[keycloak-dev] Are we all set?

Bill Burke bburke at redhat.com
Wed Sep 10 11:18:22 EDT 2014


Lol!

Hey, I'm going to release today.  I just ran all the demos on EAP 6.3 
with IE.  Looks good, just one minor formatting issue on role mapping 
page for IE.  Deferred to 1.1.  I'll try out appliance on Chrome now. 
Then I'll release after our meeting with Divya.

On 9/10/2014 11:05 AM, Marek Posolda wrote:
> On 10.9.2014 16:53, Stian Thorgersen wrote:
>> ----- Original Message -----
>>> From: "Bill Burke" <bburke at redhat.com>
>>> To: "Marek Posolda" <mposolda at redhat.com>, "Stian Thorgersen"
>>> <stian at redhat.com>
>>> Cc: keycloak-dev at lists.jboss.org
>>> Sent: Wednesday, 10 September, 2014 4:35:53 PM
>>> Subject: Re: [keycloak-dev] Are we all set?
>>>
>>> Yeah, take a break, celebrate!  Wish we could all go out and have a
>>> beer.
>> Just one beer? ;)
> I think I will take few more today's evening:-)
>
>>
>>> On 9/10/2014 10:35 AM, Marek Posolda wrote:
>>>> Ok, will just create JIRAs for next version.
>>>>
>>>> Marek
>>>>
>>>> On 10.9.2014 16:31, Bill Burke wrote:
>>>>> Yeah, just wait IMO.
>>>>>
>>>>> On 9/10/2014 10:27 AM, Marek Posolda wrote:
>>>>>> I've pushed the fix for reduced INFO logging level.
>>>>>>
>>>>>> I've found few other things during quick testing like:
>>>>>>
>>>>>> - Users can register with invalid email like "aaa" . Also they can
>>>>>> change their email in account management to "aaa". Just keycloak
>>>>>> admin
>>>>>> console is fine and allows to save just valid email (
>>>>>>
>>>>>> - In account management, when I fill firstName, lastName for admin
>>>>>> user
>>>>>> and won't fill email and then click "Save", it displays me error
>>>>>> message
>>>>>> "You didn't specify email", which is correct. But firstName and
>>>>>> lastName
>>>>>> are cleared too. Similar can be reproduced when updating user.
>>>>>> Basically
>>>>>> Account mgmt form is always reading persistent values from DB and
>>>>>> ignores values previously filled by user before failed validation.
>>>>>>
>>>>>> I guess these are not blocker for release and especially the
>>>>>> second one
>>>>>> might be risky to fix now? wdyt?
>>>>>>
>>>>>> Marek
>>>>>>
>>>>>> On 10.9.2014 15:49, Marek Posolda wrote:
>>>>>>> Hi Bill,
>>>>>>>
>>>>>>> I am on reducing INFO stuff and will commit the fix in few minutes.
>>>>>>> Will
>>>>>>> let you know again once it's done.
>>>>>>>
>>>>>>> Marek
>>>>>>>
>>>>>>> On 10.9.2014 15:37, Bill Burke wrote:
>>>>>>>> I'll handle the logging stuff if Marek hasn't gotten to it yet.
>>>>>>>> Thanks
>>>>>>>> for doing all the issues reported by Marek last night.
>>>>>>>>
>>>>>>>> i'll run my last tests using IE and EAP 6.3 to make sure we're
>>>>>>>> good on
>>>>>>>> those platforms.
>>>>>>>>
>>>>>>>> On 9/10/2014 9:28 AM, Stian Thorgersen wrote:
>>>>>>>>> There's no Safari issue after all! So we're good to go.
>>>>>>>>>
>>>>>>>>> ----- Original Message -----
>>>>>>>>>> From: "Bill Burke" <bburke at redhat.com>
>>>>>>>>>> To: "Stian Thorgersen" <stian at redhat.com>
>>>>>>>>>> Cc: keycloak-dev at lists.jboss.org
>>>>>>>>>> Sent: Wednesday, 10 September, 2014 3:03:12 PM
>>>>>>>>>> Subject: Re: [keycloak-dev] Are we all set?
>>>>>>>>>>
>>>>>>>>>> I'm charging up my macbook.  I'll look into it.
>>>>>>>>>>
>>>>>>>>>> On 9/10/2014 8:49 AM, Stian Thorgersen wrote:
>>>>>>>>>>> Apparently login with keycloak.js doesn't work on Safari
>>>>>>>>>>> (https://issues.jboss.org/browse/KEYCLOAK-675). We need to fix
>>>>>>>>>>> this before
>>>>>>>>>>> releasing :/
>>>>>>>>>>>
>>>>>>>>>>> ----- Original Message -----
>>>>>>>>>>>> From: "Stian Thorgersen" <stian at redhat.com>
>>>>>>>>>>>> To: "Bill Burke" <bburke at redhat.com>
>>>>>>>>>>>> Cc: keycloak-dev at lists.jboss.org
>>>>>>>>>>>> Sent: Wednesday, 10 September, 2014 2:11:34 PM
>>>>>>>>>>>> Subject: Re: [keycloak-dev] Are we all set?
>>>>>>>>>>>>
>>>>>>>>>>>> We also need to reduce info level log output from adapters.
>>>>>>>>>>>> I did
>>>>>>>>>>>> this for
>>>>>>>>>>>> the server for rc-2, but completely forgot about adapters.
>>>>>>>>>>>> Marek is
>>>>>>>>>>>> already
>>>>>>>>>>>> working on this, and I guess it shouldn't take very long.
>>>>>>>>>>>>
>>>>>>>>>>>> ----- Original Message -----
>>>>>>>>>>>>> From: "Stian Thorgersen" <stian at redhat.com>
>>>>>>>>>>>>> To: "Bill Burke" <bburke at redhat.com>
>>>>>>>>>>>>> Cc: keycloak-dev at lists.jboss.org
>>>>>>>>>>>>> Sent: Wednesday, 10 September, 2014 10:37:15 AM
>>>>>>>>>>>>> Subject: Re: [keycloak-dev] Are we all set?
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> ----- Original Message -----
>>>>>>>>>>>>>> From: "Bill Burke" <bburke at redhat.com>
>>>>>>>>>>>>>> To: "Marek Posolda" <mposolda at redhat.com>, "Stian Thorgersen"
>>>>>>>>>>>>>> <stian at redhat.com>
>>>>>>>>>>>>>> Cc: keycloak-dev at lists.jboss.org
>>>>>>>>>>>>>> Sent: Wednesday, 10 September, 2014 3:09:20 AM
>>>>>>>>>>>>>> Subject: Re: [keycloak-dev] Are we all set?
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> On 9/9/2014 5:47 PM, Marek Posolda wrote:
>>>>>>>>>>>>>>> Hi,
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> I am sorry to not help more with the release as I needed to
>>>>>>>>>>>>>>> work
>>>>>>>>>>>>>>> especially on some portal related stuff last weeks
>>>>>>>>>>>>>>> (hopefully
>>>>>>>>>>>>>>> it's gone
>>>>>>>>>>>>>>> now)...
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Found couple of things:
>>>>>>>>>>>>>>> * AccountService is actually broken for me in Chrome due to
>>>>>>>>>>>>>>> latest CSRF
>>>>>>>>>>>>>>> stuff. In FF it works fine, but in Chrome I can't update
>>>>>>>>>>>>>>> account or
>>>>>>>>>>>>>>> password. For some reason Chrome is always adding "Origin"
>>>>>>>>>>>>>>> header to
>>>>>>>>>>>>>>> the
>>>>>>>>>>>>>>> update requests (even if they are not ajax requests). So the
>>>>>>>>>>>>>>> newly
>>>>>>>>>>>>>>> added
>>>>>>>>>>>>>>> condition for CSRF in AccountService.init will always
>>>>>>>>>>>>>>> fail. I
>>>>>>>>>>>>>>> have
>>>>>>>>>>>>>>> Chrome 37.0.2062.94 (64-bit) .
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Ok, I thought Origin header wasn't supposed to be sent with
>>>>>>>>>>>>>> Browser
>>>>>>>>>>>>>> requests.  I can probably fix this by allowing same origin.
>>>>>>>>>>>>> Added fix to allow same origin. I also added check of
>>>>>>>>>>>>> 'Referer'
>>>>>>>>>>>>> header to
>>>>>>>>>>>>> make sure it's same origin as well.
>>>>>>>>>>>>>
>>>>>>>>>>>>>>> * ServerInfo request
>>>>>>>>>>>>>>> (http://localhost:8080/auth/admin/serverinfo) is
>>>>>>>>>>>>>>> not available with CORS . I've created JIRA
>>>>>>>>>>>>>>> https://issues.jboss.org/browse/KEYCLOAK-670 and send PR
