Re: [keycloak-user] CORS error in Keycloak Admin REST API - Unable to create realms from React JS app
8:55 a.m.
Team,
Can someone please reply to my question ?
I am stuck with this issue for more than a week now.
Please help me with this.
Thank you!
On Fri, 15 Nov 2019, 7:12 pm , <keycloak-user-request(a)lists.jboss.org>
wrote:
Send keycloak-user mailing list submissions to
keycloak-user(a)lists.jboss.org
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.jboss.org/mailman/listinfo/keycloak-user
or, via email, send a message with subject or body 'help' to
keycloak-user-request(a)lists.jboss.org
You can reach the person managing the list at
keycloak-user-owner(a)lists.jboss.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of keycloak-user digest..."
Today's Topics:
1. Re: JBoss_Keycloak_"404 - Not Found" (Sushil Singh)
2. Re: Fw: Associating a REST api end point to multiple
resources in Keycloak in Policy Enforcer (Vishnu Prakash)
3. CORS error in Keycloak Admin REST API - Unable to create
realms from React JS app (Vinay Matam)
4. Re: [UMA] Access a protected resource by using a link
(Pedro Igor Silva)
5. Re: JBoss_Keycloak_"404 - Not Found" (Naga Vijay)
----------------------------------------------------------------------
Message: 1
Date: Fri, 15 Nov 2019 10:08:37 +0000
From: Sushil Singh <sushil.singh(a)guavus.com>
Subject: Re: [keycloak-user] JBoss_Keycloak_"404 - Not Found"
To: Naga Vijay <nagausb2(a)gmail.com>, "keycloak-user(a)lists.jboss.org"
<keycloak-user(a)lists.jboss.org>, "keycloak-dev(a)lists.jboss.org"
<keycloak-dev(a)lists.jboss.org>
Message-ID:
<
HK2PR04MB38253C1ED2860727D495BEC8FB700(a)HK2PR04MB3825.apcprd04.prod.outlook.com
>
Content-Type: text/plain; charset="us-ascii"
I think , you might be countering an error while the war is deployed that
is why it is giving 404
You should identify the server logs first to identify what is failing
Thanks
Sushil
________________________________
From: keycloak-user-bounces(a)lists.jboss.org <
keycloak-user-bounces(a)lists.jboss.org> on behalf of Naga Vijay <
nagausb2(a)gmail.com>
Sent: 13 November 2019 20:22
To: keycloak-user(a)lists.jboss.org <keycloak-user(a)lists.jboss.org>;
keycloak-dev(a)lists.jboss.org <keycloak-dev(a)lists.jboss.org>
Subject: Re: [keycloak-user] JBoss_Keycloak_"404 - Not Found"
As I haven't heard back from anyone, I have logged this -
https://issues.jboss.org/browse/KEYCLOAK-12036
Thanks
Naga
On Wed, Nov 13, 2019 at 5:43 AM Naga Vijay <nagausb2(a)gmail.com> wrote:
>
> Hello,
>
> Did anyone get a chance to look into this? I am wondering whether I am
> facing a bug. Keycloak realm, user, client definition are all in place.
And
> the adapter has been installed into JBoss EAP instance. Here's web.xml in
> the hello.war ...
>
> <web-app xmlns="http://java.sun.com/xml/ns/javaee"
>
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>
> xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
> http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
>
> version="3.0">
>
>
>
> <module-name>basicauth</module-name>
>
>
>
> <security-constraint>
>
> <web-resource-collection>
>
> <url-pattern>/*</url-pattern>
>
> </web-resource-collection>
>
> <auth-constraint>
>
> <role-name>*</role-name>
>
> </auth-constraint>
>
> </security-constraint>
>
>
>
> <login-config>
>
> <auth-method>KEYCLOAK</auth-method>
>
> <realm-name>MyRealm</realm-name>
>
> </login-config>
>
>
>
> <security-role>
>
> <role-name>*</role-name>
>
> </security-role>
> </web-app>
>
> And here's keycloak.json alongside web.xml ...
>
> {
>
> "realm": "MyRealm",
>
> "auth-server-url": "http://localhost:8180/auth",
>
> "ssl-required": "external",
>
> "resource": "dkc",
>
> "public-client": true,
>
> "confidential-port": 0,
>
> "enable-cors" : true
> }
>
> http://localhost:8080/hello gives "404 - Not Found" instead of showing
> keycloak login page.
>
> What am I missing?
>
> Thanks
> Naga
>
> On Tue, Nov 12, 2019 at 9:24 PM Naga Vijay <nagausb2(a)gmail.com> wrote:
>
>>
>> (+) keycloak-dev
>>
>> On Tue, Nov 12, 2019 at 7:56 PM Naga Vijay <nagausb2(a)gmail.com> wrote:
>>
>>>
>>> Hello,
>>>
>>> Can someone help me with this?
