Autheticator configuration
by Branislav Tomko
Hello
I have created a security question Authenticator according Keycloak
documentation by implementing org.keycloak.authentication.Authenticator
interface,
with 2 configurable attributes.
After adding the Authenticator execution into Authentication flow, I can set
initial configuration values for the attributes in admin console (as realm
admin user).
For a first time it's everything OK and the values are set and used during
authentication.
But next time, when I try to change the attributes values, I get an
ForbiddenException:
14:49:48,783 ERROR [org.jboss.resteasy.resteasy_jaxrs.i18n] (default
task-12) RESTEASY002005: Failed executing GET
/admin/realms/master/authentication
/config-description/security-question-authenticator:
org.keycloak.services.ForbiddenException
at
org.keycloak.services.resources.admin.RealmAuth.requireView(RealmAuth.java:7
0)
at
org.keycloak.services.resources.admin.AuthenticationManagementResource.getAu
thenticatorConfigDescription(AuthenticationManagementResource.j
ava:853)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62
)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl
.java:43)
at java.lang.reflect.Method.invoke(Method.java:497)
at
org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:13
9)
at
org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodI
nvoker.java:295)
at
org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.j
ava:249)
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(Resource
LocatorInvoker.java:138)
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker
.java:107)
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(Resource
LocatorInvoker.java:133)
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker
.java:107)
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(Resource
LocatorInvoker.java:133)
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker
.java:101)
at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.j
ava:395)
at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.j
ava:202)
at
org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service
(ServletContainerDispatcher.java:221)
at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(Http
ServletDispatcher.java:56)
at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(Http
ServletDispatcher.java:51)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
at
io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.jav
a:85)
at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHa
ndler.java:129)
at
org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(Keycloak
SessionServletFilter.java:78)
at
io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)
at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHa
ndler.java:131)
at
io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:
84)
at
io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleReque
st(ServletSecurityRoleHandler.java:62)
at
io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(Servlet
DispatchingHandler.java:36)
at
org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.ha
ndleRequest(SecurityContextAssociationHandler.java:78)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.
java:43)
at
io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handl
eRequest(SSLInformationAssociationHandler.java:131)
at
io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handl
eRequest(ServletAuthenticationCallHandler.java:57)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.
java:43)
at
io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(A
bstractConfidentialityHandler.java:46)
at
io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandle
r.handleRequest(ServletConfidentialityConstraintHandler.java:64
)
at
io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(
AuthenticationMechanismsHandler.java:60)
at
io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.hand
leRequest(CachedAuthenticatedSessionHandler.java:77)
at
io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(Noti
ficationReceiverHandler.java:50)
at
io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.hand
leRequest(AbstractSecurityContextAssociationHandler.java:43)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.
java:43)
at
org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequ
est(JACCContextIdHandler.java:61)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.
java:43)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.
java:43)
at
io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(Servle
tInitialHandler.java:284)
at
io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletIn
itialHandler.java:263)
at
io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitial
Handler.java:81)
at
io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletIn
itialHandler.java:174)
at
io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
at
io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:793)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:11
42)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:6
17)
at java.lang.Thread.run(Thread.java:745)
Only chance to update attribute values is to remove authenticator execution
from the flow, then add it back and set configuration again "for a first
time".
Any idea why the Authenticator configuration setting works for a first time,
but next update rise an exception?
Brano.
8 years, 8 months
Jboss vulnerability
by Ben Bazian
Is Keycloak 1.8 susceptible to this vulnerability?
Cisco Talos has identified millions of vulnerable JBoss servers that can potentially be infected with SamSam ransomware
Attackers used a JBoss-specific exploit called JexBoss -- a Jboss verification and exploitation tool -- to compromise vulnerable servers and then install webshells and backdoors for remote access. Cisco Talos researchers found that compromised JBoss servers typically have more than one webshell installed, suggesting that the systems have been repeatedly compromised by different actors. The list of webshells include mela, shellinvoker, jbossinvoker, zecmd, cmd, genesis, sh3ll, and jbot.
http://www.infoworld.com/article/3058254/security/patch-jboss-now-to-prev...
__________________________
BEN BAZIAN
Director, Information Systems
MBO Partners
[cid:image001.png@01D057F2.BE72C880]
t: 703.793.6010
f: 703.793.6079
e: bbazian(a)mbopartners.com
w: mbopartners.com
s: Twitter<http://www.twitter.com/mbopartners> | Linkedin<https://www.linkedin.com/company/mbo-partners> | Facebook<https://www.facebook.com/mbopartners>
Notice: This email and any files transmitted with it are confidential. They are intended solely for the use of the individual addressed. If you have received this email in error please notify postmaster(a)mbopartners.com<mailto:postmaster@mbopartners.com> and permanently delete the e-mail and files.
