How to set admin password?
by Anton
Hello
I'm using jboss/keycloak-ha-postgres docker image, and have tried running
`add-user-keycloak.sh -u admin -p admin` but am still unable to login using
this username/combo.
Can someone please tell me how to set the admin password?
Thanks
6 years, 3 months
Iframe login form
by Gregory Durham
Hello,
We are currently evaluating keycloak as a solution for idp/sso, and are
currently looking at how integration should look like.
In order to keep the login experience seamless, we have an iframe approach
working, and have locked down the X-Frame-Option and
the Content-Security-Policy for frame-ancestors to limit it to our
site/domain.
The redirect is captured by the iframe and the code is passed to the main
page and the keycloak.js is initialized with this to get the token.
Is this supported and if not why not? I want to make sure that there isn't
something I am missing in how this works from a security and usage point of
view.
Thank you,
Greg
6 years, 3 months
Multi-Valued User Attributes
by Michael Poettgen
(Keycloak version is 3.4.3)
If I understand things correctly, the OIDC Token mappers for User Attributes can send claims for multi-valued attributes. How do I add a multi-valued attribute to a user via the UI? When I "Add" another attribute with the same name to a user, the new attribute value will override the old value. Is there a special syntax or mechanism that I need to use?
Thanks for your help.
Michael
This message may contain confidential information. If you are not the intended recipient, do not disseminate, distribute, or copy this e-mail or its attachments. Please notify the sender of the error immediately by e-mail or at the telephone number listed below, and delete this e-mail and any attachments from your system. Receipt by anyone other than the intended recipient(s) is not a waiver of any trade secrets, proprietary interests, or other applicable rights. E-mail transmission is not necessarily secure or error-free, as information could be intercepted, corrupted, lost, destroyed, delayed, incomplete, or may contain viruses. The sender disclaims all liability for any errors or omissions arising as a result of the e-mail transmission.
OEConnection LLC, (888) 776-5792, www.oeconnection.com
6 years, 3 months
[dev] Search all users in a realm with a non-verified email?
by Tomás García
Hi,
Using the userStorageManager, I don't think I could possibly get a
collection of UserModels where all users are just those where the
EMAIL_VERIFIED bit is set to 0, right?
If I'm wrong please let me know.
My use case is I'm creating a task to delete those users after a time as
long as the realm is configured to verify the email. I managed to get the
rest of the details right I think thanks to Marek Posolda, but I cannot
find a way to search specifically those users, because gathering all users
in memory and then iterating all the collection wouldn't be optimal. I'd
rather let that job to be done by the persistence layer.
Thanks.
6 years, 3 months
custom authenticator invoking with a REST API for authentication
by Sud Ramasamy
Hi,
We have a need to intercept the existing form based login authentication for a realm and instead of going to the Keycloak database to validate username/password we need to invoke a REST endpoint with the username/password combination to authenticate the user.
Using the User Storage SPI is not an option since it integrates at the JPA layer. We will need to integrate via an authentication REST API hosted externally to RH-SSO.
Please provide some of the options that are available to us to accomplish. Appreciate the help.
-sud
6 years, 3 months
keycloak adapter with apache karaf 4.1.3
by LIEVRE Olivier
Hello,
I'd like to use keycloak to secure rest api loaded as a bundle in apache karaf 4. I've tried to use samples provided with keycloak for fuse, it seams they are working with karaf 3 only.
Does someone already try to use keyccoak OSGI adapter with Karaf 4 and succeed to use them ?
Thks for your answer,
Olivier LIEVRE
6 years, 3 months
OIDC and XFO
by Felipe Braun Azambuja
Hey guys,
I've been struggling with OIDC and XFO, and I could use some help from
you all.
My deployment is like this:
Vue.js app (nginx):80 (app.public.domain)
|
|
\-> reverse proxy (nginx):443 ---> keycloak:8080
(sso.public.domain) (sso.internal)
The app doesn't work due to XFO trying to open login-status-iframe.html.
If I make the app go straight to KC in :8080, it works as it should
(strangely enough, because KC isn't sending XFO header.
I have XFO set on the reverse proxy, with SAMEORIGIN, tried to change to
ALLOW-FROM, tried to add XFO to the app's nginx, and all I get is the
same thing. The browser gets redirected to KC login page, I get
authenticated, but the app doesn't work.
*Where* and *how* should the header be set?
This setup with nginx works great in SAML, and since we do not have
enough IPv4, I can't expose it directly.
Keycloak was upgraded to 3.4.3.Final prior to this app being deployed.
Thanks!
--
Felipe Braun Azambuja
DBA
Tecnologia da Informação e Comunicação
(48) 3281 9577
felipe.braun(a)intelbras.com.br
Esta mensagem, incluindo seus anexos, contém informações protegidas por lei, sujeitas a privilégios e/ou confidencialidades, não podendo ser retransmitida, arquivada, divulgada ou copiada sem autorização do remetente. O remetente utiliza o correio eletrônico no exercício do seu trabalho ou em razão dele, eximindo esta instituição de qualquer responsabilidade por utilização indevida. Caso tenha recebido esta mensagem por engano, por favor informe o remetente respondendo imediatamente a este e-mail, e em seguida apague-a do seu computador.
The information contained in this e-mail and its attachments are protected by law, subjected to privilege and/or confidentiality and cannot be retransmitted, filed, disclosed or copied without authorization from the sender. The sender uses the electronic mail in the exercise of his/her work or by virtue thereof, and the institution accepts no liability from its undue use. If you have received this message by mistake, please notify us immediately by returning the e-mail and deleting this message from your system.
6 years, 3 months
Integrate with WebLogic?
by Thomas Isaksen
Hi
I'm wondering what I have to do to integrate with WebLogic. Am looking to replace OAM with Keycloak but looks like there is no WebLogic support out of the box.
Do I just have to implement an Identity Asserter for WebLogic and I'm good to go or do I need to implement anything on Keycloak's end as well?
Thanks
--
Thomas Isaksen
6 years, 3 months
[HS256] Use HS256 rather than RS256 for Id Token Signature
by FOUTREIN Thomas
Hello,
I m trying to connect our keycloak instance with France Connect (the french public openid connect platform)
But France Connect doesn't accept Id Token signed with RSA key , it only accept HS256 with a shared secret to verify the signature
I tried to desactivate in my Realm the RSA Provider , but this has no effect on the Token generated (always RS256)
Do you have a simple solution for that ?
thanks in advance
Thomas
6 years, 3 months
