"Error! Realm with same name exists" when trying to change theme
by Dominik Guhr
Hi all,
So I tried to crete a new realm and use a theme used also in a different
realm, but all I get is the errormessage "Error! Realm with same name
exists" when trying to apply the theme (click on save).
Logs are stating this:
2018-03-06 10:50:32,065 INFO
[org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl] (default
task-25) HHH000010: On release of batch it still contained JDBC statements
2018-03-06 10:51:38,652 WARN
[org.hibernate.engine.jdbc.spi.SqlExceptionHelper] (default task-50) SQL
Error: 1400, SQLState: 23000
2018-03-06 10:51:38,653 ERROR
[org.hibernate.engine.jdbc.spi.SqlExceptionHelper] (default task-50)
ORA-01400: Insert NULL in ("MY_TEST"."REALM_SUPPORTED_LOCALES"."VALUE")
not possible*
Steps:
- I created one realm called "MYREALM" and applied the logintheme there
without a problem (used kc standard for admin and so on).
- Then I created the other one "MYREALM_DEV" and tried to apply the
custom theme.
- To check if its depending on the theme, I tried to apply the base
keycloak theme, same effect.
This workflow worked for another application perfectly with one theme
for different realms.
seems very weird, as if the realm is created on db-level with same name
as the old one instead of my given name.
So, Could anybody give me a hint why SQL fails here? Or point me to the
relating DB Tables please so I could investigate further myself? Thanks
in advance!
Best regards,
Dominik
*: freely translated from german database locale ;)
6 years, 9 months
Weird reload issue in Keycloak + OIDC integrated application
by Pulkit Gupta
Hi Team,
We have integrated one of our Angular 1.X + REST based application with
RH-SSO 7.1.
The application is working fine and we are able to make all the
authorization and authentication functionality work.
We are using the standard flow with auth and refresh token.
However we are seeing an issue which we are not able to fix even after
multiple hit and try.
It goes like this:
When we open the application the adapter checks and redirect us from
authentication. SSO works and we are redirected to the application and are
logged in successfully. Everything works and now we are using the
application. Suddenly after 5 mins the site reloads even if we are actively
using the application. The reloads works and now again we can use the
application for any duration and it never reloads again by itself and we
can work smoothly without any interruptions.
Please let me know in case someone has seen such an issue or can suggest
something which I can try.
--
PULKIT GUPTA
6 years, 9 months
Register new ProviderFactorys to Mappers
by Chris Brandhorst
We have developed a customised OIDCIdentityProviderFactory and OIDCIdentityProvider because some IdP does not fully adhere to the standards. However, when using this Provider, the UserAttributeMapper (and other mappers) are not used because they have a fixed list of COMPATIBLE_PROVIDERS.
We would suggest adding a registerCompatibleProvider to the IdentityProviderMapper in order to extend the usage of these mappers.
Just checking before we take the effort of creating a nice PR: is this something you would see fly? If yes, would you suggest changing COMPATIBLE_PROVIDERS to a List<String> or a List<IdentityProviderFactory> and subsequently changing the getCompatibleProviders() implementations?
Thanks,
Chris
6 years, 9 months
Keycloak client hangs after creating 9 users
by Maickel Hagemann
Hi all,
I'm having some trouble with creating users, using the Keycloak Admin REST API in Java.
I'm trying to create a few dozen users in Keycloak and I want to send each user an email to notify them to update their passwords in a for-loop.
But everytime, after creating a user and sending an email for 9 users, the Keycloak client hangs indefinitely when it's trying to send an email for the 10th user.
Im running Keycloak in a docker container with PostgreSQL and MailHog.
Do any of you have any ideas?
Regards,
Maickel
6 years, 9 months
User Role(s) in Event
by vrinda nayak
Hello All,
For our dcm4che archive, we use Keycloak as an Authentification layer. We
have built a custom Dcm4cheEventListenerProvider which implements
Keycloak's EventListenerProvider to listen to the LOGIN and LOGOUT events.
The Event class does not have roles of a user in the details. Based on
role(s) of a user, we have to emit specific audit messages.
Can someone please advise how we can extract the role(s) of a user when
events are being listened?
Thanks in advance.
Best Regards
Vrinda Nayak
6 years, 9 months
How to get permission to all child resources
by Nhut Thai Le
Hello,
We are new to Keycloak and we are exploring its abilities for securing our
web api. One things we are trying to do is to get all permissions
associated with a user for all child resources in a RPT. For example, let's
say I'm trying to expose the folder Document on my file system to the
network via REST. This Document folder may have millions of files and
subfolders, most of them are accessible by all Users, some are only
available to Admin, and some are for Customers only.
On Keycloak server, i would define 3 resources named:
"All Docs" with URL /Document/* and Role policy granting access to all Users
"For Admin" with URL /Document/Administration/* and Role policy granting
access to only Admins
"For Customer" with URL /Document/Products/* and Role policy granting
access to only Customers
If i use the entitlement API, i can ask if Sarah who is a Users and a
Customers can access "All Docs". However, if Sarah want to know/list all
files under /Document/Administration/Contracts/Sarah/* then how should i
ask entitlement API since this URL is not declared as a resource in
Keycloak? If i can call the API for this path, I would like to receive from
the API some permissions info starting from /Document/Administration
because this is the closest ancestor known to Keycloak regarding the path
being asked.
Hope to get some insight soon
Thai
6 years, 9 months
Spring Boot with multiple Keycloak instances
by Cedric Thiebault
Hello,
We are developing a REST API (Spring Boot micro-services) secured by Keycloak.
We would like to use 2 different Keycloak instances:
- one for employees linked to our Active Directory
- one for our customers
The idea is to isolate environments to reduce the impact on customer side when modifying internal services...
Securing a Spring Boot app with Keycloak Spring adapters is easy (thanks guys!). But I don't see in documentation how use 2 Keycloak instances as we always refer to a single keycloak.json.
Is securing a Spring Boot app with 2 different Keycloak instances possible?
Thanks for your help!
Cedric
6 years, 9 months
stop keyclaok server
by hmidi slim
Hi,
I'm trying to stop a server using this command:
*./bin/standalone.sh && ./bin/jboss-cli.sh -c --commands=shutdown*
The server was launched and it did not been stopped. Is not possible to
excute this two instructions sequentially?
6 years, 9 months
