entitymanger is NULL
by Daan Zwaenepoel
Hello everyone
Itry to inject a entitymanger using @PersistenceContext but all that i
get is a entitymanger that is null anyone who had the same problem?
*file: META-INF/persistence.xml*
<persistence xmlns="http://java.sun.com/xml/ns/persistence"
<http://java.sun.com/xml/ns/persistence>
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
<http://www.w3.org/2001/XMLSchema-instance>
xsi:schemaLocation="http://java.sun.com/xml/ns/persistence
http://java.sun.com/xml/ns/persistence/persistence_1_0.xsd"
<http://java.sun.com/xml/ns/persistencehttp://java.sun.com/xml/ns/persiste...>
version="1.0">
<persistence-unit name="groepsadmin" transaction-type="JTA">
<jta-data-source>java:jboss/datasources/GroepsAdminDS</jta-data-source>
<class>be.scoutsengidsenvlaanderen.login.importer.LidEntity</class>
<properties>
<property name="jboss.as.jpa.managed" value="true"/>
<property name="hibernate.show_sql" value="true"/>
<property name="hibernate.format_sql" value="true"/>
<property name="hibernate.dialect"
value="org.hibernate.dialect.PostgreSQLDialect"/>
</properties>
</persistence-unit>
</persistence>
*file: standelone.xml*
<datasource jta="true" jndi-name="java:jboss/datasources/GroepsAdminDS"
pool-name="GroepsAdminDS" use-java-context="true" use-ccm="true">
<connection-url>jdbc:postgresql://URL</connection-url>
<driver>postgresql</driver>
<validation>
<check-valid-connection-sql>select
1</check-valid-connection-sql>
<background-validation>true</background-validation>
<background-validation-millis>10000</background-validation-millis>
</validation>
<security>
<user-name>username</user-name>
<password>pass<password>
</security>
</datasource>
<drivers>
<driver name="h2" module="com.h2database.h2">
<xa-datasource-class>org.h2.jdbcx.JdbcDataSource</xa-datasource-class>
</driver>
<driver name="postgresql" module="org.postgresql">
<xa-datasource-class>org.postgresql.xa.PGXADataSource</xa-datasource-class>
</driver>
</drivers>
</datasources>
*file: class waar ik de entitymanger wil gebruiken*
@Stateless
public class Leden {
@PersistenceContext(name = "groepsadmin")
private EntityManager entityManager;
public Leden(EntityManager em) {
if (entityManager == null){
System.out.println("EntityManger is null");
}
}
--
Met vriendelijke scouts- en gidsengroeten,
<https://www.scoutsengidsenvlaanderen.be> *Daan Zwaenepoel |
Jobstudent - Groepsadministratie*
<https://www.scoutsengidsenvlaanderen.be/het-uitzicht>
*Scouts en Gidsen Vlaanderen vzw*
dz(a)scoutsengidsenvlaanderen.be <mailto:dz@scoutsengidsenvlaanderen.be>
6 years, 9 months
Fwd: refresh_token flow doesn't work with a standalone_ha setup
by Soumya Mishra
Hello All,
I am facing a problem with running keycloak in standalone clustered mode
(i.e, standalone-ha) mode. I have a set of 3 clusters and using a load
balancer on top of it.
I am able to login properly each time. But the refresh_token and
offline_access token flow is not working properly because the load balancer
is hitting different instances at different times. It only works when the
load balancer hits the instance from which the token was generated.
I compared various tokens generated by all the different instances and I
see that iss, iat and jti values are different for each of the tokens. Is
it a problem?
Please let me know if anybody has any idea how this issue should be fixed
or where I am doing wrong.
Regards,
Soumya
6 years, 9 months
Re: [keycloak-user] How to set PostgreSQL schema for Keycloak when using the Docker Image?
by Meissa M'baye Sakho
Stephen,
I will suggest you to read the following blog post [1] related to keycloak
clustering.
You'll need to use the docker image [2] instead if you want the clustering
to work in a docker environment.
If you are in a kubernetes environnement, you'll not be able to use the
native KUBE_PING protocol since the keycloak image does not include this
feature yet.
