July 2016 - keycloak-user - Jboss List Archives

by Charlee Chitsuk

Hi, I'm using the keycloak version 2.0.0.Final with default standalone. I've build and install the maven artifact, the "org.keycloak:photoz-authz-policy:2.0.0.Final" and tried to create the Drools policy. as the following mavenArtifactGroupId = org.keycloak mavenArtifactId = photoz-authz-policy mavenArtifactVersion = 2.0.0.Final" When I click the "Resolve" button, the system shows me as "Error! An unexpected server error has occurred" The "standalone/log/server.log" also shows as [io.undertow.request] (default task-80) UT005023: Exception handling request to /auth/admin/realms/photoz/clients/001e0705-8bc6-47de-b408-dd07a5ebba9b/authz/resource-server/policy/drools/resolveModules: org.jboss.resteasy.spi.UnhandledException: java.lang.NoClassDefFoundError: org/apache/commons/codec/binary/Base64 at org.jboss.resteasy.core.ExceptionHandler.handleApplicationException(ExceptionHandler.java:76) ... Caused by: java.lang.NoClassDefFoundError: org/apache/commons/codec/binary/Base64 at org.apache.http.impl.auth.BasicScheme.authenticate(BasicScheme.java:168) I can ensure that 1. The "commons-codec-1.10.jar" is existed at "modules/system/layers/base/org/apache/commons/codec/main" 2. The "org.keycloak:photoz-authz-policy:2.0.0.Final" is existed at my local repository at "some/drive/m2/repo/org/keycloak/photoz-authz-policy/2.0.0.Final/photoz-authz-policy-2.0.0.Final.jar". Could you please help to advise further? -- Best Regards, Charlee Ch

7 years, 9 months

2
3
0 / 0

Brute Force Detection breaks Social login

by Valerij Timofeev

Hi all, it looks like the Brute Force Detection breaks Social login. I've: 1) downloaded keycloak-demo-1.9.8.Final 2) setup Facebook Identity provider 3) successfully tested Facebook login 4) activated Brute Force Detection with default values 5) tested Facebook login: it fails with the error message: "Account is disabled, contact admin." I wonder whether somebody has ever tested this combination. Kind regards Valerij Timofeev

7 years, 9 months

4
9
0 / 0

Storing attributes in Keycloak session

by Daniel Radzikowski

Hi, I'm using Direct Grant API to manage sessions in my application. Is it possible to store some session attributes for logged in user using this API? -- Pozdrawiam, Daniel Radzikowski.

7 years, 9 months

2
1
0 / 0

Re: [keycloak-user] Keycloak-Headerbased authentication

by Subrahmanyam BV

Hi Thomas,     Thanks for the quick reply . Here is the scenario that I am looking for. Once the user gets authenticated, is there a way to pass some attributes of the user (say for example, company, emailid, status of the user etc...) as a part of the response headers?  Regards,Subrahmanyam. From: Thomas Darimont <thomas.darimont(a)googlemail.com> Sent: Tue, 05 Jul 2016 11:54:44 To: Subrahmanyam BV <bvs78(a)rediffmail.com> Cc: keycloak-user <keycloak-user(a)lists.jboss.org> Subject: Re: [keycloak-user] Keycloak-Headerbased authentication Hello, I'm not familiar with siteminder and quickly googled https://docops.ca.com/ca-single-sign-on-12-52-sp1/en/configuring/web-agen... Based on that I think that mod_auth_oidc might do what you want. https://github.com/keycloak/securing_apps_guide/blob/master/topics/oidc/m... https://github.com/thomasdarimont/keycloak_mod_auth_oidc_example/blob/mas... Cheers, Thomas Am 05.07.2016 6:44 vorm. schrieb "Subrahmanyam BV" <bvs78@rediffmail.com>:HI,    Just wanted to know whether keycloak supports header-based authentication as supported by siteminder. Please let me know on this. Regards,Subrahmanyam. _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user

7 years, 9 months

2
1
0 / 0

Upload SP metadata to keycloak??

by Max Allan

I've asked this question on Stackoverflow and not had an answer yet. I thought I should ask in the right place as well! ( http://stackoverflow.com/questions/38190982/where-do-i-upload-sps-xml-in-... ) Where do I upload the XML metadata from a SAML SP? I've seen a few people saying they've done it and had other problems but I can't even find the page/button you need to upload it. I'm assuming in the client configuration windows somewhere?? Thanks, Max

