October 2018 - keycloak-user - Jboss List Archives

by Craig Setera

Can anyone tell me how Java sessions are managed relative to the servlet adapter? As we are switching over from JSESSIONID-based authentication to Keycloak, we have other non-security based services that are using @SessionScoped beans. While we can continue to reflect JSESSIONID are there any cases with Keycloak will invalidate and/or switch the HttpSession from request to request? Thanks, Craig ================================= *Craig Setera* *Chief Technology Officer*

5 years, 6 months

1
0
0 / 0

LDAP at Log in page

by So Be

Hi, I have integrated our jupyterhub with keycloak. it works fine. Now, I want to add LDAP as additional identity provider with Github. I have configured the realm with our LDAP server but I can not see LDAP button with the others in the log in page. What I am doing wrong? Thank you.

5 years, 6 months

2
1
0 / 0

Notifying user about a login attempt

by GARDAIS Ionel

Hi, Is there a way to notify user by email whenever the user is logged through a client of the realm ? Like "You've been logged by <Client Name> with your account <account_id>". Thanks, Ionel -- 232 avenue Napoleon BONAPARTE 92500 RUEIL MALMAISON Capital EUR 219 300,00 - RCS Nanterre B 408 832 301 - TVA FR 09 408 832 301

5 years, 6 months

2
3
0 / 0

How to get a link to password reset from keycloak api

by Andreas Lau

Hello, we have a application where we managed to create a user account over the REST API. Now instead creating a temporary password for the new user and forcing the user to login and change the password the very first time he/she logs in, we'd like to create a link, where he/she has to enter a password and gets logged in (exactly like it is done in the functionality password reset), and send it to the user via mail. I've googled around and the only hints I can find is how to call reset password via API. But with this we only trigger keycloak to send a mail with such a link. But as I said we like to get the link itself. Is this possible somehow? Can you give us a helping hand? Thanks. Andreas

5 years, 6 months

1
0
0 / 0

open-id/connect endpoint giving unexpected result

by Ulrik Sjölin

Hello, I am using 4.5.0 and have a simple setup with 2 users (Alice and Jdoe) each of them has a UMA-resource. Jdoe is sharing his resource with Alice (all scopes). Running “evaluate” in the admin-web-ui everything looks correct: Alice does have Delete-Scope (and 4 other scopes) on JdoeResource. I use a simple curl script but it does however not give the same result as the evaluate-web-ui does: Using the /openid-connect/token, “permission=#Delete” and subject_token=$ALICE_TOKEN, I get the expected result (both Alice and Jdoes resources are returned correctly): [{"scopes":["Delete"],"rsid":"c7fc0515-90f7-4485-a3c7-a8f62d64740c","rsname”:”AliceResource”},{“scopes":["Delete","Read","Write","Admin","Peek"],"rsid":"854b0ac8-8504-4b92-b642-1c959a1f8de0","rsname”:”JdoeResource”}] changing to “permission=AlliceResource#Delete” everything looks like expected: [{"scopes":["Delete"],"rsid":"c7fc0515-90f7-4485-a3c7-a8f62d64740c","rsname”:”AliceResource”}] Changing again to the id of JoeResource i.e “permission=854b0ac8-8504-4b92-b642-1c959a1f8de0#Delete", I get: [{"scopes":["Delete","Read","Write","Admin","Peek"],"rsid":"854b0ac8-8504-4b92-b642-1c959a1f8de0","rsname":"JdoeResource"}] But changing to “permission=JdoeResource#Delete”, I get, what I think is unexpected: {"error":"invalid_resource","error_description":"Resource with id [JdoeResource] does not exist."} Is this expected behavior? Is there something I am doing wrong? Best Regards, Ulrik

5 years, 6 months

1
0
0 / 0

Can i integrate External PHP hash provider library with keycloak

by Deepa Gaddigoudar

Hello All, Previously I have used SimpleLoginSecure <http://dialect.ca/code/ci-simple-login-secure/> to secure my application user passwords, thus i dont know the *salt* used by this library. Now i want to migrate my users to keycloak without asking them to reset their password. Is there is a way to integrate SimpleLoginSecure library with keycloak as a PasswordHash Provider?. If yes, How do i do that ? Regards, Deepa M G ------------------------------------------------------------------------ *Deepa M Gaddigoudar | Software Developer* Aissel Technologies Pvt. Ltd. A Block, Floor 2, IT Park, Hubli – 580029. India Ph (Ind) : +91 836-235-1011 l Ph: +1 347-966-8181 Cell: +91 8951519616 E-Mail: deepag(a)aissel.com

5 years, 6 months

1
0
0 / 0

SSSD integration with password expiry

by Callum Smith

Dear All, My google-fu has turned up some results of people doing bits of this using LDAP, but I was wondering if there was anyway of handling users with expired passwords through Keycloak's UI. So the issue is that with FreeIPA as an authentication backend, when a user is created their password is expired (for lots of good reasons). This forces them to change the password on their first login, which works with ssh, gnome, but not Keycloak. Is this because of something I have misconfigured (or yet to configure) or is it just not supported? Regards, Callum -- Callum Smith Research Computing Core Wellcome Trust Centre for Human Genetics University of Oxford e. callum(a)well.ox.ac.uk<mailto:callum@well.ox.ac.uk>

5 years, 6 months

1
0
0 / 0

o.s.security.saml.log.SAMLDefaultLogger

by Anup VK

Hello Folks, I have a spring GRAILS application using Keycloak 4.5. For some reason the redirection after login proceeds to http://localhost:8080/spring-security-saml/saml/SSO/alias/localhost instead of http://127.0.0.1:8080/csi-gui-chargedb/ This might be a Spring Security suite redirection issue, that said the 'Valid Redirect URIs' box only accepts a * wildcard character. If I specify a valid URL - like http://127.0.0.1:8080/csi-gui-chargedb/ - it complains. Please let me know what are your thoughts. Muchos gracias in advance. AVK Sent with [ProtonMail](https://protonmail.com) Secure Email.

5 years, 6 months

1
0
0 / 0

password reset email REST api?

by Wyllys Ingersoll

Is there ( or are they plans to add one) a REST API endpoint for sending a user a password reset email link? Im looking for a way to simulate what happens when the "reset password" form is used but without using the form itself, so that an application could make the request without requiring a UI. This is different from having an administrator manually reset a password, I want the user to just get a secure link to reset their own password when necessary. thanks, Wyllys Ingersoll

5 years, 6 months

2
2
0 / 0

Self Service for User ( using admin-cli)

by Madhu

Hi I have a query on user self service (Auth service), I have a realm with few admin users (who has manage *, view *) in realm-management client. I also have ordinary users, who do not have any access in realm-management client. I would like write a rest service, where the logged in user ( the user id in the bearker token), will be able to perform a) GET realms/realmName/users/<uid> b) and PUT realms/realmName/users/<uid> on the following conditions the bearer token should be an admin's bearer token or the logged in user should be editing his own record (sub in jwt should be same as the <uid> in url) Between, i am using admin-cli for these operation. Please guid on how to go about this. RegardsMadhu

5 years, 6 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

keycloak-user October 2018