Cannot create Drolls policy.
by Charlee Chitsuk
Hi,
I'm using the keycloak version 2.0.0.Final with default standalone. I've
build and install the maven artifact, the
"org.keycloak:photoz-authz-policy:2.0.0.Final" and tried to create the
Drools policy. as the following
mavenArtifactGroupId = org.keycloak
mavenArtifactId = photoz-authz-policy
mavenArtifactVersion = 2.0.0.Final"
When I click the "Resolve" button, the system shows me as "Error! An
unexpected server error has occurred"
The "standalone/log/server.log" also shows as
[io.undertow.request] (default task-80) UT005023: Exception handling
request to
/auth/admin/realms/photoz/clients/001e0705-8bc6-47de-b408-dd07a5ebba9b/authz/resource-server/policy/drools/resolveModules:
org.jboss.resteasy.spi.UnhandledException: java.lang.NoClassDefFoundError:
org/apache/commons/codec/binary/Base64
at
org.jboss.resteasy.core.ExceptionHandler.handleApplicationException(ExceptionHandler.java:76)
...
Caused by: java.lang.NoClassDefFoundError:
org/apache/commons/codec/binary/Base64
at org.apache.http.impl.auth.BasicScheme.authenticate(BasicScheme.java:168)
I can ensure that
1. The "commons-codec-1.10.jar" is existed at
"modules/system/layers/base/org/apache/commons/codec/main"
2. The "org.keycloak:photoz-authz-policy:2.0.0.Final" is existed at my
local repository at
"some/drive/m2/repo/org/keycloak/photoz-authz-policy/2.0.0.Final/photoz-authz-policy-2.0.0.Final.jar".
Could you please help to advise further?
--
Best Regards,
Charlee Ch
7 years, 9 months
Brute Force Detection breaks Social login
by Valerij Timofeev
Hi all,
it looks like the Brute Force Detection breaks Social login.
I've:
1) downloaded keycloak-demo-1.9.8.Final
2) setup Facebook Identity provider
3) successfully tested Facebook login
4) activated Brute Force Detection with default values
5) tested Facebook login: it fails with the error message: "Account is
disabled, contact admin."
I wonder whether somebody has ever tested this combination.
Kind regards
Valerij Timofeev
7 years, 9 months
Storing attributes in Keycloak session
by Daniel Radzikowski
Hi,
I'm using Direct Grant API to manage sessions in my application. Is it
possible to store some session attributes for logged in user using this API?
--
Pozdrawiam,
Daniel Radzikowski.
7 years, 9 months
Re: [keycloak-user] Keycloak-Headerbased authentication
by Subrahmanyam BV
Hi Thomas, Thanks for the quick reply . Here is the scenario that I am looking for. Once the user gets authenticated, is there a way to pass some attributes of the user (say for example, company, emailid, status of the user etc...) as a part of the response headers?
Regards,Subrahmanyam.
From: Thomas Darimont <thomas.darimont(a)googlemail.com>
Sent: Tue, 05 Jul 2016 11:54:44
To: Subrahmanyam BV <bvs78(a)rediffmail.com>
Cc: keycloak-user <keycloak-user(a)lists.jboss.org>
Subject: Re: [keycloak-user] Keycloak-Headerbased authentication
Hello,
I'm not familiar with siteminder and quickly googled https://docops.ca.com/ca-single-sign-on-12-52-sp1/en/configuring/web-agen...
Based on that I think that mod_auth_oidc might do what you want.
https://github.com/keycloak/securing_apps_guide/blob/master/topics/oidc/m...
https://github.com/thomasdarimont/keycloak_mod_auth_oidc_example/blob/mas...
Cheers,
Thomas
Am 05.07.2016 6:44 vorm. schrieb "Subrahmanyam BV" <bvs78@rediffmail.com>:HI, Just wanted to know whether keycloak supports header-based authentication as supported by siteminder. Please let me know on this.
Regards,Subrahmanyam.
