Manage-user permission is always overriden in fine-grain permission
by Ansari, Hasebullah
Hello,
I have a use-case where I want to create a dedicated realm for one organization with an admin user. But when I give the role ‘realm-admin’ to this user and literally he could anything in this realm, managing clients, managing user, etc. And if the user is not very well known with keycloak then he can also disturb the settings or configuration of the realm it self. Like deleting roles from ‘realm-management’ and with managing user with ‘manage-user’ stuff client for example. Now I have achieved to restrict this admin doing such things but now with the fine grain permission and without ‘manage-clients’ and ‘manage-users’ roles, I cannot see the ‘create client’ and ‘create user’ button in the dedicated realm admin console. In my usecase I want the admin user to create client and user by himself but not manage everything like stated above.
Cheers,
Hasebullah A Ansari
Master of Engineering in IT, Heidelberg
IT Specialist / Java Entwickler
Syntlogo GmbH
5 years, 10 months
Problem with realm token settings after changing realm name
by Regula Engelhardt
Hello
I have a problem with the token settings. Because my realm name originally had a whitespace in it and the redirection URI for the Google Identity Provider did not work with this name I changed it to a realm name with an underscore instead. Now I can’t change the token settings for my realm with the new name, I always get the error “Resource not found... We could not find the resource you are looking for. Please make sure the URL you entered is correct.”. If I change the name back though I can go to the token settings.
Thanks for your help!
Regula Engelhardt
Junior Developer
Noise AG
Sonneggstrasse 76
8006 Zürich
Switzerland
engelhardt(a)noiseag.ch
www.noiseag.ch
5 years, 10 months
Re: [keycloak-user] Keycloak latest beta version for Sql server support
by Athulya Pillai
Hi Raphael,
The link which you shared seems to keycloak using MYSQL as database. However, in my case it is MS Sql Server.
This seems to be a bug in 4.0.0. Beta2
Thanks and Regards
Athulya Pillai
From: Raphael Favier [mailto:r.favier@tkhinnovations.com]
Sent: Thursday, June 07, 2018 3:41 PM
To: Athulya Pillai
Subject: Re: [keycloak-user] Keycloak latest beta version for Sql server support
Hi Athulya,
According to
http://lists.jboss.org/pipermail/keycloak-user/2017-November/012377.html
I guess it should be MYSQL
with kind regards
Raphael
On Thu, Jun 7, 2018 at 11:23 AM, Athulya Pillai <Athulya.Pillai(a)cybertech.com<mailto:Athulya.Pillai@cybertech.com>> wrote:
Hi Team,
Latest verson for keycloak is 4.0.0 beta2. When we deploy this version as a docker images, there is a a mandatory environment variable to be set. The variable is DB_VENDOR which accepts only 4 values -H2, POSTGRES,MYSQL and MARIADB.
Please let me know the value for above parameter DB_VENDOR to deploy this keycloak image with microsoft sql server
Thanks and Regards
Athulya Pillai
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org<mailto:keycloak-user@lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user
5 years, 10 months
Keycloak - User registration flow query
by Manisha Nandal
Hi Team,
I have used keycloak identity provider for my web application for
authentication purpose. I have a query related to user registration flow -
Validations of attributes like "first name" and several other (say optional
or mandatory) on user registration page is on the client or server side ?
As far i have checked i can't see any client side validation in
"register.ftl" file.
Idea is to add some custom attributes and perform some basic validations
for them.
Thanks,
Manisha
5 years, 10 months
Keycloak consent required
by Miguel Sousa
Hello,
Regarding the Keycloak consent screen I have two questions:
- Is it possible to have a checkbox for each access privilege that the user
is granting to the client instead of just an option to allow or deny all of
them?
- Can the client specify the access privileges that it needs through the
scope request parameter in the authorization flow?
Thanks in advance,
Miguel Sousa
5 years, 10 months
Updating data provider information on the fly
by Matthew Beliveau
Hello,
I am trying to find a place in the Keycloak code where I can update data provider information on a fly.
Use case:
I have a Keycloak server connected to an back end identity source.
This Keycloak server is configured to use an external IdP as an authentication source.
When the user is authenticated against the external source and Keycloak receives his assertion or OIDC ticket I want to get info from that ticket and check if the information about this user known to the particular data back end.
If the data is not there or different I would like to update the data in the back end.
I know where the code for the back end data providers is and can create my own or extend existing one.
I found a place where Keycloak processes assertions and tickets.
https://github.com/keycloak/keycloak/tree/master/services/src/main/java/o...
Is this the right place to invoke the data provider API to do the data update in the back end?
Are there any precedents of such code in the Keycloak code base or around?
Thanks,
Matthew Beliveau
5 years, 10 months
search-friendly mailing list archives?
by Raphael Favier
Hello,
I'm a new subscriber to this mailing list and I'm happy to see how active
it is.
However I am quite surprised that it is very hard to search its archived
messages.
Of course archives are here but they are only provided as .txt files. Which
makes it quite hard to navigate.
For now I am basically using Google and the "site" operator to look for
messages that were posted prior to my subscription to the list.
Or is there an easier way?
I have seen other open source projects using Nabble or Google groups to
make it easier for their user to search in their mailing list archives.
I think such a tool would reduce the number of questions asked over and
over and ease help between users.
with kind regards
Raphael
5 years, 10 months
Keycloak latest beta version for Sql server support
by Athulya Pillai
Hi Team,
Latest verson for keycloak is 4.0.0 beta2. When we deploy this version as a docker images, there is a a mandatory environment variable to be set. The variable is DB_VENDOR which accepts only 4 values -H2, POSTGRES,MYSQL and MARIADB.
Please let me know the value for above parameter DB_VENDOR to deploy this keycloak image with microsoft sql server
Thanks and Regards
Athulya Pillai
5 years, 10 months
unintentionally changing the client ID in the sequence of registration
by 蘆原 大輔/行員/福岡銀行
I am using keycloak -3.4.3.Final.
I am troubled by unintentionally changing the client ID in the sequence of registration transitions.
The details are as follows.
1、After new user is registered, E-mail is sent from Keycloak.(client ID:"sample app")
2、When I click the link of E-Mail, the confirmation validity screen of the mail address is displayed.(client ID:"sample app")
3、When I click the link "click here to proceed" on the confirmation validity screen of the mail address, client ID is changed from "sample app" to "account".
Is the behavior of the above 3 a Keycloak specification?
Is it impossible to make the screen transition of Client ID as Sample app?
thanks
5 years, 10 months
