January 2016 - keycloak-user - Jboss List Archives

by robinfernandes .

Hi All, Is there a way that I can see the SAML response objects in the logs. I was checking the server logs and they are not showing up there for some reason. Any help would be appreciated. Thanks, Robin

8 years, 3 months

3
3
0 / 0

Error while linking 2 Identity Providers

by Helder dos S. Alves

Hi. I'm using Keycloak 1.7.0.Final and I'm having some troubles: I logged in using my Facebook account, but when I try to log in using my Google account (whose email is the same as Facebook's) I am getting the error: 16:36:58,870 ERROR [io.undertow.request] (default task-54) UT005023: Exception handling request to /auth/realms/GJC-Websites/login-actions/first-broker-login: java.lang.RuntimeException: request path: /auth/realms/GJC-Websites/login-actions/first-broker-login at org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:75) at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60) at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132) at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:85) at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131) at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46) at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64) at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58) at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:72) at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50) at io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:282) at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:261) at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:80) at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:172) at io.undertow.server.Connectors.executeRootHandler(Connectors.java:199) at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:774) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) Caused by: org.jboss.resteasy.spi.UnhandledException: java.lang.NoClassDefFoundError: org/keycloak/broker/provider/BrokeredIdentityContext at org.jboss.resteasy.core.ExceptionHandler.handleApplicationException(ExceptionHandler.java:76) at org.jboss.resteasy.core.ExceptionHandler.handleException(ExceptionHandler.java:212) at org.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:149) at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372) at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179) at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220) at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56) at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51) at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:86) at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:130) at org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:61) ... 29 more Caused by: java.lang.NoClassDefFoundError: org/keycloak/broker/provider/BrokeredIdentityContext at org.keycloak.login.freemarker.FreeMarkerLoginFormsProvider.createResponse(FreeMarkerLoginFormsProvider.java:290) at org.keycloak.login.freemarker.FreeMarkerLoginFormsProvider.createIdpLinkConfirmLinkPage(FreeMarkerLoginFormsProvider.java:467) at org.keycloak.authentication.authenticators.broker.IdpConfirmLinkAuthenticator.authenticateImpl(IdpConfirmLinkAuthenticator.java:43) at org.keycloak.authentication.authenticators.broker.AbstractIdpAuthenticator.authenticate(AbstractIdpAuthenticator.java:57) at org.keycloak.authentication.DefaultAuthenticationFlow.processFlow(DefaultAuthenticationFlow.java:155) at org.keycloak.authentication.DefaultAuthenticationFlow.processFlow(DefaultAuthenticationFlow.java:97) at org.keycloak.authentication.AuthenticationProcessor.authenticate(AuthenticationProcessor.java:652) at org.keycloak.services.resources.LoginActionsService.processFlow(LoginActionsService.java:301) at org.keycloak.services.resources.LoginActionsService.firstBrokerLogin(LoginActionsService.java:528) at org.keycloak.services.resources.LoginActionsService.firstBrokerLoginGet(LoginActionsService.java:487) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:497) at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:137) at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:296) at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:250) at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:140) at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:103) at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:356) ... 37 more Thanks in advance. Helder S. Alves

8 years, 3 months

3
3
0 / 0

Manage Keycloak token inside of the client applications.

by ha.hamed＠gmail.com

Hi, I made an app use bearer authentication with Keycloak . I have another app which wants to use this REST api. As I know until now, It needs to get token from Keycloak server (I use POST method), then add this token to the request It needs to send. But, there's one important issue. This client want to have assess hundreds time each minute. Is there any tools for Keycloak to help me update the token when it's required? I mean keep the token for example for 15 minutes (validation time) then renew it when it's required. I made a statefull class which get configuration and has getToken() method. Then when the other classes ask for new token, if it expired this method synchronously will get new one and return it (Direct grant). Is it right? Is there anything standard inside of the Keycloak lib already? Best regards, Hamed

8 years, 3 months

2
1
0 / 0

Create A New Group (name is not unique)

by Juraj Janosik

Hi, is it a correct and expected behaviour in the group concept, that the name of the group is not unique, that means, that it is possible to create a new group with the same name? The same behaviour occurs in Admin console and via REST API too. [ { "id": "150a8547-fd3f-4245-ab91-328d8afb83c2", "name": "group_tests", "path": "/group_tests", "subGroups": [ ] }, { "id": "bc7969e6-e7c9-4617-b03e-18665293636a", "name": "group_tests", "path": "/group_tests", "subGroups": [ ] }, { "id": "5447d305-a47e-4ad9-a29b-f478396accf6", "name": "group_tests", "path": "/group_tests", "subGroups": [ ] } ] Thanks. Best Regards, Juraj

8 years, 3 months

2
2
0 / 0

$urlRouterProvider

by Stuart Jacobs

Good Day, I currently have a angular application that uses $urlRouterProvider for it's routing, I can not get the application from performing a infinite loop on the landing page. Has anyone experienced this with $urlRouterProvider and is there a solution to the problem? Regards, Stuart Jacobs -- www.symbiotics.co.za ******************************************************************************** This email and any accompanying attachments may contain confidential and proprietary information. This information is private and protected by law and, accordingly, if you are not the intended recipient, you are requested to delete this entire communication immediately and are notified that any disclosure, copying or distribution of or taking any action based on this information is prohibited. Emails cannot be guaranteed to be secure or free of errors or viruses. The sender does not accept any liability or responsibility for any interception, corruption, destruction, loss, late arrival or incompleteness of or tampering or interference with any of the information contained in this email or for its incorrect delivery or non-delivery for whatsoever reason or for its effect on any electronic device of the recipient. ********************************************************************************

