Create User using REST API- 401 Error
by H Mahey
I am trying to create a user via REST call and i am getting 401 Unauthorized error.So this what i am trying to do1. Start the Keycloak server 2. Create a realm- test-realm and assigned manag-user role to it3. Create user "test-realm-user01" and assigned all the roles i could to him.4. In my java code, i get a token and then i am trying to create a user using that token and it throws 401Attached is the code of what i am doing.Please let me know if i am doing anything wrong here.(I understand that we should UI from doing all the stuff..but here i am that i want to try this out)
9 years, 5 months
JS Adapter- Get user realm-roles and client specific roles.
by Subhrajyoti Moitra
Hello Friends,
We are preparing a keycloak SSO based auth/IDM for our internal
applications.
For protecting JS-UI we are using the JS adapter. We are able to get basic
user information, using loadUserProfile() api.
Q) How do I get the roles that the user has been assigned at the realm
level as well as the client specific roles?
Pl guide me how i can accomplish this. Even a server side solution would
work, need not be just JS based.
Thanks a lot in advance.
Subhro.
PS: Using KC 1.3.1 Final with MySQL
9 years, 5 months
JavaScript error: No Access-Control-Allow-Origin header is present...
by Lars Frauenrath
Hi,
as the subject said I got an error while sending a request to my keycloak server.
I configured the following things:
1. External Keycloak server (runs on localhost:8180)
a. Add realm
b. Add client/application
c. Add roles
d. Add user + roles for this user
e. Add Url to Web Origins (http://localhost:8080)
2. Wildfly 8 Server (runs on localhost:8080)
a. Add keycloak adapter for wilrdfly 8
b. Add Security domain
c. Add subsystem for keycloak (generated from keycloak admin console)
3. My Application
a. Keycloak.json (generated from Keycloak admin console | "enable-cors" is set to true)
b. Downloaded keycloak.js and added it to jsp/html pages
c. Defined security-constraints and security-roles in web.xml
I got the problem while trying to login to my application. Keycloak accepts my username and password and forwards me to the first site of my application.
There I am using the keycloak.js to "login" and handle the different roles but within this workflow I got the following errors:
1. "XMLHttpRequest cannot load 'http://localhost:8180/auth/realms/TOMAMappingConfigurationService/tokens/...'. No 'Access-Control-Allow-Origin' header is present on the requested resource.
Origin 'http://localhost:8080' is therefore not allowed access. The response had HTTP status code 400. "
2. "XMLHttpRequest cannot load 'http://localhost:8180/auth/realms/TOMAMappingConfigurationService/account'. No 'Access-Control-Allow-Origin' header is present on the requested resource.
Origin 'http://localhost:8080' is therefore not allowed access. The response had HTTP status code 403. "
I hope you can help me.
Kind regards,
Lars
9 years, 5 months
keycloack-server.war
by Pablo Martin Gore
Hi
I have a maven project that is in charge of create the tomcat distribution
for keycloak.
Until version 1.2.0-Beta1 we have used keycloak-server.war , but when I try
to migrate to keycloak 1.3.1-Final , this dependency apparently does not
exist any more.
<artifactItem>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-server</artifactId>
<version>$1.3.1-Final</version>
<type>war</type>
<outputDirectory>${outputDirectoryForWar}</outputDirectory>
</artifactItem>
Someone could help me with this issue ?
where I could find the server war now or what is the new name for this
dependency?
Thanks and regards.
