Re: [keycloak-user] keycloak configuration

Contributions are always welcome! On 3/24/2016 10:31 AM, Jason Axley wrote: +1 on the API documentation. I’d prefer a Swagger interface with collapsable sections and the ability to execute the API in the browser for testing. Additionally, you can now integrate with Postman by importing everything as a Postman collection via a Run in Postman button — would also be very useful. You can just import the Swagger or RAML file to create the Postman collection. -Jason From: < <keycloak-user-bounces(a)lists.jboss.org&gt; keycloak-user-bounces(a)lists.jboss.org&gt; on behalf of Guus der Kinderen < guus.der.kinderen(a)gmail.com&gt; Date: Thursday, March 24, 2016 at 6:54 AM To: Bill Burke < <bburke@redhat.com&gt;bburke(a)redhat.com&gt; Cc: " <keycloak-user@lists.jboss.org&gt;keycloak-user(a)lists.jboss.org&quot; < keycloak-user(a)lists.jboss.org&gt; Subject: Re: [keycloak-user] keycloak configuration I signed up to the mailinglist at a time that this thread was already underway. I didn't read back to find out what the original question was, and given the tone of the responses I am not going to either, but, as for for the call for specific improvements: I've got two: - It would be helpful if the section on JAAS integration would contain a very short example of a configuration file, and a java snippet that shows how to instantiate a LoginContext based on that. I was unfamiliar with JAAS and was struggling to put one and one together. I think the above could be done in ten lines or so, so it's relatively small, but would be a good illustrative example for the likes of me. - The REST endpoint documentation lacks structure (grouping), which makes it hard to navigate. Improving on that would be a simple as grouping each piece of documentation by its resource path. $0.02 - Guus On 24 March 2016 at 14:25, Bill Burke <bburke(a)redhat.com&gt; wrote: > documentation hasn't received any love for more than a year. Screencasts > are even more out of date. The good news is that myself and the red hat > documentation team is scheduled to focus on docs and screencasts the month > of April. Up until a few months ago, we were just an open source > community. Now that the Red Hat machine is getting behind us, areas like > documentation should start to be improved. > > BTW, If you want help, we need more than just "it doesn't work, your > documentation sucks". Walking us through the problem helps us improve > error messages, general usability, and documentation. Threatening us > doesn't really help as you are just as likely to get ignored. > > On 3/24/2016 4:56 AM, Stian Thorgersen wrote: > > Firstly, that's not FreeIPA (community project) documentation, but Red > Hat Identity Management documentation (product). The FreeIPA documentation > is https://www.freeipa.org/page/Documentation. > > Secondly, just stating that our documentation is bad and pointing to some > better documentation doesn't give us anything to go on. We would like to > give a good experience and I would be very interested in knowing