May 2019 - keycloak-user - Jboss List Archives

by Konstantinos Schoinas

Hi there, i have a setup where i use a node js application and Keycloak-connect NPM module in order to align it with keycloak single-sign on flow. Everything is working fine except of one thing. When my refresh token is expired and i am trying to access a resource in application that is protected by keycloak.protect() i am getting a redirect to keycloak page (a flow that i find it correct ) and my user is automatically getting re-logged in without posting any credentials. i don;t know if that behavior is right. My Keycloak Realm-Settings on Token tab are: Revoke Refresh Token --> Off SSO Session idle --> 2 minutes SSO Session Max --> 4 minutes Access Token Lifespan --> 1 minute I also noticed this type of behavior on the nodejs-example that keycloak connect provides so i believe that there isn't something wrong with my application. Also i put some logs inside keycloak-middleware to make sure that the refresh Token is expired by going to the relative function and made sure that the refresh is expired. In addition this is happening of course when the 2 minutes are past and i am trying to do a request to the Refresh token is definetly getting expired there but still Keycloak seems to getting me logged in again and NOT redirecting me to the Login page. Thanks in Advance for the help, Konstantinos

5 years, 7 months

1
0
0 / 0

join

by Konstantinos Schoinas

5 years, 7 months

1
0
0 / 0

LinkedIn identity provider no longer working

by Tim Dudgeon

Since May 1 the v1.0 OIDC API at LinkedIn is no longer available. This was handled in this issue [1] and associated PR [2] where the v2.0 API at LinkedIn was used instead. From the timing of the merge it looks like this would first have appeared in Keycloak version 4.0.0. For people still running older versions of Keycloak are there any ways of using the v2.0 API at Linked in or is that IdP essentially broken for ever? [1] https://issues.jboss.org/browse/KEYCLOAK-6849 [2] https://github.com/keycloak/keycloak/pull/5125

5 years, 7 months

1
0
0 / 0

Getting compile errors related to BouncyCastle.

by Harold Roussel

Hello, I'm trying to compile the project with Maven on the command line. I'm getting errors like the following, [ERROR] /c:/data/projects/keycloak-master/common/src/main/java/org/keycloak/common/util/OCSPUtils.java:[230,41] no suitable constructor found for Extension(org.bouncycastle.asn1.DERObjectIdentifier,boolean,org.bouncycastle.asn1.DEROctetString) constructor org.bouncycastle.asn1.x509.Extension.Extension(org.bouncycastle.asn1.ASN1ObjectIdentifier,org.bouncycastle.asn1.ASN1Boolean,org.bouncycastle.asn1.ASN1OctetString) is not applicable (argument mismatch; org.bouncycastle.asn1.DERObjectIdentifier cannot be converted to org.bouncycastle.asn1.ASN1ObjectIdentifier) constructor org.bouncycastle.asn1.x509.Extension.Extension(org.bouncycastle.asn1.ASN1ObjectIdentifier,boolean,byte[]) is not applicable (argument mismatch; org.bouncycastle.asn1.DERObjectIdentifier cannot be converted to org.bouncycastle.asn1.ASN1ObjectIdentifier) constructor org.bouncycastle.asn1.x509.Extension.Extension(org.bouncycastle.asn1.ASN1ObjectIdentifier,boolean,org.bouncycastle.asn1.ASN1OctetString) is not applicable (argument mismatch; org.bouncycastle.asn1.DERObjectIdentifier cannot be converted to org.bouncycastle.asn1.ASN1ObjectIdentifier) [ERROR] /c:/data/projects/keycloak-master/common/src/main/java/org/keycloak/common/util/OCSPUtils.java:[320,72] cannot find symbol symbol: method toASN1Primitive() location: class org.bouncycastle.cert.ocsp.RespID My Maven version is 3.3.9. Using JDK 1.8.0_172. I have the latest source for Keycloak (downloaded this morning). Any help would be appreciated. Thanks. Harold --- L'absence de virus dans ce courrier électronique a été vérifiée par le logiciel antivirus Avast. https://www.avast.com/antivirus

5 years, 7 months

2
1
0 / 0

enabling token exchange between multiple relams

by Madhu

Hi, I have a weird use case where i am running 3 keycloaks different keycloak instances, i have same a common set of users in all the 3 instances, and i want token minted from one keycloak instance to be honored in another, i.e. if i log in to keycloak 1 and get a bearer token, i want this token to be valid in keycloak 2 and keycloak 3, is there a way to achieve this, i refered the token exchange links (internal to external) ,but what i am not sure is, how should i invoke the 2nd keycloak instance ( should a bearer token alone is sufficient, or do i need to pass additional parameters in the post). I generally use the keycloakResttemplate for any invocation, will keycloakresttemplate be able to handle token exchange cases as well? RegardsMadhu

5 years, 7 months

1
0
0 / 0

Keycloak 6.0.1 released

by Stian Thorgersen

https://www.keycloak.org/2019/04/keycloak-601-released.html

5 years, 7 months

2
3
0 / 0

OIDC-IDP: dont want username to equal email

by bob sheknowdas

Hi, I've written a custom OIDC-Provider and connected it to keycloak. After the first login in via my provider, the user gets asked to enter a username, email, first name and last name. When sending no 'email' claim, the username is prefilled with what is in the 'sub' claim. But when sending an 'email' claim, the username is prefilled with the email. How can I prefill the username with something else than my email, while also sending an 'email' claim? So far I've tried sending a 'name', a 'username' and a 'preferred_username' claim - no success. I figured out that the IdpReviewProfileAuthenticator checks for isRegistrationEmailAsUsername(). So I've deactivated "Login with email" in my realm settings - no success. Is there any way for keycloak to not use the 'email' claim for the username? Best Bob

5 years, 7 months

1
0
0 / 0

How to change subject of mail

by Christophe Lehingue

Hello, For customization "themes / base / email / html / email-verification.ftl". When sending the email to the user concerned: I would like to change the title / subject of the email. Do you know how I could do it? Thank you.

5 years, 7 months

2
1
0 / 0

add user.username on email-verification.ftl file ?????

by Christophe Lehingue

Hello, I would like to add the nominative information in the template "themes / base / email / html / email-verification.ftl". I would like to make the user's name appear, but it does not work. I do this: I add this tag "$ {(user.username!") "in this file, but nothing appears. Do you know how I could do it? Thank you. ==== In FR ====== Bonjour, Je souhaiterais ajouter les informations nominatives dans le template "themes / base / email / html / email-verification.ftl". Je souhaiterais faire paraître le nom de l'utilisateur, mais cela ne fonctionne pas. je fais ainsi : j'ajoute cette balise "${(user.username!'')" dans ce fichier, mais rien n'apparait. Savez-vous comment je pourrais faire ? Merci à vous.

5 years, 7 months

2
1
0 / 0

Status of PolicyProvider SPI for authorization

by Vegard Vaage

Hi! I have two similar use cases that both would benefit from the policy provider SPI. In one use case there's an external authorization service with its own database that I'd like to keep, but I'd also like to use Keycloak as a frontend to get a standardized way of performing authorization. One way to achieve this would be to write a custom policy provider SPI that fetches what it needs from the external database. Similarly there's another datastore that has authorization information in a non-relational database, that I'd also like to be able to use to make authorization decisions. 1. Before I go any further down this path - according to KEYCLOAK-4901<https://issues.jboss.org/browse/KEYCLOAK-4901> the policy provider SPI is supported now, but I can't find anything in the official docs. Is it (still) supported? Best regards, Vegard

5 years, 7 months

2
1
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

keycloak-user May 2019