April 2015 - keycloak-user - Jboss List Archives

by Sadiq Khoja

Guys, I want to enable CORS for Direct Grant Access, how to do it? I am getting following error from my javascript application: (index):1 XMLHttpRequest cannot load http://localhost:8080/auth/realms/master/tokens/grants/access. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://pn.localhost:81' is therefore not allowed access. The response had HTTP status code 400. Regards, *Sadiq Khoja*

9 years

3
5
0 / 0

Http Session is not invalidated

by Chen Keong Yap

Hi, I've 2 applications installed with Picketlink SPFilter to authenticate with keycloak 1.1.0 beta 2. When i perform global logout, first application was logged out successfully because SP/keycloak session and application http session are removed but the problem is second application SP/keycloak session is removed but application http session is still remained. I've set admin url for these 2 applications in keycloak admin console. Kindly share your ideas.

9 years

3
15
0 / 0

Curious about the Email constraint on UserEntity

by Adil Arif

I have been testing Keycloak (1.1.0 Final) federation ability against some of our existing user databases. I came across the unique email address constraint in the UserEntity table. What is the reasoning behind email addresses being unique? Our particular use case is that a user can create multiple usernames and have the same email address across many of them if they choose to. Adil Arif

9 years

2
1
0 / 0

Apache Reverse Proxy in front of Keycloak Proxy

by Schneider, John DODGE CONSULTING SERVICES, LLC

Hi, I have Keycloak Proxy working well. However, it's installed on machines that are not Internet-accessible and I need to put an Apache Reverse Proxy in front of it. Installing the Keycloak Proxy on the externally-facing Apache servers is not an option for me. My issue is, Keycloak Proxy sends a redirect-URI to the auth server that is based on the bind-address value in the config. I need the redirect URI sent to the Auth server to be the Apache reverse proxy. Is there a clever way to do this, or is a feature addition needed to support this? If the latter, then I suggest adding an optional property "redirect_base_address" to the config. Thanks, John

9 years

2
2
0 / 0

deploying restful service application out of the keycloak autorisation server

by Meissa M'baye Sakho

Hi all, I have a question about running my applications in a different server than the keycloak one. I have one third party oauth client web application and one pure restful web service application. I have created a realm, configured the two applications as explained in the videos tutorials. The two applications behaviour are similar to the database service and the third-party oauth client that are shipped in the example of keycloak distribution. Every thing work fine when I deploy all on the same wildfly server that is hosting the keycloak server; I would like to deploy the restful web application and the oauth client in a another JBOSS EAP 6 server. For the oauth client, as explained in the video tutorial, I will have to define the complete url while defining the redirect url in the registration step. For the restful services web application, it's a bearer only access type application. It will only accept token authentification. There is no redirect url. How do I configure the restful services web application in this situation? Is there something to configure so that the keycloak adapter could be able to valide the token when the oauth client calls a service from the restful web application? Thank you in advance. Meissa

9 years

1
0
0 / 0

Keycloak 1.2.0.Beta1 Released

by Stian Thorgersen

We're proud to announce the release of Keycloak 1.2.0.Beta1. This is a great release, especially if you're after enterprise capabilities. The major new features in this release includes: * Protocol mapping - With protocol mapping it's easy to define what claims are added to the token an application receives. * Kerberos - It's now possible to authenticate with a Keycloak realm using Kerberos tickets through SPNEGO. * Identity Brokering - As well as Kerberos you can also authenticate with Keycloak with an external SAML 2.0 or OpenID Connect Identity Provider. * OpenID Connect improvements - We've made several improvements to comply with the OpenID Connect specification and we've also introduced new features such as Discovery, Session Management and UserInfo endpoint. * Internationalization support for login and account management Thanks to Michael Gerber the login and account management pages now have internationalization support. We have built in support for English, German and Brazilian Portuguese. We've also made it easy to add your own and if you'd like to contribute a translation let us know. * Deploy providers as modules - It's now possible to deploy custom providers as modules. This gives you full control of the classloader for your provider. * Deploy themes as modules - We've made it much simpler to package themes and they can also be deployed as a module. This makes it simpler to distribute themes as well as using custom themes in a cluster. * Login with Stackoverflow and LinkedIn - Thanks to Vlastimil Eliáš we now have built-in support to login with Stackoverflow and LinkedIn. * SysLog event listener - Thanks to Giriraj Sharma we now have a syslog event listener. * Version control on cached resources - A common issue in the past was that the admin console didn't work after upgrading Keycloak. This was caused by the browser caching old html and javascript. We've solved this issue by including a version number in the resource urls, so upgrading should be even simpler now! To get the release go to www.keycloak.org. For the full lists of issues resolved for this release check https://issues.jboss.org/browse/KEYCLOAK. Remember to read the migration guide before upgrading as it contains vital information about what's changed and how to upgrade.