exactly > what documentation you are lacking, hard to understand or whatever other > issues you may have with the documentation. Help us to help you ;) > > Finally we know the documentation is not as good as it could be and are > planning to improve it in the not to distant future. So input from users > would be valuable. > > On 23 March 2016 at 11:32, Pavlos Kleanthous < <parsectix(a)gmail.com&gt; > parsectix(a)gmail.com&gt; wrote: > >> Just compare the documentation from another redhat product FreeIPA >> <https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/... >> >> I have read this documentation and setup/configure IPA server very easy. >> >> Keycloak's current documentation looks like more as a developers manual >> to me. >> >> >> On Tue, Mar 22, 2016 at 4:29 PM, Stian Thorgersen <sthorger(a)redhat.com&gt; >> wrote: >> >>> Could you elaborate on what is missing from the documentation? That >>> would be helpful. >>> On 22 Mar 2016 12:05, "Pavlos Kleanthous" < <parsectix(a)gmail.com&gt; >>> parsectix(a)gmail.com&gt; wrote: >>> >>>> Dear all, >>>> >>>> I dropped the project at the moment. The lack of documentation is too >>>> time consuming. >>>> >>>> Hope that soon keycloak will have it. >>>> >>>> >>>> On Fri, Mar 18, 2016 at 1:52 PM, Stian Thorgersen < >>>> <sthorger@redhat.com&gt;sthorger(a)redhat.com&gt; wrote: >>>> >>>>> What adapter? Is the server and client adapter both 1.9.1? We did >>>>> recently deprecate some OIDC endpoints. I think ../login is gone and it >>>>> should be ../auth. So if you are using an old adapter that may be the issue. >>>>> On 18 Mar 2016 2:20 p.m., "Pavlos Kleanthous" < <parsectix(a)gmail.com&gt; >>>>> parsectix(a)gmail.com&gt; wrote: >>>>> >>>>>> Yours. >>>>>> >>>>>> I configured the realm with the same settings on both versions >>>>>> 1.9.1 and 1.8.1. >>>>>> >>>>>> >>>>>> On Fri, Mar 18, 2016 at 11:58 AM, Stian Thorgersen < >>>>>> <sthorger@redhat.com&gt;sthorger(a)redhat.com&gt; wrote: >>>>>> >>>>>>> Client ID has nothing to do with this issue as it would show an >>>>>>> login error page not a not found. So must be either realm name or another >>>>>>> part of URL is wrong. >>>>>>> >>>>>>> Are you using our adapters or another library atm? >>>>>>> >>>>>>> I'm answering on my phone on the plane so can't look into it more >>>>>>> atm. >>>>>>> On 17 Mar 2016 10:00, "Pavlos Kleanthous" < <parsectix(a)gmail.com&gt; >>>>>>> parsectix(a)gmail.com&gt; wrote: >>>>>>> >>>>>>>> Hi, >>>>>>>> >>>>>>>> In jenkins, I'm pasting the JSON configuration that it can found >>>>>>>> inside "Installation" tab. >>>>>>>> >>>>>>>> Instead of using keycloak client plugins, can I use a generic >>>>>>>> oauth plugin in my apps? How can I configure my keycloak for this? >>>>>>>> i.e. Instead of using google's oauth URL use my own pointing to >>>>>>>> keycloak. >>>>>>>> >>>>>>>> >>>>>>>> On Wed, Mar 16, 2016 at 1:29 PM, Marko Strukelj < >>>>>>>> <mstrukel@redhat.com&gt;mstrukel(a)redhat.com&gt; wrote: >>>>>>>> >>>>>>>>> In your jenkins realm - under Clients do you have a client called >>>>>>>>> 