Workaround works
by William Drescher [CELUM]
Thanks Sascha works like a charm,
In case it helps someone else this is a simple version of working code (using this as temporary code to set up an initial user, normally would suggest a cleaner way to get the userId from keycloak but search works fine for now):
UserRepresentation user = new UserRepresentation();
user.setUsername("testuser");
user.setFirstName("Test");
user.setLastName("User");
kc.realm("master").users().create(user);
kc.realm("master").users().search("testUser", 0, 1).forEach(
UserResource userResource = kc.realm("master").users().get(user.getId());
CredentialRepresentation credential = new CredentialRepresentation();
credential.setType(CredentialRepresentation.PASSWORD);
credential.setValue("test123");
credential.setTemporary(true);
userResource.resetPassword(credential);
)
Will
8 years, 10 months
Re: [keycloak-user] Adding user from Java: Password credential not working
by Brose, Sascha
Hi Will
As far as I remember I had problems with that too. Therefore, I create users in two steps at the moment. First I create the user and afterwards I set password.
This works for me to set the password after user was created:
...
UserResource userRes = getUserResById(client, realm, keycloakUserId); // load created user
CredentialRepresentation credentialRep = new CredentialRepresentation();
credentialRep.setType(PASSWORD);
credentialRep.setValue(password);
credentialRep.setTemporary(temporary);
userRes.resetPassword(credentialRep);
...
Best,
Sascha
-----Ursprüngliche Nachricht-----
Von: keycloak-user-bounces(a)lists.jboss.org [mailto:keycloak-user-bounces@lists.jboss.org] Im Auftrag von keycloak-user-request(a)lists.jboss.org
Gesendet: Mittwoch, 31. August 2016 12:39
An: keycloak-user(a)lists.jboss.org
Betreff: keycloak-user Digest, Vol 32, Issue 148
Send keycloak-user mailing list submissions to
keycloak-user(a)lists.jboss.org
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.jboss.org/mailman/listinfo/keycloak-user
or, via email, send a message with subject or body 'help' to
keycloak-user-request(a)lists.jboss.org
You can reach the person managing the list at
keycloak-user-owner(a)lists.jboss.org
When replying, please edit your Subject line so it is more specific than "Re: Contents of keycloak-user digest..."
Today's Topics:
1. Adding user from Java: Password credential not working
(William Drescher [CELUM])
2. user logout (yassine yas)
3. Re: how to set 'scope=offline_access' in
keycloak-nodejs-connect during login (sheishere b)
----------------------------------------------------------------------
Message: 1
Date: Wed, 31 Aug 2016 09:49:12 +0000
From: "William Drescher [CELUM]" <William.Drescher(a)celum.com>
Subject: [keycloak-user] Adding user from Java: Password credential
not working
To: "keycloak-user(a)lists.jboss.org" <keycloak-user(a)lists.jboss.org>
Message-ID:
<80ececf5710a40b68719ec47d7ca8aac(a)EMEA-LNZ-EX01.werk3.local>
Content-Type: text/plain; charset="us-ascii"
Hi userlist,
I'm attempting to create a user in java in the way described here, from a java application and using the keycloak standalone server
http://www.first8.nl/blog/programmatically-adding-users-in-keycloak/
Specifically
CredentialRepresentation credential = new CredentialRepresentation(); credential.setType(CredentialRepresentation.PASSWORD);
credential.setValue("test123");
UserRepresentation user = new UserRepresentation(); user.setUsername("testuser"); user.setFirstName("Test"); user.setLastName("User"); user.setCredentials(Arrays.asList(credential));
kc.realm("master").users().create(user);
The user is created correctly no errors either java side or in the output from the standalone server and all data seems to be correct however when attempting to login with the user the credentials are incorrect. I've tried changing the password manually on the keycloak server and the login is then possible. Am I missing something or is this a bug?
Thanks,
Will
8 years, 10 months
Adding user from Java: Password credential not working
by William Drescher [CELUM]
Hi userlist,
I'm attempting to create a user in java in the way described here, from a java application and using the keycloak standalone server
http://www.first8.nl/blog/programmatically-adding-users-in-keycloak/
Specifically
CredentialRepresentation credential = new CredentialRepresentation();
credential.setType(CredentialRepresentation.PASSWORD);
credential.setValue("test123");
UserRepresentation user = new UserRepresentation();
user.setUsername("testuser");
user.setFirstName("Test");
user.setLastName("User");
user.setCredentials(Arrays.asList(credential));
kc.realm("master").users().create(user);
The user is created correctly no errors either java side or in the output from the standalone server and all data seems to be correct however when attempting to login with the user the credentials are incorrect. I've tried changing the password manually on the keycloak server and the login is then possible. Am I missing something or is this a bug?
