October 2017 - keycloak-user - Jboss List Archives

How to deploy a keycloak's SPI project using the Keycloak Deployer (/deploy)?

by Alik Elzin

In Keycloak's documentation <http://www.keycloak.org/docs/3.2/server_development/topics/providers.html>, it's stated that in order to deploy the provider, I can copy your provider jar to the Keycloak deploy/ directory, your provider will automatically be deployed. I'm indeed searching for a simple copy-paste way to deploy a provider without CLI nor through maven. The problem is that I can't find any /deploy folder in keycloak's server :( Below is the result for searching files/folders with the word deploy. *Any idea how to simply deploy the an SPI project into Keycloak?* Thanks. * Also posted the question in SO: https://stackoverflow.com/questions/46410244/how-to-deploy-a-keycloaks-sp... [image: enter image description here] <https://i.stack.imgur.com/5T9e6.png>

7 years, 2 months

2
5
0 / 0

Fwd: What should the endpoint be for a Keycloak IDP initiated SSO?

by Hynek Mlnarik

See http://www.keycloak.org/docs/latest/server_admin/topics/clients/saml/idp-...: In the Settings tab for your client, you need to specify the IDP Initiated SSO URL Name. This is a simple string with no whitespace in it. After this you can reference your client at the following URL: root/auth/realms/{realm}/protocol/saml/clients/{url-name} --Hynek On Mon, Oct 2, 2017 at 7:01 AM, Alik Elzin <kilaka(a)gmail.com> wrote: > Hi. > > I managed to run the saml-broker-authentication example > <https://github.com/keycloak/keycloak/tree/3.2.1.Final/examples/broker/sam...> > . > > SP initiated SSO works OK. > > What should the IDP initiated SSO URL be? > > * I also posted the question in SO: > https://stackoverflow.com/questions/46423301/what-should-the-endpoint-be-... > > Thanks. > _______________________________________________ > keycloak-user mailing list > keycloak-user(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user -- --Hynek -- --Hynek

7 years, 2 months

2
4
0 / 0

How do I get KeycloakSecurityContext to be set in the httpServletRequest in Keycloak's account-linking doc?

by Alik Elzin

Hi. In Keycloak's account-linking <http://www.keycloak.org/docs/3.2/server_development/topics/identity-broke...> documentation, there's a code snippet: KeycloakSecurityContext session = (KeycloakSecurityContext) httpServletRequest.getAttribute(KeycloakSecurityContext.class.getName()). Why would the KeycloakSecurityContext be set in the httpServletRequest? Where does this code should run? In what context? Thanks. * Also posted the question in SO: https://stackoverflow.com/questions/46409356/how-do-i-get-keycloaksecurit...

7 years, 2 months

2
3
0 / 0

Running a pre-release?

by Phillip Johnsen

Does anyone have any hints about possibly running a CR version or even directly off the master branch? The migration docs says the following: Migration from a candidate release (CR) to a Final release is not supported. We do however recommend that you test migration for a CR so we can resolve any potential issues before the Final is released. Which in reality answers my question, but is it really impossible in theory? I'm not too familiar with Keycloak yet, so any hints about possible consequences and / or tricks would be great. To elaborate more about my actual need; we're developing a product that has a hard requirement on the recently merged Paypal integration: https://github.com/keycloak/keycloak/pull/4449 We have utmost respect for recent changes not beeing added and stressed into future releases, so we want to double check if there's anything we can to do run Keycloak with those changes even though a final version including Paypal hasn't been published yet. We do acknowledge we're taking some risk by possibly running a pre-release, though that might be worth it for us, as long as we don't create a massive challenge for ourselfs down the road. Any hints or thoughts would be much appreciated! Thanks, Phillip

7 years, 2 months

1
0
0 / 0

spring-boot-2 - new artifact suggestion

by James Green

Hi, We have a problem in that we are trying to integrate future spring-boot-2 projects with Keycloak but there are binary compatibility problems. May I suggest someone adds a new spring-boot-2 adaptor so that compatibility with both can be maintained? Thanks, James

7 years, 2 months

1
0
0 / 0

How to bypass Keycloak login form and jump directly to the IDP login?

by Alik Elzin

Hi. I'm running the saml-broker-authentication <https://github.com/keycloak/keycloak/tree/3.2.1.Final/examples/broker/sam...> example. The first thing that I see is in the UI is a user/pass for with an option to use a broker (image below). Is there a way to skip this form and go straight to the IDP? After clicking on one of the IDP's, I get a URL of the sort: http://localhost:8080/auth/realms/saml-broker-authentication-realm/broker...<keycloak generated> I tried using the following url (without the code) directly but got an error. ( http://localhost:8080/auth/realms/saml-broker-authentication-realm/broker... ) *Any idea how to bypass Keycloak auth and directly go to the IDP through the SP(broker)?* Thanks. *UPDATE:* My TL found a static solution to put the IDP ID in the browser's authentication flow under the Identity Provider Redirector execution. BUT, We're trying to find a dynamic way to do it. Looked at the kc_idp_hint documentation <http://www.keycloak.org/docs/3.2/server_admin/topics/identity-broker/sugg...> but couldn't find a way to make the saml-broker-authentication example work with it :( * Posted the question also on SO: https://stackoverflow.com/questions/46390571/how-to-bypass-keycloak-login... [image: enter image description here] <https://i.stack.imgur.com/QEcbG.png>

7 years, 2 months

1
0
0 / 0

How to connect to Keycloak as SP without defining a client?

by Alik Elzin

Hi. Running the saml-broker-authentication example <https://github.com/keycloak/keycloak/tree/3.2.1.Final/examples/broker/sam...>, a client was configured on the SP realm (saml-broker-authentication-realm). See screencap below. In the example, the authentication is done using javascript keycloak library (using openid). *Is there a way to initiate a login (sso) to an IDP through Keycloak as SP without the need to authenticate the client?* In pingfederate there is an option to call the SP without authentication. Example: https://<ping-sp-url:port>/sp/startSSO.ping?PartnerIdpId=<idp-id>&TargetResource=<redirect URL> [image: enter image description here] <https://i.stack.imgur.com/M3MFQ.png> * Also posted the question in SO: https://stackoverflow.com/ questions/46420512/how-to-connect-to-keycloak-as-sp- without-defining-a-client Thanks.

7 years, 2 months

1
0
0 / 0

What should the endpoint be for a Keycloak IDP initiated SSO?

by Alik Elzin

Hi. I managed to run the saml-broker-authentication example <https://github.com/keycloak/keycloak/tree/3.2.1.Final/examples/broker/sam...> . SP initiated SSO works OK. What should the IDP initiated SSO URL be? * I also posted the question in SO: https://stackoverflow.com/questions/46423301/what-should-the-endpoint-be-... Thanks.

7 years, 2 months

1
0
0 / 0

Overriding Cookie Paths

by John D. Ament

Hi, I noticed in OAuthRequestAuthenticator that the cookie path being set is to null. From what I can tell, this means in most containers if my first release is to /foo/bar/baz/bar that the path saved to the cookie is "/foo/bar/baz". This is typically not an issue, however I have a legacy app I'm trying to integrate with Keycloak, so the cookie state is very important. By setting the path to a low level when I later access /foo/home.xhtml it causes the cookie to not get populated (which causes a 400 bad request later on). I'm wondering, does it make sense to add something to KeycloakDeployment that lists the cookie path, defaulting to null if its not set. John

7 years, 2 months

1
1
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

keycloak-user October 2017