Pablo Gore
Here is my pom.xml
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-parent</artifactId>
<version>1.3.1-Final</version>
</parent>
<artifactId>keycloak-tomcat-dist</artifactId>
<packaging>pom</packaging>
<name>Tomcat 8 with Keycloack</name>
<version>${project.parent.version}-1.0.4</version>
<description/>
<properties>
<!-- Versions -->
<tomcat.version>8.0.20</tomcat.version>
<jax.version>2.3.7.Final</jax.version>
<jackson.version>1.9.9</jackson.version>
<hibernate.version>4.2.7.SP1</hibernate.version>
<!-- Locations -->
<outputDirectory>${project.build.directory}/unpacked</outputDirectory>
<outputDirectoryConf>${outputDirectory}/apache-tomcat-${tomcat.version}/conf</outputDirectoryConf>
<outputDirectoryForWar>${outputDirectory}/apache-tomcat-${tomcat.version}/webapps/keycloak
</outputDirectoryForWar>
<outputDirectoryForLibs>${outputDirectory}/apache-tomcat-${tomcat.version}/lib</outputDirectoryForLibs>
<configFile>${outputDirectoryForWar}/WEB-INF/classes/META-INF/keycloak-server.json</configFile>
</properties>
<dependencies/>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-deploy-plugin</artifactId>
<configuration>
<skip>true</skip>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-dependency-plugin</artifactId>
<executions>
<!-- Get Tomcat -->
<execution>
<id>unpack</id>
<phase>prepare-package</phase>
<goals>
<goal>unpack</goal>
</goals>
<configuration>
<!--useJvmChmod>false</useJvmChmod-->
<artifactItems>
<artifactItem>
<groupId>org.apache.tomcat</groupId>
<artifactId>tomcat</artifactId>
<version>${tomcat.version}</version>
<type>tar.gz</type>
<outputDirectory>${outputDirectory}</outputDirectory>
</artifactItem>
</artifactItems>
</configuration>
</execution>
<!-- Get keycloak -->
<execution>
<id>get-keycloak</id>
<phase>prepare-package</phase>
<goals>
<goal>unpack</goal>
</goals>
<configuration>
<artifactItems>
<artifactItem>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-server</artifactId>
<version>${project.parent.version}</version>
<type>war</type>
<outputDirectory>${outputDirectoryForWar}</outputDirectory>
</artifactItem>
</artifactItems>
</configuration>
</execution>
<!-- Get dependencies -->
<execution>
<id>mimic-jboss-6.2</id>
<phase>prepare-package</phase>
<goals>
<goal>copy</goal>
</goals>
<configuration>
<artifactItems>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
<version>4.2.6</version>
<type>jar</type>
<outputDirectory>${outputDirectoryForLibs}</outputDirectory>
</dependency>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpcore</artifactId>
<version>4.2.5</version>
<type>jar</type>
<outputDirectory>${outputDirectoryForLibs}</outputDirectory>
</dependency>
<dependency>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
<version>1.1.1</version>
<type>jar</type>
<outputDirectory>${outputDirectoryForLibs}</outputDirectory>
</dependency>
<dependency>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
<version>2.1</version>
<type>jar</type>
<outputDirectory>${outputDirectoryForLibs}</outputDirectory>
</dependency>
<!-- Mimic JBoss 6.2 -->
<artifactItem>
<groupId>org.jboss.resteasy</groupId>
<artifactId>resteasy-jaxrs</artifactId>
<version>${jax.version}</version>
<type>jar</type>
<outputDirectory>${outputDirectoryForLibs}</outputDirectory>
</artifactItem>
<artifactItem>
<groupId>org.jboss.resteasy</groupId>
<artifactId>async-http-servlet-3.0</artifactId>
<version>${jax.version}</version>
<type>jar</type>
<outputDirectory>${outputDirectoryForLibs}</outputDirectory>
</artifactItem>
<artifactItem>
<groupId>org.jboss.resteasy</groupId>
<artifactId>jaxrs-api</artifactId>
<version>${jax.version}</version>
<type>jar</type>
<outputDirectory>${outputDirectoryForLibs}</outputDirectory>
</artifactItem>
<artifactItem>
<groupId>org.jboss.resteasy</groupId>
<artifactId>resteasy-jaxb-provider</artifactId>
<version>${jax.version}</version>
<type>jar</type>
<outputDirectory>${outputDirectoryForLibs}</outputDirectory>
</artifactItem>
<artifactItem>
<groupId>org.jboss.resteasy</groupId>
<artifactId>resteasy-jackson-provider</artifactId>
<version>${jax.version}</version>
