October 2019 - keycloak-user - Jboss List Archives

by Corentin Dupont

Hi again, I also noticed that in my React app, when I hit the "back" button, a new token exchange happens, and page refresh. A URL similar to this one is briefly displayed: https://auth.website.org.uk/auth/realms/saturn/protocol/openid-connect/au... And then the page is reloaded from scratch. Any idea? Thanks Corentin

4 years, 7 months

1
0
0 / 0

multiple reset credentials flows

by Arnault BESNARD

Hi, We're currently developing our own SPI authenticator. In case of authentication failure, we'd like allowing users to reset their credential following a specific scenario. Unfortunately, there is only one reset credentials flow per realm. So 'forgot password' and our SPI reset credential have to share the same scenario, which is not fit in our case. What is the best way to solve our issue? Thanks in advance, Arnault

4 years, 7 months

1
2
0 / 0

Lookup user by federated identity email?

by Jeffrey Sambells

I have a Keycloak instance set up with users who can login via Google, Twitter, etc. I have another separate service (not Keycloak) that also allows login via Google. I’m trying to associate the users from one service to the others. From this other service I can get the email associated with the Google account. Is it possible to locate search for the Keycloak user that has the identical email address in their federated Google identity? I don’t want to look up using the Keycloak specific email as it may be different from the email associated with the federated identity. Ideally I’m looking to do this via the REST api but didn’t see an appropriate endpoint. Thanks, Jeffrey

4 years, 7 months

1
0
0 / 0

Keycloak quickstart not working

by Alfonso Vidal García

I used this example from Keycloak Quickstarts to do a little test from my Keycloak server and see if works. https://github.com/keycloak/keycloak-quickstarts/tree/latest/app-authz-sp... For me it's not working, where each time than I try to connect it through the browser returns an Error 404. I have this configuration in the application.properties: server.port = 38080 keycloak.realm=FocusocKeycloak keycloak.auth-server-url=http://localhost:8080/auth keycloak.ssl-required=external keycloak.resource=login-provider-web keycloak.public-client=false keycloak.credentials.secret=secret keycloak.securityConstraints[0].authRoles[0] = user keycloak.securityConstraints[0].securityCollections[0].name = protected keycloak.securityConstraints[0].securityCollections[0].patterns[0] = /* # Turn off the logs logging.level.root=OFF logging.level.org.springframework.boot=OFF spring.main.banner-mode=OFF And in the keycloak.json is this, { "realm": "FocusocKeycloak", "auth-server-url": "http://127.0.0.1:8080/auth", "ssl-required": "external", "resource": "login-app", "verify-token-audience": true, "credentials": { "secret": "145ca6f7-19c8-4478-b092-ba685a52d985" }, "use-resource-role-mappings": true, "confidential-port": 0 } Am I wrong with anything? Or am I missing anything? I didn't change any further configuration in the project downloaded from github. P Please consider the environment before printing this e-mail.

4 years, 7 months

1
0
0 / 0

New user forum

by Stian Thorgersen

We appreciate that not everyone loves mailing lists, so we decide to start a new forum where you can ask for help. Check it out at https://keycloak.discourse.group/ A big benefit of the forum compared to the mailing list is that we can hopefully over time build up a great resources with already asked questions.

4 years, 7 months

1
0
0 / 0

Docker container, why use a passworded source image?

by Max Allan

Hi, I'm building my own keycloak container with theme etc. built in (because to run in AWS ECS attaching volumes with the theme is not really possible and I will need some other code mods later). I notice the source OS has recently changed from a jboss image to RHEL's ubi8-minimal. Which is fine, except that it pulls the image from a repo that requires authentication, which is a bit annoying. Not only do you need auth, but your account needs a "subscription". Anyone got an idea of the rationale behind using the " registry.redhat.io/ubi8-minimal" instead of " registry.access.redhat.com/ubi8-minimal" which doesn't need any authentication? It seems like an extra speed bump in the way for absolutely no reason to me!

4 years, 7 months

2
3
0 / 0

Does Keycloak support access control for SAML clients?

by Pavel Zinchenko

I configured a client that uses a SAML protocol. I have a lot of users imported from LDAP. Now I was faced with the need to control access to the SAML client, but did not find out how to configure it. Does Keycloak support access control for SAML clients? If does, then could someone help me find the documentation for the settings?

