[keycloak-dev] Are we all set?

Marek Posolda mposolda at redhat.com
Wed Sep 10 11:05:04 EDT 2014 

On 10.9.2014 16:53, Stian Thorgersen wrote:
> ----- Original Message -----
>> From: "Bill Burke" <bburke at redhat.com>
>> To: "Marek Posolda" <mposolda at redhat.com>, "Stian Thorgersen" <stian at redhat.com>
>> Cc: keycloak-dev at lists.jboss.org
>> Sent: Wednesday, 10 September, 2014 4:35:53 PM
>> Subject: Re: [keycloak-dev] Are we all set?
>>
>> Yeah, take a break, celebrate!  Wish we could all go out and have a beer.
> Just one beer? ;)
I think I will take few more today's evening:-)

>
>> On 9/10/2014 10:35 AM, Marek Posolda wrote:
>>> Ok, will just create JIRAs for next version.
>>>
>>> Marek
>>>
>>> On 10.9.2014 16:31, Bill Burke wrote:
>>>> Yeah, just wait IMO.
>>>>
>>>> On 9/10/2014 10:27 AM, Marek Posolda wrote:
>>>>> I've pushed the fix for reduced INFO logging level.
>>>>>
>>>>> I've found few other things during quick testing like:
>>>>>
>>>>> - Users can register with invalid email like "aaa" . Also they can
>>>>> change their email in account management to "aaa". Just keycloak admin
>>>>> console is fine and allows to save just valid email (
>>>>>
>>>>> - In account management, when I fill firstName, lastName for admin user
>>>>> and won't fill email and then click "Save", it displays me error message
>>>>> "You didn't specify email", which is correct. But firstName and lastName
>>>>> are cleared too. Similar can be reproduced when updating user. Basically
>>>>> Account mgmt form is always reading persistent values from DB and
>>>>> ignores values previously filled by user before failed validation.
>>>>>
>>>>> I guess these are not blocker for release and especially the second one
>>>>> might be risky to fix now? wdyt?
>>>>>
>>>>> Marek
>>>>>
>>>>> On 10.9.2014 15:49, Marek Posolda wrote:
>>>>>> Hi Bill,
>>>>>>
>>>>>> I am on reducing INFO stuff and will commit the fix in few minutes.
>>>>>> Will
>>>>>> let you know again once it's done.
>>>>>>
>>>>>> Marek
>>>>>>
>>>>>> On 10.9.2014 15:37, Bill Burke wrote:
>>>>>>> I'll handle the logging stuff if Marek hasn't gotten to it yet. Thanks
>>>>>>> for doing all the issues reported by Marek last night.
>>>>>>>
>>>>>>> i'll run my last tests using IE and EAP 6.3 to make sure we're good on
>>>>>>> those platforms.
>>>>>>>
>>>>>>> On 9/10/2014 9:28 AM, Stian Thorgersen wrote:
>>>>>>>> There's no Safari issue after all! So we're good to go.
>>>>>>>>
>>>>>>>> ----- Original Message -----
>>>>>>>>> From: "Bill Burke" <bburke at redhat.com>
>>>>>>>>> To: "Stian Thorgersen" <stian at redhat.com>
>>>>>>>>> Cc: keycloak-dev at lists.jboss.org
>>>>>>>>> Sent: Wednesday, 10 September, 2014 3:03:12 PM
>>>>>>>>> Subject: Re: [keycloak-dev] Are we all set?
>>>>>>>>>
>>>>>>>>> I'm charging up my macbook.  I'll look into it.