8 years, 8 months
Active Directory Federated Services SAML Identity Provider; Pass groups thru
by Jason Hobbs
I'm trying to use ADFS as a SAML identity provider, then use OIDC to
authenticate an application on JBoss EAP.
The IDP redirects to AD and back to Keycloak seem to work fine, and a list
of groups is provided as an assertion. When I debug within the protected
application, however, the groups from the SAML assertion are not passed
through. If I make a role in Keycloak and manually assign it to a user, it
does get passed through.
Is this something that should be supported and I'm just not configuring
something right?
Environment: Keycloak 1.9.2.Final running on OpenShift Enterprise 3.1.
----
Jason Hobbs
Lead Engineer Shop Floor Systems
Email: Jason.Hobbs(a)shawinc.com | Office: (706) 532-3858 | Calendar
<https://www.google.com/calendar/embed?src=jason.hobbs@shawinc.com&ctz=Ame...>
Shaw Industries Group Inc. | 201 S. Hamilton St., Dalton, GA 30720 | MD
0IS-01 | shawfloors.com
--
**********************************************************
Privileged and/or confidential information may be contained in this
message. If you are not the addressee indicated in this message (or are not
responsible for delivery of this message to that person) , you may not copy
or deliver this message to anyone. In such case, you should destroy this
message and notify the sender by reply e-mail.
If you or your employer do not consent to Internet e-mail for messages of
this kind, please advise the sender.
Shaw Industries does not provide or endorse any opinions, conclusions or
other information in this message that do not relate to the official
business of the company or its subsidiaries.
**********************************************************
8 years, 8 months
Access Token - compatibility
by Simon Gordon
Hi all
I'm looking at the future of our architecture, including how we secure APIs
(Resource Servers) and more.
It is important that any authorisation services we provide have versioned
and 'managed' endpoint interfaces, such that compatibility is maintained
across the lifecycle of the authorisation service (patches and upgrades).
Since our Resource Servers could be 'anything', we can't rely upon handing
out particular libraries for those resource servers to use to integrate
with the AS - that would be awful to manage across a large estate of
services anyway.
As I see it, I can mandate that Resource Servers use OAuth 2, so many
issues go away - but the critical item for maintaining compatibility is the
Access Token - when we implement the AS, a key deliverable to our RS
partners will be a technical specification of the Access Token.
Does a technical specification of the Access Token exist? What is the
policy with regards to compatibility of the Access Token across
versions/patches of KeyCloak?
(I could fall back to the Token Info endpoint - but again, that needs to
maintain compatibility across releases)
Thanks!
Simon
8 years, 8 months
password type configuration options for a UserFederationFactory
by Anthony Fryer
While implementing a UserFederationFactory I have provided several configuration options that the keycloak administrator can configure. The available options are returned from the UserFederationProviderFactory.getConfigurationOptions() method. My use case, which I think would be fairly common, is to allow configuration of a DataSource which requires a username and password to be configured. Currently the password is displayed in clear text in the admin console. It would be nice to be able to specify which configuration options are passwords and have them at least masked in the admin console using input type of "password". Encryption would also be another nice feature but maybe just simply having the ability to mask the password would be a nice first step.
Regards,
Anthony
The content of this e-mail, including any attachments, is a confidential communication between Virgin Australia Airlines Pty Ltd (Virgin Australia) or its related entities (or the sender if this email is a private communication) and the intended addressee and is for the sole use of that intended addressee. If you are not the intended addressee, any use, interference with, disclosure or copying of this material is unauthorized and prohibited. If you have received this e-mail in error please contact the sender immediately and then delete the message and any attachment(s). There is no warranty that this email is error, virus or defect free. This email is also subject to copyright. No part of it should be reproduced, adapted or communicated without the written consent of the copyright owner. If this is a private communication it does not represent the views of Virgin Australia or its related entities. Please be aware that the contents of any emails sent to or from Virgin Australia or its related entities may be periodically monitored and reviewed. Virgin Australia and its related entities respect your privacy. Our privacy policy can be accessed from our website: www.virginaustralia.com
8 years, 8 months
Update from 1.8.1 to 1.9.2: Persistent sessions fail to load
by Martin Ott
Hi,
I have an instance of Keycloak 1.8.1 running which is configured to persist the sessions stored in infinispan. I have added this change to the configuration in order to keep sessions in case of a restart of the process or machine.