'ci'? That's the client_id used in your request. >>>>>>>>> >>>>>>>>> AFAIK nothing changed in this part of the code since 1.8.1. >>>>>>>>> On Mar 16, 2016 12:04 PM, "Pavlos Kleanthous" < >>>>>>>>> <parsectix@gmail.com&gt;parsectix(a)gmail.com&gt; wrote: >>>>>>>>> >>>>>>>>>> yes I can. >>>>>>>>>> >>>>>>>>>> Please note that this is a problem of version 1.9.1. >>>>>>>>>> I have tried now version 1.8.1 and it redirect me to keycloak. >>>>>>>>>> >>>>>>>>>> p.s. I'm using the official containers from docker hub. >>>>>>>>>> >>>>>>>>>> On Wed, Mar 16, 2016 at 10:56 AM, Marko Strukelj < >>>>>>>>>> <mstrukel@redhat.com&gt;mstrukel(a)redhat.com&gt; wrote: >>>>>>>>>> >>>>>>>>>>> Are you able to login into admin console at: >>>>>>>>>>> <http://192.168.99.100:32786/auth> >>>>>>>>>>> http://192.168.99.100:32786/auth >>>>>>>>>>> >>>>>>>>>>> And you see the realm called 'jenkins' there? >>>>>>>>>>> On Mar 16, 2016 11:32 AM, "Pavlos Kleanthous" < >>>>>>>>>>> <parsectix@gmail.com&gt;parsectix(a)gmail.com&gt; wrote: >>>>>>>>>>> >>>>>>>>>>>> Hi guys adding to this. Please see the HTTP requests and >>>>>>>>>>>> responses. >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> 1. Request URL: >>>>>>>>>>>> >>>>>>>>>>>> http://192.168.99.100:32769/securityRealm/commenceLogin?from=%2F >>>>>>>>>>>> 2. Request Method: >>>>>>>>>>>> GET >>>>>>>>>>>> 3. Status Code: >>>>>>>>>>>> 302 Found >>>>>>>>>>>> 4. Remote Address: >>>>>>>>>>>> 192.168.99.100:32769 >>>>>>>>>>>> 1. Response Headersview source >>>>>>>>>>>> 1. Content-Length: >>>>>>>>>>>> 0 >>>>>>>>>>>> 2. Location: >>>>>>>>>>>> >>>>>>>>>>>> http://192.168.99.100:32786/auth/realms/jenkins/protocol/openid-connect/l... >>>>>>>>>>>> 3. Server: >>>>>>>>>>>> Jetty(winstone-2.9) >>>>>>>>>>>> 4. X-Content-Type-Options: >>>>>>>>>>>> nosniff >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> 1. Request URL: >>>>>>>>>>>> >>>>>>>>>>>> http://192.168.99.100:32786/auth/realms/jenkins/protocol/openid-connect/l... >>>>>>>>>>>> 2. Request Method: >>>>>>>>>>>> GET >>>>>>>>>>>> 3. Status Code: >>>>>>>>>>>> *404 Not Found* >>>>>>>>>>>> 4. Remote Address: >>>>>>>>>>>> 192.168.99.100:32786 >>>>>>>>>>>> 1. Response Headersview source >>>>>>>>>>>> 1. Connection: >>>>>>>>>>>> keep-alive >>>>>>>>>>>> 2. Content-Length: >>>>>>>>>>>> 0 >>>>>>>>>>>> 3. Date: >>>>>>>>>>>> Wed, 16 Mar 2016 10:30:40 GMT >>>>>>>>>>>> 4. Server: >>>>>>>>>>>> WildFly/10 >>>>>>>>>>>> 5. X-Powered-By: >>>>>>>>>>>> Undertow/1 >>>>>>>>>>>> 2. Request Headersview source >>>>>>>>>>>> 1. Accept: >>>>>>>>>>>> >>>>>>>>>>>> text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 >>>>>>>>>>>> 2. Accept-Encoding: >>>>>>>>>>>> gzip, deflate, sdch >>>>>>>>>>>> 3. Accept-Language: >>>>>>>>>>>> en-US,en;q=0.8,el;q=0.6 >>>>>>>>>>>> 4. Connection: >>>>>>>>>>>> keep-alive >>>>>>>>>>>> 5. Cookie: >>>>>>>>>>>> KEYCLOAK_STATE_CHECKER=VJrM9jv37wPkh_NmI101cofXzDzfVqK-MNEmt9V5Hic; >>>>>>>>>>>> KC_RESTART=eyJhbGciOiJIUzI1NiJ9.eyJjcyI6IjhlYWY3ZjM2LWZhOGMtNGFiZi04ZDQ0LWVlN2RlODI0ZmE2NyIsImNpZCI6ImFjY291bnQiLCJwdHkiOiJvcGVuaWQtY29ubmVjdCIsInJ1cmkiOiJodHRwOi8vMTkyLjE2OC45OS4xMDA6MzI3ODYvYXV0aC9yZWFsbXMvamVua2lucy9hY2NvdW50L2xvZ2luLXJlZGlyZWN0IiwiYWN0IjoiQVVUSEVOVElDQVRFIiwibm90ZXMiOnsiYWN0aW9uX2tleSI6IjIyMGExNzllLWM1OGQtNDAyOS1hMmIwLTQ5MmI3MTVkMWI3ZiIsImF1dGhfdHlwZSI6ImNvZGUiLCJpc3MiOiJodHRwOi8vMTkyLjE2OC45OS4xMDA6MzI3ODYvYXV0aC9yZWFsbXMvamVua2lucyIsInJlc3BvbnNlX3R5cGUiOiJjb2RlIiwicmVkaXJlY3RfdXJpIjoiaHR0cDovLzE5Mi4xNjguOTkuMTAwOjMyNzg2L2F1dGgvcmVhbG1zL2plbmtpbnMvYWNjb3VudC9sb2dpbi1yZWRpcmVjdCIsInN0YXRlIjoiMC8zMjFhMDk0Zi03ODYwLTRkOTAtOWU4Yy1iMmM5ZmFkYWVjZmIifX0.QAucuHQLj_-5s3dgnFaxDeni! >>>>>>>>>>>> gQ9FnaP6 DEyOvd8v2Yo; >>>>>>>>>>>> KEYCLOAK_IDENTITY=eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiJmYjc3NDc0NS1jNDA4LTQ5ODctYjE2My03NWFiNTc1YmYzYTMiLCJleHAiOjE0NTgxNTczNDcsIm5iZiI6MCwiaWF0IjoxNDU4MTIxMzQ3LCJpc3MiOiJodHRwOi8vMTkyLjE2OC45OS4xMDA6MzI3ODYvYXV0aC9yZWFsbXMvamVua2lucyIsInN1YiI6ImM1ZWU4OGQ2LTE1Y2MtNDMwOS1hMjdjLTBmYjAwMmI2NDA2YiIsInNlc3Npb25fc3RhdGUiOiJkMDkxYzNkMi04YzQ0LTQyMTEtYWEyNi1lM2Y3ZmRhY2I1YWUiLCJyZXNvdXJjZV9hY2Nlc3MiOnt9fQ.a2A3wZ6-VSAErHebIuV1maEEHYknzB7eiiogT03Ab6t_d95bj8FDNl5YrDrS6hoJqgJXQrGYdp5xurb8zcEQIUCnwxFs1Kh62UtMytYyyaDyJEfQeJf8o2QSZdyAs_OZHDtPeY8qVbVvJkttQ_umsiQMPUmi9ADKeLE-nqq5T9fuo29WMEf9SFiEwJJE4ya3-Ut8NPa5iG-TbxSmDrDRGJXNrCuN2stOuYNHXwWRVd7DckZS0ZOB-ReQQM9NBMw-gDjaEv_0_2oG-whv1dQKpGlrQObNL9sNqvV_PgIEUgRGB6sn2U1zFnwao-bwxYIYXbXqiIaiLC9ObnqYCuYVtg; >>>>>>>>>>>> KEYCLOAK_SESSION=jenkins/c5ee88d6-15cc-4309-a27c-0fb002b6406b/d091c3d2-8c44-4211-aa26-e3f7fdacb5ae; >>>>>>>>>>>> JSESSIONID.96a98541=1a8t1iio7w9ol14h8gslmkjvr4; screenResolution=1920x1080 >>>>>>>>>>>> 6. DNT: >>>>>>>>>>>> 1 >>>>>>>>>>>> 7. Host: >>>>>>>>>>>> 192.168.99.100:32786 >>>>>>>>>>>> 8. Referer: >>>>>>>>>>>> http://192.168.99.100:32769/ >>>>>>>>>>>> 9. Save-Data: >>>>>>>>>>>> on >>>>>>>>>>>> 10. Upgrade-Insecure-Requests: >>>>>>>>>>>> 1 >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>> On Tue, Mar 15, 2016 at 4:26 PM, Pavlos Kleanthous < >>>>>>>>>>> <parsectix@gmail.com&gt;parsectix(a)gmail.com&gt; wrote: >>>>>>>>>>> >>>>>>>>>>>> Thanks for pointing this out. I think it does not matter as >>>>>>>>>>>> the same name can be found in "Installation" tab where >>>>>>>>>>>> I copied the configuration. >>>>>>>>>>>> >>>>>>>>>>>> On Tue, Mar 15, 2016 at 4:21 PM, Marko Strukelj < >>>>>>>>>>>> <mstrukel@redhat.com&gt;mstrukel(a)redhat.com&gt; wrote: >>>>>>>>>>>> >>>>>>>>>>>>> Looks like you mistyped your client id: 'jenknis'. >>>>>>>>>>>>> On Mar 15, 2016 5:19 PM, "Pavlos Kleanthous" < >>>>>>>>>>>>> <parsectix@gmail.com&gt;parsectix(a)gmail.com&gt; wrote: >>>>>>>>>>>>> >>>>>>>>>>>>>> Hello, >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> I'm trying to configure keycloak for first time. My setup >>>>>>>>>>>>>> has 2 containers keycloak and jenkins. >>>>>>>>>>>>>> Following the example how to integrate those two, I created >>>>>>>>>>>>>> a realm and a client called "jenkins". >>>>>>>>>>>>>> >>>>>>>>>>>>>> It seams that the realm configuration it's not correct as I >>>>>>>>>>>>>> get the following debug error. >>>>>>>>>>>>>> "15:47:55,791 ERROR [org.jboss.resteasy.resteasy_jaxrs.i18n] >>>>>>>>>>>>>> (default task-12) RESTEASY002010: Failed to execute: >>>>>>>>>>>>>> javax.ws.rs.NotFoundException: RESTEASY003210: Could not find resource for >>>>>>>>>>>>>> full path: >>>>>>>>>>>>>> <http://192.168.99.100:32786/auth/realms/ci/protocol/openid-connect/login?... >>>>>>>>>>>>>> <http://192.168.99.100:32786/auth/realms/ci/protocol/openid-connect/login?... >>>>>>>>>>>>>> http://192.168.99.100:32786/auth/realms/ci/protocol/openid-connect/login?... >>>>>>>>>>>>>> " >>>>>>>>>>>>>> >>>>>>>>>>>>>> I noticed that " >>>>>>>>>>>>>> <http://192.168.99.100:32786/auth/realms/ci/protocol/openid-connect> >>>>>>>>>>>>>> http://192.168.99.100:32786/auth/realms/ci/protocol/openid-connect" >>>>>>>>>>>>>> does not work generally. The URL ending with "/auth/realms/ci/account" it >>>>>>>>>>>>>> works. >>>>>>>>>>>>>> >>>>>>>>>>>>>> if I access the URL: >>>>>>>>>>>>>> <http://192.168.99.100:32786/auth/realms/ci> >>>>>>>>>>>>>> <http://192.168.99.100:32786/auth/realms/ci> >>>>>>>>>>>>>> http://192.168.99.100:32786/auth/realms/ci >>>>>>>>>>>>>> >>>>>>>>>>>>>> {"realm":"ci","public_key":"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj0IQoyEf8wt4ZkD0Jf6t8ppM4MVtiR+QJkaWctQvYRPeg9HGBHLDcsnQnpQ+zZ6Rl5sn5CArqcEygpALpglUiiGdSuH8X0VwfATpWB/0KBwylPJ7CJObDiKoBD7ZMjR67IRa9e8ySdbbCb/Ehapk9SkDfAU7dgHscEkVMuHWUilSpGrqUPPMX9dl6rpIZGX/87DxuHGi4e3d9RYrvKS6wliZF+Pvar5A48OmmklTIpPoPr4NXyQx7a1gsk3VjHLtK2NBLcbMVY+juJTCxa2reukl0eMGVITYFyQgQrXtCyDh18M3TTyFQsS3H2+dLcUdob8r1f973HHXaOUDiD7TrwIDAQAB","token-service":"http://192.168.99.100:32786/auth/realms/ci/protocol/openid-connect","account-service":"http://192.168.99.1! >>>>>>>>>>>>>> 00:32786 >>>>>>>>>>>>>> /auth/realms/ci/account","admin-api":"http://192.168.99.100:32786/auth/admin","tokens-not-before":0} >>>>>>>>>>>>>> >>>>>>>>>>>>>> Can you help how to find the problem ? >>>>>>>>>>>>>> >>>>>>>>>>>>>> p.s. is there any other way to find help on those matters? >>>>>>>>>>>>>> Tried IRC but nobody is replying there... >>>>>>>>>>>>>> >>>>>>>>>>>>>> Thank you >>>>>>>>>>>>>> >>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>> keycloak-user mailing list >>>>>>>>>>>>>> <keycloak-user@lists.jboss.org&gt;keycloak-user(a)lists.jboss.org >>>>>>>>>>>>>> <https://lists.jboss.org/mailman/listinfo/keycloak-user> >>>>>>>>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user >>>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> keycloak-user mailing list >>>>>> <keycloak-user@lists.jboss.org&gt;keycloak-user(a)lists.jboss.org >>>>>> <https://lists.jboss.org/mailman/listinfo/keycloak-user> >>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user >>>>>> >>>>> >>>> >> _______________________________________________ keycloak-user mailing listkeycloak-user@lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-user -- Bill Burke JBoss, a division of Red Hathttp://bill.burkecentral.com _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user -- Bill Burke JBoss, a division of Red Hathttp://bill.burkecentral.com _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user