Unles you try to build the following [3]
<https://github.com/jboss-dockerfiles/keycloak/pull/96> pull request
[1]=http://blog.keycloak.org/2015/04/running-keycloak-
cluster-with-docker.html
[2]=https://github.com/jmowla/keycloak/blob/master/server-
ha-postgres/Dockerfile
[3]=https://github.com/jboss-dockerfiles/keycloak/pull/96
<https://github.com/jboss-dockerfiles/keycloak/pull/96>
Meissa
On Mon, Mar 12, 2018 at 5:15 PM, Stephen Henrie <stephen(a)chassi.com> wrote:
> Meissa,
>
> Thanks for the heads up on the deprecation. Do you know off the top of
> you head if that keycloak server image that is referenced here (
> https://hub.docker.com/r/jboss/keycloak-postgres/) supports an HA
> deployment as well?
>
> Thanks
> Stephen
>
> On Mon, Mar 12, 2018 at 12:41 AM, Meissa M'baye Sakho <msakho(a)redhat.com>
> wrote:
>
>> Stephen, the postgress-ha docker image is deprecated. It's clearly stated
>> in the following:
>> https://hub.docker.com/r/jboss/keycloak-postgres/
>> @Marco, I undestand your point.
>> Maybe do you need to extend the keyclaok image.
>> Meissa
>>
>> On Mon, Mar 12, 2018 at 5:53 AM, Stephen Henrie <stephen(a)chassi.com>
>> wrote:
>>
>>> Actually, the postgres-ha docker image that is tagged for 3.4.3.Final
>>> installs version 3.4.2. I had to rebuild that image myself and replace the
>>> "latest" tag with a "3.4.3.Final" tag in order to have the correct version.
>>>
>>> Regards,
>>> Stephen
>>>
>>> On Sun, Mar 11, 2018 at 1:49 PM, Meissa M'baye Sakho <msakho(a)redhat.com>
>>> wrote:
>>>
>>>> Marco,
>>>> which docker image are you using?
>>>> The latest docker image the rely on Keycloak 3.4.3 has been updated to
>>>> handle either postgresql or mysql.
>>>> You'll find information you're looking for in the following link at the
>>>> PostgreSQL section.
>>>> https://hub.docker.com/r/jboss/keycloak/
>>>> thanks,
>>>> Meissa
>>>>
>>>>
>>>> On Sun, Mar 11, 2018 at 8:04 PM, Marco Pas <marco.pasopas(a)gmail.com>
>>>> wrote:
>>>>
>>>> > Hi there,
>>>> >
>>>> > i am trying to use the Docker Image for Keycloak but I seem to be
>>>> unable to
>>>> > set a schema for the tables that are created in PostgreSQL. Currently
>>>> all
>>>> > tables end up in the public schema.
>>>> > Is there a way that i can instruct Keycloak to create the tables
>>>> inside a
>>>> > schema?
>>>> >
>>>> > Kind regards,
>>>> > Marco Pas
>>>> > _______________________________________________
>>>> > keycloak-user mailing list
>>>> > keycloak-user(a)lists.jboss.org
>>>> > https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>> >
>>>> _______________________________________________
>>>> keycloak-user mailing list
>>>> keycloak-user(a)lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>
>>>
>>>
>>
>
6 years, 9 months
Help needed to perform SSO on iOS
by Wei Li
Hi,
We are trying to perform SSO with OpenID connect using the latest release
version of Keycloak for our mobile apps. The client libraries we are using
is AppAuth.
Everything works expected on Android. I have 2 apps and if I logged into
one of the apps, when I try to login the other app, I will just get
redirected back to the app and that's it.
However, this doesn't seem to be the case for iOS. On the second app, I was
presented with the login screen and I have to enter my username and
password again.
Initially I thought it might be a problem with AppAuth-ios so I asked the
question there[1]. However, it looks like the AppAuth lib is working as
expected. But one of the maintainers does mention that I have to make sure
the IDP is using persistent cookies.
So my questions are:
1. Is Keycloak using persistent cookies?
2. Has anyone tried using Keycloak to perform SSO on iOS, does it work?
Any help is appreciated.
Thanks.
[1] https://github.com/openid/AppAuth-iOS/issues/186
--
WEI LI
Principal SOFTWARE ENGINEER
Red Hat Mobile <https://www.redhat.com/>
weil(a)redhat.com M: +353862393272
<https://red.ht/sig>
6 years, 9 months
Problem: We're sorry ...You are already authenticated as different user
by Marco de Luca
Scenario:
We are using keycloak OIDC to create id-token/UserInfo för our applications. IdP is provided by an external SAML IdP.
