10:54 p.m.
Hello,
I was using Fedora 29 with Keycloak, FreeIPA and sssd on the same machine.
After upgrading to Fedora 30. All service can start normally but sssd
federation is not loaded when Keycloak is started. It is missing from the
list for user federation. It only have LDAP and Kerberos authentication to
choose from.
On the problem local machine, I can run "sssctl user-checks admin -s
keycloak" without problem.
Any help would be appreciated, thanks.
Patrick
10:30 p.m.
Hi Patrick, sssctl user-checks will help you to make sure that
everything is working as expected for SSSD. Although, the communication
between Keycloak and SSSD happens over DBus and we rely on other
packages like described here[1]. Some troubleshooting might be
necessary. I'd try dbus-send and pamtester to validate the setup.
Another thing that might be helpful is to isolate the problem. I'd
recommend to try Fedora 29 + Keycloak 4.3 and later Fedora 30 + Keycloak
4.3.
[1] - https://www.keycloak.org/docs/latest/server_admin/index.html#_sssd
On 2019-05-12, Patrick Dung wrote:
Hello,
I was using Fedora 29 with Keycloak, FreeIPA and sssd on the same machine.
After upgrading to Fedora 30. All service can start normally but sssd
federation is not loaded when Keycloak is started. It is missing from the
list for user federation. It only have LDAP and Kerberos authentication to
choose from.
On the problem local machine, I can run "sssctl user-checks admin -s
keycloak" without problem.
Any help would be appreciated, thanks.
Patrick
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
abstractj
8:59 p.m.
Hi Bruno,
When I run dbus-send, it returned the correct group of a IPA user:
$ sudo dbus-send --print-reply --system
--dest=org.freedesktop.sssd.infopipe /org/freedesktop/sssd/infopipe
org.freedesktop.sssd.infopipe.GetUserGroups string:user1
method return time=1558205517.749921 sender=:1.18 -> destination=:1.50475
serial=8 reply_serial=2
array [
string "ipausers"
]
It also passed pamtester:
# pamtester keycloak user1 authenticate
Password:
pamtester: successfully authenticated
I had no problem using the sssd federation in keycloak 4.3 with Fedora 29.
It only have problem after I upgraded to Fedora 30. There are no changes
for the keycloak 4.3 application server.
Please note the sssd option is missing from the list for user federation.
Other options are ldap and kerberos.
Thanks and regards,
Patrick
On Sat, 18 May 2019 at 04:30, Bruno Oliveira <bruno(a)abstractj.org> wrote:
Hi Patrick, sssctl user-checks will help you to make sure that
everything is working as expected for SSSD. Although, the communication
between Keycloak and SSSD happens over DBus and we rely on other
packages like described here[1]. Some troubleshooting might be
necessary. I'd try dbus-send and pamtester to validate the setup.
Another thing that might be helpful is to isolate the problem. I'd
recommend to try Fedora 29 + Keycloak 4.3 and later Fedora 30 + Keycloak
4.3.
[1] - https://www.keycloak.org/docs/latest/server_admin/index.html#_sssd
On 2019-05-12, Patrick Dung wrote:
> Hello,
>
> I was using Fedora 29 with Keycloak, FreeIPA and sssd on the same
machine.
> After upgrading to Fedora 30. All service can start normally but sssd
> federation is not loaded when Keycloak is started. It is missing from the
> list for user federation. It only have LDAP and Kerberos authentication
to
> choose from.
>
> On the problem local machine, I can run "sssctl user-checks admin -s
> keycloak" without problem.
>
> Any help would be appreciated, thanks.
>
> Patrick
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
--
abstractj
2078
days inactive
2085
days old
2 comments
2 participants
participants (2)
-
Bruno Oliveira -
Patrick Dung