4 years, 7 months

1
0
0 / 0

keycloak-quickstart not working

by Alfonso Vidal García

Hello everyone! I am trying to deploy a keycloak-quickstart, the app-authz-spring-security one, modified with my parameters but I can't access to the app through the browser, it always give me the 404 error NOT FOUND. I have the application.properties like this: server.port = 38080 keycloak.realm=FocusocKeycloak keycloak.auth-server-url=http://localhost:8080/auth keycloak.ssl-required=external keycloak.resource=login-provider-web keycloak.public-client=false keycloak.credentials.secret=secret keycloak.securityConstraints[0].authRoles[0] = user keycloak.securityConstraints[0].securityCollections[0].name = protected keycloak.securityConstraints[0].securityCollections[0].patterns[0] = /* # Turn off the logs logging.level.root=OFF logging.level.org.springframework.boot=OFF spring.main.banner-mode=OFF And the keycloak.json { "realm": "FocusocKeycloak", "auth-server-url": "http://127.0.0.1:8080/auth", "ssl-required": "external", "resource": "login-app", "verify-token-audience": true, "credentials": { "secret": "145ca6f7-19c8-4478-b092-ba685a52d985" }, "use-resource-role-mappings": true, "confidential-port": 0 } It is the only thing that I modified. Any suggestion? Thanks in advance! P Please consider the environment before printing this e-mail.

4 years, 7 months

1
0
0 / 0

Database problems running a clustered multi-site keycloak on MariaDB

by Doswald Alistair

Hello, We're running into some important errors when running a keycloak on a multi-site cluster with MariaDB as our multi-master database. We have a setup similar to https://www.keycloak.org/docs/latest/server_installation/index.html#cross..., with keycloak 7.0.0 and MariaDB 10.1.37. Each site will write to its own database cluster, and we thought that MariaDB would handle the replication and transactions correctly. It works well, until we get the following types of errors on the database, and then everything crashes: 2019-10-03 14:09:46 140205469263616 [ERROR] Slave SQL: Could not execute Delete_rows_v1 event on table cloudtrust-int-keycloak.EVENT_ENTITY; Can't find record in 'EVENT_ENTITY', Error_code: 1032; handler error HA_ERR_KEY_NOT_FOUND; the event's master log FIRST, end_log_pos 883, Internal MariaDB error code: 1032 2019-10-03 14:09:46 140205469263616 [Warning] WSREP: RBR event 2 Delete_rows_v1 apply warning: 120, 591931 2019-10-03 14:09:46 140205469263616 [Warning] WSREP: Failed to apply app buffer: seqno: 591931, status: 1 at galera/src/trx_handle.cpp:apply():351 Retrying 4th time 2019-10-03 14:09:46 140205469263616 [ERROR] Slave SQL: Could not execute Delete_rows_v1 event on table cloudtrust-int-keycloak.EVENT_ENTITY; Can't find record in 'EVENT_ENTITY', Error_code: 1032; handler error HA_ERR_KEY_NOT_FOUND; the event's master log FIRST, end_log_pos 883, Internal MariaDB error code: 1032 2019-10-03 14:09:46 140205469263616 [Warning] WSREP: RBR event 2 Delete_rows_v1 apply warning: 120, 591931 2019-10-03 14:09:46 140205469263616 [ERROR] WSREP: Failed to apply trx: source: 4f98589f-e5bd-11e9-9eb9-12b92fd5aeef version: 3 local: 0 state: APPLYING flags: 1 conn_id: 395 trx_id: 991166 seqnos (l: 18625, g: 591931, s: 591930, d: 584704, ts: 31567167461519) 2019-10-03 14:09:46 140205469263616 [ERROR] WSREP: Failed to apply trx 591931 4 times 2019-10-03 14:09:46 140205469263616 [ERROR] WSREP: Node consistency compromized, aborting... ..................... >From our analysis, it seems that a transaction was not able to be replayed, which caused the database to shutdown to protect consistency. This can seem to happen with race conditions from multiple writes. Looking into it we found in the following document https://galeracluster.com/library/kb/trouble/multi-master-conflicts.html this passage "When two transactions are conflicting, the later of the two is rolled back by the cluster. The client application registers this rollback as a deadlock error. Ideally, the client application should retry the deadlocked transaction. However, not all client applications have this logic built in." Does anyone else have a similar setup? If yes, have you encountered this problem? Is there a known resolution? Best regards, Alistair Doswald

4 years, 7 months

2
2
0 / 0

add configuration options to an EventListenerProvider

by Matthieu Huin

Hello, I'm working on this MQTT-based event listener: https://github.com/mhuin/keycloak-event-listener-mqtt and I would like to have the possibility to add configuration options for this provider in the standalone.xml file. Could anyone point me to documentation or examples if this is possible at all? Thanks, -- Matthieu Huin Senior Software Developper Red Hat <https://www.redhat.com> <https://red.ht/sig>

4 years, 7 months

2
2
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

keycloak-user October 2019