<type>jar</type>
<outputDirectory>${outputDirectoryForLibs}</outputDirectory>
</artifactItem>
<artifactItem>
<groupId>org.jboss.resteasy</groupId>
<artifactId>resteasy-multipart-provider</artifactId>
<version>${jax.version}</version>
<type>jar</type>
<outputDirectory>${outputDirectoryForLibs}</outputDirectory>
</artifactItem>
<!-- This needs Bouncycastle
<artifactItem>
<groupId>org.jboss.resteasy</groupId>
<artifactId>resteasy-crypto</artifactId>
<version>${jax.version}</version>
<type>jar</type>
<outputDirectory>${outputDirectoryForLibs}</outputDirectory>
</artifactItem>
-->
<artifactItem>
<groupId>org.jboss.resteasy</groupId>
<artifactId>tjws</artifactId>
<version>${jax.version}</version>
<type>jar</type>
<outputDirectory>${outputDirectoryForLibs}</outputDirectory>
</artifactItem>
<artifactItem>
<groupId>org.scannotation</groupId>
<artifactId>scannotation</artifactId>
<version>1.0.3</version>
<type>jar</type>
<outputDirectory>${outputDirectoryForLibs}</outputDirectory>
</artifactItem>
<artifactItem>
<groupId>org.codehaus.jackson</groupId>
<artifactId>jackson-mapper-asl</artifactId>
<version>${jackson.version}</version>
<type>jar</type>
<outputDirectory>${outputDirectoryForLibs}</outputDirectory>
</artifactItem>
<artifactItem>
<groupId>org.codehaus.jackson</groupId>
<artifactId>jackson-core-asl</artifactId>
<version>${jackson.version}</version>
<type>jar</type>
<outputDirectory>${outputDirectoryForLibs}</outputDirectory>
</artifactItem>
<artifactItem>
<groupId>org.codehaus.jackson</groupId>
<artifactId>jackson-jaxrs</artifactId>
<version>${jackson.version}</version>
<type>jar</type>
<outputDirectory>${outputDirectoryForLibs}</outputDirectory>
</artifactItem>
<artifactItem>
<groupId>org.codehaus.jackson</groupId>
<artifactId>jackson-xc</artifactId>
<version>${jackson.version}</version>
<type>jar</type>
<outputDirectory>${outputDirectoryForLibs}</outputDirectory>
</artifactItem>
<artifactItem>
<groupId>org.infinispan</groupId>
<artifactId>infinispan-core</artifactId>
<version>5.2.7.Final</version>
<type>jar</type>
<outputDirectory>${outputDirectoryForLibs}</outputDirectory>
</artifactItem>
<artifactItem>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-core</artifactId>
<version>${hibernate.version}</version>
<type>jar</type>
<outputDirectory>${outputDirectoryForLibs}</outputDirectory>
</artifactItem>
<artifactItem>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-entitymanager</artifactId>
<version>${hibernate.version}</version>
<type>jar</type>
<outputDirectory>${outputDirectoryForLibs}</outputDirectory>
</artifactItem>
<artifactItem>
<groupId>org.hibernate.javax.persistence</groupId>
<artifactId>hibernate-jpa-2.0-api</artifactId>
<version>1.0.1.Final</version>
<type>jar</type>
<outputDirectory>${outputDirectoryForLibs}</outputDirectory>
</artifactItem>
<artifactItem>
<groupId>org.jboss.logging</groupId>
<artifactId>jboss-logging</artifactId>
<version>3.1.2.GA</version>
<type>jar</type>
<outputDirectory>${outputDirectoryForLibs}</outputDirectory>
</artifactItem>
<artifactItem>
<groupId>org.jboss.spec.javax.transaction</groupId>
<artifactId>jboss-transaction-api_1.1_spec</artifactId>
<version>1.0.1.Final</version>
<type>jar</type>
<outputDirectory>${outputDirectoryForLibs}</outputDirectory>
</artifactItem>
<artifactItem>
<groupId>dom4j</groupId>
<artifactId>dom4j</artifactId>
<version>1.6.1</version>
<type>jar</type>
<outputDirectory>${outputDirectoryForLibs}</outputDirectory>
</artifactItem>
<artifactItem>
<groupId>org.hibernate.common</groupId>
<artifactId>hibernate-commons-annotations</artifactId>
<version>4.0.1.Final</version>
<type>jar</type>
<outputDirectory>${outputDirectoryForLibs}</outputDirectory>
</artifactItem>
<artifactItem>
<groupId>org.javassist</groupId>
<artifactId>javassist</artifactId>
<version>3.18.1-GA</version>
<type>jar</type>
<outputDirectory>${outputDirectoryForLibs}</outputDirectory>
</artifactItem>
<artifactItem>
<groupId>antlr</groupId>
<artifactId>antlr</artifactId>
<version>2.7.7</version>
<type>jar</type>
<outputDirectory>${outputDirectoryForLibs}</outputDirectory>
</artifactItem>
