Keycloak sp filter - keycloak-user - Jboss List Archives

2025

January

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

Keycloak sp filter

How to map Google groups to a...

Multiple Identity Support?

Chen Keong Yap

Monday, 2 March 2015 Mon, 2 Mar '15

9:22 p.m.

Hi, Please share some lights for implementing Keycloak sp filter which is similar to picketlink sp filter. org.picketlink.identity.federation.web.filters.SPFilter

Attachments:

attachment.html (text/html — 424 bytes)

Reply

Show replies by date

Chen Keong Yap

Tuesday, 3 March Tue, 3 Mar

4:24 a.m.

Hi, I can login to the sample app integrated with picketlink spfilter but keycloak console cannot view the picketlink session. Can someone advise how to interpret keycloak session using picketlink spfilter? On Tue, Mar 3, 2015 at 11:22 AM, Chen Keong Yap <chenkeong.yap(a)izeno.com> wrote:

Hi, Please share some lights for implementing Keycloak sp filter which is similar to picketlink sp filter. org.picketlink.identity.federation.web.filters.SPFilter

Reply

Bill Burke

9:45 a.m.

There is no Keycloak SP filter. We have various adapters for different platforms that hook into servlet security to make integration seamless: Tomcat 6, 7, 8 Jetty 8, 9 EAP 6.x Wildfly Node.js Browser Javascript adapter. On 3/2/2015 10:22 PM, Chen Keong Yap wrote:

Hi, Please share some lights for implementing Keycloak sp filter which is similar to picketlink sp filter. org.picketlink.identity.federation.web.filters.SPFilter _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user

-- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com

Reply

Chen Keong Yap

10:36 p.m.

Hi bill, the existing adapters cannot support jboss eap 5.0.2 and websphere 8.5 and we are not allowed to use keycloak proxy. can you suggest any other alternative similar to picketlink sp filter? On Tue, Mar 3, 2015 at 11:45 PM, Bill Burke <bburke(a)redhat.com> wrote:

There is no Keycloak SP filter. We have various adapters for different platforms that hook into servlet security to make integration seamless: Tomcat 6, 7, 8 Jetty 8, 9 EAP 6.x Wildfly Node.js Browser Javascript adapter. On 3/2/2015 10:22 PM, Chen Keong Yap wrote: > Hi, > > Please share some lights for implementing Keycloak sp filter which is > similar to picketlink sp filter. > > org.picketlink.identity.federation.web.filters.SPFilter > > > _______________________________________________ > keycloak-user mailing list > keycloak-user(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user > -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user

Reply

Bill Burke

Wednesday, 4 March Wed, 4 Mar

6:55 a.m.

You can still use the PL Filter SP. Just configure the application in the admin console to use SAML. On 3/3/2015 11:36 PM, Chen Keong Yap wrote:

Hi bill, the existing adapters cannot support jboss eap 5.0.2 and websphere 8.5 and we are not allowed to use keycloak proxy. can you suggest any other alternative similar to picketlink sp filter? On Tue, Mar 3, 2015 at 11:45 PM, Bill Burke <bburke(a)redhat.com <mailto:bburke@redhat.com>> wrote: There is no Keycloak SP filter. We have various adapters for different platforms that hook into servlet security to make integration seamless: Tomcat 6, 7, 8 Jetty 8, 9 EAP 6.x Wildfly Node.js Browser Javascript adapter. On 3/2/2015 10:22 PM, Chen Keong Yap wrote: > Hi, > > Please share some lights for implementing Keycloak sp filter which is > similar to picketlink sp filter. > > org.picketlink.identity.federation.web.filters.SPFilter > > > _______________________________________________ > keycloak-user mailing list > keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org> > https://lists.jboss.org/mailman/listinfo/keycloak-user > -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org> https://lists.jboss.org/mailman/listinfo/keycloak-user

-- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com

Reply

Chen Keong Yap

7:04 a.m.

Hi bill, Yup. I have configured the app in keycloak admin console. However i encountered 2 issues. First issue is that i was able to login to the app via pl sp filter but the login session cannot be seen in keycloak admin console Second issue is that global logout was not working and the landing page just did a self refresh. On Mar 4, 2015 8:55 PM, "Bill Burke" <bburke(a)redhat.com> wrote:

You can still use the PL Filter SP. Just configure the application in the admin console to use SAML. On 3/3/2015 11:36 PM, Chen Keong Yap wrote: > Hi bill, > > the existing adapters cannot support jboss eap 5.0.2 and websphere 8.5 > and we are not allowed to use keycloak proxy. > > can you suggest any other alternative similar to picketlink sp filter? > > On Tue, Mar 3, 2015 at 11:45 PM, Bill Burke <bburke(a)redhat.com > <mailto:bburke@redhat.com>> wrote: > > There is no Keycloak SP filter. We have various adapters for > different > platforms that hook into servlet security to make integration > seamless: > > Tomcat 6, 7, 8 > Jetty 8, 9 > EAP 6.x > Wildfly > Node.js > Browser Javascript adapter. > > On 3/2/2015 10:22 PM, Chen Keong Yap wrote: > > Hi, > > > > Please share some lights for implementing Keycloak sp filter which > is > > similar to picketlink sp filter. > > > > org.picketlink.identity.federation.web.filters.SPFilter > > > > > > _______________________________________________ > > keycloak-user mailing list > > keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists. > jboss.org> > > https://lists.jboss.org/mailman/listinfo/keycloak-user > > > > -- > Bill Burke > JBoss, a division of Red Hat > http://bill.burkecentral.com > _______________________________________________ > keycloak-user mailing list > keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org> > https://lists.jboss.org/mailman/listinfo/keycloak-user > > > > > > > -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com

Reply

Bill Burke

7:44 a.m.

Our testsuite uses PL SAML SP, not the filter though, and it works fine. I'd have to recreate the problem using the PL SAML SP filter. On 3/4/2015 8:04 AM, Chen Keong Yap wrote:

Hi bill, Yup. I have configured the app in keycloak admin console. However i encountered 2 issues. First issue is that i was able to login to the app via pl sp filter but the login session cannot be seen in keycloak admin console Second issue is that global logout was not working and the landing page just did a self refresh. On Mar 4, 2015 8:55 PM, "Bill Burke" <bburke(a)redhat.com <mailto:bburke@redhat.com>> wrote: You can still use the PL Filter SP. Just configure the application in the admin console to use SAML. On 3/3/2015 11:36 PM, Chen Keong Yap wrote: Hi bill, the existing adapters cannot support jboss eap 5.0.2 and websphere 8.5 and we are not allowed to use keycloak proxy. can you suggest any other alternative similar to picketlink sp filter? On Tue, Mar 3, 2015 at 11:45 PM, Bill Burke <bburke(a)redhat.com <mailto:bburke@redhat.com> <mailto:bburke@redhat.com <mailto:bburke@redhat.com>>> wrote: There is no Keycloak SP filter. We have various adapters for different platforms that hook into servlet security to make integration seamless: Tomcat 6, 7, 8 Jetty 8, 9 EAP 6.x Wildfly Node.js Browser Javascript adapter. On 3/2/2015 10:22 PM, Chen Keong Yap wrote: > Hi, > > Please share some lights for implementing Keycloak sp filter which is > similar to picketlink sp filter. > > org.picketlink.identity.__federation.web.filters.__SPFilter > > > _________________________________________________ > keycloak-user mailing list > keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org> <mailto:keycloak-user@lists.__jboss.org <mailto:keycloak-user@lists.jboss.org>> > https://lists.jboss.org/__mailman/listinfo/keycloak-user <https://lists.jboss.org/mailman/listinfo/keycloak-user> > -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com _________________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org> <mailto:keycloak-user@lists.__jboss.org <mailto:keycloak-user@lists.jboss.org>> https://lists.jboss.org/__mailman/listinfo/keycloak-user <https://lists.jboss.org/mailman/listinfo/keycloak-user> -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com

-- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com

Reply

Chen Keong Yap

8:07 a.m.

Hi bill, If i understand from you correctly, PL SAML SP and keycloak adapters are the same and referring to below items. Tomcat 6, 7, 8 Jetty 8, 9 EAP 6.x Wildfly Node.js Browser Javascript adapter. So far i have tested PL SAML SP filter using the following libs and it got the same 2 issues that was mentioned in the previous email. Picketlink lib : Picketlink 2.70 cr2, picketlink 2.5.3 (commercial) keycloak lib : keycloak 1.1.0 final, keycloak 1.1.0 beta 2 On Mar 4, 2015 9:44 PM, "Bill Burke" <bburke(a)redhat.com> wrote:

Our testsuite uses PL SAML SP, not the filter though, and it works fine. I'd have to recreate the problem using the PL SAML SP filter. On 3/4/2015 8:04 AM, Chen Keong Yap wrote: > Hi bill, > > Yup. I have configured the app in keycloak admin console. However i > encountered 2 issues. > > First issue is that i was able to login to the app via pl sp filter but > the login session cannot be seen in keycloak admin console > > Second issue is that global logout was not working and the landing page > just did a self refresh. > > On Mar 4, 2015 8:55 PM, "Bill Burke" <bburke(a)redhat.com > <mailto:bburke@redhat.com>> wrote: > > You can still use the PL Filter SP. Just configure the application > in the admin console to use SAML. > > On 3/3/2015 11:36 PM, Chen Keong Yap wrote: > > Hi bill, > > the existing adapters cannot support jboss eap 5.0.2 and > websphere 8.5 > and we are not allowed to use keycloak proxy. > > can you suggest any other alternative similar to picketlink sp > filter? > > On Tue, Mar 3, 2015 at 11:45 PM, Bill Burke <bburke(a)redhat.com > <mailto:bburke@redhat.com> > <mailto:bburke@redhat.com <mailto:bburke@redhat.com>>> wrote: > > There is no Keycloak SP filter. We have various adapters > for different > platforms that hook into servlet security to make > integration seamless: > > Tomcat 6, 7, 8 > Jetty 8, 9 > EAP 6.x > Wildfly > Node.js > Browser Javascript adapter. > > On 3/2/2015 10:22 PM, Chen Keong Yap wrote: > > Hi, > > > > Please share some lights for implementing Keycloak sp > filter which is > > similar to picketlink sp filter. > > > > org.picketlink.identity.__federation.web.filters.__ > SPFilter > > > > > > _________________________________________________ > > keycloak-user mailing list > > keycloak-user(a)lists.jboss.org > <mailto:keycloak-user@lists.jboss.org> > <mailto:keycloak-user@lists.__jboss.org > <mailto:keycloak-user@lists.jboss.org>> > > https://lists.jboss.org/__mailman/listinfo/keycloak-user > <https://lists.jboss.org/mailman/listinfo/keycloak-user> > > > > -- > Bill Burke > JBoss, a division of Red Hat > http://bill.burkecentral.com > _________________________________________________ > keycloak-user mailing list > keycloak-user(a)lists.jboss.org > <mailto:keycloak-user@lists.jboss.org> > <mailto:keycloak-user@lists.__jboss.org > <mailto:keycloak-user@lists.jboss.org>> > https://lists.jboss.org/__mailman/listinfo/keycloak-user > <https://lists.jboss.org/mailman/listinfo/keycloak-user> > > > > > > > > -- > Bill Burke > JBoss, a division of Red Hat > http://bill.burkecentral.com > > -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com

Reply

Bill Burke

9:12 a.m.

