RHSSO 7.1 missing "login with email" toggle for realm configuration
by Geadah, Nicolas (VEC)
KeyCloak 2.5.0 added the ability to control whether users should able to login with their email address, and the ability to support duplicate email addresses.
We need these features and I was expecting to see them in RHSSO 7.1 (considering it is derived from Keycloak 2.5.5)
Unfortunately, I noticed that these features are not in the administrative console when configuring my realm. It seems to boil down to missing
7 years, 5 months
NoSuchMethodError: org.keycloak.models.KeycloakSession.userCache()
by Geadah, Nicolas (VEC)
Running the "authenticator" example provider in RedHat SSO 7.1. The provider (Secret Question) comes up in the admin console, and I'm able to make it a required action as part of the registration flow.
When going through the registration process in the browser, the security question page is rendered (security-question-config.ftl) but submitting the security answer leads to exception below:
org.jboss.resteasy.spi.UnhandledException: java.lang.NoSuchMethodError: org.keycloak.models.KeycloakSession.userCache()Lorg/keycloak/models/cache/UserCache;
Any thoughts on how to resolve?
7 years, 5 months
org.apache.catalina.authenticator.FormAuthenticator.forwardToLoginPage No login page was defined for FORM authentication in context
by Kevin Cuijpers
I have tried to use the same setup with Tomcat 7.0.65 with the SAML 2.0 Client Adapter for Tomcat 7 and there the example works. I am able to log in and see my account settings as expected so it is indeed related to Tomcat 8.
When I look at the source of the SAML 2.0 Client Adapter for Tomcat 8 I see:
public class KeycloakAuthenticatorValve extends AbstractKeycloakAuthenticatorValve {
/**
* Method called by Tomcat < 8.5.5
*/
public boolean authenticate(Request request, HttpServletResponse response) throws IOException {
return authenticateInternal(request, response, request.getContext().getLoginConfig());
}
/**
* Method called by Tomcat >= 8.5.5
*/
protected boolean doAuthenticate(Request request, HttpServletResponse response) throws IOException {
return this.authenticate(request, response);
}
So the fix mentioned in https://issues.jboss.org/browse/KEYCLOAK-3669?attachmentViewMode=list
Is in it, but is not solving the problem.
Can anyone please help?
Kevin
From: Kevin Cuijpers
Sent: Monday, July 24, 2017 4:19 PM
To: 'keycloak-user(a)lists.jboss.org' <keycloak-user(a)lists.jboss.org<mailto:keycloak-user@lists.jboss.org>>
Subject: org.apache.catalina.authenticator.FormAuthenticator.forwardToLoginPage No login page was defined for FORM authentication in context
Hello,
I am trying to use the SAML 2.0 Client Adapter for Tomcat 8.5.8. I downloaded keycloak-saml-tomcat8-adapter-dist-3.2.1.Final and installed it in the lib folder of Tomcat.
I followed the instructions from app-profile-saml-jee-jsp quickstart to set up the Client.
I added following context.xml:
<Context path="app">
<WatchedResource>WEB-INF/web.xml</WatchedResource>
<WatchedResource>${catalina.base}/conf/web.xml</WatchedResource>
<!-- Required for KeyCloak -->
<Valve className="org.keycloak.adapters.saml.tomcat.SamlAuthenticatorValve"/>
</Context>
I copied the files from app-profile-saml-jee-jsp quickstart into a separate project (see attached demo.zip) to make the war.
Tomcat starts up correctly and I see the Please login page when I go to http://localhost:8080/app/
When I click on LOGIN I get a 500 error page and following error:
org.apache.catalina.authenticator.FormAuthenticator.forwardToLoginPage No login page was defined for FORM authentication in context [/app]
I found an old mailing with similar problem:
http://lists.jboss.org/pipermail/keycloak-user/2016-November/008380.html
pointing to an issue that should have been solved:
https://issues.jboss.org/browse/KEYCLOAK-3669?attachmentViewMode=list
It is unclear what I need to do to make this simple example work or what needs to be changed to the adapter.
Please help.
Kevin Cuijpers
7 years, 5 months
Hitting error -- "Didn't find publicKey for specified kid"
by Rajesh Ghosh
Hi,
I am trying to secure my REST services using the method described in the
document --
http://blog.keycloak.org/2015/10/getting-started-with-keycloak-securing.html
I am securing my war using JBoss subsystem , instead of per-war option. The
relevant sections from my standalone.xml are posted below.
<extensions>
......
<extension module="org.keycloak.keycloak-adapter-subsystem"/>
</extensions>
<security-domains>
.....