<artifactItem>
<groupId>javax.mail</groupId>
<artifactId>mail</artifactId>
<version>1.4.5</version>
<type>jar</type>
<outputDirectory>${outputDirectoryForLibs}</outputDirectory>
</artifactItem>
<artifactItem>
<groupId>com.google.zxing</groupId>
<artifactId>core</artifactId>
<type>jar</type>
<outputDirectory>${outputDirectoryForLibs}</outputDirectory>
</artifactItem>
<artifactItem>
<groupId>com.google.zxing</groupId>
<artifactId>javase</artifactId>
<type>jar</type>
<outputDirectory>${outputDirectoryForLibs}</outputDirectory>
</artifactItem>
<artifactItem>
<groupId>com.icegreen</groupId>
<artifactId>greenmail</artifactId>
<type>jar</type>
<outputDirectory>${outputDirectoryForLibs}</outputDirectory>
</artifactItem>
<artifactItem>
<groupId>de.idyl</groupId>
<artifactId>winzipaes</artifactId>
<type>jar</type>
<outputDirectory>${outputDirectoryForLibs}</outputDirectory>
</artifactItem>
<artifactItem>
<groupId>xml-apis</groupId>
<artifactId>xml-apis</artifactId>
<type>jar</type>
<outputDirectory>${outputDirectoryForLibs}</outputDirectory>
</artifactItem>
<artifactItem>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
<type>jar</type>
<outputDirectory>${outputDirectoryForLibs}</outputDirectory>
</artifactItem>
<artifactItem>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-simple</artifactId>
<type>jar</type>
<outputDirectory>${outputDirectoryForLibs}</outputDirectory>
</artifactItem>
</artifactItems>
</configuration>
</execution>
<!-- Get PostgreSQL driver -->
<execution>
<id>get-postgresql-jdbc-driver</id>
<phase>prepare-package</phase>
<goals>
<goal>copy</goal>
</goals>
<configuration>
<artifactItems>
mysql:mysql-connector-java
<artifactItem>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>5.1.34</version>
<type>jar</type>
<outputDirectory>${outputDirectoryForLibs}</outputDirectory>
</artifactItem>
<artifactItem>
<groupId>org.postgresql</groupId>
<artifactId>postgresql</artifactId>
<version>9.4-1200-jdbc41</version>
<type>jar</type>
<outputDirectory>${outputDirectoryForLibs}</outputDirectory>
</artifactItem>
</artifactItems>
</configuration>
</execution>
</executions>
</plugin>
<!-- Setup data-source -->
<plugin>
<artifactId>maven-resources-plugin</artifactId>
<version>2.7</version>
<executions>
<execution>
<id>setup-data-source</id>
<phase>package</phase>
<goals>
<goal>copy-resources</goal>
</goals>
<configuration>
<outputDirectory>${outputDirectoryConf}</outputDirectory>
<encoding>UTF-8</encoding>
<resources>
<resource>
<directory>.</directory>
<includes>
<include>context.xml</include>
</includes>
<filtering>false</filtering>
</resource>
</resources>
</configuration>
</execution>
</executions>
</plugin>
<!-- Fix keyclock-configuration -->
<plugin>
<groupId>com.google.code.maven-replacer-plugin</groupId>
<artifactId>replacer</artifactId>
<version>1.5.3</version>
<executions>
<execution>
<id>fix-data-source</id>
<phase>package</phase>
<goals>
<goal>replace</goal>
</goals>
</execution>
</executions>
<configuration>
<file>${configFile}</file>
<replacements>
<!-- fix-data-source -->
<replacement>
<token>java:jboss/datasources/KeycloakDS</token>
<value>java:/comp/env/jdbc/KeycloakDS</value>
</replacement>
<!-- Set Tomcat configuration-dir -->
<replacement>
<token>jboss.server.config.dir}</token>
<value>catalina.home}/conf</value>
</replacement>
</replacements>
</configuration>
</plugin>
<!-- Repackage filled-Tomcat into tag.gz -->
<plugin>
<artifactId>maven-assembly-plugin</artifactId>
<version>2.4</version>
<executions>
<execution>
<id>assemble</id>
<phase>package</phase>
<goals>
<goal>single</goal>
</goals>
<configuration>
<tarLongFileMode>gnu</tarLongFileMode>
<descriptors>
<descriptor>assembly.xml</descriptor>
</descriptors>
<outputDirectory>target</outputDirectory>
<workDirectory>target/assembly/work</workDirectory>
<appendAssemblyId>false</appendAssemblyId>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
</project>
9 years, 5 months
Re: [keycloak-user] [keycloak-dev] Securing wars via keycloak subsystem
by Marko Strukelj
Moved this conversation from keycloak-dev to keycloak-user(a)lists.jboss.org ...
