July 2015 - keycloak-user - Jboss List Archives

by Gregor Tudan

Hi, I’m having trouble getting correct Access-Control Headers for requests to the openid-connect token endpoint. When asking for a token by code, everything seems fine: * POST /auth/realms/VV/protocol/openid-connect/token HTTP/1.1 Host: fs01e.tech.visualvest.de Connection: keep-alive Content-Length: 303 Origin: http://fe01e.tech.visualvest.de User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.132 Safari/537.36 Content-type: application/x-www-form-urlencoded Accept: */* DNT: 1 Referer: http://fe01e.tech.<snip>.de/app/depot/ Accept-Encoding: gzip, deflate Accept-Language: de-DE,de;q=0.8,en-US;q=0.6,en;q=0.4 Cookie: KEYCLOAK_LOCALE=de; KEYCLOAK_IDENTITY=eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiI1YTI4YTk1MS02ZDY2LTQ1YzEtOTM3Ny0zMjdjYzAwYzA3YjYiLCJleHAiOjE0MzY4MjgyNjIsIm5iZiI6MCwiaWF0IjoxNDM2NzkyMjYyLCJpc3MiOiJodHRwOi8vZnMwMWUudGVjaC52aXN1YWx2ZXN0LmRlL2F1dGgvcmVhbG1zL1ZWIiwic3ViIjoiOWZlNGM3ZWEtYmNjNS00NmY2LWEwMzMtZjllZGE4ZDlmYTVjIiwic2Vzc2lvbl9zdGF0ZSI6ImRkNmE2ZDVjLWRkYjMtNDc3Mi1hZDNkLTk2OGJiMzc1NzdjOSIsInJlc291cmNlX2FjY2VzcyI6e319.PabltPm2_dkWsZ4fwS8jrxTW0qv7nFY2ZkZAjjFozkxP7K8kZcg7We4gzshkqdRF1kfB57_zQFp8BKyRa08hG5zskZk_SmpbOwAoKL2lrME7Zm7ErBSMIF7KZ6ZUIznIu8LTnP0m0mgmReqxNEYtIdim-7sXdfEhws9q-cC4mAQ; KEYCLOAK_SESSION=VV/9fe4c7ea-bcc5-46f6-a033-f9eda8d9fa5c/dd6a6d5c-ddb3-4772-ad3d-968bb37577c9 Content: 1. code=rDhHgSDNa9MgJl9RSqk7TLOByTto2A20AEZy_EQY5Is.03b568e4-adcd-4c7d-bc81-44fded29be61&grant_type=authorization_code&client_id=vv-frontend&redirect_uri=<snip> But when I request a token by direct grant, the CORS-Headers are missing: 1. POST /auth/realms/VV/protocol/openid-connect/token HTTP/1.1 Host: fs01e.tech.visualvest.de Connection: keep-alive Content-Length: 69 Accept: application/json Origin: http://localhost:8000 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.132 Safari/537.36 Content-type: application/x-www-form-urlencoded DNT: 1 Referer: http://localhost:8000/app/depot/ Accept-Encoding: gzip, deflate Accept-Language: de-DE,de;q=0.8,en-US;q=0.6,en;q=0.4 Content 1. username=dirk&password=dirk&client_id=vv-frontend&grant_type=password Am I missing something? Thanks, Gregor

10 years, 10 months

2
7
0 / 0

Getting the user id from the access token

by Juan Diego

Hi I want to be able to update the user password and some preferences from my web app, in order to update some of the user info from my portal i can see in the rest api that you need the user ID. I have a backend with java that should connect to my keycloak server once it gets the token KeycloakSecurityContext securityContext = (KeycloakSecurityContext) httpRequest .getAttribute(KeycloakSecurityContext.class.getName()); AccessToken accessToken = securityContext.getToken(); I dont know how to get info from the accesToken, or does the access token class already has methods to do that. I know this is more of a question of design. This part is not really clear for me. Thanks

10 years, 10 months

3
7
0 / 0

IDP User Attributes

by chenkeong.yap＠izeno.com

hi, kindly share how to set the user attributes and retrieve it from sp side using http session? https://docs.jboss.org/author/display/PLINK/SAML2AttributeHandler Regards, CK Yap

10 years, 10 months

2
3
0 / 0

Steam OpenId

by Dean Peterson

This question is for a side project I am working on. I am trying to set up Keycloak to allow users to log in with their OpenId Steam account. Steam uses OpenId 2.0. It seems they do not require or even have client ids and secrets. Only the authorization endpoint is needed. Is Keycloak capable of implementing log ins and linking existing Keycloak accounts with Steam accounts? Keycloak required I enter a client id and client secret but Steam does not have such a thing. http://steamcommunity.com/dev

