[keycloak-dev] Are we all set?
Bill Burke
bburke at redhat.com
Wed Sep 10 09:37:27 EDT 2014
I'll handle the logging stuff if Marek hasn't gotten to it yet. Thanks
for doing all the issues reported by Marek last night.
i'll run my last tests using IE and EAP 6.3 to make sure we're good on
those platforms.
On 9/10/2014 9:28 AM, Stian Thorgersen wrote:
> There's no Safari issue after all! So we're good to go.
>
> ----- Original Message -----
>> From: "Bill Burke" <bburke at redhat.com>
>> To: "Stian Thorgersen" <stian at redhat.com>
>> Cc: keycloak-dev at lists.jboss.org
>> Sent: Wednesday, 10 September, 2014 3:03:12 PM
>> Subject: Re: [keycloak-dev] Are we all set?
>>
>> I'm charging up my macbook. I'll look into it.
>>
>> On 9/10/2014 8:49 AM, Stian Thorgersen wrote:
>>> Apparently login with keycloak.js doesn't work on Safari
>>> (https://issues.jboss.org/browse/KEYCLOAK-675). We need to fix this before
>>> releasing :/
>>>
>>> ----- Original Message -----
>>>> From: "Stian Thorgersen" <stian at redhat.com>
>>>> To: "Bill Burke" <bburke at redhat.com>
>>>> Cc: keycloak-dev at lists.jboss.org
>>>> Sent: Wednesday, 10 September, 2014 2:11:34 PM
>>>> Subject: Re: [keycloak-dev] Are we all set?
>>>>
>>>> We also need to reduce info level log output from adapters. I did this for
>>>> the server for rc-2, but completely forgot about adapters. Marek is
>>>> already
>>>> working on this, and I guess it shouldn't take very long.
>>>>
>>>> ----- Original Message -----
>>>>> From: "Stian Thorgersen" <stian at redhat.com>
>>>>> To: "Bill Burke" <bburke at redhat.com>
>>>>> Cc: keycloak-dev at lists.jboss.org
>>>>> Sent: Wednesday, 10 September, 2014 10:37:15 AM
>>>>> Subject: Re: [keycloak-dev] Are we all set?
>>>>>
>>>>>
>>>>>
>>>>> ----- Original Message -----
>>>>>> From: "Bill Burke" <bburke at redhat.com>
>>>>>> To: "Marek Posolda" <mposolda at redhat.com>, "Stian Thorgersen"
>>>>>> <stian at redhat.com>
>>>>>> Cc: keycloak-dev at lists.jboss.org
>>>>>> Sent: Wednesday, 10 September, 2014 3:09:20 AM
>>>>>> Subject: Re: [keycloak-dev] Are we all set?
>>>>>>
>>>>>>
>>>>>>
>>>>>> On 9/9/2014 5:47 PM, Marek Posolda wrote:
>>>>>>> Hi,
>>>>>>>
>>>>>>> I am sorry to not help more with the release as I needed to work
>>>>>>> especially on some portal related stuff last weeks (hopefully it's gone
>>>>>>> now)...
>>>>>>>
>>>>>>> Found couple of things:
>>>>>>> * AccountService is actually broken for me in Chrome due to latest CSRF
>>>>>>> stuff. In FF it works fine, but in Chrome I can't update account or
>>>>>>> password. For some reason Chrome is always adding "Origin" header to
>>>>>>> the
>>>>>>> update requests (even if they are not ajax requests). So the newly
>>>>>>> added
>>>>>>> condition for CSRF in AccountService.init will always fail. I have
>>>>>>> Chrome 37.0.2062.94 (64-bit) .
>>>>>>>
>>>>>>
>>>>>> Ok, I thought Origin header wasn't supposed to be sent with Browser
>>>>>> requests. I can probably fix this by allowing same origin.
>>>>>
>>>>> Added fix to allow same origin. I also added check of 'Referer' header to
>>>>> make sure it's same origin as well.
>>>>>
>>>>>>
>>>>>>
>>>>>>> * ServerInfo request (http://localhost:8080/auth/admin/serverinfo) is
>>>>>>> not available with CORS . I've created JIRA
>>>>>>> https://issues.jboss.org/browse/KEYCLOAK-670 and send PR
>>>>>>> https://github.com/keycloak/keycloak/pull/683 for this, which is adding
>>>>>>> authentication for ServerInfoAdminResource and then it use allowOrigins
>>>>>>> from the authenticated bearer token. Admin console is already using
>>>>>>> bearer token for sending ServerInfo requests, so no changes are needed
>>>>>>> here. I believe that ServerInfoAdminResource should be authenticated
>>>>>>> (don't know why stuff like available social providers or themes should
>>>>>>> be publicly available). Let me know if you seeing issues with it. I did
>>>>>>> not merge PR so far as version in master is already changed to
>>>>>>> 1.0-Final
>>>>>>> so not sure what is the state of the release .
>>>>>>>
>>>>>>
>>>>>> Merge it.
>>>>>>
>>>>>>> * Realm public resource (http://localhost:8080/auth/realms/master) is
>>>>>>> also not available for CORS requests. Not sure if this is an issue or
>>>>>>> not? Thing is that unauthenticated requests can't use CORS at this
>>>>>>> moment as I don't know what allowedOrigins to use. Only option is to
>>>>>>> allow it for all allowedOrigins (send same
>>>>>>> "Access-Control-Allow-Origin"
>>>>>>> as original value of "Origin" header from the request)
>>>>>>>
>>>>>>> * There is still quite a lot of INFO logging . For example when I send
>>>>>>> product request from the cors-demo example I have 6 new INFO messages
>>>>>>> in
>>>>>>> log (Mainly from org.keycloak.adapters package)
>>>>>>>
>>>>>>
>>>>>> Ping me on your status tomorrow (Wednesday). I'll complete whatever you
>>>>>> don't finish above.
>>>>>>
>>>>>> Thanks.
>>>>>>
>>>>>> --
>>>>>> Bill Burke
>>>>>> JBoss, a division of Red Hat
>>>>>> http://bill.burkecentral.com
>>>>>>
>>>>> _______________________________________________
>>>>> keycloak-dev mailing list
>>>>> keycloak-dev at lists.jboss.org
>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>>>>
>>>> _______________________________________________
>>>> keycloak-dev mailing list
>>>> keycloak-dev at lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>>>
>>
>> --
>> Bill Burke
>> JBoss, a division of Red Hat
>> http://bill.burkecentral.com
>>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-dev
mailing list