7 years, 9 months

2
1
0 / 0

Lost session when removing an instance off cluster

by Sarp Kaya

Hello, I have tried various ways of configuring infinispan but it just seems like if I deploy a new instance to the cluster and remove one, then some sessions are lost and an exception is thrown saying that it was not handled. This is the Infinispan exception: Exception handling request to /auth/realms/realmname/protocol/openid-connect/auth: org.jboss.resteasy.spi.UnhandledException: org.infinispan.util.concurrent.TimeoutException: Replication timeout for 79a0757ecab3 at org.jboss.resteasy.core.ExceptionHandler.handleException(ExceptionHandler.java:247) at org.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:168) at org.jboss.resteasy.core.SynchronousDispatcher.writeResponse(SynchronousDispatcher.java:471) at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:415) at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:202) at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:221) at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56) at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51) at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85) at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129) at org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:88) at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60) at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84) at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131) at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46) at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64) at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60) at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77) at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50) at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:284) at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:263) at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81) at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:174) at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202) at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:793) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) Caused by: org.infinispan.util.concurrent.TimeoutException: Replication timeout for 79a0757ecab3 at org.infinispan.remoting.transport.jgroups.JGroupsTransport.checkRsp(JGroupsTransport.java:765) at org.infinispan.remoting.transport.jgroups.JGroupsTransport.lambda$invokeRemotelyAsync$72(JGroupsTransport.java:599) at java.util.concurrent.CompletableFuture.uniApply(CompletableFuture.java:602) at java.util.concurrent.CompletableFuture$UniApply.tryFire(CompletableFuture.java:577) at java.util.concurrent.CompletableFuture.postComplete(CompletableFuture.java:474) at java.util.concurrent.CompletableFuture.complete(CompletableFuture.java:1962) at org.infinispan.remoting.transport.jgroups.SingleResponseFuture.call(SingleResponseFuture.java:46) at org.infinispan.remoting.transport.jgroups.SingleResponseFuture.call(SingleResponseFuture.java:17) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180) This causes browsers to see Internal Server Error. Shouldn't that be handled in Keycloak as lost session, therefore KC should try to handle it rather than showing that it's an Internal Server Error? My current infinispan configuration looks like this: <distributed-cache name="sessions" mode="SYNC"> <transaction mode="NON_DURABLE_XA"/> </distributed-cache> I use Keycloak version 1.9.5. My question is am I doing something wrong with my configuration? I tried both replicated-cache and distributed-cache and tried all transaction mode on both of them. None of them seems to solve the error that I've had above. Kind Regards, Sarp Kaya

7 years, 9 months

2
7
0 / 0

Keycloak-Headerbased authentication

by Subrahmanyam BV

HI,    Just wanted to know whether keycloak supports header-based authentication as supported by siteminder. Please let me know on this. Regards,Subrahmanyam.

7 years, 9 months

3
2
0 / 0

MDC log messages not showing up

by Scott Rossillo

I’m trying to use a use the Mapped Diagnostic Context (MDC) on org.jboss.logging.MDC to register a custom header for logging. I’m populating the MDC from an Undertow HttpHandler. This part is working, however, the value set in the MDC is never logged. I’m using %X{MDC_KEY} in standalone.xml. Does anyone know why MDC values aren’t logged? Scott Rossillo Smartling | Senior Software Engineer srossillo(a)smartling.com

7 years, 9 months

2
1
0 / 0

Re: [keycloak-user] OAuth Access Token Response in XML

by Stian Thorgersen

Adding list back - please use reply all I'm not following. The response payload is the token, so not sure what it is that you want in XML. On 4 July 2016 at 15:41, <asarathi(a)vizuri.com> wrote: > Sorry if I wasn't clear earlier. I don't want the token itself to be in > xml. I just want the response payload from the token endpoint to be xml or > Json based on the accept header. > > > On Jul 4, 2016, at 3:04 AM, Stian Thorgersen <sthorger(a)redhat.com> wrote: > > We only support JWT with OpenID Connect. Can you elaborate on why you want > an XML token? > > You could add a custom REST endpoint or a custom protocol to do this, but > not sure I'd recommend doing it as there's a fair bit of logic that goes > into the token endpoint. > > On 1 July 2016 at 18:39, Aswini Sarathi <asarathi(a)vizuri.com> wrote: > >> Hi, >> >> I am trying to find out if there is a way to get response from token >> endpoint /realms/{realm-name}/protocol/openid-connect/token in xml or >> json format based on the Accept header. If its not supported out of the >> box, what other options are available to do this? Should I look at creating >> a custom endpoint by implementing the SPI to do the mapping? >> >> Thanks!! >> >> >> _______________________________________________ >> keycloak-user mailing list >> keycloak-user(a)lists.jboss.org >> https://lists.jboss.org/mailman/listinfo/keycloak-user >> > >

7 years, 9 months

2
3
0 / 0

Customize length of of user_attribute table value field

by Rajkiran K

Hi, I had a requirement for inserting 450 characters string in to keycloak custom attribute, but value field is 255 characters in user_attribute table. is there any provision to modify this value. Please let me know how can i do this. Regards, Raj Kiran K

7 years, 9 months

2
1
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

keycloak-user July 2016