We want Keycloak to provide SSO between all applications (clients) using the Keycloak server (3.4.1).
Problem:
When the first application “A” uses Keycloak to authenticate the user everything is OK. When application “B” (using the same browser) uses Keycloak to authenticate the user an error occurs. “We're sorry ...You are already authenticated as different user ‘xx' in this session. Please logout first.” (DIFFERENT_USER_AUTHENTICATED)
The current configuration uses the IdP “Subject.NameID” as username (preferred_username).
--
Marco
6 years, 9 months
Problem with account linking?!
by Marco de Luca
Scenario:
We are using keycloak OIDC to create id-token/UserInfo för our applications. IdP is provided by an external trusted SAML IdP. We want Keycloak to provide SSO between all applications (clients) using the Keycloak server (3.4.3-Final).
User information from the external IdP is trusted and we don't want the users to link and/or verify the account.
Problem:
When a user access the application "A" uses Keycloak to authenticate the user everything is OK.
- Keycloak creates a user account using a specified attribute (unique id from SAML response )
When the user access the application a second time (close browser or logout) keycloak require the user to link the account.
"We're sorry ... User with username tst5565594230 already exists. Please login to account management to link the account."
We have disabled account "Confirm Link Existing Account" for relevant Authentication binding (browser flow, first broker login).
Any suggestions?
--
Marco
6 years, 9 months
SSO check in Spring Security
by Niels Bertram
We have a requirement to check if a user is signed in when they visit a
site. For the JavaScript adapter this is a piece of cake with "check-sso",
but I could not find anything like this for spring security adapters.
Anyone ever had to implement optional check-sso using Keycloak with Spring
Security?
Thanks Niels
6 years, 9 months
Delete large realm fails with timeout
by Niels Bertram
Is there a database script that we can run to delete a keycloak realm with
large volume of synchronised users? We have a realm with a "few" users
synced from LDAP in our RH-SSO 7.0 / Keycloak 1.9.8 installation and trying
to delete the realm via the console fails with a timeout. Cheers Niels
6 years, 9 months
how to enable remote resource management from admin-api
by Nhut Thai Le
Hello,
I'm trying to enable remote resource management using the admin-api so that
i can latter create resources dynamically. My code is follow:
ClientRepresentation client =
adminClient.realm(realmName).clients().findByClientId(clientId).get(0);
client.setServiceAccountsEnabled(true);
client.setAuthorizationServicesEnabled(true);
adminClient.realm(realmName).clients().get(client.getId()).update(client);
ResourceServerRepresentation authzSetting = new
ResourceServerRepresentation();
authzSetting.setAllowRemoteResourceManagement(true);
client.setAuthorizationSettings(authzSetting);
adminClient.realm(realmName).clients().get(client.getId()).update(client);
This piece of code run without error, however when i check the client from
the admin console, i still see remote resource management not enable. Am i
missing anything?
Thai
--
Castor Technologies Inc
460 rue St-Catherine St Ouest, Suite 613
Montréal, Québec H3B-1A7
(514) 360-7208 o
(514) 798-2044 f
ntle(a)castortech.com
www.castortech.com
CONFIDENTIALITY NOTICE: The information contained in this e-mail is
confidential and may be proprietary information intended only for the use
of the individual or entity to whom it is addressed. If the reader of this
message is not the intended recipient, you are hereby notified that any
viewing, dissemination, distribution, disclosure, copy or use of the
information contained in this e-mail message is strictly prohibited. If you
have received and/or are viewing this e-mail in error, please immediately
notify the sender by reply e-mail, and delete it from your system without
reading, forwarding, copying or saving in any manner. Thank you.
AVIS DE CONFIDENTIALITE: L’information contenue dans ce message est
confidentiel, peut être protégé par le secret professionnel et est réservé
à l'usage exclusif du destinataire. Toute autre personne est par les
présentes avisée qu'il lui est strictement interdit de diffuser, distribuer
ou reproduire ce message. Si vous avez reçu cette communication par erreur,
veuillez la détruire immédiatement et en aviser l'expéditeur. Merci.
6 years, 9 months