Configuration in standalone.xml looks like this:
<local-cache name="sessions”>
<file-store purge="false"/>
</local-cache>
After upgrading the Keycloak instance to version 1.9.2 the console includes the following stacktrace when acessing the sessions in the admin UI. It also cannot load org.keycloak.models.sessions.infinispan.entities.UserSessionEntity:
— - snip — -
17:49:07,056 ERROR [org.infinispan.persistence.file.SingleFileStore] (persistence-thread--p9-t1) ISPN000252: Error executing parallel store task: org.infinispan.persistence.spi.PersistenceException: java.io.InvalidClassException: org.keycloak.models.sessions.infinispan.entities.ClientSessionEntity; Module load failed
at org.infinispan.marshall.core.MarshalledEntryImpl.unmarshall(MarshalledEntryImpl.java:116)
at org.infinispan.marshall.core.MarshalledEntryImpl.getValue(MarshalledEntryImpl.java:61)
at org.infinispan.persistence.PersistenceUtil.convert(PersistenceUtil.java:133)
at org.infinispan.persistence.util.PersistenceManagerCloseableSupplier$SupplierCacheLoaderTask.processEntry(PersistenceManagerCloseableSupplier.java:75)
at org.infinispan.persistence.file.SingleFileStore$2.call(SingleFileStore.java:537)
at org.infinispan.persistence.file.SingleFileStore$2.call(SingleFileStore.java:531)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at org.infinispan.util.concurrent.WithinThreadExecutor.execute(WithinThreadExecutor.java:21)
at java.util.concurrent.ExecutorCompletionService.submit(ExecutorCompletionService.java:181)
at org.infinispan.executors.ExecutorAllCompletionService.submit(ExecutorAllCompletionService.java:31)
at org.infinispan.persistence.file.SingleFileStore.process(SingleFileStore.java:531)
at org.infinispan.persistence.manager.PersistenceManagerImpl.processOnAllStores(PersistenceManagerImpl.java:447)
at org.infinispan.persistence.manager.PersistenceManagerImpl.processOnAllStores(PersistenceManagerImpl.java:432)
at org.infinispan.persistence.util.PersistenceManagerCloseableSupplier.lambda$get$261(PersistenceManagerCloseableSupplier.java:115)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.io.InvalidClassException: org.keycloak.models.sessions.infinispan.entities.ClientSessionEntity; Module load failed
at org.jboss.marshalling.ModularClassResolver.resolveClass(ModularClassResolver.java:104)
at org.jboss.marshalling.river.RiverUnmarshaller.doReadClassDescriptor(RiverUnmarshaller.java:948)
at org.jboss.marshalling.river.RiverUnmarshaller.doReadNewObject(RiverUnmarshaller.java:1255)
at org.jboss.marshalling.river.RiverUnmarshaller.doReadObject(RiverUnmarshaller.java:276)
at org.jboss.marshalling.river.RiverUnmarshaller.doReadObject(RiverUnmarshaller.java:209)
at org.jboss.marshalling.AbstractObjectInput.readObject(AbstractObjectInput.java:41)
at org.infinispan.commons.marshall.jboss.AbstractJBossMarshaller.objectFromObjectStream(AbstractJBossMarshaller.java:134)
at org.infinispan.marshall.core.VersionAwareMarshaller.objectFromByteBuffer(VersionAwareMarshaller.java:101)
at org.infinispan.commons.marshall.AbstractDelegatingMarshaller.objectFromByteBuffer(AbstractDelegatingMarshaller.java:80)
at org.infinispan.marshall.core.MarshalledEntryImpl.unmarshall(MarshalledEntryImpl.java:114)
... 18 more
Caused by: org.jboss.modules.ModuleNotFoundException: org.keycloak.keycloak-model-sessions-infinispan:main
at org.jboss.modules.ModuleLoader.loadModule(ModuleLoader.java:223)
at org.jboss.marshalling.ModularClassResolver.resolveClass(ModularClassResolver.java:102)
... 27 more
- - snip - -
I assume that the sessions cannot be deserialized due to the module reorg in version 1.9. Is this correct? How could the sessions be migrated to 1.9.x?
Cheers,
Martin
8 years, 8 months
How to register a custom FormAction
by LEONARDO NUNES
Hi,
I'm getting the error below when I try to add a custom FormAction to a copy of the Registration Form.
What am I doing wrong?
