July 2018 - keycloak-user - Jboss List Archives

Implement the disableCredentialType function in account management console

by Daicy Duarte

Hi! Is it possible to implement the disableCredentialType function in account management console (account.ftl)? To make it easy for the user delete their registered U2F device and thus be able to register another one when log in. Best regards,

6 years, 10 months

1
0
0 / 0

realm-management policies not affecting admin-console

by Nils Wild

Hi, i think i got somthing wrong how policies are supposed to work in Keycloak 4.1.0.Final I tried to configure a support group that has access to a certain group of customers but not all so i created a new_user_group and a support_group (this group has real-management roles to view and manage users so i can see those admin-console menus) and added policies, such that the support_group can only see and manage that group and users of that new_user_group but not those of old_user_group. Unfortunatly after logging in with a user of support_group i can see all users and groups not only those of the new_user_group when clicking "view all users". I already used the Authorization Evaluator of the realm-management client. The funny thing is that if i choose the new user of the support_group and the old_user_group resource with view scope it correctly determines that access should be denied. Am I missing something? Maybe the problem is that the new_support_group does have realm-management roles like view-users? But if i remove those roles i am not able to see any menu. Nils

6 years, 10 months

2
1
0 / 0

Kerberos Authentication

by "Matthias Müller"

Hello Keycloak Users, I configured Kerberos in Keycloak (newest version) and all seems fine. When I activate it in the Authentication flow section the following error is shown on the login page: "Kerberos is not set up. You cannot login." There is no log entry or something else, nothing. I also searched for this message but no solution. It is not clear, why it is not working. Does anyone have an idea? Thanks

6 years, 10 months

2
1
0 / 0

grant_type not provided issue in

by Irtiza Ali

Hello everyone, I have a node application, I am implementing SSO for it, I am authenticating users using keycloak endpoint given below: http://localhost:8080/auth/realms/nodejs-example/protocol/openid-connect/... I am able to authenticate the user using the curl request but unable to do it by using postman and the code given below: var requestify = require('requestify'); requestify.post(' http://localhost:8080/auth/realms/nodejs-example/protocol/openid-connect/...', { client_secret:'17823f90-c7c5-4f07-a78d-f7632a8dee16', client_id: 'nodejs-connect', username: 'ali123', password: '321ssg123', grant_type: 'password' }).then(function(response) { console.log(response.getBody()); .catch(function(response) { console.log(response); }); it always given me this error, grant_type node provided. Thanks in advance! IA

6 years, 10 months

1
0
0 / 0

User Attributes

by "Matthias Müller"

Hello Keycloak Community, I created some further attributes in the ldap federation. When the user is new, all fields are filled correct. For existing users after a login, the attributes are not created. Is there a way, to sync all new attributes also for existing users? I am not sure, if the function "sync changed users" in the ldap federation section will also create new attributes. Thanks

6 years, 10 months

1
0
0 / 0

Upgrade from 4.0.0 to 4.1.0 : invalid redirect_uri

by GARDAIS Ionel

Hi, I tried to upgrade from 4.0.0 to 4.1.0 but it resulted in an error page about redirect_uri. I've previously upgraded from 3.4.3 to 4.0.0 without issue. Any tips ? Regards, Ionel -- 232 avenue Napoleon BONAPARTE 92500 RUEIL MALMAISON Capital EUR 219 300,00 - RCS Nanterre B 408 832 301 - TVA FR 09 408 832 301

6 years, 10 months

1
1
0 / 0

Permanent API key?

by Corentin Dupont

Hi guys, Is it possible to have a permanent access token, or API key, that I can store on the client of my API? Or maybe I need to store my login/password on the client and retrieve a normal access token from the device? in my use case, I have remote devices writing to my API. Those devices are not easy to update. I see that some services uses an API key, passed as a query string, that seems to be permanent. For example ThingSpeak: https://it.mathworks.com/help/thingspeak/channel-settings.html#keys Is this possible with Keycloak? I.e. permanently granting access to some device?

6 years, 10 months

1
0
0 / 0

the redirect URL of keycloak throwing error

by vandana thota

Hello When I added the SAML indentity provider and take the redirect URL ( we can not able to edit it except the alias name ) and put it in browser its showing we are sorry error on keycloak page ? May I know why its showing that sorry page on keycloak ? PFA

6 years, 10 months

1
0
0 / 0

admin-client binary and dependencies

by Nhut Thai Le

Hello, Where can i get the binaries of the admin-client and its dependency for KC 4.0.0.Final? I added the following jars from mavencentral to my package: javax.ws.rs-api,\ org.jboss.resteasy:resteasy-jackson2-provider,\ org.jboss.resteasy:resteasy-jaxrs,\ org.apache.commons.lang3,\ org.keycloak:keycloak-admin-client,\ org.keycloak.keycloak-core,\ org.jboss.resteasy:resteasy-client,\ org.jboss.resteasy:resteasy-multipart-provider,\ org.jboss.resteasy:resteasy-jaxb-provider,\ org.eclipse.equinox.supplement,\ com.castortech.iris.security;version=latest,\ org.keycloak:keycloak-server-spi-private,\ org.keycloak:keycloak-server-spi,\ org.keycloak.keycloak-common,\ org.eclipse.emf.common,\ javax.annotation-api,\ com.fasterxml.jackson.jaxrs.jackson-jaxrs-json-provider But i still get error: javax.ws.rs.ProcessingException: RESTEASY003215: could not find writer for content-type application/x-www-form-urlencoded type: javax.ws.rs.core.Form$1 When calling .realms().findAll() Thai -- Castor Technologies Inc 460 rue St-Catherine St Ouest, Suite 613 Montréal, Québec H3B-1A7 (514) 360-7208 o (514) 798-2044 f ntle(a)castortech.com www.castortech.com CONFIDENTIALITY NOTICE: The information contained in this e-mail is confidential and may be proprietary information intended only for the use of the individual or entity to whom it is addressed. If the reader of this message is not the intended recipient, you are hereby notified that any viewing, dissemination, distribution, disclosure, copy or use of the information contained in this e-mail message is strictly prohibited. If you have received and/or are viewing this e-mail in error, please immediately notify the sender by reply e-mail, and delete it from your system without reading, forwarding, copying or saving in any manner. Thank you. AVIS DE CONFIDENTIALITE: L’information contenue dans ce message est confidentiel, peut être protégé par le secret professionnel et est réservé à l'usage exclusif du destinataire. Toute autre personne est par les présentes avisée qu'il lui est strictement interdit de diffuser, distribuer ou reproduire ce message. Si vous avez reçu cette communication par erreur, veuillez la détruire immédiatement et en aviser l'expéditeur. Merci.

6 years, 10 months

2
2
0 / 0

keycloak and External IDP

by vandana thota

Hello Friends, I'm trying to configure the Single Sign on for the application which We deployed on wildfly instance by using keycloak and external Identity provider (OKTA) In first screen shot entered into external IDP with the credentials and clicked on the app which we configured in IDP and it re-directing to sorry page of keycloak. Instead of sorry page what needs to be come there ? is that 1 application which we deployed on wildfly instance or anything else to be show up there ? and how to make it possible to show what ever the desired thing to be . Can any one able to figure it out why its showing this . Also we are using keycloak final 4.0.0.0 and wildfly 11 final . PFA. Thanks, Vandana

6 years, 10 months

2
2
0 / 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

keycloak-user July 2018