<security-domain name="keycloak">
<authentication>
<login-module
code="org.keycloak.adapters.jboss.KeycloakLoginModule" flag="required"/>
</authentication>
</security-domain>
</security-domains>
<subsystem xmlns="urn:jboss:domain:keycloak:1.1">
<secure-deployment name="my war file.war">
<realm>bkofc</realm>
<resource>bkofc-svc</resource>
<use-resource-role-mappings>true</use-resource-role-mappings>
<bearer-only>true</bearer-only>
<auth-server-url>http://192.168.99.100/30001/auth
</auth-server-url>
<ssl-required>none</ssl-required>
<credential
name="secret">9bcc6d9f-9c72-4b58-b297-79f0f207d9e1</credential>
</secure-deployment>
</subsystem>
I am able to obtain the access token.
curl -i curl --data
"grant_type=password&client_id=bkofc-web&username=user&password=password"
http://192.168.99.100:30001/auth/realms/bkofc/protocol/openid-connect/token
Note:- I have created 2 clients -- i) bkofc-svc which is bearer only, for
my REST services ii) bkofc-web , a public client to simulate UI login
However when I try to use the access token to invoke a service, I am
getting the error -
Status: 401
WWW-Authenticate Bearer realm="bkofc", error="invalid_token",
error_description="Didn't find publicKey for specified kid"
Please let me know if I am missing something here. I have been breaking my
head last few days without any luck ! I have also tried rotating the realm
keys.
Thanks,
Rajesh
7 years, 5 months
Custom FormAction - NoClassDefFoundError org/keycloak/services/validation/Validation
by Geadah, Nicolas (VEC)
I built a custom FormAction/FormActionFactory to provide additional behavior in the registration flow. I'm able to build the JAR, deployment to JBoss works, and the action shows up in the "add execution" in the admin console.
Now when going through the registration process, the FormAction is definitely triggered but an immediate error is thrown:
org.jboss.resteasy.spi.UnhandledException: java.lang.NoClassDefFoundError: org/keycloak/services/validation/Validation
Seems like something missing in my jboss-deployment-structure.xml file? Here is the file as it stands currently - what do I need to add for the necessary module to be loaded? This is in RHSSO 7.1.
<?xml version="1.0" encoding="UTF-8"?>
<jboss-deployment-structure>
<deployment>
<dependencies>
<module name="org.keycloak.keycloak-server-spi-private" />
</dependencies>
</deployment>
</jboss-deployment-structure>
7 years, 5 months
org.apache.catalina.authenticator.FormAuthenticator.forwardToLoginPage No login page was defined for FORM authentication in context
by Kevin Cuijpers
Hello,
I am trying to use the SAML 2.0 Client Adapter for Tomcat 8.5.8. I downloaded keycloak-saml-tomcat8-adapter-dist-3.2.1.Final and installed it in the lib folder of Tomcat.
I followed the instructions from app-profile-saml-jee-jsp quickstart to set up the Client.
I added following context.xml:
<Context path="app">
<WatchedResource>WEB-INF/web.xml</WatchedResource>
<WatchedResource>${catalina.base}/conf/web.xml</WatchedResource>
<!-- Required for KeyCloak -->
<Valve className="org.keycloak.adapters.saml.tomcat.SamlAuthenticatorValve"/>
</Context>
I copied the files from app-profile-saml-jee-jsp quickstart into a separate project (see attached demo.zip) to make the war.
Tomcat starts up correctly and I see the Please login page when I go to http://localhost:8080/app/
When I click on LOGIN I get a 500 error page and following error:
org.apache.catalina.authenticator.FormAuthenticator.forwardToLoginPage No login page was defined for FORM authentication in context [/app]
I found an old mailing with similar problem:
http://lists.jboss.org/pipermail/keycloak-user/2016-November/008380.html
pointing to an issue that should have been solved:
https://issues.jboss.org/browse/KEYCLOAK-3669?attachmentViewMode=list
It is unclear what I need to do to make this simple example work or what needs to be changed to the adapter.
Please help.
Kevin Cuijpers
7 years, 5 months
Keycloak won't allow me to select my theme from drop-down list
by Kamil Kapturkiewicz
Hi,
I am trying to upgrade Keycloak step by step from very old 1.4.0 version
to the latest one. However between version 1.8 and 1.9.8 default themes
folder has been changed, and since that I can't see my theme on
drop-down list in Realms Settings -> Themes -> Email / Login. What I can
see in log is:
10:39:14,181 ERROR [org.keycloak.theme.ExtendingThemeManager] (default
task-14) Failed to find LOGIN theme my_theme, using built-in themes
10:39:14,745 ERROR [org.keycloak.theme.ExtendingThemeManager] (default
task-16) Failed to find LOGIN theme my_theme, using built-in themes
which means it can see it but won't allow me to use it for some reason.
I also tried to clear cache, but with no luck. My theme.properties:
parent=base
import=common/keycloak
styles=css/login.css
meta=viewport==width=device-width,initial-scale=1
kcFormGroupClass=ck-form-group-class
kcFormOptionsWrapperClass=ck-form-options-wrapper-class
I went through Keycloak directory structure but found nothing related to
themes.
brgds,
7 years, 5 months