I'm using Keycloak 1.9.1.Final
Steps:
* Created class: AccountsFormAction implements FormAction
* Created class: AccountsFormActionFactory implements FormActionFactory, ConfigurableAuthenticatorFactory
* Created file inside of META-INF/services/org.keycloak.authentication.FormActionFactory containing the full qualified name of the AccountsFormActionFactory class
* Copied the JAR to providers folder
* At the admin console, I choose Add execution from Registration-copy1 Registration Form Actions menu
* At the providers list I choose "Accounts Form Action"
* The error below shows when I click Save
2016-04-18 09:02:06,658 ERROR [org.jboss.resteasy.resteasy_jaxrs.i18n] (default task-52) RESTEASY002005: Failed executing POST /admin/realms/accounts/authentication/flows/registration-copy1 registration form/executions/execution: org.jboss.resteasy.spi.BadRequestException: No authentication provider found for id: accounts-form-action
at org.keycloak.services.resources.admin.AuthenticationManagementResource.addExecution(AuthenticationManagementResource.java:394)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:497)
at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:139)
at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:295)
at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:249)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:138)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:107)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:133)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:107)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:133)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:101)
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:395)
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:202)
at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:221)
at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
at org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:78)
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:284)
at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:263)
at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:174)
at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:793)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
--
Leonardo
________________________________
Esta mensagem pode conter informa??o confidencial e/ou privilegiada. Se voc? n?o for o destinat?rio ou a pessoa autorizada a receber esta mensagem, n?o poder? usar, copiar ou divulgar as informa??es nela contidas ou tomar qualquer a??o baseada nessas informa??es. Se voc? recebeu esta mensagem por engano, por favor avise imediatamente o remetente, respondendo o e-mail e em seguida apague-o. Agradecemos sua coopera??o.
This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation
8 years, 8 months
Twitter login via keycloak
by JAYAPRIYA ATHEESAN
Hi All,
I have a requirement where a user who has registered his mail id manually
should be able to use twitter for login using the same mail id. Is this
option available.
To elaborate
Using gig(a)gmail.com mail id I register to keycloak manually.
Now I wish to login to keycloak using the same mail id gig(a)gmail.com but
using twitter instead of manual login.
Is it possible?
When I try doing that, I get an error saying "Email id already exists".
I wish to login using same mail id via facebook , twitter and googleplus.
How to go about this?
Thanks,
Jayapriya Atheesan
8 years, 8 months
No 'Access-Control-Allow-Origin' header is present on the requested resource
by JAYAPRIYA ATHEESAN
Hi All,
I need a help.
I tried to use the example provided by keycloak team for broker(facebook-identity-provider-realm).
But when I try to load the social profile, I get the following exception.
angular.js:8098 OPTIONS https://host_name:8444/auth/realms/facebook-identity-provider-realm/broke... (anonymous function) @ angular.js:8098sendReq @ angular.js:7902serverRequest @ angular.js:7636wrappedCallback @ angular.js:11050wrappedCallback @ angular.js:11050(anonymous function) @ angular.js:11136Scope.$eval @ angular.js:12062Scope.$digest @ angular.js:11888Scope.$apply @ angular.js:12168(anonymous function) @ angular.js:18102(anonymous function) @ angular.js:2643forEach @ angular.js:328eventHandler @ angular.js:2642
:60/fb/:1 XMLHttpRequest cannot load https://host_name:8444/auth/realms/facebook-identity-provider-realm/broke.... Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:60' is therefore not allowed access. The response had HTTP status code 404.
I face similar kind of exception when I tried to load profile detail from keycloak too..
Please help me in resolving the same.
I have hosted the angular js application in my local host.
The keycloak is running on a server. External request is set to none for testing purposes.
Thanks,
Jayapriya Atheesan
8 years, 8 months
Initializing keycloak.js without extra request for keycloak.json?
by Michael Clayton
Hi all,
I'm integrating keycloak.js with the Red Hat Customer Portal and have a
question about passing a configuration object into the Keycloak()
constructor.
At the point where I call Keycloak(), I'm attempting to avoid waiting
for the keycloak.json HTTP GET by inlining keycloak.json during a build
step. By example, my build now produces this:
var keycloak = new Keycloak({
"realm" : "myRealm",
"realm-public-key" : "myPublicKey",
"auth-server-url" : "https://keycloak.me/auth",
"ssl-required" : "external",
"resource" : "myClientId",
"public-client" : true,
"token-store": "cookie"
});
I was hoping this would Just Work, but I quickly discovered that some of
the properties are "renamed" after the HTTP request:
kc.authServerUrl = config['auth-server-url'];
kc.realm = config['realm'];
kc.clientId = config['resource'];
kc.clientSecret = (config['credentials'] || {})['secret'];
And thus my setup doesn't work because "clientId" doesn't exist inside
keycloak.json.
My question is: would I be foolish to rename the properties inside
keycloak.json so that the JSON can be passed directly into the Keycloak
constructor? For example, "resource" becomes "clientId" and
"auth-server-url" becomes "authServerUrl".
It would be really convenient if I could give keycloak.js the contents
of keycloak.json without having to fret about where it came from (AJAX
or hardcoded or build-inlined). If others would like that feature too,
I'd happily put together a contribution.
Thanks for any advice!
--
Michael Clayton
8 years, 8 months