>>>>>>>>>
>>>>>>>>> On 9/10/2014 8:49 AM, Stian Thorgersen wrote:
>>>>>>>>>> Apparently login with keycloak.js doesn't work on Safari
>>>>>>>>>> (https://issues.jboss.org/browse/KEYCLOAK-675). We need to fix
>>>>>>>>>> this before
>>>>>>>>>> releasing :/
>>>>>>>>>>
>>>>>>>>>> ----- Original Message -----
>>>>>>>>>>> From: "Stian Thorgersen" <stian at redhat.com>
>>>>>>>>>>> To: "Bill Burke" <bburke at redhat.com>
>>>>>>>>>>> Cc: keycloak-dev at lists.jboss.org
>>>>>>>>>>> Sent: Wednesday, 10 September, 2014 2:11:34 PM
>>>>>>>>>>> Subject: Re: [keycloak-dev] Are we all set?
>>>>>>>>>>>
>>>>>>>>>>> We also need to reduce info level log output from adapters. I did
>>>>>>>>>>> this for
>>>>>>>>>>> the server for rc-2, but completely forgot about adapters.
>>>>>>>>>>> Marek is
>>>>>>>>>>> already
>>>>>>>>>>> working on this, and I guess it shouldn't take very long.
>>>>>>>>>>>
>>>>>>>>>>> ----- Original Message -----
>>>>>>>>>>>> From: "Stian Thorgersen" <stian at redhat.com>
>>>>>>>>>>>> To: "Bill Burke" <bburke at redhat.com>
>>>>>>>>>>>> Cc: keycloak-dev at lists.jboss.org
>>>>>>>>>>>> Sent: Wednesday, 10 September, 2014 10:37:15 AM
>>>>>>>>>>>> Subject: Re: [keycloak-dev] Are we all set?
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> ----- Original Message -----
>>>>>>>>>>>>> From: "Bill Burke" <bburke at redhat.com>
>>>>>>>>>>>>> To: "Marek Posolda" <mposolda at redhat.com>, "Stian Thorgersen"
>>>>>>>>>>>>> <stian at redhat.com>
>>>>>>>>>>>>> Cc: keycloak-dev at lists.jboss.org
>>>>>>>>>>>>> Sent: Wednesday, 10 September, 2014 3:09:20 AM
>>>>>>>>>>>>> Subject: Re: [keycloak-dev] Are we all set?
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> On 9/9/2014 5:47 PM, Marek Posolda wrote:
>>>>>>>>>>>>>> Hi,
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> I am sorry to not help more with the release as I needed to
>>>>>>>>>>>>>> work
>>>>>>>>>>>>>> especially on some portal related stuff last weeks (hopefully
>>>>>>>>>>>>>> it's gone
>>>>>>>>>>>>>> now)...
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Found couple of things:
>>>>>>>>>>>>>> * AccountService is actually broken for me in Chrome due to
>>>>>>>>>>>>>> latest CSRF
>>>>>>>>>>>>>> stuff. In FF it works fine, but in Chrome I can't update
>>>>>>>>>>>>>> account or
>>>>>>>>>>>>>> password. For some reason Chrome is always adding "Origin"
>>>>>>>>>>>>>> header to
>>>>>>>>>>>>>> the
>>>>>>>>>>>>>> update requests (even if they are not ajax requests). So the
>>>>>>>>>>>>>> newly
>>>>>>>>>>>>>> added
>>>>>>>>>>>>>> condition for CSRF in AccountService.init will always fail. I
>>>>>>>>>>>>>> have
>>>>>>>>>>>>>> Chrome 37.0.2062.94 (64-bit) .
>>>>>>>>>>>>>>
>>>>>>>>>>>>> Ok, I thought Origin header wasn't supposed to be sent with
>>>>>>>>>>>>> Browser
>>>>>>>>>>>>> requests.  I can probably fix this by allowing same origin.
>>>>>>>>>>>> Added fix to allow same origin. I also added check of 'Referer'
>>>>>>>>>>>> header to
>>>>>>>>>>>> make sure it's same origin as well.