9 years

3
2
0 / 0

keycloak.json file for angular app

by Ryvlin, Andrey

Hi I have AngularJs based UI web app talking to RESTfull web services using Keycloak security. Keycloak is running on a separate instance of Wildfly having https connection. UI Web application has keycloak.json file with hardcoded Keycloak URL. Everything works well with one problem: when I need to install my web application to a different environment I need to open WAR, modify keycloak.json with new URL and package it back. Since we deliver the entire installation to the client, I don’t know their host names, so they have to open WAR, which is in-convenient. Is there any way to avoid that? Thanks‼ Thanks‼ ----------------- Andrey Ryvlin Principal Software Engineer Phone: 952-979-8492 5705 W Old Shakopee Road, Suite 100 Bloomington, MN 55437 USA ARyvlin(a)MorphoTrust.com<mailto:ARyvlin@MorphoTrust.com> www.MorphoTrust.com<http://www.morphotrust.com/> [cid:image003.jpg@01CFF75A.60542BC0] ________________________________ This message is only for the use of the intended recipient and may contain information that is CONFIDENTIAL and PROPRIETARY to MorphoTrust USA, Inc. If you are not the intended recipient, please erase all copies of the message and its attachments and notify the sender immediately.

9 years

2
3
0 / 0

Fwd: Help troubleshooting config

by Sebastian Lorenz

Hi Tom, I'm also quite new to Keycloak and had some trouble setting it up in the beginning. That's why I wrote a small tutorial http://sebplorenz.blogspot.de/ Maybe it is of help for you. Since you are not redirected to Keycloak at all, I would assume that either: 1. Your web resource is not listed in the <security-constraint> element in web.xml or 2. Your <auth-method> is not set to Keycloak in web.xml or 3. Keycloak is not configured correctly in your standalone.xml server configuration and therefore does not interrupt the access to the resource. Good Luck. Sebastian > ---------- Weitergeleitete Nachricht ---------- > From: Thomas LaPorte <Thomas.LaPorte(a)dreamworks.com> > To: keycloak-user(a)lists.jboss.org > Cc: > Date: Tue, 31 Mar 2015 15:05:32 -0700 > Subject: Re: [keycloak-user] Help troubleshooting config > Thanks to a list member for some debug setup help, I'm getting much more > information. > > Now I can see (and confirm my suspicion), that something is not right and > my resource is unprotected. > > For the example customer-portal app, I see that after the "callback-uri: > ..." message, I get a "Sending redirect to login page:..." message. > > For my app, it goes directly to "AuthenticatedActionsValve.invoke" > > -- Tom > > On Tue, Mar 31, 2015 at 2:49 PM, Guy Davis <guydavis.ca(a)gmail.com> wrote: > >> Hi Thomas, >> >> To dial up logging, try adding this to your standalone.xml file in the >> logging subsystem and re-starting your Wildfly instance: >> >> <logger category="org.keycloak"> >> <level name="DEBUG"/> >> </logger> >> >> Then, be sure you have the right configuration in your web.xml of your >> test WAR file. See the docs here >> <http://docs.jboss.org/keycloak/docs/1.1.0.Final/userguide/html_single/#d4...