8 years, 3 months

2
1
0 / 0

Keycloak as SAML IDP and Identity Broker

by Marcel Dullaart

Hello, For my current project I want to use Keycloak as identity broker to nicely decouple the applications from the authentication mechanism. In production the application will be secured with SAML 2.0, the IDP is based on E-Directoy. In our development environment we use keycloak in docker. My question is can I use Keycloak as IDP in our development enviroment as well as broker, by starting 2 seperated containers one named idp and the other named broker? If so what are the steps I need to take? Thanks in advance! Vriendelijke groet, Kind regards, Cordialement, Marcel Dullaart

8 years, 3 months

1
0
0 / 0

Re: [keycloak-user] Different theme for each client

by Travis De Silva

Hi, My vote is to provide this feature at a client level as per the original request. I think realms should be used for completely different domains when we want to isolate users etc. Should not try and use it for something that it was not intended in the design. The reason why you might need theming at client level is iif you really think that clients which are essentially different applications most of the time and each of these applications might have different look and feel themes (either due to different development teams or vendors building different applications). So when someone logins via KeyCloak, its true that we are logging into a realm but for an end user, it is really logging into a application and there is a need for the login page theme to look similar to the application look and feel. Also I have a use case where I have a back office application that requires login for admin users and then I have the front office of this application where in addition to the admin users, you also can have other users as well who can self register and login to the front end which is a consumer facing site. How I handle this is by having two clients in the same realm. This works fine if you are happy with the same backend login theme to be there for the consumer facing frontend. But we cannot do that as the front end is a consumer facing SaaS site, so each front end needs to have the client's website theme. This becomes very hard to do if we don't have theming at a client level. I came across this post from Bill a few months ago http://lists.jboss.org/pipermail/keycloak-user/2015-July/002537.html I am thinking to make use of the client variable that is available in login.ftl and load different freemarker fragments that will then theme it differently for each client. As mentioned by Bill, having many if conditions might not be ideal but it might meet the requirement. Cheers Travis

8 years, 3 months

8
15
0 / 0

Create Group Child (subgroup) under existing group via REST API

by Juraj Janosik

Hi, how it possible to setup parent group id in the Create Child (subgroup), if I want to create a child group under existing group via REST API? If I set the "id" with existing group in the request body (mentioned as parent), nothing happens. Behaviour in the Admin console is OK. Definition: http://keycloak.github.io/docs/rest-api/index.html#_create_or_add_a_top_l... Description: This will update the group and set the parent if it exists. Create it and set the parent if the group doesn’t exist. Body parameter: Group representation http://keycloak.github.io/docs/rest-api/index.html#_grouprepresentation Thanks. Best Regards, Juraj

8 years, 3 months

1
0
0 / 0

RestTemplate support for service account access

by Aritz Maeztu

At this moment there's a KeycloakRestTemplate to use it in Spring which allows an end user to retrieve data from other keycloak clients. However, a client might also be interested in accessing data with its own permissions and with no user interaction. Is there any implementation of a RestTemplate to utilize client service accounts and, if not, are there any plans to write it? This demo <https://github.com/keycloak/keycloak/blob/master/examples/demo-template/s...>seems to do it manually. Regards -- Aritz Maeztu Otaño Departamento Desarrollo de Software <https://www.linkedin.com/profile/preview?vpa=pub&locale=es_ES> <http://www.tesicnor.com> Pol. Ind. Mocholi. C/Rio Elorz, Nave 13E 31110 Noain (Navarra) Telf.: 948 21 40 40 Fax.: 948 21 40 41 Antes de imprimir este e-mail piense bien si es necesario hacerlo: El medioambiente es cosa de todos.

8 years, 3 months

3
5
0 / 0

When using Keycloak as SP in SAML via filter i.e. SamlFilter, we get exception (details inside)

by Akshay Kini

Hi Folks, We have configured Keycloak as an SP via filter. Keycloak Version 1.7.0 We get this exception: ERROR [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost].[/].[AppName]] Servlet.service() for servlet NasDefault threw exception: java.lang.RuntimeException: This method is not supported in a restored authenticated request at org.keycloak.adapters.servlet.FilterSessionStore$1.getDateHeader(FilterSessionStore.java:178) [:1.7.0.CR1] at org.apache.catalina.servlets.DefaultServlet.checkIfModifiedSince(DefaultServlet.java:1731) [:] at org.apache.catalina.servlets.DefaultServlet.checkIfHeaders(DefaultServlet.java:608) [:] at org.apache.catalina.servlets.DefaultServlet.serveResource(DefaultServlet.java:714) [:] at org.apache.catalina.servlets.DefaultServlet.doGet(DefaultServlet.java:368) [:] at javax.servlet.http.HttpServlet.service(HttpServlet.java:734) [:1.0.0.Final] at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) [:1.0.0.Final] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:324) [:] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:242) [:] ... (trimmed) ... at org.keycloak.adapters.saml.servlet.SamlFilter.doFilter(SamlFilter.java:125) [:1.7.0.CR1] ...(trimmed) ... etc. Any ideas on what this error means? Thanks, Regards, Akshay

8 years, 3 months

1
1
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

keycloak-user January 2016