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
7 years, 9 months
Lost session when removing an instance off cluster
by Sarp Kaya
Hello,
I have tried various ways of configuring infinispan but it just seems like if I deploy a new instance to the cluster and remove one, then some sessions are lost and an exception is thrown saying that it was not handled. This is the Infinispan exception:
Exception handling request to /auth/realms/realmname/protocol/openid-connect/auth: org.jboss.resteasy.spi.UnhandledException: org.infinispan.util.concurrent.TimeoutException: Replication timeout for 79a0757ecab3 at org.jboss.resteasy.core.ExceptionHandler.handleException(ExceptionHandler.java:247) at org.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:168) at org.jboss.resteasy.core.SynchronousDispatcher.writeResponse(SynchronousDispatcher.java:471) at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:415) at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:202) at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:221) at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56) at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51) at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85) at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129) at org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:88) at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60) at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84) at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131) at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46) at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64) at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60) at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77) at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50) at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:284) at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:263) at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81) at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:174) at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202) at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:793) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) Caused by: org.infinispan.util.concurrent.TimeoutException: Replication timeout for 79a0757ecab3 at org.infinispan.remoting.transport.jgroups.JGroupsTransport.checkRsp(JGroupsTransport.java:765) at org.infinispan.remoting.transport.jgroups.JGroupsTransport.lambda$invokeRemotelyAsync$72(JGroupsTransport.java:599) at java.util.concurrent.CompletableFuture.uniApply(CompletableFuture.java:602) at java.util.concurrent.CompletableFuture$UniApply.tryFire(CompletableFuture.java:577) at java.util.concurrent.CompletableFuture.postComplete(CompletableFuture.java:474) at java.util.concurrent.CompletableFuture.complete(CompletableFuture.java:1962) at org.infinispan.remoting.transport.jgroups.SingleResponseFuture.call(SingleResponseFuture.java:46) at org.infinispan.remoting.transport.jgroups.SingleResponseFuture.call(SingleResponseFuture.java:17) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180)
This causes browsers to see Internal Server Error. Shouldn't that be handled in Keycloak as lost session, therefore KC should try to handle it rather than showing that it's an Internal Server Error?
My current infinispan configuration looks like this:
<distributed-cache name="sessions" mode="SYNC">
<transaction mode="NON_DURABLE_XA"/>
</distributed-cache>
I use Keycloak version 1.9.5. My question is am I doing something wrong with my configuration? I tried both replicated-cache and distributed-cache and tried all transaction mode on both of them. None of them seems to solve the error that I've had above.
Kind Regards,
Sarp Kaya
7 years, 9 months
Keycloak-Headerbased authentication
by Subrahmanyam BV
HI, Just wanted to know whether keycloak supports header-based authentication as supported by siteminder. Please let me know on this.
Regards,Subrahmanyam.
7 years, 9 months
MDC log messages not showing up
by Scott Rossillo
I’m trying to use a use the Mapped Diagnostic Context (MDC) on org.jboss.logging.MDC to register a custom header for logging. I’m populating the MDC from an Undertow HttpHandler. This part is working, however, the value set in the MDC is never logged. I’m using %X{MDC_KEY} in standalone.xml.
Does anyone know why MDC values aren’t logged?
Scott Rossillo
Smartling | Senior Software Engineer
srossillo(a)smartling.com
7 years, 9 months
Re: [keycloak-user] OAuth Access Token Response in XML
by Stian Thorgersen
Adding list back - please use reply all
I'm not following. The response payload is the token, so not sure what it
is that you want in XML.
On 4 July 2016 at 15:41, <asarathi(a)vizuri.com> wrote:
> Sorry if I wasn't clear earlier. I don't want the token itself to be in
> xml. I just want the response payload from the token endpoint to be xml or
> Json based on the accept header.
>
>
> On Jul 4, 2016, at 3:04 AM, Stian Thorgersen <sthorger(a)redhat.com> wrote:
>
> We only support JWT with OpenID Connect. Can you elaborate on why you want
> an XML token?
>
> You could add a custom REST endpoint or a custom protocol to do this, but
> not sure I'd recommend doing it as there's a fair bit of logic that goes
> into the token endpoint.
>
> On 1 July 2016 at 18:39, Aswini Sarathi <asarathi(a)vizuri.com> wrote:
>
>> Hi,
>>
>> I am trying to find out if there is a way to get response from token
>> endpoint /realms/{realm-name}/protocol/openid-connect/token in xml or
>> json format based on the Accept header. If its not supported out of the
>> box, what other options are available to do this? Should I look at creating
>> a custom endpoint by implementing the SPI to do the mapping?
>>
>> Thanks!!
>>
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user(a)lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>
7 years, 9 months
Customize length of of user_attribute table value field
by Rajkiran K
Hi,
I had a requirement for inserting 450 characters string in to keycloak
custom attribute, but value field is 255 characters in user_attribute
table. is there any provision to modify this value. Please let me know
how can i do this.
Regards,
Raj Kiran K
7 years, 9 months