February 2017 - keycloak-user - Jboss List Archives

Re: [keycloak-user] [keycloak-dev] Keycloak on active MQ

by Marek Posolda

I didn't try that yet. However I think it should work as ActiveMQ has some support for JAAS. We have some JAAS login modules, which can be used to secure those kind of services. See docs for details https://keycloak.gitbooks.io/securing-client-applications-guide/content/v... . Marek On 01/02/17 10:26, Shankar_Bhaskaran wrote: > Hi , > > We are using keycloak as SSO in our organization. I would like to know if securing activemq using keycloak is a valid use case. Does keycloak allow us to validate jms requests to the queue or topic? > > Regards, > Shankar > _______________________________________________ > keycloak-dev mailing list > keycloak-dev(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-dev

5 years, 9 months

1
0
0 / 0

Conflict with LastPass Chrome Extension

by Alessandro Segatto

Hi, we found a conflict between LastPass chrome extension (version 4.1.38) and Keycloak js adapter (version 2.5). LastPass is sending a message to login status iframe, which crashes while trying to parse it! I think LastPass caused the issue with his last update , but i think you should also be interested in solving this lack of robustness. If you agree, I can open an issue o Jira. I made an attempt also with angular2-product-app , but i run into a similar issue (LastPass and Keycloak messaging one the other, then crashing) Thanks, Alessandro Segatto -- Ing. Alessandro Segatto Software Engineer Research and Development *ESTECO S.p.A.* - AREA Science Park, Padriciano 99 - 34149 Trieste - ITALY Phone: +39 040 3755548 - Fax: +39 040 3755549 | www.esteco.com Pursuant to Legislative Decree No. 196/2003, you are hereby informed that this message contains confidential information intended only for the use of the addressee. If you are not the addressee, and have received this message by mistake, please delete it and immediately notify us. You may not copy or disseminate this message to anyone. Thank you.

5 years, 9 months

2
4
0 / 0

Validation of IdP SAML signatures using KeyInfo

by Mark Pardijs

Hi, Originally posted at the keycloak-dev list, Hynek Mlnarik asked me to post this here. We use a SAML IdP which is configured in Keycloak as federated IdP, and I’ve a question concerning the validation of SAML signatures. In Keycloaks Identity provider config page, the validating X509 Certificates can be configured, with description “The certificate in PEM format that must be used to check for signatures. Multiple certificates can be entered, separated by comma (,).” but in the code, I see that for checking the signatures a “HardcodedKeyLocator" is used, which does not use the keyName provided in the SAML but always returns the first configured certificate. See org.keycloak.broker.saml.SAMLEndpoint.Binding#getIDPKeyLocator which returns a HardcodedKeyLocator for details. This code is recently added to solve https://issues.jboss.org/browse/KEYCLOAK-1881, see commit https://github.com/keycloak/keycloak/commit/70a8255eae0af64628f07326df1c7.... My two questions concerning this approach: 1. Keycloak is currently expecting a <KeyInfo> element with a <KeyName> in the incoming SAML message, while this is not a required element in the SAML specs. Are there plans to check the signature against the configured X509 certificates without having to provide a KeyInfo element? Currently I”m facing a NullPointer exception when sending a SAMLResponse without KeyInfo element. 2. What’s the idea behind the HardcodedKeyLocator, it doesn’t seem to match with the multiple keys configuration option in Keycloaks frontend. Is this a preliminary approach which should be extended? Hope to hear your thoughts on this! Mark

5 years, 9 months

2
8
0 / 0

2022

2021

2020

2019

2018

2017

2016

2015

2014

keycloak-user February 2017