.nl Peizerweg 87A
www.tizin.nl 9727AH Groningen
I want to use Keycloak for SSO and IDM mainly for a services/applications
in the intranet. But I have a strong requirement to work only via OAuth
protocol. So, is there any possibility to skip or disable OAuth grant page
on user login, because it's not really necessary in my case? Thank you!
All the best,
I am currently deploying Keycloak version 1.0.4 as a war, in a WildFly app-server. I am using oracle 11g as the database for the datatore and schema. I've followed the relevant guide to install version 1.1.0, and the schema seemed to be upgraded normally. However, I found two problems:
1. The war distribution bundle, does not contain the themes that need to be placed in wildfly's configuration directory. I downloaded the appliance bundle and used those, instead.
2. After logging into the administration console, I could see the list of roles I created for my realms, but could not access/edit any. I am only getting a "Error! Not found" message. Furthermore, If I try to assign a new role to a user, the "available roles" list is empty. Please note though, that users that already have roles assigned to them, work/log in properly.
Any help would be appreciated.
This is my first post. We have a large HealthCare domain Rest application with an AngularJS client. We may require role-based access control of HTML views. We can consult LDAP to get these. But due to some internal reasons we are not going to use OAuth now. It may be a future enhancement.
Are these types of HTML5/JS applications still protected effectively based on roles ? I wanted to know before I start reading more about Keycloak because OAuth is not used now.
This e-mail and any files transmitted with it are for the sole use of the intended recipient(s) and may contain confidential and privileged information. If you are not the intended recipient(s), please reply to the sender and destroy all copies of the original message. Any unauthorized review, use, disclosure, dissemination, forwarding, printing or copying of this email, and/or any action taken in reliance on the contents of this e-mail is strictly prohibited and may be unlawful. Where permitted by applicable law, this e-mail and other e-mail communications sent to and from Cognizant e-mail addresses may be monitored.
It appears that the current "manage" roles in Keycloak seem to be cover all clients/apps meaning app1 or client1 created by user1 can be deleted or user2. Is that correct? If so, is there any realm specific role that would allow users to manage only the client or applications created by them? Taking this further, can a group of users create and manage only their applications but not the ones created by another group of users? If not, how can I setup or create new roles to meet that functionality which would be provided to all uses
I remember reading that the correct way to uniquely identify a keycloak
user is by the subject id. That is what I associate with objects in my
application. I need to get a UserRepresentation using the admin client by
that subject id. However, the only option allowed is to use username. Ex.
realm.users().get("username"). I need realm.users().get("subjectid"). Is
there a way to get UserRepresentation by subject?
Going from 1.1.0-Alpha1-SNAPSHOT causes an infinite loop when logging in.
First, it successfully transitions to the login page. When I log in, the
application transitions back to the application and keeps calling
keycloak.init over and over and over and over again. It keeps pasting
codes to the url:
from the wildfly server. Everything was working prior to the "upgrade".