>>>
>>> ==============
>>> Environment -
>>> ==============
>>>
>>> 1. OS - Mac OS X
>>> 2. JBoss EAP 7.1
>>>
>>> 3. Keycloak 7.0.1
>>>
>>> ==============
>>> Issue -
>>> ==============
>>>
>>> . Getting "404 - Not Found" for a simple hello.war (with KEYCLOAK
as
the
>>> auth-method in its web.xml) when accessing http://localhost:8080/hello
>>>
>>> ==============
>>> Attachments -
>>> ==============
>>>
>>> 1. kc.json - export dump of keycloak database/configuration
>>> 2. hello.war - the simple war tested with
>>>
>>> Let me know if you need any other info.
>>>
>>> Thanks
>>>
>>> Naga
>>>
>>>
>>>
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
------------------------------
Message: 2
Date: Fri, 15 Nov 2019 16:01:14 +0530
From: Vishnu Prakash <vishnuprakash323(a)gmail.com>
Subject: Re: [keycloak-user] Fw: Associating a REST api end point to
multiple resources in Keycloak in Policy Enforcer
To: Sushil Singh <sushil.singh(a)guavus.com>
Cc: "keycloak-user(a)lists.jboss.org" <keycloak-user(a)lists.jboss.org>
Message-ID:
<
CAPLmjegvQ2h1FdKDBtj1bP_TiH17cjPXxvVozMsZw9Q9WxnDgw(a)mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
Dear Sushil,
Thank you for your valuable response.
Vishnu Prakash
On Fri, Nov 15, 2019 at 3:19 PM Sushil Singh <sushil.singh(a)guavus.com>
wrote:
>
>
> ________________________________
> From: Sushil Singh <sushil.singh(a)guavus.com>
> Sent: 15 November 2019 15:14
> To: Vishnu Prakash <vishnuprakash323(a)gmail.com>; Pedro Igor Silva <
> psilva(a)redhat.com>; Stian Thorgersen <sthorger(a)redhat.com>
> Subject: Re: [keycloak-user] Associating a REST api end point to multiple
> resources in Keycloak in Policy Enforcer
>
> Hi,
>
> I think the use case is similar to what I am proposing
>
> @Vishnu Prakash<mailto:vishnuprakash323@gmail.com>
>
> I have also proposed to impose custom policy-enforcement on a set of
> resources.
>
> https://github.com/keycloak/keycloak/pull/6448
> [
>
https://repository-images.githubusercontent.com/11125589/bd31cf00-70f4-11...
> ]<https://github.com/keycloak/keycloak/pull/6448>
> KEYCLOAK-11300 : Creating CustomEnforcer functionality for spring
adapters
> by sushil-singh-guavus ? Pull Request #6448 ? keycloak/keycloak<
> https://github.com/keycloak/keycloak/pull/6448>
> KEYCLOAK-11300 : Creating CustomEnforcer functionality for spring
adapters
> https://issues.jboss.org/browse/KEYCLOAK-11300
> github.com <https://issues.jboss.org/browse/KEYCLOAK-11300github.com>
>
>
> Where user can specify a Map<Resource, Set<scopes>> and it will
evaluate
> to a positive result only if it satisfies permission for all resources in
> the Map
>
> Currently I don't think this functionality is available in keycloak
>
> Thanks,
>
> Sushil
> ________________________________
> From: keycloak-user-bounces(a)lists.jboss.org <
> keycloak-user-bounces(a)lists.jboss.org> on behalf of Vishnu Prakash <
> vishnuprakash323(a)gmail.com>
> Sent: 15 November 2019 10:01
> To: keycloak-user <keycloak-user(a)lists.jboss.org>
> Subject: [keycloak-user] Associating a REST api end point to multiple
> resources in Keycloak in Policy Enforcer
>
> Hi,
> I want to protect my REST api's using Keycloak. I am deploying my
> application in Wildfly application server and using keyclaok wildfly
> adapters.
> Is it possible to associate a REST api end point to multiple resources in
> keycloak using the Policy Enforcer. If the user is having permission to
> access all the associated resources, then only access should be granted
to
> the api.
>
> Any input will be a great help to me.
>
> Thanks & Regards,
> Vishnu Prakash
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
------------------------------
Message: 3
Date: Fri, 15 Nov 2019 18:12:11 +0530
From: Vinay Matam <vinay(a)dailykit.org>
Subject: [keycloak-user] CORS error in Keycloak Admin REST API -
Unable to create realms from React JS app
To: keycloak-user(a)lists.jboss.org
Message-ID:
<CADNoEv8cyfuaHMg=RLqSvzm=9_HGPUg=
mNCwpHBD_sRDFN2sHQ(a)mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
Hi,
I need help with a situation.