Thanks,
Will
8 years, 10 months
Question about social login
by Zeus Arias Lucero | BEEVA
Hi!
I have a question.
With the social login, is possible to know the origin? In the case of
github, if the user belongs to the organization, is there any way to know?
Greetings!
8 years, 10 months
Direct link to register page
by Tom Pearson
Hi,
Is there a way to link straight to the register page without going through
login first? I'm working on a Grails web app that uses a slightly modified
version of the Keycloak Spring Security Adapter.
Best regards,
Tom
8 years, 10 months
User cache doesn't get updated
by Padmaka Wijayagoonawardena
Hi,
I'm using Keycloak 1.9.0.Final and mysql as the DB. I have written a custom
social identity provider. This social identity provider uses a custom user
attribute mapper that i have written. The user attribute mapper will map a
custom attribute coming from the openId connect userinfo endpoint to a
Keycloak role. I have overridden the updateBrokeredUser method in the
AbstractJsonUserAttributeMapper class to update the brokered user when the
user logs in using the social identity provider.
The complete flow works well, however it seems like there is a caching
issue. I update the user role via the updateBrokeredMethod but it does not
get reflected in the user roles immediately.
However, when I update the cache it works fine.
Thanks,
Padmaka
8 years, 10 months
Re: [keycloak-user] Getting Error when connecting local host to server DB
by Stian Thorgersen
[Adding list back]
In that case it's most likely you've made some mistakes. Try using the
standalone server dist and add your changes one at a time to find out what
it is that's breaking it.
On 30 August 2016 at 09:36, Aman Jaiswal <aman.jaiswal(a)arvindinternet.com>
wrote:
> I am using standalone-ha.xml with some changes .
>
> On Tue, Aug 30, 2016 at 1:04 PM, Stian Thorgersen <sthorger(a)redhat.com>
> wrote:
>
>> Looks like there's something wrong in your standalone.xml. Did you use
>> the standalone server distro?
>>
>> On 30 August 2016 at 09:15, Aman Jaiswal <aman.jaiswal(a)arvindinternet.com
>> > wrote:
>>
>>> Hi Stian
>>>
>>> I am getting an error while starting keycloak-2.1.0.Final server ....
>>> error is mentions bellow
>>> I am all ready added the file layers.conf with content "layers=keycloak"
>>>
>>>
>>> ============================================================
>>> =============
>>>
>>>
>>>
>>>
>>>
>>> JBoss Bootstrap Environment
>>>
>>>
>>>
>>>
>>>
>>> JBOSS_HOME: /home/ubuntu/keycloak/keycloak-2.1.0.Final
>>>
>>>
>>>
>>>
>>>
>>> JAVA: java
>>>
>>>
>>>
>>>
>>>
>>> JAVA_OPTS: -server -Xms64m -Xmx512m -XX:MetaspaceSize=96M
>>> -XX:MaxMetaspaceSize=256m -Djava.net.preferIPv4Stack=true
>>> -Djboss.modules.system.pkgs=org.jboss.byteman -Djava.awt.headless=true
>>>
>>>
>>>
>>>
>>>
>>> ============================================================
>>> =============
>>>
>>>
>>>
>>>
>>>
>>> 05:54:22,401 INFO [org.jboss.modules] (main) JBoss Modules version
>>> 1.5.1.Final
>>>
>>> 05:54:22,654 INFO [org.jboss.msc] (main) JBoss MSC version 1.2.6.Final
>>>
>>> 05:54:22,743 INFO [org.jboss.as] (MSC service thread 1-2) WFLYSRV0049:
>>> Keycloak 2.1.0.Final (WildFly Core 2.0.10.Final) starting
>>>
>>> 05:54:23,647 ERROR [org.jboss.as.server] (Controller Boot Thread)
>>> WFLYSRV0055: Caught exception during boot: org.jboss.as.controller.persis
>>> tence.ConfigurationPersistenceException: WFLYCTL0085: Failed to parse
>>> configuration
>>>
>>> at org.jboss.as.controller.persistence.XmlConfigurationPersiste
>>> r.load(XmlConfigurationPersister.java:131)
>>> [wildfly-controller-2.0.10.Final.jar:2.0.10.Final]
>>>
>>> at org.jboss.as.server.ServerService.boot(ServerService.java:356)
>>> [wildfly-server-2.0.10.Final.jar:2.0.10.Final]
>>>
>>> at org.jboss.as.controller.AbstractControllerService$1.run(Abst
>>> ractControllerService.java:299) [wildfly-controller-2.0.10.Fin
>>> al.jar:2.0.10.Final]
>>>
>>> at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_91]
>>>
>>> Caused by: javax.xml.stream.XMLStreamException: ParseError at
>>> [row,col]:[285,5]
>>>
>>> Message: Unexpected element '{urn:jboss:domain:4.0}subsystem'
>>>
>>> at org.jboss.staxmapper.XMLMapperImpl.processNested(XMLMapperImpl.java:108)
>>> [staxmapper-1.2.0.Final.jar:1.2.0.Final]
>>>
>>> at org.jboss.staxmapper.XMLExtendedStreamReaderImpl.handleAny(X
>>> MLExtendedStreamReaderImpl.java:69) [staxmapper-1.2.0.Final.jar:1.