>>>>>>>>>>>>
>>>>>>>>>>>>>> * ServerInfo request
>>>>>>>>>>>>>> (http://localhost:8080/auth/admin/serverinfo) is
>>>>>>>>>>>>>> not available with CORS . I've created JIRA
>>>>>>>>>>>>>> https://issues.jboss.org/browse/KEYCLOAK-670 and send PR
>>>>>>>>>>>>>> https://github.com/keycloak/keycloak/pull/683 for this, which
>>>>>>>>>>>>>> is adding
>>>>>>>>>>>>>> authentication for ServerInfoAdminResource and then it use
>>>>>>>>>>>>>> allowOrigins
>>>>>>>>>>>>>> from the authenticated bearer token. Admin console is already
>>>>>>>>>>>>>> using
>>>>>>>>>>>>>> bearer token for sending ServerInfo requests, so no changes
>>>>>>>>>>>>>> are needed
>>>>>>>>>>>>>> here. I believe that ServerInfoAdminResource should be
>>>>>>>>>>>>>> authenticated
>>>>>>>>>>>>>> (don't know why stuff like available social providers or
>>>>>>>>>>>>>> themes should
>>>>>>>>>>>>>> be publicly available). Let me know if you seeing issues with
>>>>>>>>>>>>>> it. I did
>>>>>>>>>>>>>> not merge PR so far as version in master is already changed to
>>>>>>>>>>>>>> 1.0-Final
>>>>>>>>>>>>>> so not sure what is the state of the release .
>>>>>>>>>>>>>>
>>>>>>>>>>>>> Merge it.
>>>>>>>>>>>>>
>>>>>>>>>>>>>> * Realm public resource
>>>>>>>>>>>>>> (http://localhost:8080/auth/realms/master) is
>>>>>>>>>>>>>> also not available for CORS requests. Not sure if this is an
>>>>>>>>>>>>>> issue or
>>>>>>>>>>>>>> not? Thing is that unauthenticated requests can't use CORS at
>>>>>>>>>>>>>> this
>>>>>>>>>>>>>> moment as I don't know what allowedOrigins to use. Only option
>>>>>>>>>>>>>> is to
>>>>>>>>>>>>>> allow it for all allowedOrigins (send same
>>>>>>>>>>>>>> "Access-Control-Allow-Origin"
>>>>>>>>>>>>>> as original value of "Origin" header from the request)
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> * There is still quite a lot of INFO logging . For example
>>>>>>>>>>>>>> when I send
>>>>>>>>>>>>>> product request from the cors-demo example I have 6 new INFO
>>>>>>>>>>>>>> messages
>>>>>>>>>>>>>> in
>>>>>>>>>>>>>> log (Mainly from org.keycloak.adapters package)
>>>>>>>>>>>>>>
>>>>>>>>>>>>> Ping me on your status tomorrow (Wednesday). I'll complete
>>>>>>>>>>>>> whatever you
>>>>>>>>>>>>> don't finish above.
>>>>>>>>>>>>>
>>>>>>>>>>>>> Thanks.
>>>>>>>>>>>>>
>>>>>>>>>>>>> --
>>>>>>>>>>>>> Bill Burke
>>>>>>>>>>>>> JBoss, a division of Red Hat
>>>>>>>>>>>>> http://bill.burkecentral.com
>>>>>>>>>>>>>
>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>> keycloak-dev mailing list
>>>>>>>>>>>> keycloak-dev at lists.jboss.org
>>>>>>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>>>>>>>>>>>
>>>>>>>>>>> _______________________________________________
>>>>>>>>>>> keycloak-dev mailing list
>>>>>>>>>>> keycloak-dev at lists.jboss.org
>>>>>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> Bill Burke
>>>>>>>>> JBoss, a division of Red Hat
>>>>>>>>> http://bill.burkecentral.com
>>>>>>>>>
>>>>>> _______________________________________________
>>>>>> keycloak-dev mailing list
>>>>>> keycloak-dev at lists.jboss.org
>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>> --
>> Bill Burke
>> JBoss, a division of Red Hat
>> http://bill.burkecentral.com
>>

More information about the keycloak-dev mailing list