April 2015 - keycloak-user - Jboss List Archives

Access to token and claims from SAML IdP

by Guy Davis

Good day, Similar to the way the recently added Kerberos support <http://blog.keycloak.org/2015/04/kerberos-support-in-keycloak.html> allows for an application to access the underlying Kerberos ticket, I was wondering if it is possible to get at the token and claims of a configured SAML identity broker? If this is possible, are there any examples of such usage? Any help is much appreciated. Thanks, Guy

10 years, 11 months

2
1
0 / 0

Email verification and get admin-client exception entitiy

by Benjamin Hansmann [alphaApps]

Greetings once again. Two more questions: - Is there any way to trigger/send a verification email other than logging in through the web frontend? I created the user through the admin-client and the user will use the direct grant api to login. - When using the admin-client to create a user I want to handle/forward the response body. E.g. when a username already exists a ClientErrorException is thrown which includes a javax.ws.rs.core.Response with Status.CONFLICT. But there does not seem to be an entitiy/body in this Response. When I use the Admin REST API directly I will get: { "errorMessage" : "User exists with same username" }. Is there a way to obtain it when using the admin-client? Thanks and best wishes, Benjamin -- [alphaApps] mobile development Benjamin Hansmann Nosthoffenstraße 46 D-40589 Düsseldorf Germany Mobile: +49 (0) 177 249 47 47 Email: b.hansmann(a)alphaapps.de

10 years, 11 months

2
3
0 / 0

CORS

by Fadi Abdin

Hello Everyone, How do i make http requests from another Server ? When i do a post request i get this message below error, because that header is required to be on the requested resource. "No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://172.26.248.147:8383' is therefore not allowed access. The response had HTTP status code 400 Thanks, Fadi

10 years, 11 months

2
1
0 / 0

Client credentials grant

by Raghu Prabhala

Bill/Dev team Is "client credentials grant" supported in KC? Getting an "invalid grant" error when using a client code that was tested against other oidc implementation. Tried the bearer-only setting in KC but that did not help. If not supported, can I put in an enhancement request? This is an important use case for us where one client application interacts with other by passing an access token and scope. Thanks, Raghu Sent from my iPhone

10 years, 11 months

3
4
0 / 0

Exchange access token to id token

by Ryvlin, Andrey

Hi, I’m using Keycloak direct grant login to my REST APIs and I need to get authenticated user information for auditing purpose. At my REST implementation class I can get access token from HTTP header by using a request interceptor, but I believe that token is useless for auditing. Is there Keycloak REST API to get id token for the access token? Thank you in advance Andrey Ryvlin Sr. Software Engineer ________________________________ This message is only for the use of the intended recipient and may contain information that is CONFIDENTIAL and PROPRIETARY to MorphoTrust USA, Inc. If you are not the intended recipient, please erase all copies of the message and its attachments and notify the sender immediately.

10 years, 11 months

2
5
0 / 0

Re: [keycloak-user] Unable to start Keycloak beta on AWS VM - HTTPS required

by Christina Lau

Thx. I was able to zip up my laptop version and ssh over to make it work (i.e. bring up admin console). With RHEL VMs, there is no easy way to bring up a local browser so the old defaults were more convenient for those that do dev/test in the cloud.

10 years, 11 months

4
5
0 / 0

Keycloak Adapter without web.xml security-constraint

by Scott Rossillo

When using a security mechanism, such as Spring Security, it’s possible that multiple security mechanisms are in place or that only parts of an application are secured via Keycloak, not a blanket path (e.g. /api/*). What I’m trying to do is use the Spring’s authentication entrypoint to direct to Keycloak (this part work somewhat) and have the Keycloak adapter pick up from there (not working). What’s the best way to handle this? Thanks, Scott

10 years, 11 months

3
5
0 / 0

Keycloak Download link comments

by Summers Pittman

1 ) `wget http://sourceforge.net/projects/keycloak/files/latest/download?source=files` downloads a zip file and not a tar.gz file like the text on http://sourceforge.net/projects/keycloak/files/1.2.0.Beta1/ suggests. 2) Using source forge makes me feel dirty.

10 years, 11 months

2
2
0 / 0

Keycloak JMeter Load Test Script

by Chen Keong Yap

Hi Guys, I saw there's a sample script for keycloak token testing and not SAML. https://github.com/keycloak/keycloak/blob/master/testsuite/performance-we... Can someone share with us the test script for SAML?

10 years, 11 months

2
1
0 / 0

Do realm public keys expire?

by Jamie Beznoski

Hi, We set up a realm to use in conjunction with a JBoss login module - the BearerTokenLoginModule available here: https://github.com/keycloak/keycloak/blob/master/integration/adapter-core... Our application in question is a standalone Java app that invokes EJBs remotely on our JBoss server. The JBoss EJB remoting subsystem is secured by the BearerTokenLoginModule. This configuration worked well for us for several months, but last week we started to see issues. Our client app could no longer authenticate against the JBoss server. We generated a new realm public key (Settings -> Keys -> Generate new keys) and the issue was resolved. Unfortunately, we were fire-fighting at the time and can't provide you with much more information than that. Anyway, my (hopefully easy) question is: do the realm keys expire after a certain period? Thanks, Jamie Beznoski

10 years, 11 months

2
2
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

keycloak-user April 2015