You can't have keycloak server deployed on Wildfly 8 any more. So I assume you don't have the server parts deployed at all.
If you want to setup keycloak server and your web application in the same Wildfly instance the best way to do that is to use keycloak-demo-1.3.1.Final.zip which you can download here: http://sourceforge.net/projects/keycloak/files/1.3.1.Final
It is based on Wildfly 9.0.0.Final. You can then deploy your wars and add <secure-deployment> section to keycloak subsystem configuration in standalone.xml file.
The alternative is to run keycloak server separately - in that case use keycloak-1.3.1.Final.zip, and start it first.
You then download keycloak-wf8-adapter-dist-1.3.1.Final.zip from http://sourceforge.net/projects/keycloak/files/1.3.1.Final/adapters/.
Unpack it into your Wildfly 8.2.0 where you have deployed your .war. Make sure to add <secure-deployment> section to your Wildfly 8.2.0 where your .war is deployed, and not to the keycloak server instance.
Also adjust the value of <auth-server-url> to point to the correct server url.
If you want to run both server and client on the same host for development you can start either one with:
bin/standalone.sh -Djboss.socket.binding.port-offset=100
Which will bind all the ports to their default value +100 - e.g. what would otherwise be port 8080 would then become 8180.
- marko
----- Original Message -----
>
>
> Hey guys,
>
>
>
> as the subject says I want to secure my war files via keycloak subsystem. I
> use an wildfly 8 server in standalone mode and got the following
> configuration from the keycloak admin console (by now I configured keycloak
> with keycloak.json):
>
> “<secure-deployment name="TOMAMappingConfigurationService.war">
>
> <realm>TOMAMappingConfigurationService</realm>
>
> <resource>TOMAMappingConfigurationService</resource>
>
> <use-resource-role-mappings>true</use-resource-role-mappings>
>
> <public-client>true</public-client>
>
> <realm-public-key>MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAioI1Q9NTQ+FB/6nFRl6QXqjoNNHld8K8KgdL9xhDJtAOn2jhY9/sfQASs5heBWh9IQeVlYFkhmN5jYzKtPMLZnlMTW6fE4yTRSw5RdbGldgX8LedFAt5vSU2rVJWMkExDynDe8zHNbMKvereFeTQ3oDqEA/Ks22fUdmf2Pj+Cpzuj+ncyRYSut02MTGpQML9975D+1z5AmlokkWlk+VADjZ/3zberEJS8I49uQryqtC6OtxayVezEj270Iwx9lwmRIa2aoJZGQRncafW0Dukgx+lAxJinjiSR0UngTXwQXw1OfH9xfi7v6oHcrmExp4xahKom+cW9MyhCL51ElJi4QIDAQAB</realm-public-key>
>
> <auth-server-url>http://localhost:8080/auth</auth-server-url>
>
> <ssl-required>EXTERNAL</ssl-required>
>
> </secure-deployment>
>
> “
>
> As in the documentation described I deleted the keycloak.json files and the
> part of the web.xml file where keycloak as authentication method is defined.
>
>
>
> Now I have the problem, that keycloak seems not to be deployed. I cannot
> access the admin console or login to my application because of an “404 – Not
> found”-Error.
>
>
>
> Any ideas what I did wrong?
>
>
>
> PS: Excuse my English. J
>
>
>
> Kind regards,
>
> Lars
>
>
>
>
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
9 years, 5 months
Keycloak - login into applciation
by Senthil Nathan
Hi,
I installed keycloak in wildfly9 server and I deployed my application. When
I accessed the home page of my application, Im unable to login in using my
application user. Can anybody help me in this.
Thanks,
Senthil
9 years, 5 months
Users able to retrieve a valid Access Token despite not verifying their email
by Lohitha Chiranjeewa
Hi,
We have identified that even if the user hasn't verified his email (he
cannot log in until it's verified), he can still invoke the
'auth/realms/{realm}/tokens/grants/access' API and retrieve a valid Access
Token. APIs can be successfully invoked through this Access Token. This
seems to be a buggy scenario.
Can anyone confirm if this is actually a bug or if this is the expected
behavior?
Regards,
Lohitha.
9 years, 5 months