>>> 2.0.Final]
>>>
>>> at org.jboss.as.server.parsing.StandaloneXml_4.parseServerProfile(StandaloneXml_4.java:546)
>>> [wildfly-server-2.0.10.Final.jar:2.0.10.Final]
>>>
>>> at org.jboss.as.server.parsing.StandaloneXml_4.readServerElement(StandaloneXml_4.java:242)
>>> [wildfly-server-2.0.10.Final.jar:2.0.10.Final]
>>>
>>> at org.jboss.as.server.parsing.StandaloneXml_4.readElement(StandaloneXml_4.java:141)
>>> [wildfly-server-2.0.10.Final.jar:2.0.10.Final]
>>>
>>> at org.jboss.as.server.parsing.StandaloneXml.readElement(StandaloneXml.java:103)
>>> [wildfly-server-2.0.10.Final.jar:2.0.10.Final]
>>>
>>> at org.jboss.as.server.parsing.StandaloneXml.readElement(StandaloneXml.java:49)
>>> [wildfly-server-2.0.10.Final.jar:2.0.10.Final]
>>>
>>> at org.jboss.staxmapper.XMLMapperImpl.processNested(XMLMapperImpl.java:110)
>>> [staxmapper-1.2.0.Final.jar:1.2.0.Final]
>>>
>>> at org.jboss.staxmapper.XMLMapperImpl.parseDocument(XMLMapperImpl.java:69)
>>> [staxmapper-1.2.0.Final.jar:1.2.0.Final]
>>>
>>> at org.jboss.as.controller.persistence.XmlConfigurationPersiste
>>> r.load(XmlConfigurationPersister.java:123)
>>> [wildfly-controller-2.0.10.Final.jar:2.0.10.Final]
>>>
>>> ... 3 more
>>>
>>>
>>>
>>>
>>>
>>> 05:54:23,651 FATAL [org.jboss.as.server] (Controller Boot Thread)
>>> WFLYSRV0056: Server boot has failed in an unrecoverable manner; exiting.
>>> See previous messages for details.
>>>
>>> 05:54:23,659 INFO [org.jboss.as.server] (Thread-2) WFLYSRV0220: Server
>>> shutdown has been requested.
>>> 05:54:23,683 INFO [org.jboss.as] (MSC service thread 1-3) WFLYSRV0050:
>>> Keycloak 2.1.0.Final (WildFly Core 2.0.10.Final) stopped in 18ms
>>>
>>>
>>>
>>>
>>> On Mon, Aug 29, 2016 at 4:29 PM, Stian Thorgersen <sthorger(a)redhat.com>
>>> wrote:
>>>
>>>> I'd say your DB is going pretty slow then. It takes me ~60 second to
>>>> boot Keycloak here, which is well within the 300 second limit. Can't really
>>>> answer why it's that slow as it's most likely your DB not behaving very
>>>> well.
>>>>
>>>> On 29 August 2016 at 12:53, Aman Jaiswal <aman.jaiswal(a)arvindinternet.c
>>>> om> wrote:
>>>>
>>>>> hi
>>>>> I am talking about the time limit which is mention in the following
>>>>> error.
>>>>>
>>>>> ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread)
>>>>>
>>>>> WFLYCTL0348: Timeout after [300] seconds waiting for service container stability.