10 years, 10 months

3
4
0 / 0

Upgrading is a giant pain

by Dean Peterson

I wish Keycloak had a one button click mechanism for upgrading the application. I use Discourse (http://www.discourse.org/) for messaging in my application. I run Keycloak inside a Docker container just like Discourse. Discourse gives me an admin landing page that tells me every time I log in if I am up to date. If I am not, a little sad face tells me I need to upgrade. All I have to do to upgrade is click a button and everything happens automatically. The data is migrated, the docker container is updated and the application is redeployed. It never fails and takes 5 minutes. Every time I need to upgrade Keycloak it is a month long ordeal. The database migration never works. I always have to export the data as json, then upload the file after I manage to get a fresh install of the latest version up and running. I understand Keycloak has a lot of parts and I really like it, but I wish the upgrade process would get some attention. It is a very painful process at the moment.

10 years, 10 months

3
4
0 / 0

params on my url get duplicated on angular app on reload

by Juan Diego

Hi, I dont know if it is a problem of my code but for example I see my page http://localhost/index.html then I load and I see something like http://localhost/index.html?prompt=none&code=jYy-h3j8F8O6hruPRUF0lO8eisDw... If I keep reloading my page I keep seeing prompt=none&code=jYy-h3j8F8O6hruPRUF0lO8eisDwbrRAtA3yzag0epg.05b27843-6c0b-4be6-83fc-a27afe108c50&state=80c3e263-0a89-4853-86b2-61e7f675b609 added over and over

10 years, 10 months

2
1
0 / 0

Multi tenant plus administration Rest api

by Stephen More

How could I extend the multi-tenant example ( https://github.com/keycloak/keycloak/tree/master/examples/ <https://github.com/keycloak/keycloak/tree/master/examples/multi-tenant>multi-tenant ) to make a Rest admin api call back to keycloak using java ? I think this would be a helpful example in upcoming releases. Thanks

10 years, 10 months

3
6
0 / 0

Still getting index error when upgrading to 1.3.1.Final

by Dean Peterson

I did a fresh install with mongodb 3.0 and everything worked fine running 1.3.1.Final. However, I need to upgrade from 1.2.0.Beta1 so I tried the same configuration with everything except this time migrating the old database data. I get the following error: at java.lang.reflect.Constructor.newInstance(Constructor.java:422) at org.jboss.resteasy.core.ConstructorInjectorImpl.construct(ConstructorInjectorImpl.java:148) ... 19 more Caused by: java.lang.RuntimeException: Failed to update database at org.keycloak.connections.mongo.updater.impl.DefaultMongoUpdaterProvider.update(DefaultMongoUpdaterProvider.java:90) at org.keycloak.connections.mongo.DefaultMongoConnectionFactoryProvider.lazyInit(DefaultMongoConnectionFactoryProvider.java:99) ... 36 more Caused by: com.mongodb.CommandFailureException: { "serverUsed" : "kcdb/ 172.17.0.69:27017" , "nIndexesWas" : 1 , "ok" : 0.0 , "errmsg" : "index not found with name [realmId_1_name_1]"} at com.mongodb.CommandResult.getException(CommandResult.java:71) at com.mongodb.CommandResult.throwOnError(CommandResult.java:110) at com.mongodb.DBCollection.dropIndexes(DBCollection.java:847) at com.mongodb.DBCollection.dropIndex(DBCollection.java:1349) at org.keycloak.connections.mongo.updater.impl.updates.Update1_2_0_CR1.convertApplicationsToClients(Update1_2_0_CR1.java:33) at org.keycloak.connections.mongo.updater.impl.updates.Update1_2_0_CR1.update(Update1_2_0_CR1.java:23) at org.keycloak.connections.mongo.updater.impl.DefaultMongoUpdaterProvider.update(DefaultMongoUpdaterProvider.java:79) ... 37 more 01:17:00,691 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([("deployment" => "keycloak-server. I mentioned this before and Stian was going to look into it; at the time he thought it might be due to using mongodb 3.0. However, mongodb 3.0 works fine with a fresh install.

10 years, 10 months

2
4
0 / 0

1.2.0.Beta1 to 1.2.0.RC1 root of migration problem

by Dean Peterson

I went back and tried to upgrade just from 1.2.0.Beta1 to 1.2.0.RC1. I exported my realm into a json file and tried to import it into a fresh install of 1.2.0.RC1. I just receive a message that says: "Error! The Realm cannot be uploaded". There is nothing in the logs. I check to see if anything is imported. I see only a few bearer token only applications are present. No client side confidential applications have been imported. Also, none of the users have been imported. If I give someone my entire json file (minus most of the user info), can someone please tell me what might be wrong?