We are trying to create new realms in Keycloak dynamically from a ReactJS
based application with the help of the Keycloak Admin Rest API. Here's what
we have done so far:
Created a client in the master realm, "realm-creator", type = confidential,
Service Accounts Enabled = true, Scope = admin & create-realm selected,
Service Account Roles = create-realm.
I then fetch an access token of the above client using the grant_type =
client_credentials, Authorization = BASIC and using the client id and
client secret as username and password. I am successfully getting the
access token.
Now, as a next step, I am using this access token to create new realms by
calling the Admin REST API endpoint to create new realm,
https://<keycloakserver>/auth/admin/realms
Authorization: Bearer <accesstoken> // Access token generated from the
above step using "realm-creator" client
and sending the JSON body representation of the realm representation.
Now, everything is working fine as expected when I test this from postman.
Realm is getting created successfully.
But when I try to implement this from a ReactJS app, I am getting a CORS
error.
For clients, we have an option of "Web Origins" and we can configure a
"*"
or the URL we want, to solve the CORS issue. But here the client
"realm-creator" does not have "Standard Flow" Enabled and I am not
seeing
the option of "WebOrigins".
Where should I configure the CORS setting for the Keycloak Admin REST API
to avoid CORS error ?
Please help.
Thank you!
------------------------------
Message: 4
Date: Fri, 15 Nov 2019 09:44:03 -0300
From: Pedro Igor Silva <psilva(a)redhat.com>
Subject: Re: [keycloak-user] [UMA] Access a protected resource by
using a link
To: Fernando Mayoral <fernando.mayoral(a)practiv.com>
Cc: keycloak-user <keycloak-user(a)lists.jboss.org>
Message-ID:
<CAJrcDBdLQeqP=
r7-PgpJ06DQB5Y4xwk1y1qmxyUq-nn4jnbVXA(a)mail.gmail.com>
Content-Type: text/plain; charset=UTF-8
What type of application we are talking about? A single monolithic or
separated apps for frontend and backend ? Asking because you could just
resume the workflow after the user authenticate again and is redirected
back to your app ...
AFAIK, there is nothing you could use OOTB but maybe implementing some
custom authenticator. Even with a custom authenticator, the fact that you
are automatically re-authenticating the user based on some form of code
sent to an email may be risky ...
On Thu, Nov 14, 2019 at 6:37 PM Fernando Mayoral <
fernando.mayoral(a)practiv.com> wrote:
> Yes, they leave the application and their keycloak session expires.
> So then we want to send them a link for them to get a new session with
> their user and get redirected to the order they didn't complete.
> For example, a product is a bank account application:
> They start filling the forms and early on they are asked for email.
> But they never finish and submit the form, or maybe they leave the tab
> open and forget so the session expires, so we send them an email to
remind
> them with a link to get authenticated and redirected back to an arbitrary
> url.
>
> On Fri, Nov 15, 2019 at 2:47 AM Pedro Igor Silva <psilva(a)redhat.com>
> wrote:
>
>> Hi,
>>
>> When the user "drops" from the system you mean a logout (ending the
user
>> session in Keycloak) ?
>>
>> On Thu, Nov 14, 2019 at 1:53 AM Fernando Mayoral <
>> fernando.mayoral(a)practiv.com> wrote:
>>
>>> Hello!
>>>
>>> We have a product on which we create a protected resource (called
orders)
>>> in keycloak and we secure access to it by using a UMA as described by
uma
>>> authorization process
>>> <
>>>
https://www.keycloak.org/docs/7.0/authorization_services/#_service_uma_au...
>>> >
>>> .
>>>
>>> When the user drops from the system before they submit their order
(i.e.
>>> the order is incomplete) we want to be able to send them an email with
a
>>> link to the user so they?ll be able to get automatically authenticated
>>> and
>>> authorized so they can continue working on this protected resource.
>>>
>>> Does keycloak provide this kind of functionality out of the box?
>>> (i.e. given a link with some sort of long-lived token, get
authenticated
>>> with keycloak and redirected to some arbitrary url)
>>> Is there any recommended way to approach this?
>>>
>>> any hints would be greatly appreciated.
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user(a)lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>>
------------------------------
Message: 5
Date: Fri, 15 Nov 2019 05:40:13 -0800
From: Naga Vijay <nagausb2(a)gmail.com>
Subject: Re: [keycloak-user] JBoss_Keycloak_"404 - Not Found"
To: Sushil Singh <sushil.singh(a)guavus.com>
Cc: "keycloak-dev(a)lists.jboss.org" <keycloak-dev(a)lists.jboss.org>,
"keycloak-user(a)lists.jboss.org" <keycloak-user(a)lists.jboss.org>
Message-ID:
<
CAGdFQvwHpHjaUYb-bneHx1gW7LJA3MTQTNg6QLm1tKERfdNKDw(a)mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
The hello.war is properly deployed. I see the hello.war.deployed file in
standalone/deployments.