>>>>>
>>>>> Operation will roll back. Step that first updated the service container was 'add' at address '[
>>>>> ("core-service" => "management"),
>>>>> ("management-interface" => "http-interface")
>>>>> ]'
>>>>>
>>>>>
>>>>> On Mon, Aug 29, 2016 at 4:19 PM, Aman Jaiswal <
>>>>> aman.jaiswal(a)arvindinternet.com> wrote:
>>>>>
>>>>>> hi
>>>>>>
>>>>>> time when keycloak is trying to connect the database which is on the
>>>>>> server.
>>>>>>
>>>>>> On Mon, Aug 29, 2016 at 4:16 PM, Stian Thorgersen <
>>>>>> sthorger(a)redhat.com> wrote:
>>>>>>
>>>>>>> What time limit?
>>>>>>>
>>>>>>> On 26 August 2016 at 11:15, Aman Jaiswal <
>>>>>>> aman.jaiswal(a)arvindinternet.com> wrote:
>>>>>>>
>>>>>>>> Hi Stian
>>>>>>>>
>>>>>>>> Hi I changed the time limit from 300 to 600 and it's work but I
>>>>>>>> want to know that why it is not working on 300 sec of default time ?
>>>>>>>>
>>>>>>>> On Fri, Aug 26, 2016 at 2:43 PM, Stian Thorgersen <
>>>>>>>> sthorger(a)redhat.com> wrote:
>>>>>>>>
>>>>>>>>> Looks like maybe you haven't setup the datasource correctly or
>>>>>>>>> there's some other configuration issue. Maybe try Googling for it?
>>>>>>>>>
>>>>>>>>> On 23 August 2016 at 12:33, Aman Jaiswal <
>>>>>>>>> aman.jaiswal(a)arvindinternet.com> wrote:
>>>>>>>>>
>>>>>>>>>> Hi Team
>>>>>>>>>>
>>>>>>>>>> I am getting an error while connecting my local keycloak to DB
>>>>>>>>>> which is on server.
>>>>>>>>>> error is in attached file . please give me solution to resolve
>>>>>>>>>> this issue..
>>>>>>>>>> --
>>>>>>>>>> Thanks,
>>>>>>>>>> Aman Jaiswal
>>>>>>>>>>
>>>>>>>>>> _______________________________________________
>>>>>>>>>> keycloak-user mailing list
>>>>>>>>>> keycloak-user(a)lists.jboss.org
>>>>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> Thanks,
>>>>>>>> Aman Jaiswal
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Thanks,
>>>>>> Aman Jaiswal
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Thanks,
>>>>> Aman Jaiswal
>>>>>
>>>>
>>>>
>>>
>>>
>>> --
>>> Thanks,
>>> Aman Jaiswal
>>>
>>
>>
>
>
> --
> Thanks,
> Aman Jaiswal
>
8 years, 10 months
Persisting User Sessions in the DB?
by Jared Blashka
I'm not sure why I never noticed this before, but I was doing some
investigation today and couldn't find any session information actually
populated in the DB tables. Both USER_SESSION and CLIENT_SESSION were
empty.
After some digging in the code I saw that the only UserSesssionProvider
implementation is the Infinispan-based one and it looks like the only type
of user sessions that get persisted in the DB are offline sessions (via the
JpaUserSessionPersisterProvider).
Was there a particular reason a JpaUserSessionProvider doesn't exist?
Background: We're aiming to have a highly available+resilient active-active
multi-data center deployment of Keycloak. Ultimately, there should be no
customer impact if a particular data center fails; there should be no IDP
outage and they shouldn't have to log in again. We ran into issues with
asynchronous user data replication earlier, which is why we're currently
working on migrating our existing MariaDB cluster to use Galera (which has
been looking pretty good so far) but it looks like we mistakenly assumed
that this synchronous replication would also handle user session data.
Not replicating user session data across data centers is also going to
cause us problems (its already caused us problems actually) when it comes
to the OAuth authorization code flow as well. Since that flow involves
back-channel server communication we can't guarantee that the client server
will communicate with the same data center the client authenticated at. If
a client calls out to the "wrong" data center, the flow will fail.
I can spend some time tomorrow investigating the performance when
clustering infinispan across data centers, but I'm not particularly
optimistic about the results.
Any thoughts/comments on our problem?
Jared
8 years, 10 months
How to secure web services (ejb modules) with keycloak
by Christian Hebert
Hello!
We have some applications without UI who expose web services. Actually, it's EJBs with the @Webservice annotation. Those EJBs are packaged into an EAR file as EJB modules for deployment.
In other applications, we usually add the keycloak-saml.xml file into the war module but, since those applications do not have war module, how could we secure those web services with keycloak?
Thanks,
Christian
8 years, 10 months
