[keycloak-dev] Are we all set?
Marek Posolda
mposolda at redhat.com
Wed Sep 10 09:49:16 EDT 2014
Hi Bill,
I am on reducing INFO stuff and will commit the fix in few minutes. Will
let you know again once it's done.
Marek
On 10.9.2014 15:37, Bill Burke wrote:
> I'll handle the logging stuff if Marek hasn't gotten to it yet. Thanks
> for doing all the issues reported by Marek last night.
>
> i'll run my last tests using IE and EAP 6.3 to make sure we're good on
> those platforms.
>
> On 9/10/2014 9:28 AM, Stian Thorgersen wrote:
>> There's no Safari issue after all! So we're good to go.
>>
>> ----- Original Message -----
>>> From: "Bill Burke" <bburke at redhat.com>
>>> To: "Stian Thorgersen" <stian at redhat.com>
>>> Cc: keycloak-dev at lists.jboss.org
>>> Sent: Wednesday, 10 September, 2014 3:03:12 PM
>>> Subject: Re: [keycloak-dev] Are we all set?
>>>
>>> I'm charging up my macbook. I'll look into it.
>>>
>>> On 9/10/2014 8:49 AM, Stian Thorgersen wrote:
>>>> Apparently login with keycloak.js doesn't work on Safari
>>>> (https://issues.jboss.org/browse/KEYCLOAK-675). We need to fix this before
>>>> releasing :/
>>>>
>>>> ----- Original Message -----
>>>>> From: "Stian Thorgersen" <stian at redhat.com>
>>>>> To: "Bill Burke" <bburke at redhat.com>
>>>>> Cc: keycloak-dev at lists.jboss.org
>>>>> Sent: Wednesday, 10 September, 2014 2:11:34 PM
>>>>> Subject: Re: [keycloak-dev] Are we all set?
>>>>>
>>>>> We also need to reduce info level log output from adapters. I did this for
>>>>> the server for rc-2, but completely forgot about adapters. Marek is
>>>>> already
>>>>> working on this, and I guess it shouldn't take very long.
>>>>>
>>>>> ----- Original Message -----
>>>>>> From: "Stian Thorgersen" <stian at redhat.com>
>>>>>> To: "Bill Burke" <bburke at redhat.com>
>>>>>> Cc: keycloak-dev at lists.jboss.org
>>>>>> Sent: Wednesday, 10 September, 2014 10:37:15 AM
>>>>>> Subject: Re: [keycloak-dev] Are we all set?
>>>>>>
>>>>>>
>>>>>>
>>>>>> ----- Original Message -----
>>>>>>> From: "Bill Burke" <bburke at redhat.com>
>>>>>>> To: "Marek Posolda" <mposolda at redhat.com>, "Stian Thorgersen"
>>>>>>> <stian at redhat.com>
>>>>>>> Cc: keycloak-dev at lists.jboss.org
>>>>>>> Sent: Wednesday, 10 September, 2014 3:09:20 AM
>>>>>>> Subject: Re: [keycloak-dev] Are we all set?
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On 9/9/2014 5:47 PM, Marek Posolda wrote:
>>>>>>>> Hi,
>>>>>>>>
>>>>>>>> I am sorry to not help more with the release as I needed to work
>>>>>>>> especially on some portal related stuff last weeks (hopefully it's gone
>>>>>>>> now)...
>>>>>>>>
>>>>>>>> Found couple of things:
>>>>>>>> * AccountService is actually broken for me in Chrome due to latest CSRF
>>>>>>>> stuff. In FF it works fine, but in Chrome I can't update account or
>>>>>>>> password. For some reason Chrome is always adding "Origin" header to
>>>>>>>> the
>>>>>>>> update requests (even if they are not ajax requests). So the newly
>>>>>>>> added
>>>>>>>> condition for CSRF in AccountService.init will always fail. I have
>>>>>>>> Chrome 37.0.2062.94 (64-bit) .
>>>>>>>>
>>>>>>> Ok, I thought Origin header wasn't supposed to be sent with Browser
>>>>>>> requests. I can probably fix this by allowing same origin.
>>>>>> Added fix to allow same origin. I also added check of 'Referer' header to
>>>>>> make sure it's same origin as well.
>>>>>>
>>>>>>>
>>>>>>>> * ServerInfo request (http://localhost:8080/auth/admin/serverinfo) is
>>>>>>>> not available with CORS . I've created JIRA
>>>>>>>> https://issues.jboss.org/browse/KEYCLOAK-670 and send PR
>>>>>>>> https://github.com/keycloak/keycloak/pull/683 for this, which is adding
>>>>>>>> authentication for ServerInfoAdminResource and then it use allowOrigins
>>>>>>>> from the authenticated bearer token. Admin console is already using
>>>>>>>> bearer token for sending ServerInfo requests, so no changes are needed
>>>>>>>> here. I believe that ServerInfoAdminResource should be authenticated
>>>>>>>> (don't know why stuff like available social providers or themes should
>>>>>>>> be publicly available). Let me know if you seeing issues with it. I did
>>>>>>>> not merge PR so far as version in master is already changed to
>>>>>>>> 1.0-Final
>>>>>>>> so not sure what is the state of the release .
>>>>>>>>
>>>>>>> Merge it.
>>>>>>>
>>>>>>>> * Realm public resource (http://localhost:8080/auth/realms/master) is
>>>>>>>> also not available for CORS requests. Not sure if this is an issue or
>>>>>>>> not? Thing is that unauthenticated requests can't use CORS at this
>>>>>>>> moment as I don't know what allowedOrigins to use. Only option is to
>>>>>>>> allow it for all allowedOrigins (send same
>>>>>>>> "Access-Control-Allow-Origin"
>>>>>>>> as original value of "Origin" header from the request)
>>>>>>>>
>>>>>>>> * There is still quite a lot of INFO logging . For example when I send
>>>>>>>> product request from the cors-demo example I have 6 new INFO messages
>>>>>>>> in
>>>>>>>> log (Mainly from org.keycloak.adapters package)
>>>>>>>>
>>>>>>> Ping me on your status tomorrow (Wednesday). I'll complete whatever you
>>>>>>> don't finish above.
>>>>>>>
>>>>>>> Thanks.
>>>>>>>
>>>>>>> --
>>>>>>> Bill Burke
>>>>>>> JBoss, a division of Red Hat
>>>>>>> http://bill.burkecentral.com
>>>>>>>
>>>>>> _______________________________________________
>>>>>> keycloak-dev mailing list
>>>>>> keycloak-dev at lists.jboss.org
>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>>>>>
>>>>> _______________________________________________
>>>>> keycloak-dev mailing list
>>>>> keycloak-dev at lists.jboss.org
>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>>>>
>>> --
>>> Bill Burke
>>> JBoss, a division of Red Hat
>>> http://bill.burkecentral.com
>>>
More information about the keycloak-dev
mailing list