February 2017 - keycloak-user - Jboss List Archives

Need help in resending registration emails

by Ganga Lakshmanasamy

Hi, We are using keycloak for our authentcation. Our smtp service went down when few users tried to register. So the registration process went through but the emails were not sent. The user's current status is in "verify email". Please let me know on how to resend the verification email for those registered users. Regards, Ganga Lakshmanasamy

7 years, 5 months

2
1
0 / 0

do not import users when brokering

by Peter Schiffer

Hello all, I'm working on some POC with keycloak and OpenShift [1] and I'm wondering - is it possible to configure Keycloak in a way, that it won't create new users in local database when acting as a broker? For example, in this case [2], I want to be able to login as `user` from saml broker, but without creating the new user in saml-authentication-broker. Is it possible? Thanks, peter [1] https://github.com/pschiffe/keycloak-demo [2] https://github.com/keycloak/keycloak/tree/master/examples/ broker/saml-broker-authentication

7 years, 5 months

3
3
0 / 0

HTTP error - 400 Bad Request - create realm CLI

by Colin Coleman

Hello, Is there a setting limiting the number of realms that can be created with the CLI? When creating realms via the CLI I start getting HTTP error - 400 Bad Request after about 20 realms kcadm.sh create realms -s realm=test3 -s enabled=true kcadm.sh create realms -s realm=test4 -s enabled=true kcadm.sh create realms -s realm=test5 -s enabled=true . . . I get . . Created new realm with id 'test13' Created new realm with id 'test14' HTTP error - 400 Bad Request HTTP error - 400 Bad Request . . . Colin

7 years, 5 months

2
3
0 / 0

Re Rest API for authentication

by harish jadhav

Hello Team, I have one web application which will be hosted in cloud. I am planning to use keycloak for only authentication purpose and keycloak will be running in on-premise customer location. My plan is to - 1. Import the users to my application through my own import mechanism and later push it to Keycloak over Rest API 2. Present a custom login page in my application which ask username/password and pass it to Keycloak for authentication over Rest API 3. Authentication can be through LDAP or SAML IDP ADFS4. Get the token and use it for accessing the service based on authorization I have some restriction on not to use keycloak login page so cannot use redirection to keycloak login page. Please let me know whether it works out and also give some pointer on Rest API on SAML. My requirement is that I need to authenticate the user either through LDAP, SAML providers. I know some basic auth using Rest but not getting idea on SAML. ThanksHarish

7 years, 5 months

1
2
0 / 0

Keycloak LDAP configuration - deletes ldap user from Keycloak

by Mustafa Kuru

Hi, We are using ldap Federation Provider in READONLY Edit Mode. I saw in Keycloak logs a lot of exceptions like "*Could not query server using DN*" (javax.naming. ServiceUnavailableException) OR "*LDAP: error code 52 - Proxy can't contact remote server*". In our case some ldap users were deleted from Keycloak and reimported into Keycloak from LDAP. We don't know why. Can these exceptions above cause this problem. Or what is the behaviour of Keycloak if it can not connect to ldap or gets empty response from ldap? Delete corresponding user from Keycloak? Thanks in advance. Mustafa Kuru

7 years, 5 months

1
0
0 / 0

custom user attribute access in JS policies

by swapnil.kshirsagar

Hello, I need a sample JavaScript Policy code and steps to access custom user attribute inside a JavaScript policies. Thank you. -- View this message in context: http://keycloak-user.88327.x6.nabble.com/custom-user-attribute-access-in-... Sent from the keycloak-user mailing list archive at Nabble.com.