>>>>>>>>>>>>>>> https://github.com/keycloak/keycloak/pull/683 for this,
>>>>>>>>>>>>>>> which
>>>>>>>>>>>>>>> is adding
>>>>>>>>>>>>>>> authentication for ServerInfoAdminResource and then it use
>>>>>>>>>>>>>>> allowOrigins
>>>>>>>>>>>>>>> from the authenticated bearer token. Admin console is
>>>>>>>>>>>>>>> already
>>>>>>>>>>>>>>> using
>>>>>>>>>>>>>>> bearer token for sending ServerInfo requests, so no changes
>>>>>>>>>>>>>>> are needed
>>>>>>>>>>>>>>> here. I believe that ServerInfoAdminResource should be
>>>>>>>>>>>>>>> authenticated
>>>>>>>>>>>>>>> (don't know why stuff like available social providers or
>>>>>>>>>>>>>>> themes should
>>>>>>>>>>>>>>> be publicly available). Let me know if you seeing issues
>>>>>>>>>>>>>>> with
>>>>>>>>>>>>>>> it. I did
>>>>>>>>>>>>>>> not merge PR so far as version in master is already
>>>>>>>>>>>>>>> changed to
>>>>>>>>>>>>>>> 1.0-Final
>>>>>>>>>>>>>>> so not sure what is the state of the release .
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Merge it.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> * Realm public resource
>>>>>>>>>>>>>>> (http://localhost:8080/auth/realms/master) is
>>>>>>>>>>>>>>> also not available for CORS requests. Not sure if this is an
>>>>>>>>>>>>>>> issue or
>>>>>>>>>>>>>>> not? Thing is that unauthenticated requests can't use
>>>>>>>>>>>>>>> CORS at
>>>>>>>>>>>>>>> this
>>>>>>>>>>>>>>> moment as I don't know what allowedOrigins to use. Only
>>>>>>>>>>>>>>> option
>>>>>>>>>>>>>>> is to
>>>>>>>>>>>>>>> allow it for all allowedOrigins (send same
>>>>>>>>>>>>>>> "Access-Control-Allow-Origin"
>>>>>>>>>>>>>>> as original value of "Origin" header from the request)
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> * There is still quite a lot of INFO logging . For example
>>>>>>>>>>>>>>> when I send
>>>>>>>>>>>>>>> product request from the cors-demo example I have 6 new INFO
>>>>>>>>>>>>>>> messages
>>>>>>>>>>>>>>> in
>>>>>>>>>>>>>>> log (Mainly from org.keycloak.adapters package)
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Ping me on your status tomorrow (Wednesday). I'll complete
>>>>>>>>>>>>>> whatever you
>>>>>>>>>>>>>> don't finish above.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Thanks.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> --
>>>>>>>>>>>>>> Bill Burke
>>>>>>>>>>>>>> JBoss, a division of Red Hat
>>>>>>>>>>>>>> http://bill.burkecentral.com
>>>>>>>>>>>>>>
>>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>>> keycloak-dev mailing list
>>>>>>>>>>>>> keycloak-dev at lists.jboss.org
>>>>>>>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>>>>>>>>>>>>
>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>> keycloak-dev mailing list
>>>>>>>>>>>> keycloak-dev at lists.jboss.org
>>>>>>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>> Bill Burke
>>>>>>>>>> JBoss, a division of Red Hat
>>>>>>>>>> http://bill.burkecentral.com
>>>>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> keycloak-dev mailing list
>>>>>>> keycloak-dev at lists.jboss.org
>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>> --
>>> Bill Burke
>>> JBoss, a division of Red Hat
>>> http://bill.burkecentral.com
>>>
>

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com


More information about the keycloak-dev mailing list