realm-management policies not affecting admin-console
by Nils Wild
Hi,
i think i got somthing wrong how policies are supposed to work in
Keycloak 4.1.0.Final
I tried to configure a support group that has access to a certain group
of customers but not all so i created a new_user_group and a
support_group (this group has real-management roles to view and manage
users so i can see those admin-console menus) and added policies, such
that the support_group can only see and manage that group and users of
that new_user_group but not those of old_user_group. Unfortunatly after
logging in with a user of support_group i can see all users and groups
not only those of the new_user_group when clicking "view all users".
I already used the Authorization Evaluator of the realm-management
client. The funny thing is that if i choose the new user of the
support_group and the old_user_group resource with view scope it
correctly determines that access should be denied.
Am I missing something? Maybe the problem is that the new_support_group
does have realm-management roles like view-users? But if i remove those
roles i am not able to see any menu.
Nils
5 years, 9 months
Kerberos Authentication
by "Matthias Müller"
Hello Keycloak Users,
I configured Kerberos in Keycloak (newest version) and all seems fine. When I activate it in the Authentication flow section the following error is shown on the login page:
"Kerberos is not set up. You cannot login."
There is no log entry or something else, nothing. I also searched for this message but no solution. It is not clear, why it is not working. Does anyone have an idea? Thanks
5 years, 9 months
User Attributes
by "Matthias Müller"
Hello Keycloak Community,
I created some further attributes in the ldap federation. When the user is new, all fields are filled correct. For existing users after a login, the attributes are not created.
Is there a way, to sync all new attributes also for existing users? I am not sure, if the function "sync changed users" in the ldap federation section will also create new attributes. Thanks
5 years, 9 months
Upgrade from 4.0.0 to 4.1.0 : invalid redirect_uri
by GARDAIS Ionel
Hi,
I tried to upgrade from 4.0.0 to 4.1.0 but it resulted in an error page about redirect_uri.
I've previously upgraded from 3.4.3 to 4.0.0 without issue.
Any tips ?
Regards,
Ionel
--
232 avenue Napoleon BONAPARTE 92500 RUEIL MALMAISON
Capital EUR 219 300,00 - RCS Nanterre B 408 832 301 - TVA FR 09 408 832 301
5 years, 9 months
Permanent API key?
by Corentin Dupont
Hi guys,
Is it possible to have a permanent access token, or API key, that I can
store on the client of my API?
Or maybe I need to store my login/password on the client and retrieve a
normal access token from the device?
in my use case, I have remote devices writing to my API. Those devices are
not easy to update.
I see that some services uses an API key, passed as a query string, that
seems to be permanent.
For example ThingSpeak:
https://it.mathworks.com/help/thingspeak/channel-settings.html#keys
Is this possible with Keycloak? I.e. permanently granting access to some
device?
5 years, 9 months
the redirect URL of keycloak throwing error
by vandana thota
Hello
When I added the SAML indentity provider and take the redirect URL ( we can
not able to edit it except the alias name ) and put it in browser its
showing we are sorry error on keycloak page ?
May I know why its showing that sorry page on keycloak ?
PFA
5 years, 9 months
admin-client binary and dependencies
by Nhut Thai Le
Hello,
Where can i get the binaries of the admin-client and its dependency for KC
4.0.0.Final? I added the following jars from mavencentral to my package:
javax.ws.rs-api,\
org.jboss.resteasy:resteasy-jackson2-provider,\
org.jboss.resteasy:resteasy-jaxrs,\
org.apache.commons.lang3,\
org.keycloak:keycloak-admin-client,\
org.keycloak.keycloak-core,\
org.jboss.resteasy:resteasy-client,\
org.jboss.resteasy:resteasy-multipart-provider,\
org.jboss.resteasy:resteasy-jaxb-provider,\
org.eclipse.equinox.supplement,\
com.castortech.iris.security;version=latest,\
org.keycloak:keycloak-server-spi-private,\
org.keycloak:keycloak-server-spi,\
org.keycloak.keycloak-common,\
org.eclipse.emf.common,\
javax.annotation-api,\
com.fasterxml.jackson.jaxrs.jackson-jaxrs-json-provider
But i still get error:
javax.ws.rs.ProcessingException: RESTEASY003215: could not find writer for
content-type application/x-www-form-urlencoded type: javax.ws.rs.core.Form$1
When calling .realms().findAll()
Thai
--
Castor Technologies Inc
460 rue St-Catherine St Ouest, Suite 613
Montréal, Québec H3B-1A7
(514) 360-7208 o
(514) 798-2044 f
ntle(a)castortech.com
www.castortech.com
CONFIDENTIALITY NOTICE: The information contained in this e-mail is
confidential and may be proprietary information intended only for the use
of the individual or entity to whom it is addressed. If the reader of this
message is not the intended recipient, you are hereby notified that any
viewing, dissemination, distribution, disclosure, copy or use of the
information contained in this e-mail message is strictly prohibited. If you
have received and/or are viewing this e-mail in error, please immediately
notify the sender by reply e-mail, and delete it from your system without
reading, forwarding, copying or saving in any manner. Thank you.
AVIS DE CONFIDENTIALITE: L’information contenue dans ce message est
confidentiel, peut être protégé par le secret professionnel et est réservé
à l'usage exclusif du destinataire. Toute autre personne est par les
présentes avisée qu'il lui est strictement interdit de diffuser, distribuer
ou reproduire ce message. Si vous avez reçu cette communication par erreur,
veuillez la détruire immédiatement et en aviser l'expéditeur. Merci.
5 years, 9 months
keycloak and External IDP
by vandana thota
Hello Friends,
I'm trying to configure the Single Sign on for the application which We
deployed on wildfly instance by using keycloak and external Identity
provider (OKTA)
In first screen shot entered into external IDP with the credentials
and clicked on the app which we configured in IDP and it re-directing
to sorry page of keycloak.
Instead of sorry page what needs to be come there ?
is that 1 application which we deployed on wildfly instance or anything
else to be show up there ? and how to make it possible to show what ever
the desired thing to be .
Can any one able to figure it out why its showing this .
Also we are using keycloak final 4.0.0.0 and wildfly 11 final .
PFA.
Thanks,
Vandana
5 years, 9 months