10 years, 10 months

2
1
0 / 0

error creating user

by Javier Coria

Hello I hope you can help. When I want to create my user I do follows Keycloak keycloak = Keycloak.getInstance (getURL (), "MyRealm", "myUser", "myPassword" clientID); UserRepresentation userRep = new UserRepresentation (); userRep.setUsername ("testUser"); CredentialRepresentation CredentialRepresentation credentials = new (); credentials.setType ("password"); credentials.setValue ("t"); List <CredentialRepresentation> list = new ArrayList (); list.add (credentials); userRep.setCredentials (list); userRep.setEnabled (true); userRep.setEmail ("myMail(a)outlook.com"); userRep.setEmailVerified (false); userRep.setFirstName ("Javier"); userRep.setLastName ("Javi"); Map map = new HashMap (); userRep.setAttributes (map); UsersResource users = keycloak.realm ("MyRealm") users ().; Response response = users.create (userRep); first responds with code 200 - 18:14:09 DEBUG org.apache.http.headers:273 >> POST /auth/realms/prevvy/protocol/openid-connect/token HTTP/1.1 - 18:14:09 DEBUG org.apache.http.impl.conn.DefaultClientConnection:254 Receiving response: HTTP/1.1 200 OK but at the end responds with a 500 error and I don't know why :(: - 18:14:10 DEBUG org.apache.http.wire:63 >> "Host: develop.prevvy.co:9095[\r][\n]" - 18:14:10 DEBUG org.apache.http.wire:63 >> "Connection: Keep-Alive[\r][\n]" - 18:14:10 DEBUG org.apache.http.wire:63 >> "[\r][\n]" - 18:14:10 DEBUG org.apache.http.headers:273 >> POST /auth/admin/realms/prevvy/users HTTP/1.1 - 18:14:10 DEBUG org.apache.http.headers:276 >> Accept-Encoding: gzip, deflate - 18:14:10 DEBUG org.apache.http.headers:276 >> Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiI3ODgzZmE5ZS1iYzkyLTQzNDQtOWY3Ni02NTdiYWI4YjAzNzkiLCJleHAiOjE0MzY0OTEyMzYsIm5iZiI6MCwiaWF0IjoxNDM2NDkwOTM2LCJpc3MiOiJodHRwOi8vZGV2ZWxvcC5wcmV2dnkuY286OTA5NS9hdXRoL3JlYWxtcy9wcmV2dnkiLCJhdWQiOiJldmVudGhhbmRsZXItY2xpZW50Iiwic3ViIjoiYmIyMDQyZDktNjhlMS00MjQ5LWE5YWQtZTMzZjFkMTA3MGQ4IiwiYXpwIjoiZXZlbnRoYW5kbGVyLWNsaWVudCIsInNlc3Npb25fc3RhdGUiOiI0MzZjMTI2Ny1mNzA5LTQwNTEtOTk0YS03OWYyNjExZjM2Y2EiLCJjbGllbnRfc2Vzc2lvbiI6IjkxOGI2NWQ4LTY1YTUtNDljNi04M2JiLWQzOTg4ZGU0ODVlMCIsImFsbG93ZWQtb3JpZ2lucyI6W10sInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJtYW5hZ2UtdXNlcnMiXX0sInJlc291cmNlX2FjY2VzcyI6e319.hAfHcOZZJwYBBoTRhlqzPfraesg7n9Gp0IHFQvmLYK-wYQBcFb7XAkAdGNWujW4kh5e7EJmyIggLWn0KnaPq2Qf2f57x34A3wjSklxdlIskUjLRZMVjUmUz65ayCPaFh33rxQIv6mhtST6CPdowZdsRyGfmcE9kKhknU8jjY2tY - 18:14:10 DEBUG org.apache.http.headers:276 >> Content-Type: application/json - 18:14:10 DEBUG org.apache.http.headers:276 >> Content-Length: 498 - 18:14:10 DEBUG org.apache.http.headers:276 >> Host: develop.prevvy.co:9095 - 18:14:10 DEBUG org.apache.http.headers:276 >> Connection: Keep-Alive - 18:14:10 DEBUG org.apache.http.wire:77 >> "{"self":null,"id":null,"username":"testttt","enabled":true,"totp":false,"emailVerified":false,"firstName":"Javier","lastName":"Coria","email":" jcoria(a)healthcentrix.com ","federationLink":null,"attributes":{},"credentials":[{"type":"password","device":null,"value":"t","hashedSaltedValue":null,"salt":null,"hashIterations":null,"temporary":false}],"requiredActions":null,"federatedIdentities":null,"realmRoles":null,"clientRoles":null,"clientConsents":null,"applicationRoles":null,"socialLinks":null}" - 18:14:10 DEBUG org.apache.http.wire:63 << "HTTP/1.1 500 Internal Server Error[\r][\n]" Thank you!!

10 years, 11 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

keycloak-user July 2015