Thanks
Naga
On Fri, Nov 15, 2019 at 2:08 AM Sushil Singh <sushil.singh(a)guavus.com>
wrote:
> I think , you might be countering an error while the war is deployed that
> is why it is giving 404
>
> You should identify the server logs first to identify what is failing
>
> Thanks
>
> Sushil
>
> ------------------------------
> *From:* keycloak-user-bounces(a)lists.jboss.org <
> keycloak-user-bounces(a)lists.jboss.org> on behalf of Naga Vijay <
> nagausb2(a)gmail.com>
> *Sent:* 13 November 2019 20:22
> *To:* keycloak-user(a)lists.jboss.org <keycloak-user(a)lists.jboss.org>;
> keycloak-dev(a)lists.jboss.org <keycloak-dev(a)lists.jboss.org>
> *Subject:* Re: [keycloak-user] JBoss_Keycloak_"404 - Not Found"
>
> As I haven't heard back from anyone, I have logged this -
> https://issues.jboss.org/browse/KEYCLOAK-12036
>
> Thanks
> Naga
>
> On Wed, Nov 13, 2019 at 5:43 AM Naga Vijay <nagausb2(a)gmail.com> wrote:
>
> >
> > Hello,
> >
> > Did anyone get a chance to look into this? I am wondering whether I am
> > facing a bug. Keycloak realm, user, client definition are all in place.
> And
> > the adapter has been installed into JBoss EAP instance. Here's web.xml
in
> > the hello.war ...
> >
> > <web-app xmlns="http://java.sun.com/xml/ns/javaee"
> >
> > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> >
> > xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
> > http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
> >
> > version="3.0">
> >
> >
> >
> > <module-name>basicauth</module-name>
> >
> >
> >
> > <security-constraint>
> >
> > <web-resource-collection>
> >
> > <url-pattern>/*</url-pattern>
> >
> > </web-resource-collection>
> >
> > <auth-constraint>
> >
> > <role-name>*</role-name>
> >
> > </auth-constraint>
> >
> > </security-constraint>
> >
> >
> >
> > <login-config>
> >
> > <auth-method>KEYCLOAK</auth-method>
> >
> > <realm-name>MyRealm</realm-name>
> >
> > </login-config>
> >
> >
> >
> > <security-role>
> >
> > <role-name>*</role-name>
> >
> > </security-role>
> > </web-app>
> >
> > And here's keycloak.json alongside web.xml ...
> >
> > {
> >
> > "realm": "MyRealm",
> >
> > "auth-server-url": "http://localhost:8180/auth",
> >
> > "ssl-required": "external",
> >
> > "resource": "dkc",
> >
> > "public-client": true,
> >
> > "confidential-port": 0,
> >
> > "enable-cors" : true
> > }
> >
> > http://localhost:8080/hello gives "404 - Not Found" instead of
showing
> > keycloak login page.
> >
> > What am I missing?
> >
> > Thanks
> > Naga
> >
> > On Tue, Nov 12, 2019 at 9:24 PM Naga Vijay <nagausb2(a)gmail.com> wrote:
> >
> >>
> >> (+) keycloak-dev
> >>
> >> On Tue, Nov 12, 2019 at 7:56 PM Naga Vijay <nagausb2(a)gmail.com>
wrote:
> >>
> >>>
> >>> Hello,
> >>>
> >>> Can someone help me with this?
> >>>
> >>> ==============
> >>> Environment -
> >>> ==============
> >>>
> >>> 1. OS - Mac OS X
> >>> 2. JBoss EAP 7.1
> >>>
> >>> 3. Keycloak 7.0.1
> >>>
> >>> ==============
> >>> Issue -
> >>> ==============
> >>>
> >>> . Getting "404 - Not Found" for a simple hello.war (with
KEYCLOAK as
> the
> >>> auth-method in its web.xml) when accessing
http://localhost:8080/hello
> >>>
> >>> ==============
> >>> Attachments -
> >>> ==============
> >>>
> >>> 1. kc.json - export dump of keycloak database/configuration
> >>> 2. hello.war - the simple war tested with
> >>>
> >>> Let me know if you need any other info.
> >>>
> >>> Thanks
> >>>
> >>> Naga
> >>>
> >>>
> >>>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
------------------------------
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
End of keycloak-user Digest, Vol 71, Issue 24
*********************************************
1865
days inactive
1865
days old
0 comments
1 participants
participants (1)
-
Vinay Matam