I have an existing application that I'm looking to integrate with keycloak. One of the flows we're working on is a user self-registration flow. In this flow, a user will enter registration information, then the user will be provisioned within the local app and then we use web service calls to create the user in keycloak. After the user is provisioned, then we do a SAML post to keycloak, the user logs in and then they are redirected back to our app.
This is all working fine, however, the user must enter their username and password twice, once on the registration screen and once to log into keycloak to establish an SSO session. We'd like to avoid using the keycloak registration screens since we collect additional business data on our registration screen that our app needs. Are there any suggestions on how to avoid this double login?
I’m running Keycloak 1.1.0-Final in standalone mode and using Keycloak
agents on Tomcat 6 and Tomcat 8.
With both agents, whenever I try to log a user out via the Keycloak server,
I see this in the Tomcat server’s log:
Apr 01, 2015 7:27:47 PM
WARN: Session not present or already invalidated.
The session is still valid and continues to be valid for some period of
time in each of the Tomcat instances. Anyone know how to fix?
I was looking at the source and I see this method:
I may test loging the actual exception tomorrow if no one has a clue, but I
think it’s probably the exception is being thrown for some reason other
than the session no longer existing (it definitely still does).
I see on the keycloak homepage that client certificate authentication is "coming soon" for keycloak. Any sense on timing for this/specifics on what it might look like or pointers to docs?
Sent from my iPhone
-----BEGIN PGP SIGNED MESSAGE-----
For Hawkular, we build a distribution based on Wildfly and add our
deployments as modules. Up to Keycloak 1.1.0.Final, we could just add
keycloak-wildfly-adapter-dist to our assembly, plus some changes to
the standalone.xml and it would work fine.
- From Keycloak 1.2.0.Beta1, we get an exception while booting about a
missing module (org.picketlink.idm.schema, required by
org.keycloak.keycloak-ldap-federation). This module is present on
Keycloak's appliance distribution but isn't included on the
wildfly-adapter-dist anymore. Copying this module from the appliance
distribution is enough to make it work again. Is this change on
purpose? If not, I'll send a PR for adding this module into the
- - Juca.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
-----END PGP SIGNATURE-----
I'd like to populate a database for keycloak via the command line using the liquibase maven plugin.
With the latest master code, when I try to run this command:
mvn -f connections/jpa-liquibase/pom.xml liquibase:update -Durl=jdbc:h2:keycloak
I receive the following error message:
[ERROR] liquibase.exception.UnexpectedLiquibaseException: liquibase.exception.CustomChangeException: liquibase.exception.SetupException: No KeycloakSession provided in ThreadLocal
Am I missing some setup or is this no longer supported?
Guys i know this has been discussed before, but im trying to find a simple number of steps for me to externalize the session storage in keycloak.
I just need to do the following;
1. Two servers running keycloak (wildfly)
2. A load balancer in front of these two servers. Preferably an AWS loadbalancer
3. I need to store the session details on an external store so that the sessions work accurately.
There is so much documentation for this but I am actually confused as to what i should do and the bare minimum i should do to achieve this. I dont need a distributed cache or anything just need one cache store (may be infinispan or memcached) and the two keycloak servers running storing the sessions on that. Is there one key place i should look into which contains the bare minimum i should do.