> >> for details. >> >> Hope this helps, >> Guy >> >> >> On Tue, Mar 31, 2015 at 3:30 PM, Thomas LaPorte < >> Thomas.LaPorte(a)dreamworks.com> wrote: >> >>> Apologies for cutting off by hitting send prematurely. >>> >>> >>> >>> On Tue, Mar 31, 2015 at 2:26 PM, Thomas LaPorte < >>> Thomas.LaPorte(a)dreamworks.com> wrote: >>> >>>> Greetings. I'm a first-time user of Keycloak, trying to set up a simple >>>> demonstration after the examples, however, I'm having 0% success in getting >>>> my configuration correct enough such that my web resource is protected. >>>> >>>> I have reduced my setup all the way down to a basic "HelloWorld.jsp" in >>>> a WAR file that is deployed into the standalone Wildfly server that is also >>>> hosting the Keycloak server. >>>> >>>> I am convinced that it is a configuration step being missed somewhere, >>>> as I can always access my URL without intervention from the Keycloak server. >>>> >>>> My WAR file consists of the following: >>>> >>>> 0 Tue Mar 31 14:20:20 PDT 2015 META-INF/ >>>> 68 Tue Mar 31 14:20:20 PDT 2015 META-INF/MANIFEST.MF >>>> 0 Tue Mar 31 14:08:34 PDT 2015 WEB-INF/ >>>> 1584 Tue Mar 31 09:47:52 PDT 2015 WEB-INF/web.xml >>>> 491 Tue Mar 31 14:08:34 PDT 2015 WEB-INF/keycloak.json >>>> 308 Tue Mar 31 14:20:18 PDT 2015 index.jsp >>>> >>> >>> I have added my application to the demo realm by copying the >>> customer-portal application stanza, and replacing the "customer-portal" >>> with my app name: >>> >>> { >>> "name": "goalkeepers", >>> "enabled": true, >>> "adminUrl": "/goalkeepers", >>> "baseUrl": "/goalkeepers", >>> "redirectUris": [ >>> "/goalkeepers/*" >>> ], >>> "secret": "password" >>> } >>> >>> At this stage I am just looking for suggestions on how best to >>> troubleshoot my configuration? What logging properties can I set to enable >>> more debugging? Or where else can I look for some clues as to the errors in >>> my configuration? >>> >>> I fear I am missing something extremely fundamental, but I can't for the >>> life of me see what it is. >>> >>> - Tom >>> >>> _______________________________________________ >>> keycloak-user mailing list >>> keycloak-user(a)lists.jboss.org >>> https://lists.jboss.org/mailman/listinfo/keycloak-user >>> >> >> >

9 years

3
2
0 / 0

Is there an example Oracle Configuration for Keycloak

by Tom Nuernberger

Can anyone point me to some example Oracle configuration ? Thanks. Tom W. Nuernberger Programmer Analyst IV Texas Commission on Environmental Equality 12100 Park 35 Circle | Bldg. A | Austin, TX 78753 (512) 239-0895 [cid:image001.jpg@01D06C77.5FEAB630]

9 years

2
1
0 / 0

Default Redirect URL is not working

by Chen Keong Yap

Hi, I've configured Default Redirect URL=http://localhost:8080/employee/test.jsp in keycloak (1.1.0 beta2) admin console. When i access ServiceURL, the request is redirected to keycloak login page. After authentication is successful then keycloak redirected to ServiceURL instead of Default Redirect URL. Can someone please advise? Picketlink.xml : <PicketLink xmlns="urn:picketlink:identity-federation:config:2.1"> <PicketLinkSP xmlns="urn:picketlink:identity-federation:config:2.1" ServerEnvironment="tomcat" BindingType="REDIRECT" RelayState="someURL"> <IdentityURL>${idp.url:: https://localhost:8443/auth/realms/saml-demo-1/protocol/saml}</IdentityURL> <ServiceURL>${EMPLOYEE.url::http://localhost:8080/employee/} </ServiceURL> </PicketLinkSP> <Handlers xmlns="urn:picketlink:identity-federation:handler:config:2.1"> <Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2LogOutHandler" /> <Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler"> </Handler> <Handler class="org.picketlink.identity.federation.web.handlers.saml2.RolesGenerationHandler" /> </Handlers> </PicketLink>

9 years

2
1
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

keycloak-user April 2015