Ok, I may have diagnosed the problem. Go to the admin console. Go to the definition of your application. Look at the Admin Url. Does it have a "/" at the end of the URL? If not, add a '/' at the end of this. i.e. http://somhere.com/app/ If that solves the issue, let me know and I'll explain what is going on. FYI, I ran into the same problem running the SAML example in the distro and this fixed the problem. On 3/4/2015 9:07 AM, Chen Keong Yap wrote:

Hi bill, If i understand from you correctly, PL SAML SP and keycloak adapters are the same and referring to below items. Tomcat 6, 7, 8 Jetty 8, 9 EAP 6.x Wildfly Node.js Browser Javascript adapter. So far i have tested PL SAML SP filter using the following libs and it got the same 2 issues that was mentioned in the previous email. Picketlink lib : Picketlink 2.70 cr2, picketlink 2.5.3 (commercial) keycloak lib : keycloak 1.1.0 final, keycloak 1.1.0 beta 2 On Mar 4, 2015 9:44 PM, "Bill Burke" <bburke(a)redhat.com <mailto:bburke@redhat.com>> wrote: Our testsuite uses PL SAML SP, not the filter though, and it works fine. I'd have to recreate the problem using the PL SAML SP filter. On 3/4/2015 8:04 AM, Chen Keong Yap wrote: Hi bill, Yup. I have configured the app in keycloak admin console. However i encountered 2 issues. First issue is that i was able to login to the app via pl sp filter but the login session cannot be seen in keycloak admin console Second issue is that global logout was not working and the landing page just did a self refresh. On Mar 4, 2015 8:55 PM, "Bill Burke" <bburke(a)redhat.com <mailto:bburke@redhat.com> <mailto:bburke@redhat.com <mailto:bburke@redhat.com>>> wrote: You can still use the PL Filter SP. Just configure the application in the admin console to use SAML. On 3/3/2015 11:36 PM, Chen Keong Yap wrote: Hi bill, the existing adapters cannot support jboss eap 5.0.2 and websphere 8.5 and we are not allowed to use keycloak proxy. can you suggest any other alternative similar to picketlink sp filter? On Tue, Mar 3, 2015 at 11:45 PM, Bill Burke <bburke(a)redhat.com <mailto:bburke@redhat.com> <mailto:bburke@redhat.com <mailto:bburke@redhat.com>> <mailto:bburke@redhat.com <mailto:bburke@redhat.com> <mailto:bburke@redhat.com <mailto:bburke@redhat.com>>>> wrote: There is no Keycloak SP filter. We have various adapters for different platforms that hook into servlet security to make integration seamless: Tomcat 6, 7, 8 Jetty 8, 9 EAP 6.x Wildfly Node.js Browser Javascript adapter. On 3/2/2015 10:22 PM, Chen Keong Yap wrote: > Hi, > > Please share some lights for implementing Keycloak sp filter which is > similar to picketlink sp filter. > > org.picketlink.identity.____federation.web.filters.____SPFilter > > > ___________________________________________________ > keycloak-user mailing list > keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org> <mailto:keycloak-user@lists.__jboss.org <mailto:keycloak-user@lists.jboss.org>> <mailto:keycloak-user@lists. <mailto:keycloak-user@lists.>____jboss.org <http://jboss.org> <mailto:keycloak-user@lists.__jboss.org <mailto:keycloak-user@lists.jboss.org>>> > https://lists.jboss.org/____mailman/listinfo/keycloak-user <https://lists.jboss.org/__mailman/listinfo/keycloak-user> <https://lists.jboss.org/__mailman/listinfo/keycloak-user <https://lists.jboss.org/mailman/listinfo/keycloak-user>__> > -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com ___________________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org> <mailto:keycloak-user@lists.__jboss.org <mailto:keycloak-user@lists.jboss.org>> <mailto:keycloak-user@lists. <mailto:keycloak-user@lists.>____jboss.org <http://jboss.org> <mailto:keycloak-user@lists.__jboss.org <mailto:keycloak-user@lists.jboss.org>>> https://lists.jboss.org/____mailman/listinfo/keycloak-user <https://lists.jboss.org/__mailman/listinfo/keycloak-user> <https://lists.jboss.org/__mailman/listinfo/keycloak-user <https://lists.jboss.org/mailman/listinfo/keycloak-user>__> -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com

-- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com

Reply

Chen Keong Yap

7:29 p.m.

hi bill, Thanks for the solution given and it has resolved the first issue ( login to the app via pl sp filter but the login session cannot be seen in keycloak admin console) However now there are few more issues with single sign out. a) When i click on the global logout link ( http://localhost:8080/employee/?GLO=true), the page just did a self refresh and it's not redirected to keycloak login page. I can see the keycloak session was gone from the keycloak admin console but the sample employee session still there. b) When i click on the local logout link ( http://localhost:8080/employee/?LLO=true), the page just did a self refresh and it's not redirected to keycloak login page. I can see the keycloak session still in the keycloak admin console but the sample employee session still there. c) When i click on the logout link ( http://localhost:8080/employee/logout.jsp), the page just did a self refresh and it's not redirected to keycloak login page. I noticed the keycloak session still in the keycloak admin console but the sample employee session still there. Just wondering do i need to implement session.invalidate() in the logout,jsp but how to invalidate the keycloak session? On Wed, Mar 4, 2015 at 11:12 PM, Bill Burke <bburke(a)redhat.com> wrote:

Ok, I may have diagnosed the problem. Go to the admin console. Go to the definition of your application. Look at the Admin Url. Does it have a "/" at the end of the URL? If not, add a '/' at the end of this. i.e. http://somhere.com/app/ If that solves the issue, let me know and I'll explain what is going on. FYI, I ran into the same problem running the SAML example in the distro and this fixed the problem. On 3/4/2015 9:07 AM, Chen Keong Yap wrote: > Hi bill, > > If i understand from you correctly, > PL SAML SP and keycloak adapters are the same and referring to below > items. > > Tomcat 6, 7, 8 > Jetty 8, 9 > EAP 6.x > Wildfly > Node.js > Browser Javascript adapter. > > So far i have tested PL SAML SP filter using the following libs and it > got the same 2 issues that was mentioned in the previous email. > > Picketlink lib : Picketlink 2.70 cr2, picketlink 2.5.3 (commercial) > > keycloak lib : keycloak 1.1.0 final, keycloak 1.1.0 beta 2 > > On Mar 4, 2015 9:44 PM, "Bill Burke" <bburke(a)redhat.com > <mailto:bburke@redhat.com>> wrote: > > Our testsuite uses PL SAML SP, not the filter though, and it works > fine. I'd have to recreate the problem using the PL SAML SP filter. > > On 3/4/2015 8:04 AM, Chen Keong Yap wrote: > > Hi bill, > > Yup. I have configured the app in keycloak admin console. However > i > encountered 2 issues. > > First issue is that i was able to login to the app via pl sp > filter but > the login session cannot be seen in keycloak admin console > > Second issue is that global logout was not working and the > landing page > just did a self refresh. > > On Mar 4, 2015 8:55 PM, "Bill Burke" <bburke(a)redhat.com > <mailto:bburke@redhat.com> > <mailto:bburke@redhat.com <mailto:bburke@redhat.com>>> wrote: > > You can still use the PL Filter SP. Just configure the > application > in the admin console to use SAML. > > On 3/3/2015 11:36 PM, Chen Keong Yap wrote: > > Hi bill, > > the existing adapters cannot support jboss eap 5.0.2 and > websphere 8.5 > and we are not allowed to use keycloak proxy. > > can you suggest any other alternative similar to > picketlink sp > filter? > > On Tue, Mar 3, 2015 at 11:45 PM, Bill Burke > <bburke(a)redhat.com <mailto:bburke@redhat.com> > <mailto:bburke@redhat.com <mailto:bburke@redhat.com>> > <mailto:bburke@redhat.com <mailto:bburke@redhat.com> > <mailto:bburke@redhat.com <mailto:bburke@redhat.com>>>> wrote: > > There is no Keycloak SP filter. We have various > adapters > for different > platforms that hook into servlet security to make > integration seamless: > > Tomcat 6, 7, 8 > Jetty 8, 9 > EAP 6.x > Wildfly > Node.js > Browser Javascript adapter. > > On 3/2/2015 10:22 PM, Chen Keong Yap wrote: > > Hi, > > > > Please share some lights for implementing > Keycloak sp > filter which is > > similar to picketlink sp filter. > > > > > org.picketlink.identity.____federation.web.filters.____SPFilter > > > > > > ______________________________ > _____________________ > > keycloak-user mailing list > > keycloak-user(a)lists.jboss.org > <mailto:keycloak-user@lists.jboss.org> > <mailto:keycloak-user@lists.__jboss.org > <mailto:keycloak-user@lists.jboss.org>> > <mailto:keycloak-user@lists. > <mailto:keycloak-user@lists.>____jboss.org <http://jboss.org> > <mailto:keycloak-user@lists.__jboss.org > <mailto:keycloak-user@lists.jboss.org>>> > > > https://lists.jboss.org/____mailman/listinfo/keycloak-user > <https://lists.jboss.org/__mailman/listinfo/keycloak-user> > > <https://lists.jboss.org/__mailman/listinfo/keycloak-user > <https://lists.jboss.org/mailman/listinfo/keycloak-user>__> > > > > -- > Bill Burke > JBoss, a division of Red Hat > http://bill.burkecentral.com > ___________________________________________________ > keycloak-user mailing list > keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists. > jboss.org> > <mailto:keycloak-user@lists.__jboss.org > <mailto:keycloak-user@lists.jboss.org>> > <mailto:keycloak-user@lists. > <mailto:keycloak-user@lists.>____jboss.org <http://jboss.org> > <mailto:keycloak-user@lists.__jboss.org > <mailto:keycloak-user@lists.jboss.org>>> > https://lists.jboss.org/____mailman/listinfo/keycloak-user > <https://lists.jboss.org/__mailman/listinfo/keycloak-user> > > <https://lists.jboss.org/__mailman/listinfo/keycloak-user > <https://lists.jboss.org/mailman/listinfo/keycloak-user>__> > > > > > > > > -- > Bill Burke > JBoss, a division of Red Hat > http://bill.burkecentral.com > > > -- > Bill Burke > JBoss, a division of Red Hat > http://bill.burkecentral.com > > -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com