7 years, 5 months

1
1
0 / 0

Error installing fuse adapters

by Marcelo Ohashi

Hi guys, I am trying to install fuse adapters from the rh-sso-7.0.0-maven-repository.zip, but it seems that not all bundles are there. So I'm getting the following error on fuse: Error executing command: Error accessing mvn:org.keycloak/keycloak-jetty92-adapter/1.9.8.Final-redhat-1 Does anyone know if there's another repository that I could use? Best regards, -- Marcelo Ohashi Middleware Architect | Red Hat Brasil M: +55 11 9 7338-6338 Av. Brigadeiro Faria Lima 3900, 8° Andar. São Paulo, Brasil. RED HAT | TRIED. TESTED. TRUSTED. Saiba porque em redhat.com <https://www.redhat.com/pt-br/about/trusted> <http://www.redhat.com/es/about/trusted> <http://www.redhat.com.br>[image: Red Hat] <http://www.redhat.com.br>

7 years, 5 months

1
0
0 / 0

Special Characters & Direct Access Grant Authentication

by Stefan Schlesinger

Hi, short question. When trying to login a user via the Direct Access Grant API, it looks like the password is not accepted in case it contains special characters. Anyone knows what format the special characters in passwords need to be supplied in? This is how my post request looks like, the password contains a “, which is correctly encoded as %22. > POST https://auth.example.com/auth/realms/master/protocol/openid-connect/token > Accept-Encoding: gzip, x-gzip, deflate, x-bzip2 > Content-Length: 156 > Content-Type: application/x-www-form-urlencoded > > scope=openid&username=example_user&password=asdf%22&totp=123456&grant_type=password&client_id=auth.example.com&client_secret=secret Running keycloak 2.5.1. Best, Stefan.

7 years, 5 months

1
0
0 / 0

missing autodetect-bearer-only from secure-deployment xsd?

by David Delbecq

Hello, i tried to enabled "autodetect bearer only" feature in my application, so that soap requests get proper reply. however, it seems you can only set this value inside keycloak.json, not inside the adapter subsystem config. Worse, if an adapter subsystem config is done, keycloak.json is ignored. Is this a bug i should report or am i missing some documentation? So far i looked here: https://github.com/keycloak/keycloak/blob/master/adapters/oidc/wildfly/wi... https://github.com/keycloak/keycloak/pull/3663 https://keycloak.gitbooks.io/securing-client-applications-guide/content/t... When i set my adapter config like this: <secure-deployment name="my.war"> <realm>${authRealm}</realm> .... <autodetect-bearer-only>true</autodetect-bearer-only> </secure-deployment> I get this error from wildfly [Host Controller] 16:21:20,175 ERROR [org.jboss.as.host.controller] (Controller Boot Thread) WFLYHC0033: Caught exception during boot: org.jboss.as.controller.persistence.ConfigurationPersistenceException: WFLYCTL0085: Failed to parse configuration [Host Controller] at org.jboss.as.controller.persistence.XmlConfigurationPersister.load(XmlConfigurationPersister.java:131) [Host Controller] at org.jboss.as.host.controller.DomainModelControllerService.boot(DomainModelControllerService.java:643) [Host Controller] at org.jboss.as.controller.AbstractControllerService$1.run(AbstractControllerService.java:271) [Host Controller] at java.lang.Thread.run(Thread.java:745) [Host Controller] Caused by: javax.xml.stream.XMLStreamException: Unknown secure-deployment tag autodetect-bearer-only [Host Controller] at org.keycloak.subsystem.adapter.extension.KeycloakSubsystemParser.readDeployment(KeycloakSubsystemParser.java:107) -- <http://www.trimble.com/> David Delbecq Software engineer, Transport & Logistics Geldenaaksebaan 329, 1st floor | 3001 Leuven +32 16 391 121 <+32%2016%20391%20121> Direct david.delbecq(a)trimbletl.com <http://www.trimbletl.com/>

7 years, 5 months

1
0
0 / 0

Keycloak SAML Sample

by Jitendra Chouhan

Can any point us to any example how to secure SpringBoot app with Keycloak using SAML protocol. We are not able to locate any specific adapter that can be used to secure spring boot application using SAML. Thanks, Jitendra Chouhan

7 years, 5 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

keycloak-user February 2017