Stack Overflow
by Stian Thorgersen
We're considering dropping the Keycloak user mailing list and moving to
Stack Overflow instead.
Thoughts?
7 years, 9 months
Keycloak WildFly Swarm Server
by Michael Gerber
Hi all,
I would like to use Keycloak as a microservice SSO solution on OpenShift.
The Red Hat SSO uses way to much CPU and RAM, therefore, I would like to use the WildFly Swarm Server instead.
Is there any way to set an admin user during the first initialization?
Otherwise, I am going to import a realm with a pre defined user.
Thanks,
Michael
7 years, 9 months
Keycloak reset password, password manager browsers and this is not a login form
by Vincent Sluijter
Hello,
When we use the user password reset form Keycloak in version 1.9.5
(currently in our system) and version 2.5.4 (latest) the password
manager of the browser tries to update to the latest password change.
The problem is that it tries to store “this is not a login form” as the
credentials instead of the users changed password. Is this intended
behavior? Or is this a bug by the latest browsers?
The problem is that our users have updated their password and stored
their account with the credentials “this is not a login form”. Because
of this they get a error while trying to login with auto filled
credentials.
Any suggestion on how to fix this problem?
Tested and reproduced in Firefox (51.0.1) and Google Chrome
(56.0.2924.87)
Included are two screenshots of the problem.
Kind regards,
Bram Arts
This message is subject to the following E-mail Disclaimer. (http://www.crv4all.com/disclaimer-email/) CRV Holding B.V. seats according to the articles of association in Arnhem, Dutch trade number 09125050.
7 years, 9 months
Update Email Settings for Realms
by Rodel Talampas
Hi,
I have this piece of code to update the Realms' Email Settings coming from master.
It seems correct but it doesn't update the above. What am I Doing wrong?
@Override
public void updateEmailFromMaster(String realmName) {
RealmModel masterRealm = session.realms().getRealmByName("master");
RealmModel realm = session.realms().getRealmByName(realmName);
realm.setSmtpConfig(masterRealm.getSmtpConfig());
RealmRepresentation rep = ModelToRepresentation.toRepresentation(realm, false);
RepresentationToModel.updateRealm(rep, realm, session);
}
Thanks and regards,
Rodel
7 years, 9 months
Re: [keycloak-user] Authenticate a REST API with keycloak in express node js without using adapters
by Sebastien Blanc
Well the adapter works with bearer only , what is the error that you are
getting ?
Le ven. 3 mars 2017 à 21:26, Saransh Kumar <skm.8896(a)gmail.com> a écrit :
> Hii Sebastien,
>
> Actually, the node js kc adapter is not working with bearer auth only.
> So, I need to verify the access token myself with keycloak in node js
> without using node js adapter or any other adapters.
> Please help me out in this way.
>
> Thanks in advance.
> Saransh
>
> On Sat, Mar 4, 2017 at 12:06 AM, Sebastien Blanc <sblanc(a)redhat.com>
> wrote:
>
>
>
> On Fri, Mar 3, 2017 at 7:04 PM, Saransh Kumar <skm.8896(a)gmail.com> wrote:
>
> Hello all,
>
> I have a REST API in express node js.
> I want to secure it with keycloak bearer auth only.
> So, a keycloak token would be recieved in the Authorization header of the
> GET request to the REST API.
> I have to verify the token with keycloak *without using any adapters.*
> Please help me out in the process.
>
> Are you not allowed to add any extra packages ? Just lookup the source
> code of the nodejs kc adapter and paste it into your app ;)
>
>
>
> Thanks in advance
> Saransh
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
>
7 years, 9 months
How to add Custom static HTML files to Keycloak server unlike Theme templates (.ftl)?
by Haseb Ansari
Hello Keycloakers,
I have gone through the documentation of customizing themes in
Keycloak and it is very well documented. But as of my use case I want to
customize or rather add a new HTML file to
'/themes/base/admin/resources/partials/' directory. I don't know what would
be the procedure of doing so and would request for any documentation list
or so.
Thanking You!!!!
Kind Regards,
Haseb
7 years, 9 months
Session Hijacking
by Ushanas Shastri
Hello,
One of the applications we have protected using KeyCloak 2.2.1 Final is
undergoing a security test, One of the issues reported is Session Hijacking.
A quick internet search leads to KeyCloak issue 3692 related to Session
Hijacking, but I cannot view this, so cant find out if this was an issue
that has been fixed in subsequent versions.
Can someone confirm if this is the case? If not, what measures can be taken
for prevention of session hijacking?
Regards, Ushanas.
7 years, 9 months
Empty Group Membership
by Ryan Brodkin
Hey guys,
I have a new install of Keycloak federated to OpenDJ that is working 98% as
expected, but I have one major issue: I can't see the groups on the user in
Keycloak.
TRUTHS...
On LDAP I can see the members in the groups.
On LDAP I can query isMemberOf to retrieve the members of a group.
This data is all correctly federated to and from Keycloak.
In Keycloak I can see the members in a group.
BUT the "Group Membership" section for each user is empty.
Has anyone seen this before? If so, how did you overcome this problem?
--
Brodkin CyberArts
http://brodkinca.com | 310.220.0590
DESIGN. DEVELOPMENT. CONSULTING.
Information contained in this email or any attachment may be of
a confidential nature which should not be disclosed to, copied or used by
anyone other than the addressee. If you receive this email in error, please
delete the email from your computer. Do not post anything in this email to
any online forum without express permission of the sender. No pixels were
harmed in the making of this disclaimer.
7 years, 10 months
KeyCloak access tokens not being cached
by Michael Olshansky
I have set up a keycloak cluster and generate tokens via
/auth/realms/master/protocol/openid-connect/token.
The problem is that an access token can only be used to perform subsequent
requests on the SAME SERVER that issued the token. Attempts to make a
request (e.g., /auth/admin/realms/master) on another server in the cluster
results in a response of "Bearer" and an error in that server's log.
Shouldn't the access tokens be available across the cluster?
As a side node, the refresh tokens DO appear to be cached, so caching does
appear to be working on some level.
As a second question: What data is stored in the session and authentication
caches? How does this relate to the access and refresh tokens?
7 years, 10 months