Reply

Chen Keong Yap

Sunday, 8 March Sun, 8 Mar

8:53 p.m.

hi bill, can you advise regarding the global sign out issue? On Thu, Mar 5, 2015 at 9:29 AM, Chen Keong Yap <chenkeong.yap(a)izeno.com> wrote:

hi bill, Thanks for the solution given and it has resolved the first issue ( login to the app via pl sp filter but the login session cannot be seen in keycloak admin console) However now there are few more issues with single sign out. a) When i click on the global logout link ( http://localhost:8080/employee/?GLO=true), the page just did a self refresh and it's not redirected to keycloak login page. I can see the keycloak session was gone from the keycloak admin console but the sample employee session still there. b) When i click on the local logout link ( http://localhost:8080/employee/?LLO=true), the page just did a self refresh and it's not redirected to keycloak login page. I can see the keycloak session still in the keycloak admin console but the sample employee session still there. c) When i click on the logout link ( http://localhost:8080/employee/logout.jsp), the page just did a self refresh and it's not redirected to keycloak login page. I noticed the keycloak session still in the keycloak admin console but the sample employee session still there. Just wondering do i need to implement session.invalidate() in the logout,jsp but how to invalidate the keycloak session? On Wed, Mar 4, 2015 at 11:12 PM, Bill Burke <bburke(a)redhat.com> wrote: > Ok, I may have diagnosed the problem. Go to the admin console. Go to > the definition of your application. Look at the Admin Url. Does it have a > "/" at the end of the URL? If not, add a '/' at the end of this. > > i.e. > > http://somhere.com/app/ > > If that solves the issue, let me know and I'll explain what is going on. > FYI, I ran into the same problem running the SAML example in the distro and > this fixed the problem. > > > > > On 3/4/2015 9:07 AM, Chen Keong Yap wrote: > >> Hi bill, >> >> If i understand from you correctly, >> PL SAML SP and keycloak adapters are the same and referring to below >> items. >> >> Tomcat 6, 7, 8 >> Jetty 8, 9 >> EAP 6.x >> Wildfly >> Node.js >> Browser Javascript adapter. >> >> So far i have tested PL SAML SP filter using the following libs and it >> got the same 2 issues that was mentioned in the previous email. >> >> Picketlink lib : Picketlink 2.70 cr2, picketlink 2.5.3 (commercial) >> >> keycloak lib : keycloak 1.1.0 final, keycloak 1.1.0 beta 2 >> >> On Mar 4, 2015 9:44 PM, "Bill Burke" <bburke(a)redhat.com >> <mailto:bburke@redhat.com>> wrote: >> >> Our testsuite uses PL SAML SP, not the filter though, and it works >> fine. I'd have to recreate the problem using the PL SAML SP filter. >> >> On 3/4/2015 8:04 AM, Chen Keong Yap wrote: >> >> Hi bill, >> >> Yup. I have configured the app in keycloak admin console. >> However i >> encountered 2 issues. >> >> First issue is that i was able to login to the app via pl sp >> filter but >> the login session cannot be seen in keycloak admin console >> >> Second issue is that global logout was not working and the >> landing page >> just did a self refresh. >> >> On Mar 4, 2015 8:55 PM, "Bill Burke" <bburke(a)redhat.com >> <mailto:bburke@redhat.com> >> <mailto:bburke@redhat.com <mailto:bburke@redhat.com>>> wrote: >> >> You can still use the PL Filter SP. Just configure the >> application >> in the admin console to use SAML. >> >> On 3/3/2015 11:36 PM, Chen Keong Yap wrote: >> >> Hi bill, >> >> the existing adapters cannot support jboss eap 5.0.2 and >> websphere 8.5 >> and we are not allowed to use keycloak proxy. >> >> can you suggest any other alternative similar to >> picketlink sp >> filter? >> >> On Tue, Mar 3, 2015 at 11:45 PM, Bill Burke >> <bburke(a)redhat.com <mailto:bburke@redhat.com> >> <mailto:bburke@redhat.com <mailto:bburke@redhat.com>> >> <mailto:bburke@redhat.com <mailto:bburke@redhat.com> >> <mailto:bburke@redhat.com <mailto:bburke@redhat.com>>>> wrote: >> >> There is no Keycloak SP filter. We have various >> adapters >> for different >> platforms that hook into servlet security to make >> integration seamless: >> >> Tomcat 6, 7, 8 >> Jetty 8, 9 >> EAP 6.x >> Wildfly >> Node.js >> Browser Javascript adapter. >> >> On 3/2/2015 10:22 PM, Chen Keong Yap wrote: >> > Hi, >> > >> > Please share some lights for implementing >> Keycloak sp >> filter which is >> > similar to picketlink sp filter. >> > >> > >> org.picketlink.identity.____federation.web.filters.____SPFilter >> > >> > >> > ______________________________ >> _____________________ >> > keycloak-user mailing list >> > keycloak-user(a)lists.jboss.org >> <mailto:keycloak-user@lists.jboss.org> >> <mailto:keycloak-user@lists.__jboss.org >> <mailto:keycloak-user@lists.jboss.org>> >> <mailto:keycloak-user@lists. >> <mailto:keycloak-user@lists.>____jboss.org <http://jboss.org> >> <mailto:keycloak-user@lists.__jboss.org >> <mailto:keycloak-user@lists.jboss.org>>> >> > >> https://lists.jboss.org/____mailman/listinfo/keycloak-user >> <https://lists.jboss.org/__mailman/listinfo/keycloak-user> >> >> <https://lists.jboss.org/__mailman/listinfo/keycloak-user >> <https://lists.jboss.org/mailman/listinfo/keycloak-user>__> >> > >> >> -- >> Bill Burke >> JBoss, a division of Red Hat >> http://bill.burkecentral.com >> ______________________________ >> _____________________ >> keycloak-user mailing list >> keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists. >> jboss.org> >> <mailto:keycloak-user@lists.__jboss.org >> <mailto:keycloak-user@lists.jboss.org>> >> <mailto:keycloak-user@lists. >> <mailto:keycloak-user@lists.>____jboss.org <http://jboss.org> >> <mailto:keycloak-user@lists.__jboss.org >> <mailto:keycloak-user@lists.jboss.org>>> >> https://lists.jboss.org/____mailman/listinfo/keycloak-user >> <https://lists.jboss.org/__mailman/listinfo/keycloak-user> >> >> <https://lists.jboss.org/__mailman/listinfo/keycloak-user >> <https://lists.jboss.org/mailman/listinfo/keycloak-user>__> >> >> >> >> >> >> >> >> -- >> Bill Burke >> JBoss, a division of Red Hat >> http://bill.burkecentral.com >> >> >> -- >> Bill Burke >> JBoss, a division of Red Hat >> http://bill.burkecentral.com >> >> > -- > Bill Burke > JBoss, a division of Red Hat > http://bill.burkecentral.com >

-- Best Regards, CK Yap Technology Consultant Tel: +65 6100 2788 Fax:+65 6233 9376 iZeno Pte Ltd 72 Bendemeer Road Luzerne #05-28 Singapore 339941 This communication contains information which may be confidential or privileged. The information is intended solely for the use of the individual or entity named above. If you are not the intended recipient,be aware that any disclosure, copying, distribution or use of the contents of this information is prohibited.If you have received this communication in error, please notify me by telephone immediately.

Reply

Bill Burke

Monday, 9 March Mon, 9 Mar

1:02 p.m.

I fixed some bugs around logout in 1.2, master git, but we're not releasing this for a few weeks. I don't know if that is your problem or not. I have not yet been able to take the time to reproduce your problems on 1.1 yet. On 3/8/2015 9:53 PM, Chen Keong Yap wrote:

hi bill, can you advise regarding the global sign out issue? On Thu, Mar 5, 2015 at 9:29 AM, Chen Keong Yap <chenkeong.yap(a)izeno.com <mailto:chenkeong.yap@izeno.com>> wrote: hi bill, Thanks for the solution given and it has resolved the first issue ( login to the app via pl sp filter but the login session cannot be seen in keycloak admin console) However now there are few more issues with single sign out. a) When i click on the global logout link (http://localhost:8080/employee/?GLO=true), the page just did a self refresh and it's not redirected to keycloak login page. I can see the keycloak session was gone from the keycloak admin console but the sample employee session still there. b) When i click on the local logout link (http://localhost:8080/employee/?LLO=true), the page just did a self refresh and it's not redirected to keycloak login page. I can see the keycloak session still in the keycloak admin console but the sample employee session still there. c) When i click on the logout link (http://localhost:8080/employee/logout.jsp), the page just did a self refresh and it's not redirected to keycloak login page. I noticed the keycloak session still in the keycloak admin console but the sample employee session still there. Just wondering do i need to implement session.invalidate() in the logout,jsp but how to invalidate the keycloak session? On Wed, Mar 4, 2015 at 11:12 PM, Bill Burke <bburke(a)redhat.com <mailto:bburke@redhat.com>> wrote: Ok, I may have diagnosed the problem. Go to the admin console. Go to the definition of your application. Look at the Admin Url. Does it have a "/" at the end of the URL? If not, add a '/' at the end of this. i.e. http://somhere.com/app/ If that solves the issue, let me know and I'll explain what is going on. FYI, I ran into the same problem running the SAML example in the distro and this fixed the problem. On 3/4/2015 9:07 AM, Chen Keong Yap wrote: Hi bill, If i understand from you correctly, PL SAML SP and keycloak adapters are the same and referring to below items. Tomcat 6, 7, 8 Jetty 8, 9 EAP 6.x Wildfly Node.js Browser Javascript adapter. So far i have tested PL SAML SP filter using the following libs and it got the same 2 issues that was mentioned in the previous email. Picketlink lib : Picketlink 2.70 cr2, picketlink 2.5.3 (commercial) keycloak lib : keycloak 1.1.0 final, keycloak 1.1.0 beta 2 On Mar 4, 2015 9:44 PM, "Bill Burke" <bburke(a)redhat.com <mailto:bburke@redhat.com> <mailto:bburke@redhat.com <mailto:bburke@redhat.com>>> wrote: Our testsuite uses PL SAML SP, not the filter though, and it works fine. I'd have to recreate the problem using the PL SAML SP filter. On 3/4/2015 8:04 AM, Chen Keong Yap wrote: Hi bill, Yup. I have configured the app in keycloak admin console. However i encountered 2 issues. First issue is that i was able to login to the app via pl sp filter but the login session cannot be seen in keycloak admin console Second issue is that global logout was not working and the landing page just did a self refresh. On Mar 4, 2015 8:55 PM, "Bill Burke" <bburke(a)redhat.com <mailto:bburke@redhat.com> <mailto:bburke@redhat.com <mailto:bburke@redhat.com>> <mailto:bburke@redhat.com <mailto:bburke@redhat.com> <mailto:bburke@redhat.com <mailto:bburke@redhat.com>>>> wrote: You can still use the PL Filter SP. Just configure the application in the admin console to use SAML. On 3/3/2015 11:36 PM, Chen Keong Yap wrote: Hi bill, the existing adapters cannot support jboss eap 5.0.2 and websphere 8.5 and we are not allowed to use keycloak proxy. can you suggest any other alternative similar to picketlink sp filter? On Tue, Mar 3, 2015 at 11:45 PM, Bill Burke <bburke(a)redhat.com <mailto:bburke@redhat.com> <mailto:bburke@redhat.com <mailto:bburke@redhat.com>> <mailto:bburke@redhat.com <mailto:bburke@redhat.com> <mailto:bburke@redhat.com <mailto:bburke@redhat.com>>> <mailto:bburke@redhat.com <mailto:bburke@redhat.com> <mailto:bburke@redhat.com <mailto:bburke@redhat.com>> <mailto:bburke@redhat.com <mailto:bburke@redhat.com> <mailto:bburke@redhat.com <mailto:bburke@redhat.com>>>>> wrote: There is no Keycloak SP filter. We have various adapters for different platforms that hook into servlet security to make integration seamless: Tomcat 6, 7, 8 Jetty 8, 9 EAP 6.x Wildfly Node.js Browser Javascript adapter. On 3/2/2015 10:22 PM, Chen Keong Yap wrote: > Hi, > > Please share some lights for implementing Keycloak sp filter which is > similar to picketlink sp filter. > > org.picketlink.identity.______federation.web.filters.______SPFilter > > > _____________________________________________________ > keycloak-user mailing list > keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org> <mailto:keycloak-user@lists.__jboss.org <mailto:keycloak-user@lists.jboss.org>> <mailto:keycloak-user@lists. <mailto:keycloak-user@lists.>____jboss.org <http://jboss.org> <mailto:keycloak-user@lists.__jboss.org <mailto:keycloak-user@lists.jboss.org>>> <mailto:keycloak-user@lists <mailto:keycloak-user@lists>. <mailto:keycloak-user@lists <mailto:keycloak-user@lists>.>______jboss.org <http://jboss.org> <http://jboss.org> <mailto:keycloak-user@lists. <mailto:keycloak-user@lists.>____jboss.org <http://jboss.org> <mailto:keycloak-user@lists.__jboss.org <mailto:keycloak-user@lists.jboss.org>>>> > https://lists.jboss.org/______mailman/listinfo/keycloak-user <https://lists.jboss.org/____mailman/listinfo/keycloak-user> <https://lists.jboss.org/____mailman/listinfo/keycloak-user <https://lists.jboss.org/__mailman/listinfo/keycloak-user>__> <https://lists.jboss.org/____mailman/listinfo/keycloak-user <https://lists.jboss.org/__mailman/listinfo/keycloak-user> <https://lists.jboss.org/__mailman/listinfo/keycloak-user <https://lists.jboss.org/mailman/listinfo/keycloak-user>__>__> > -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com _____________________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org> <mailto:keycloak-user@lists.__jboss.org <mailto:keycloak-user@lists.jboss.org>> <mailto:keycloak-user@lists. <mailto:keycloak-user@lists.>____jboss.org <http://jboss.org> <mailto:keycloak-user@lists.__jboss.org <mailto:keycloak-user@lists.jboss.org>>> <mailto:keycloak-user@lists <mailto:keycloak-user@lists>. <mailto:keycloak-user@lists <mailto:keycloak-user@lists>.>______jboss.org <http://jboss.org> <http://jboss.org> <mailto:keycloak-user@lists. <mailto:keycloak-user@lists.>____jboss.org <http://jboss.org> <mailto:keycloak-user@lists.__jboss.org <mailto:keycloak-user@lists.jboss.org>>>> https://lists.jboss.org/______mailman/listinfo/keycloak-user <https://lists.jboss.org/____mailman/listinfo/keycloak-user> <https://lists.jboss.org/____mailman/listinfo/keycloak-user <https://lists.jboss.org/__mailman/listinfo/keycloak-user>__> <https://lists.jboss.org/____mailman/listinfo/keycloak-user <https://lists.jboss.org/__mailman/listinfo/keycloak-user> <https://lists.jboss.org/__mailman/listinfo/keycloak-user <https://lists.jboss.org/mailman/listinfo/keycloak-user>__>__> -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com -- Best Regards, CK Yap Technology Consultant Tel: +65 6100 2788 Fax:+65 6233 9376 iZeno Pte Ltd 72 Bendemeer Road Luzerne #05-28 Singapore 339941 This communication contains information which may be confidential or privileged. The information is intended solely for the use of the individual or entity named above. If you are not the intended recipient,be aware that any disclosure, copying, distribution or use of the contents of this information is prohibited.If you have received this communication in error, please notify me by telephone immediately.

-- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com

Reply

Chen Keong Yap

Tuesday, 10 March Tue, 10 Mar

4:27 a.m.

hi bill, thanks for the update. btw, can you advise when redhat will put keycloak into jboss eap roadmap? On Tue, Mar 10, 2015 at 2:02 AM, Bill Burke <bburke(a)redhat.com> wrote:

I fixed some bugs around logout in 1.2, master git, but we're not releasing this for a few weeks. I don't know if that is your problem or not. I have not yet been able to take the time to reproduce your problems on 1.1 yet. On 3/8/2015 9:53 PM, Chen Keong Yap wrote: > hi bill, > > can you advise regarding the global sign out issue? > > On Thu, Mar 5, 2015 at 9:29 AM, Chen Keong Yap <chenkeong.yap(a)izeno.com > <mailto:chenkeong.yap@izeno.com>> wrote: > > hi bill, > > Thanks for the solution given and it has resolved the first issue > ( login to the app via pl sp filter but the login session cannot be > seen in keycloak admin console) > > However now there are few more issues with single sign out. > > a) When i click on the global logout link > (http://localhost:8080/employee/?GLO=true), the page just did a self > refresh and it's not redirected to keycloak login page. I can see > the keycloak session was gone from the keycloak admin console but > the sample employee session still there. > > b) When i click on the local logout link > (http://localhost:8080/employee/?LLO=true), the page just did a self > refresh and it's not redirected to keycloak login page. I can see > the keycloak session still in the keycloak admin console but the > sample employee session still there. > > c) When i click on the logout link > (http://localhost:8080/employee/logout.jsp), the page just did a > self refresh and it's not redirected to keycloak login page. I > noticed the keycloak session still in the keycloak admin console but > the sample employee session still there. Just wondering do i need to > implement session.invalidate() in the logout,jsp but how to > invalidate the keycloak session? > > > On Wed, Mar 4, 2015 at 11:12 PM, Bill Burke <bburke(a)redhat.com > <mailto:bburke@redhat.com>> wrote: > > Ok, I may have diagnosed the problem. Go to the admin console. > Go to the definition of your application. Look at the Admin > Url. Does it have a "/" at the end of the URL? If not, add a > '/' at the end of this. > > i.e. > > http://somhere.com/app/ > > If that solves the issue, let me know and I'll explain what is > going on. FYI, I ran into the same problem running the SAML > example in the distro and this fixed the problem. > > > > > On 3/4/2015 9:07 AM, Chen Keong Yap wrote: > > Hi bill, > > If i understand from you correctly, > PL SAML SP and keycloak adapters are the same and referring > to below items. > > Tomcat 6, 7, 8 > Jetty 8, 9 > EAP 6.x > Wildfly > Node.js > Browser Javascript adapter. > > So far i have tested PL SAML SP filter using the following > libs and it > got the same 2 issues that was mentioned in the previous > email. > > Picketlink lib : Picketlink 2.70 cr2, picketlink 2.5.3 > (commercial) > > keycloak lib : keycloak 1.1.0 final, keycloak 1.1.0 beta 2 > > On Mar 4, 2015 9:44 PM, "Bill Burke" <bburke(a)redhat.com > <mailto:bburke@redhat.com> > <mailto:bburke@redhat.com <mailto:bburke@redhat.com>>> wrote: > > Our testsuite uses PL SAML SP, not the filter though, > and it works > fine. I'd have to recreate the problem using the PL > SAML SP filter. > > On 3/4/2015 8:04 AM, Chen Keong Yap wrote: > > Hi bill, > > Yup. I have configured the app in keycloak admin > console. However i > encountered 2 issues. > > First issue is that i was able to login to the app > via pl sp > filter but > the login session cannot be seen in keycloak admin > console > > Second issue is that global logout was not working > and the > landing page > just did a self refresh. > > On Mar 4, 2015 8:55 PM, "Bill Burke" > <bburke(a)redhat.com <mailto:bburke@redhat.com> > <mailto:bburke@redhat.com <mailto:bburke@redhat.com > >> > <mailto:bburke@redhat.com > <mailto:bburke@redhat.com> <mailto:bburke@redhat.com > <mailto:bburke@redhat.com>>>> wrote: > > You can still use the PL Filter SP. Just > configure the > application > in the admin console to use SAML. > > On 3/3/2015 11:36 PM, Chen Keong Yap wrote: > > Hi bill, > > the existing adapters cannot support jboss > eap 5.0.2 and > websphere 8.5 > and we are not allowed to use keycloak > proxy. > > can you suggest any other alternative > similar to > picketlink sp > filter? > > On Tue, Mar 3, 2015 at 11:45 PM, Bill Burke > <bburke(a)redhat.com <mailto:bburke@redhat.com> > <mailto:bburke@redhat.com <mailto:bburke@redhat.com>> > <mailto:bburke@redhat.com > <mailto:bburke@redhat.com> <mailto:bburke@redhat.com > <mailto:bburke@redhat.com>>> > <mailto:bburke@redhat.com > <mailto:bburke@redhat.com> <mailto:bburke@redhat.com > <mailto:bburke@redhat.com>> > <mailto:bburke@redhat.com > <mailto:bburke@redhat.com> <mailto:bburke@redhat.com > <mailto:bburke@redhat.com>>>>> wrote: > > There is no Keycloak SP filter. We > have various > adapters > for different > platforms that hook into servlet > security to make > integration seamless: > > Tomcat 6, 7, 8 > Jetty 8, 9 > EAP 6.x > Wildfly > Node.js > Browser Javascript adapter. > > On 3/2/2015 10:22 PM, Chen Keong Yap > wrote: > > Hi, > > > > Please share some lights for > implementing > Keycloak sp > filter which is > > similar to picketlink sp filter. > > > > > > org.picketlink.identity.______federation.web.filters.______ > SPFilter > > > > > > > _____________________________________________________ > > keycloak-user mailing list > > keycloak-user(a)lists.jboss.org > <mailto:keycloak-user@lists.jboss.org> > <mailto:keycloak-user@lists.__jboss.org > <mailto:keycloak-user@lists.jboss.org>> > <mailto:keycloak-user@lists. > <mailto:keycloak-user@lists.>____jboss.org <http://jboss.org> > <mailto:keycloak-user@lists.__jboss.org > <mailto:keycloak-user@lists.jboss.org>>> > <mailto:keycloak-user@lists > <mailto:keycloak-user@lists>. > <mailto:keycloak-user@lists > <mailto:keycloak-user@lists>.>______jboss.org > <http://jboss.org> <http://jboss.org> > <mailto:keycloak-user@lists. > <mailto:keycloak-user@lists.>____jboss.org <http://jboss.org> > <mailto:keycloak-user@lists.__jboss.org > <mailto:keycloak-user@lists.jboss.org>>>> > > > https://lists.jboss.org/______mailman/listinfo/keycloak-user > <https://lists.jboss.org/____mailman/listinfo/keycloak-user> > > <https://lists.jboss.org/____mailman/listinfo/keycloak-user > <https://lists.jboss.org/__mailman/listinfo/keycloak-user>__> > > > <https://lists.jboss.org/____mailman/listinfo/keycloak-user > <https://lists.jboss.org/__mailman/listinfo/keycloak-user> > > <https://lists.jboss.org/__mailman/listinfo/keycloak-user > <https://lists.jboss.org/mailman/listinfo/keycloak-user > >__>__> > > > > -- > Bill Burke > JBoss, a division of Red Hat > http://bill.burkecentral.com > > _____________________________________________________ > keycloak-user mailing list > keycloak-user(a)lists.jboss.org > <mailto:keycloak-user@lists.jboss.org> > <mailto:keycloak-user@lists.__jboss.org > <mailto:keycloak-user@lists.jboss.org>> > <mailto:keycloak-user@lists. > <mailto:keycloak-user@lists.>____jboss.org <http://jboss.org> > <mailto:keycloak-user@lists.__jboss.org > <mailto:keycloak-user@lists.jboss.org>>> > <mailto:keycloak-user@lists > <mailto:keycloak-user@lists>. > <mailto:keycloak-user@lists > <mailto:keycloak-user@lists>.>______jboss.org > <http://jboss.org> <http://jboss.org> > <mailto:keycloak-user@lists. > <mailto:keycloak-user@lists.>____jboss.org <http://jboss.org> > <mailto:keycloak-user@lists.__jboss.org > <mailto:keycloak-user@lists.jboss.org>>>> > https://lists.jboss.org/______mailman/listinfo/keycloak-user > <https://lists.jboss.org/____mailman/listinfo/keycloak-user> > > <https://lists.jboss.org/____mailman/listinfo/keycloak-user > <https://lists.jboss.org/__mailman/listinfo/keycloak-user>__> > > > <https://lists.jboss.org/____mailman/listinfo/keycloak-user > <https://lists.jboss.org/__mailman/listinfo/keycloak-user> > > <https://lists.jboss.org/__mailman/listinfo/keycloak-user > <https://lists.jboss.org/mailman/listinfo/keycloak-user > >__>__> > > > > > > > > > -- > Bill Burke > JBoss, a division of Red Hat > http://bill.burkecentral.com > > > -- > Bill Burke > JBoss, a division of Red Hat > http://bill.burkecentral.com > > > -- > Bill Burke > JBoss, a division of Red Hat > http://bill.burkecentral.com > > >

Reply

Bill Burke

6:44 a.m.

Plan is to productize about the same time as EAP7. On 3/10/2015 5:27 AM, Chen Keong Yap wrote:

hi bill, thanks for the update. btw, can you advise when redhat will put keycloak into jboss eap roadmap? On Tue, Mar 10, 2015 at 2:02 AM, Bill Burke <bburke(a)redhat.com <mailto:bburke@redhat.com>> wrote: I fixed some bugs around logout in 1.2, master git, but we're not releasing this for a few weeks. I don't know if that is your problem or not. I have not yet been able to take the time to reproduce your problems on 1.1 yet. On 3/8/2015 9:53 PM, Chen Keong Yap wrote: hi bill, can you advise regarding the global sign out issue? On Thu, Mar 5, 2015 at 9:29 AM, Chen Keong Yap <chenkeong.yap(a)izeno.com <mailto:chenkeong.yap@izeno.com> <mailto:chenkeong.yap@izeno.__com <mailto:chenkeong.yap@izeno.com>>> wrote: hi bill, Thanks for the solution given and it has resolved the first issue ( login to the app via pl sp filter but the login session cannot be seen in keycloak admin console) However now there are few more issues with single sign out. a) When i click on the global logout link (http://localhost:8080/__employee/?GLO=true <http://localhost:8080/employee/?GLO=true>), the page just did a self refresh and it's not redirected to keycloak login page. I can see the keycloak session was gone from the keycloak admin console but the sample employee session still there. b) When i click on the local logout link (http://localhost:8080/__employee/?LLO=true <http://localhost:8080/employee/?LLO=true>), the page just did a self refresh and it's not redirected to keycloak login page. I can see the keycloak session still in the keycloak admin console but the sample employee session still there. c) When i click on the logout link (http://localhost:8080/__employee/logout.jsp <http://localhost:8080/employee/logout.jsp>), the page just did a self refresh and it's not redirected to keycloak login page. I noticed the keycloak session still in the keycloak admin console but the sample employee session still there. Just wondering do i need to implement session.invalidate() in the logout,jsp but how to invalidate the keycloak session? On Wed, Mar 4, 2015 at 11:12 PM, Bill Burke <bburke(a)redhat.com <mailto:bburke@redhat.com> <mailto:bburke@redhat.com <mailto:bburke@redhat.com>>> wrote: Ok, I may have diagnosed the problem. Go to the admin console. Go to the definition of your application. Look at the Admin Url. Does it have a "/" at the end of the URL? If not, add a '/' at the end of this. i.e. http://somhere.com/app/ If that solves the issue, let me know and I'll explain what is going on. FYI, I ran into the same problem running the SAML example in the distro and this fixed the problem. On 3/4/2015 9:07 AM, Chen Keong Yap wrote: Hi bill, If i understand from you correctly, PL SAML SP and keycloak adapters are the same and referring to below items. Tomcat 6, 7, 8 Jetty 8, 9 EAP 6.x Wildfly Node.js Browser Javascript adapter. So far i have tested PL SAML SP filter using the following libs and it got the same 2 issues that was mentioned in the previous email. Picketlink lib : Picketlink 2.70 cr2, picketlink 2.5.3 (commercial) keycloak lib : keycloak 1.1.0 final, keycloak 1.1.0 beta 2 On Mar 4, 2015 9:44 PM, "Bill Burke" <bburke(a)redhat.com <mailto:bburke@redhat.com> <mailto:bburke@redhat.com <mailto:bburke@redhat.com>> <mailto:bburke@redhat.com <mailto:bburke@redhat.com> <mailto:bburke@redhat.com <mailto:bburke@redhat.com>>>> wrote: Our testsuite uses PL SAML SP, not the filter though, and it works fine. I'd have to recreate the problem using the PL SAML SP filter. On 3/4/2015 8:04 AM, Chen Keong Yap wrote: Hi bill, Yup. I have configured the app in keycloak admin console. However i encountered 2 issues. First issue is that i was able to login to the app via pl sp filter but the login session cannot be seen in keycloak admin console Second issue is that global logout was not working and the landing page just did a self refresh. On Mar 4, 2015 8:55 PM, "Bill Burke" <bburke(a)redhat.com <mailto:bburke@redhat.com> <mailto:bburke@redhat.com <mailto:bburke@redhat.com>> <mailto:bburke@redhat.com <mailto:bburke@redhat.com> <mailto:bburke@redhat.com <mailto:bburke@redhat.com>>> <mailto:bburke@redhat.com <mailto:bburke@redhat.com> <mailto:bburke@redhat.com <mailto:bburke@redhat.com>> <mailto:bburke@redhat.com <mailto:bburke@redhat.com> <mailto:bburke@redhat.com <mailto:bburke@redhat.com>>>>> wrote: You can still use the PL Filter SP. Just configure the application in the admin console to use SAML. On 3/3/2015 11:36 PM, Chen Keong Yap wrote: Hi bill, the existing adapters cannot support jboss eap 5.0.2 and websphere 8.5 and we are not allowed to use keycloak proxy. can you suggest any other alternative similar to picketlink sp filter? On Tue, Mar 3, 2015 at 11:45 PM, Bill Burke <bburke(a)redhat.com <mailto:bburke@redhat.com> <mailto:bburke@redhat.com <mailto:bburke@redhat.com>> <mailto:bburke@redhat.com <mailto:bburke@redhat.com> <mailto:bburke@redhat.com <mailto:bburke@redhat.com>>> <mailto:bburke@redhat.com <mailto:bburke@redhat.com> <mailto:bburke@redhat.com <mailto:bburke@redhat.com>> <mailto:bburke@redhat.com <mailto:bburke@redhat.com> <mailto:bburke@redhat.com <mailto:bburke@redhat.com>>>> <mailto:bburke@redhat.com <mailto:bburke@redhat.com> <mailto:bburke@redhat.com <mailto:bburke@redhat.com>> <mailto:bburke@redhat.com <mailto:bburke@redhat.com> <mailto:bburke@redhat.com <mailto:bburke@redhat.com>>> <mailto:bburke@redhat.com <mailto:bburke@redhat.com> <mailto:bburke@redhat.com <mailto:bburke@redhat.com>> <mailto:bburke@redhat.com <mailto:bburke@redhat.com> <mailto:bburke@redhat.com <mailto:bburke@redhat.com>>>>>> wrote: There is no Keycloak SP filter. We have various adapters for different platforms that hook into servlet security to make integration seamless: Tomcat 6, 7, 8 Jetty 8, 9 EAP 6.x Wildfly Node.js Browser Javascript adapter. On 3/2/2015 10:22 PM, Chen Keong Yap wrote: > Hi, > > Please share some lights for implementing Keycloak sp filter which is > similar to picketlink sp filter. > > org.picketlink.identity.________federation.web.filters.________SPFilter > > > _______________________________________________________ > keycloak-user mailing list > keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org> <mailto:keycloak-user@lists.__jboss.org <mailto:keycloak-user@lists.jboss.org>> <mailto:keycloak-user@lists. <mailto:keycloak-user@lists.>____jboss.org <http://jboss.org> <mailto:keycloak-user@lists.__jboss.org <mailto:keycloak-user@lists.jboss.org>>> <mailto:keycloak-user@lists <mailto:keycloak-user@lists>. <mailto:keycloak-user@lists <mailto:keycloak-user@lists>.>______jboss.org <http://jboss.org> <http://jboss.org> <mailto:keycloak-user@lists. <mailto:keycloak-user@lists.>____jboss.org <http://jboss.org> <mailto:keycloak-user@lists.__jboss.org <mailto:keycloak-user@lists.jboss.org>>>> <mailto:keycloak-user@lists <mailto:keycloak-user@lists> <mailto:keycloak-user@lists <mailto:keycloak-user@lists>>. <mailto:keycloak-user@lists <mailto:keycloak-user@lists> <mailto:keycloak-user@lists <mailto:keycloak-user@lists>>.>________jboss.org <http://jboss.org> <http://jboss.org> <http://jboss.org> <mailto:keycloak-user@lists <mailto:keycloak-user@lists>. <mailto:keycloak-user@lists <mailto:keycloak-user@lists>.>______jboss.org <http://jboss.org> <http://jboss.org> <mailto:keycloak-user@lists. <mailto:keycloak-user@lists.>____jboss.org <http://jboss.org> <mailto:keycloak-user@lists.__jboss.org <mailto:keycloak-user@lists.jboss.org>>>>> > https://lists.jboss.org/________mailman/listinfo/keycloak-user <https://lists.jboss.org/______mailman/listinfo/keycloak-user> <https://lists.jboss.org/______mailman/listinfo/keycloak-user <https://lists.jboss.org/____mailman/listinfo/keycloak-user>__> <https://lists.jboss.org/______mailman/listinfo/keycloak-user <https://lists.jboss.org/____mailman/listinfo/keycloak-user> <https://lists.jboss.org/____mailman/listinfo/keycloak-user <https://lists.jboss.org/__mailman/listinfo/keycloak-user>__>__> <https://lists.jboss.org/______mailman/listinfo/keycloak-user <https://lists.jboss.org/____mailman/listinfo/keycloak-user> <https://lists.jboss.org/____mailman/listinfo/keycloak-user <https://lists.jboss.org/__mailman/listinfo/keycloak-user>__> <https://lists.jboss.org/____mailman/listinfo/keycloak-user <https://lists.jboss.org/__mailman/listinfo/keycloak-user> <https://lists.jboss.org/__mailman/listinfo/keycloak-user <https://lists.jboss.org/mailman/listinfo/keycloak-user>__>__>__> > -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com _______________________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org> <mailto:keycloak-user@lists.__jboss.org <mailto:keycloak-user@lists.jboss.org>> <mailto:keycloak-user@lists. <mailto:keycloak-user@lists.>____jboss.org <http://jboss.org> <mailto:keycloak-user@lists.__jboss.org <mailto:keycloak-user@lists.jboss.org>>> <mailto:keycloak-user@lists <mailto:keycloak-user@lists>. <mailto:keycloak-user@lists <mailto:keycloak-user@lists>.>______jboss.org <http://jboss.org> <http://jboss.org> <mailto:keycloak-user@lists. <mailto:keycloak-user@lists.>____jboss.org <http://jboss.org> <mailto:keycloak-user@lists.__jboss.org <mailto:keycloak-user@lists.jboss.org>>>> <mailto:keycloak-user@lists <mailto:keycloak-user@lists> <mailto:keycloak-user@lists <mailto:keycloak-user@lists>>. <mailto:keycloak-user@lists <mailto:keycloak-user@lists> <mailto:keycloak-user@lists <mailto:keycloak-user@lists>>.>________jboss.org <http://jboss.org> <http://jboss.org> <http://jboss.org> <mailto:keycloak-user@lists <mailto:keycloak-user@lists>. <mailto:keycloak-user@lists <mailto:keycloak-user@lists>.>______jboss.org <http://jboss.org> <http://jboss.org> <mailto:keycloak-user@lists. <mailto:keycloak-user@lists.>____jboss.org <http://jboss.org> <mailto:keycloak-user@lists.__jboss.org <mailto:keycloak-user@lists.jboss.org>>>>> https://lists.jboss.org/________mailman/listinfo/keycloak-user <https://lists.jboss.org/______mailman/listinfo/keycloak-user> <https://lists.jboss.org/______mailman/listinfo/keycloak-user <https://lists.jboss.org/____mailman/listinfo/keycloak-user>__> <https://lists.jboss.org/______mailman/listinfo/keycloak-user <https://lists.jboss.org/____mailman/listinfo/keycloak-user> <https://lists.jboss.org/____mailman/listinfo/keycloak-user <https://lists.jboss.org/__mailman/listinfo/keycloak-user>__>__> <https://lists.jboss.org/______mailman/listinfo/keycloak-user <https://lists.jboss.org/____mailman/listinfo/keycloak-user> <https://lists.jboss.org/____mailman/listinfo/keycloak-user <https://lists.jboss.org/__mailman/listinfo/keycloak-user>__> <https://lists.jboss.org/____mailman/listinfo/keycloak-user <https://lists.jboss.org/__mailman/listinfo/keycloak-user> <https://lists.jboss.org/__mailman/listinfo/keycloak-user <https://lists.jboss.org/mailman/listinfo/keycloak-user>__>__>__> -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com

-- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com

Reply

Chen Keong Yap

4:01 p.m.

Hi bill, Keycloack will be merged with picketlink as one product/module in eap 7? On Mar 10, 2015 7:44 PM, "Bill Burke" <bburke(a)redhat.com> wrote:

Plan is to productize about the same time as EAP7. On 3/10/2015 5:27 AM, Chen Keong Yap wrote: > hi bill, > > thanks for the update. btw, can you advise when redhat will put keycloak > into jboss eap roadmap? > > On Tue, Mar 10, 2015 at 2:02 AM, Bill Burke <bburke(a)redhat.com > <mailto:bburke@redhat.com>> wrote: > > I fixed some bugs around logout in 1.2, master git, but we're not > releasing this for a few weeks. I don't know if that is your > problem or not. I have not yet been able to take the time to > reproduce your problems on 1.1 yet. > > On 3/8/2015 9:53 PM, Chen Keong Yap wrote: > > hi bill, > > can you advise regarding the global sign out issue? > > On Thu, Mar 5, 2015 at 9:29 AM, Chen Keong Yap > <chenkeong.yap(a)izeno.com <mailto:chenkeong.yap@izeno.com> > <mailto:chenkeong.yap@izeno.__com > <mailto:chenkeong.yap@izeno.com>>> wrote: > > hi bill, > > Thanks for the solution given and it has resolved the first > issue > ( login to the app via pl sp filter but the login session > cannot be > seen in keycloak admin console) > > However now there are few more issues with single sign out. > > a) When i click on the global logout link > (http://localhost:8080/__employee/?GLO=true > <http://localhost:8080/employee/?GLO=true>), the page just did a > self > refresh and it's not redirected to keycloak login page. I > can see > the keycloak session was gone from the keycloak admin > console but > the sample employee session still there. > > b) When i click on the local logout link > (http://localhost:8080/__employee/?LLO=true > <http://localhost:8080/employee/?LLO=true>), the page just did a > self > refresh and it's not redirected to keycloak login page. I > can see > the keycloak session still in the keycloak admin console > but the > sample employee session still there. > > c) When i click on the logout link > (http://localhost:8080/__employee/logout.jsp > <http://localhost:8080/employee/logout.jsp>), the page just did a > self refresh and it's not redirected to keycloak login page. > I > noticed the keycloak session still in the keycloak admin > console but > the sample employee session still there. Just wondering do > i need to > implement session.invalidate() in the logout,jsp but how to > invalidate the keycloak session? > > > On Wed, Mar 4, 2015 at 11:12 PM, Bill Burke > <bburke(a)redhat.com <mailto:bburke@redhat.com> > <mailto:bburke@redhat.com <mailto:bburke@redhat.com>>> > wrote: > > Ok, I may have diagnosed the problem. Go to the admin > console. > Go to the definition of your application. Look at the > Admin > Url. Does it have a "/" at the end of the URL? If > not, add a > '/' at the end of this. > > i.e. > > http://somhere.com/app/ > > If that solves the issue, let me know and I'll explain > what is > going on. FYI, I ran into the same problem running the > SAML > example in the distro and this fixed the problem. > > > > > On 3/4/2015 9:07 AM, Chen Keong Yap wrote: > > Hi bill, > > If i understand from you correctly, > PL SAML SP and keycloak adapters are the same and > referring > to below items. > > Tomcat 6, 7, 8 > Jetty 8, 9 > EAP 6.x > Wildfly > Node.js > Browser Javascript adapter. > > So far i have tested PL SAML SP filter using the > following > libs and it > got the same 2 issues that was mentioned in the > previous email. > > Picketlink lib : Picketlink 2.70 cr2, picketlink > 2.5.3 > (commercial) > > keycloak lib : keycloak 1.1.0 final, keycloak 1.1.0 > beta 2 > > On Mar 4, 2015 9:44 PM, "Bill Burke" > <bburke(a)redhat.com <mailto:bburke@redhat.com> > <mailto:bburke@redhat.com <mailto:bburke@redhat.com > >> > <mailto:bburke@redhat.com > <mailto:bburke@redhat.com> <mailto:bburke@redhat.com > <mailto:bburke@redhat.com>>>> wrote: > > Our testsuite uses PL SAML SP, not the filter > though, > and it works > fine. I'd have to recreate the problem using > the PL > SAML SP filter. > > On 3/4/2015 8:04 AM, Chen Keong Yap wrote: > > Hi bill, > > Yup. I have configured the app in keycloak > admin > console. However i > encountered 2 issues. > > First issue is that i was able to login to > the app > via pl sp > filter but > the login session cannot be seen in > keycloak admin > console > > Second issue is that global logout was not > working > and the > landing page > just did a self refresh. > > On Mar 4, 2015 8:55 PM, "Bill Burke" > <bburke(a)redhat.com <mailto:bburke@redhat.com> > <mailto:bburke@redhat.com <mailto:bburke@redhat.com>> > <mailto:bburke@redhat.com > <mailto:bburke@redhat.com> <mailto:bburke@redhat.com > <mailto:bburke@redhat.com>>> > <mailto:bburke@redhat.com > <mailto:bburke@redhat.com> > <mailto:bburke@redhat.com > <mailto:bburke@redhat.com>> <mailto:bburke@redhat.com > <mailto:bburke@redhat.com> > <mailto:bburke@redhat.com > <mailto:bburke@redhat.com>>>>> wrote: > > You can still use the PL Filter SP. > Just > configure the > application > in the admin console to use SAML. > > On 3/3/2015 11:36 PM, Chen Keong Yap > wrote: > > Hi bill, > > the existing adapters cannot > support jboss > eap 5.0.2 and > websphere 8.5 > and we are not allowed to use > keycloak proxy. > > can you suggest any other > alternative > similar to > picketlink sp > filter? > > On Tue, Mar 3, 2015 at 11:45 PM, > Bill Burke > <bburke(a)redhat.com > <mailto:bburke@redhat.com> <mailto:bburke@redhat.com > <mailto:bburke@redhat.com>> > <mailto:bburke@redhat.com > <mailto:bburke@redhat.com> <mailto:bburke@redhat.com > <mailto:bburke@redhat.com>>> > <mailto:bburke@redhat.com > <mailto:bburke@redhat.com> > <mailto:bburke@redhat.com > <mailto:bburke@redhat.com>> <mailto:bburke@redhat.com > <mailto:bburke@redhat.com> > <mailto:bburke@redhat.com <mailto:bburke@redhat.com > >>>> > <mailto:bburke@redhat.com > <mailto:bburke@redhat.com> > <mailto:bburke@redhat.com > <mailto:bburke@redhat.com>> <mailto:bburke@redhat.com > <mailto:bburke@redhat.com> > <mailto:bburke@redhat.com <mailto:bburke@redhat.com > >>> > <mailto:bburke@redhat.com > <mailto:bburke@redhat.com> > <mailto:bburke@redhat.com > <mailto:bburke@redhat.com>> <mailto:bburke@redhat.com > <mailto:bburke@redhat.com> > <mailto:bburke@redhat.com > <mailto:bburke@redhat.com>>>>>> wrote: > > There is no Keycloak SP > filter. We > have various > adapters > for different > platforms that hook into > servlet > security to make > integration seamless: > > Tomcat 6, 7, 8 > Jetty 8, 9 > EAP 6.x > Wildfly > Node.js > Browser Javascript adapter. > > On 3/2/2015 10:22 PM, Chen > Keong Yap > wrote: > > Hi, > > > > Please share some lights > for > implementing > Keycloak sp > filter which is > > similar to picketlink sp > filter. > > > > > > > org.picketlink.identity.________federation.web.filters._____ > ___SPFilter > > > > > > > ______________________________ > _________________________ > > keycloak-user mailing list > > > keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists. > jboss.org> > <mailto:keycloak-user@lists.__jboss.org > <mailto:keycloak-user@lists.jboss.org>> > <mailto:keycloak-user@lists. > <mailto:keycloak-user@lists.>____jboss.org <http://jboss.org> > <mailto:keycloak-user@lists.__jboss.org > <mailto:keycloak-user@lists.jboss.org>>> > <mailto:keycloak-user@lists > <mailto:keycloak-user@lists>. > <mailto:keycloak-user@lists > <mailto:keycloak-user@lists>.>______jboss.org <http://jboss.org> > <http://jboss.org> > <mailto:keycloak-user@lists. > <mailto:keycloak-user@lists.>____jboss.org <http://jboss.org> > <mailto:keycloak-user@lists.__jboss.org > <mailto:keycloak-user@lists.jboss.org>>>> > <mailto:keycloak-user@lists > <mailto:keycloak-user@lists> > <mailto:keycloak-user@lists > <mailto:keycloak-user@lists>>. > <mailto:keycloak-user@lists > <mailto:keycloak-user@lists> > <mailto:keycloak-user@lists > <mailto:keycloak-user@lists>>.>________jboss.org < > http://jboss.org> > <http://jboss.org> <http://jboss.org> > <mailto:keycloak-user@lists > <mailto:keycloak-user@lists>. > <mailto:keycloak-user@lists > <mailto:keycloak-user@lists>.>______jboss.org <http://jboss.org> > <http://jboss.org> > <mailto:keycloak-user@lists. > <mailto:keycloak-user@lists.>____jboss.org <http://jboss.org> > <mailto:keycloak-user@lists.__jboss.org > <mailto:keycloak-user@lists.jboss.org>>>>> > > > https://lists.jboss.org/________mailman/listinfo/keycloak-user > <https://lists.jboss.org/______mailman/listinfo/keycloak-user> > > <https://lists.jboss.org/______mailman/listinfo/keycloak-user > <https://lists.jboss.org/____mailman/listinfo/keycloak-user>__> > > > <https://lists.jboss.org/______mailman/listinfo/keycloak-user > <https://lists.jboss.org/____mailman/listinfo/keycloak-user> > > <https://lists.jboss.org/____mailman/listinfo/keycloak-user > <https://lists.jboss.org/__mailman/listinfo/keycloak-user>__>__> > > > > <https://lists.jboss.org/______mailman/listinfo/keycloak-user > <https://lists.jboss.org/____mailman/listinfo/keycloak-user> > > <https://lists.jboss.org/____mailman/listinfo/keycloak-user > <https://lists.jboss.org/__mailman/listinfo/keycloak-user>__> > > > <https://lists.jboss.org/____mailman/listinfo/keycloak-user > <https://lists.jboss.org/__mailman/listinfo/keycloak-user> > > <https://lists.jboss.org/__mailman/listinfo/keycloak-user > <https://lists.jboss.org/mailman/listinfo/keycloak-user>__>__>__> > > > > -- > Bill Burke > JBoss, a division of Red Hat > http://bill.burkecentral.com > > ______________________________ > _________________________ > keycloak-user mailing list > keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists. > jboss.org> > <mailto:keycloak-user@lists.__jboss.org > <mailto:keycloak-user@lists.jboss.org>> > <mailto:keycloak-user@lists. > <mailto:keycloak-user@lists.>____jboss.org <http://jboss.org> > <mailto:keycloak-user@lists.__jboss.org > <mailto:keycloak-user@lists.jboss.org>>> > <mailto:keycloak-user@lists > <mailto:keycloak-user@lists>. > <mailto:keycloak-user@lists > <mailto:keycloak-user@lists>.>______jboss.org <http://jboss.org> > <http://jboss.org> > <mailto:keycloak-user@lists. > <mailto:keycloak-user@lists.>____jboss.org <http://jboss.org> > <mailto:keycloak-user@lists.__jboss.org > <mailto:keycloak-user@lists.jboss.org>>>> > <mailto:keycloak-user@lists > <mailto:keycloak-user@lists> > <mailto:keycloak-user@lists > <mailto:keycloak-user@lists>>. > <mailto:keycloak-user@lists > <mailto:keycloak-user@lists> > <mailto:keycloak-user@lists > <mailto:keycloak-user@lists>>.>________jboss.org < > http://jboss.org> > <http://jboss.org> <http://jboss.org> > <mailto:keycloak-user@lists > <mailto:keycloak-user@lists>. > <mailto:keycloak-user@lists > <mailto:keycloak-user@lists>.>______jboss.org <http://jboss.org> > <http://jboss.org> > <mailto:keycloak-user@lists. > <mailto:keycloak-user@lists.>____jboss.org <http://jboss.org> > <mailto:keycloak-user@lists.__jboss.org > <mailto:keycloak-user@lists.jboss.org>>>>> > https://lists.jboss.org/________mailman/listinfo/keycloak-user > <https://lists.jboss.org/______mailman/listinfo/keycloak-user> > > <https://lists.jboss.org/______mailman/listinfo/keycloak-user > <https://lists.jboss.org/____mailman/listinfo/keycloak-user>__> > > > <https://lists.jboss.org/______mailman/listinfo/keycloak-user > <https://lists.jboss.org/____mailman/listinfo/keycloak-user> > > <https://lists.jboss.org/____mailman/listinfo/keycloak-user > <https://lists.jboss.org/__mailman/listinfo/keycloak-user>__>__> > > > > <https://lists.jboss.org/______mailman/listinfo/keycloak-user > <https://lists.jboss.org/____mailman/listinfo/keycloak-user> > > <https://lists.jboss.org/____mailman/listinfo/keycloak-user > <https://lists.jboss.org/__mailman/listinfo/keycloak-user>__> > > > <https://lists.jboss.org/____mailman/listinfo/keycloak-user > <https://lists.jboss.org/__mailman/listinfo/keycloak-user> > > <https://lists.jboss.org/__mailman/listinfo/keycloak-user > <https://lists.jboss.org/mailman/listinfo/keycloak-user>__>__>__> > > > > > > > > > -- > Bill Burke > JBoss, a division of Red Hat > http://bill.burkecentral.com > > > -- > Bill Burke > JBoss, a division of Red Hat > http://bill.burkecentral.com > > > -- > Bill Burke > JBoss, a division of Red Hat > http://bill.burkecentral.com > > > > -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com

Reply

Chen Keong Yap

Saturday, 28 March Sat, 28 Mar

9:08 p.m.

