Keycloak on Openshift with custom domain and SSL certificate
by Mark Hayen
Hi,
We're running our application on Openshift Online.
Of course it is secured by keycloak running in the same gear.
The openshift webconsole offers the possibility to import the
certificate etc.
but when trying to access the application it throws the following error.
ERROR [org.keycloak.adapters.OAuthRequestAuthenticator] (default
task-48) failed to turn code into token:
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target
What do I have to do to enable keycloak to find the stuf it needs?
Thank you
Mark Hayen
first8.nl
8 years, 4 months
SAML Mapper for ObjectGUID
by Ben Bazian
I need to pass the objectGUID from Active Directory in a SAML assertion. Anyone know where to point me to setting up this mapper?
8 years, 5 months
user Attribute error
by Gerard Laissard
Hi,
I'm using user Federation LDAP. The LDAP is read-only.
When I add a user Attribute, I get 'Error! user is read-only!'
How can I add specific user attributes?
Thanks
Gerard
8 years, 5 months
CRUD Using KeyCloak
by Yasser El-ata
Hello , i wan't to create CRUD using KeyCloak , i have an angularJS
application and it's use KeyCloak
My case is : i have screens in my application that contain sub screens and
every sub screen contain CRUD roles (CREATE , READ , UPDATE , DELETE) ,
it's may contain multi levels
the screenshot may make the case more clear
the normal client roles is not enough for me or maybe i miss understand
some thing
could you please help me how to create these roles in KeyCloak , or if
KeyCloak is support roles like this or if there is any other way to create
them ?
Thanks
--
Yasser El-Ata
Java Developer
BluLogix
737 Walker Rd Ste 3, Great Falls, VA 22066
t: 443.333.4100 | f: 443.333.4101
*www.blulogix.com <http://www.blueoss.com/>*
The information transmitted is intended only for the person(s) to whom it
is addressed and may contain confidential and/or privileged material. Any
review, retransmission, dissemination or other use of, or taking of any
action in reliance upon, this information by persons or entities other than
the intended recipient is prohibited. If you received this in error, please
contact the sender and delete the material from any computer.
8 years, 5 months
Keycloak 1.9 behind Apache2 reverse proxy not working properly
by Matthias Müller
Does anyone have experiences with Keycloak 1.9 in an Apache2 reverse
proxy configuration?
In my test setup I am running Keycloak as a standalone service on port
8080. It is proxied behind an Apache HTTP Server that manages the SSL
communication and forwards requests to localhost:8080. The Apache side
of the proxy is working. However, the administration console web page
(auth/admin/master/console/) still contains plain http://... links
(should be: https://) to the JS components which, of course, is invalid.
Obviously the Keycloak service does not see (or ignores) the X-Forwarded
headers.
Am I missing something here?
Cheers,
Matthias
[1]:
http://auth.domain.org/auth/resources/1.9.0.final/admin/keycloak/lib/sele...
8 years, 5 months
"Client was not identified by any client authenticator"
by Rong Sang (CL-ATL)
Hi,
I just downloaded the 1.9.0 final release, started the standalone server, created the initial admin user account and then tried to log in the admin console. I got the following error at that point:
Failed client authentication: org.keycloak.authentication.AuthenticationFlowException: Client was not identified by any client authenticator
The web page kept loading and the server had a lot of instance of the error above. I couldn’t go any further. What did I miss?
Thanks,
Rong
8 years, 5 months
SAML question
by Ben Bazian
I need to add Active Directory attributes to the SAML assertion. Is there documentation on how to do this? Specifically I need to add givenName and sn to the assertion that already has the email attribute.
8 years, 5 months
Change the default max nr of users shown in the users overview screen in the base Keycloak admin theme?
by Edgar Vonk - Info.nl
Hi,
I was wondering if there would be an objection to change the default max number of users shown in the users overview screen in the base Keycloak admin theme? Manage - Users now shows a maximum number of 5 users per ‘page’. I think this is really low and hard to work with if, like us, you will have thousands of users in the system. We would like to have this default max number set to something, which I think seems more sensible, like 20.
It is set in the users.js JS (UserListCtrl) in the base Keycloak admin theme so I know that we can override this file and set our own default but we really do not want to do this as we want to use the default Keycloak admin console at this stage.
Ok if I create a JIRA feature request issue for this?
cheers
Edgar
8 years, 5 months