Hi bill, Please advise when the patch for logout will be released? Can you share what is with the logout? On Mar 10, 2015 2:02 AM, "Bill Burke" <bburke(a)redhat.com> wrote:

I fixed some bugs around logout in 1.2, master git, but we're not releasing this for a few weeks. I don't know if that is your problem or not. I have not yet been able to take the time to reproduce your problems on 1.1 yet. On 3/8/2015 9:53 PM, Chen Keong Yap wrote: > hi bill, > > can you advise regarding the global sign out issue? > > On Thu, Mar 5, 2015 at 9:29 AM, Chen Keong Yap <chenkeong.yap(a)izeno.com > <mailto:chenkeong.yap@izeno.com>> wrote: > > hi bill, > > Thanks for the solution given and it has resolved the first issue > ( login to the app via pl sp filter but the login session cannot be > seen in keycloak admin console) > > However now there are few more issues with single sign out. > > a) When i click on the global logout link > (http://localhost:8080/employee/?GLO=true), the page just did a self > refresh and it's not redirected to keycloak login page. I can see > the keycloak session was gone from the keycloak admin console but > the sample employee session still there. > > b) When i click on the local logout link > (http://localhost:8080/employee/?LLO=true), the page just did a self > refresh and it's not redirected to keycloak login page. I can see > the keycloak session still in the keycloak admin console but the > sample employee session still there. > > c) When i click on the logout link > (http://localhost:8080/employee/logout.jsp), the page just did a > self refresh and it's not redirected to keycloak login page. I > noticed the keycloak session still in the keycloak admin console but > the sample employee session still there. Just wondering do i need to > implement session.invalidate() in the logout,jsp but how to > invalidate the keycloak session? > > > On Wed, Mar 4, 2015 at 11:12 PM, Bill Burke <bburke(a)redhat.com > <mailto:bburke@redhat.com>> wrote: > > Ok, I may have diagnosed the problem. Go to the admin console. > Go to the definition of your application. Look at the Admin > Url. Does it have a "/" at the end of the URL? If not, add a > '/' at the end of this. > > i.e. > > http://somhere.com/app/ > > If that solves the issue, let me know and I'll explain what is > going on. FYI, I ran into the same problem running the SAML > example in the distro and this fixed the problem. > > > > > On 3/4/2015 9:07 AM, Chen Keong Yap wrote: > > Hi bill, > > If i understand from you correctly, > PL SAML SP and keycloak adapters are the same and referring > to below items. > > Tomcat 6, 7, 8 > Jetty 8, 9 > EAP 6.x > Wildfly > Node.js > Browser Javascript adapter. > > So far i have tested PL SAML SP filter using the following > libs and it > got the same 2 issues that was mentioned in the previous > email. > > Picketlink lib : Picketlink 2.70 cr2, picketlink 2.5.3 > (commercial) > > keycloak lib : keycloak 1.1.0 final, keycloak 1.1.0 beta 2 > > On Mar 4, 2015 9:44 PM, "Bill Burke" <bburke(a)redhat.com > <mailto:bburke@redhat.com> > <mailto:bburke@redhat.com <mailto:bburke@redhat.com>>> wrote: > > Our testsuite uses PL SAML SP, not the filter though, > and it works > fine. I'd have to recreate the problem using the PL > SAML SP filter. > > On 3/4/2015 8:04 AM, Chen Keong Yap wrote: > > Hi bill, > > Yup. I have configured the app in keycloak admin > console. However i > encountered 2 issues. > > First issue is that i was able to login to the app > via pl sp > filter but > the login session cannot be seen in keycloak admin > console > > Second issue is that global logout was not working > and the > landing page > just did a self refresh. > > On Mar 4, 2015 8:55 PM, "Bill Burke" > <bburke(a)redhat.com <mailto:bburke@redhat.com> > <mailto:bburke@redhat.com <mailto:bburke@redhat.com > >> > <mailto:bburke@redhat.com > <mailto:bburke@redhat.com> <mailto:bburke@redhat.com > <mailto:bburke@redhat.com>>>> wrote: > > You can still use the PL Filter SP. Just > configure the > application > in the admin console to use SAML. > > On 3/3/2015 11:36 PM, Chen Keong Yap wrote: > > Hi bill, > > the existing adapters cannot support jboss > eap 5.0.2 and > websphere 8.5 > and we are not allowed to use keycloak > proxy. > > can you suggest any other alternative > similar to > picketlink sp > filter? > > On Tue, Mar 3, 2015 at 11:45 PM, Bill Burke > <bburke(a)redhat.com <mailto:bburke@redhat.com> > <mailto:bburke@redhat.com <mailto:bburke@redhat.com>> > <mailto:bburke@redhat.com > <mailto:bburke@redhat.com> <mailto:bburke@redhat.com > <mailto:bburke@redhat.com>>> > <mailto:bburke@redhat.com > <mailto:bburke@redhat.com> <mailto:bburke@redhat.com > <mailto:bburke@redhat.com>> > <mailto:bburke@redhat.com > <mailto:bburke@redhat.com> <mailto:bburke@redhat.com > <mailto:bburke@redhat.com>>>>> wrote: > > There is no Keycloak SP filter. We > have various > adapters > for different > platforms that hook into servlet > security to make > integration seamless: > > Tomcat 6, 7, 8 > Jetty 8, 9 > EAP 6.x > Wildfly > Node.js > Browser Javascript adapter. > > On 3/2/2015 10:22 PM, Chen Keong Yap > wrote: > > Hi, > > > > Please share some lights for > implementing > Keycloak sp > filter which is > > similar to picketlink sp filter. > > > > > > org.picketlink.identity.______federation.web.filters.______ > SPFilter > > > > > > > _____________________________________________________ > > keycloak-user mailing list > > keycloak-user(a)lists.jboss.org > <mailto:keycloak-user@lists.jboss.org> > <mailto:keycloak-user@lists.__jboss.org > <mailto:keycloak-user@lists.jboss.org>> > <mailto:keycloak-user@lists. > <mailto:keycloak-user@lists.>____jboss.org <http://jboss.org> > <mailto:keycloak-user@lists.__jboss.org > <mailto:keycloak-user@lists.jboss.org>>> > <mailto:keycloak-user@lists > <mailto:keycloak-user@lists>. > <mailto:keycloak-user@lists > <mailto:keycloak-user@lists>.>______jboss.org > <http://jboss.org> <http://jboss.org> > <mailto:keycloak-user@lists. > <mailto:keycloak-user@lists.>____jboss.org <http://jboss.org> > <mailto:keycloak-user@lists.__jboss.org > <mailto:keycloak-user@lists.jboss.org>>>> > > > https://lists.jboss.org/______mailman/listinfo/keycloak-user > <https://lists.jboss.org/____mailman/listinfo/keycloak-user> > > <https://lists.jboss.org/____mailman/listinfo/keycloak-user > <https://lists.jboss.org/__mailman/listinfo/keycloak-user>__> > > > <https://lists.jboss.org/____mailman/listinfo/keycloak-user > <https://lists.jboss.org/__mailman/listinfo/keycloak-user> > > <https://lists.jboss.org/__mailman/listinfo/keycloak-user > <https://lists.jboss.org/mailman/listinfo/keycloak-user > >__>__> > > > > -- > Bill Burke > JBoss, a division of Red Hat > http://bill.burkecentral.com > > _____________________________________________________ > keycloak-user mailing list > keycloak-user(a)lists.jboss.org > <mailto:keycloak-user@lists.jboss.org> > <mailto:keycloak-user@lists.__jboss.org > <mailto:keycloak-user@lists.jboss.org>> > <mailto:keycloak-user@lists. > <mailto:keycloak-user@lists.>____jboss.org <http://jboss.org> > <mailto:keycloak-user@lists.__jboss.org > <mailto:keycloak-user@lists.jboss.org>>> > <mailto:keycloak-user@lists > <mailto:keycloak-user@lists>. > <mailto:keycloak-user@lists > <mailto:keycloak-user@lists>.>______jboss.org > <http://jboss.org> <http://jboss.org> > <mailto:keycloak-user@lists. > <mailto:keycloak-user@lists.>____jboss.org <http://jboss.org> > <mailto:keycloak-user@lists.__jboss.org > <mailto:keycloak-user@lists.jboss.org>>>> > https://lists.jboss.org/______mailman/listinfo/keycloak-user > <https://lists.jboss.org/____mailman/listinfo/keycloak-user> > > <https://lists.jboss.org/____mailman/listinfo/keycloak-user > <https://lists.jboss.org/__mailman/listinfo/keycloak-user>__> > > > <https://lists.jboss.org/____mailman/listinfo/keycloak-user > <https://lists.jboss.org/__mailman/listinfo/keycloak-user> > > <https://lists.jboss.org/__mailman/listinfo/keycloak-user > <https://lists.jboss.org/mailman/listinfo/keycloak-user > >__>__> > > > > > > > > -- > Bill Burke > JBoss, a division of Red Hat > http://bill.burkecentral.com > > > -- > Bill Burke > JBoss, a division of Red Hat > http://bill.burkecentral.com > > > -- > Bill Burke > JBoss, a division of Red Hat > http://bill.burkecentral.com > > > > > > > > > > -- > Best Regards, > > CK Yap > Technology Consultant > > Tel: +65 6100 2788 > Fax:+65 6233 9376 > > iZeno Pte Ltd > 72 Bendemeer Road > Luzerne #05-28 > Singapore 339941 > > > This communication contains information which may be confidential or > privileged. The information is intended solely for the use of the > individual or entity named above. If you are not the intended > recipient,be aware that any disclosure, copying, distribution or use of > the contents of this information is prohibited.If you have received this > communication in error, please notify me by telephone immediately. > > -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com

Reply

3573

days inactive

3599

days old

keycloak-user@lists.jboss.org

Manage subscription

15 comments

2 participants

tags (0)

participants (2)

Bill Burke
Chen Keong Yap