[keycloak-dev] Issue with latest Github master and SAML IDP providers?
Stian Thorgersen
stian at redhat.com
Tue Mar 17 09:41:54 EDT 2015
Fixed #1
----- Original Message -----
> From: "Bill Burke" <bburke at redhat.com>
> To: keycloak-dev at lists.jboss.org
> Sent: Tuesday, March 17, 2015 12:47:18 PM
> Subject: Re: [keycloak-dev] Issue with latest Github master and SAML IDP providers?
>
> I was going to look into these problems today. Let me know if you've
> gotten to them.
>
> On 3/17/2015 5:05 AM, Stian Thorgersen wrote:
> >
> >
> > ----- Original Message -----
> >> From: "Guy Davis" <guydavis.ca at gmail.com>
> >> To: "Stian Thorgersen" <stian at redhat.com>
> >> Cc: keycloak-dev at lists.jboss.org
> >> Sent: Sunday, March 15, 2015 2:17:19 AM
> >> Subject: Re: [keycloak-dev] Issue with latest Github master and SAML IDP
> >> providers?
> >>
> >> Hi Stian,
> >>
> >> I tried the following using the very latest Github master.
> >>
> >> 1. Keycloak appliance (built in distribution folder so Wildfly 8.2).
> >> Had a problem:
> >> 1. Doesn't list SAML or Open ID Connect in the Identity Providers
> >> picklist like previous versions. Please see screenshot
> >> attached. Did the
> >> IdP choice get moved?
> >> 2. Deploying Keycloak into a JBoss EAP 6.3 (from Teiid 8.10). Had
> >> following errors:
> >> 1. Failed deployment due to lack of org.bouncycastle module. Not
> >> part of JBoss 6 Adapter? bcprov and bcpix are in
> >> auth-server.war/WEB-INF/lib, but something is trying to load it
> >> as a module.
> >> 2. After adding a org.bouncycastle module manually using the bc
> >> 1.50
> >> jars, I got a resteasy-crypto module missing error. If I add that
> >> I
> >> get
> >> conflicts between resteasy-2.3.8 in JBoss EAP and resteasy 3
> >> that provides
> >> resteasy-crypto.
> >>
> >> So, I'm struggling to see the best way forward. I need to remain
> >> compatible with Teiid which is tied to JBoss EAP, not Wildfly. As well,
> >> our app is still geared toward JBoss EAP 6.1.0alpha (aka JBoss AS 7).
> >> Keycloak indicates adapters for WF, EAP, and AS 7 are all supported. I
> >> was
> >> able to demo Identity Brokering just two weeks ago successfully on AS7
> >> (6.1.0alpha), so this is a recent change on master.
> >>
> >> Please advise on the best path forward. A key benefit of Keycloak over
> >> other IDP/SSO options was that it could exist in the same JBoss container
> >> as our other apps and frameworks.
> >
> > We support adapters for EAP and AS7, but not deploying the server itself.
> > We will provide an option for other JBoss projects to build their own
> > Keycloak to embed into their project though, which would be the
> > recommended route for Teiid if they'd like to include it.
> >
> >>
> >> Thanks,
> >> Guy
> >>
> >>
> >> On Thu, Mar 12, 2015 at 11:50 PM, Stian Thorgersen <stian at redhat.com>
> >> wrote:
> >>
> >>> I assume this happens after you've clicked on 'PicketLink IDP' on the
> >>> login screen?
> >>>
> >>> Can you try the same with the appliance download? We don't support JBoss
> >>> EAP 6.1.0alpha, so maybe that's the problem.
> >>>
> >>> ----- Original Message -----
> >>>> From: "Guy Davis" <guydavis.ca at gmail.com>
> >>>> To: "Stian Thorgersen" <stian at redhat.com>
> >>>> Cc: keycloak-dev at lists.jboss.org
> >>>> Sent: Thursday, March 12, 2015 7:52:00 PM
> >>>> Subject: Re: [keycloak-dev] Issue with latest Github master and SAML IDP
> >>> providers?
> >>>>
> >>>> Hi Stian,
> >>>>
> >>>> Thanks for the response. Yes, I'm still seeing this issue with the very
> >>>> latest Github master (including today's commit #1038). This was working
> >>>> for me a couple of weeks ago, before more recent commits. We demoed the
> >>>> identity broker to our management using a PicketLink test idp.war (in
> >>> same
> >>>> container) and also using MS WAAD on Azure. It's a key feature for us.
> >>>>
> >>>> Let me provide more details about my environment:
> >>>>
> >>>> 1. Building/running with Java 1.7
> >>>> 2. Building master with 'mvn clean install -DskipTests=true
> >>>> -Pdistribution'
> >>>> 3. Running within a JBoss EAP 6.1.0alpha container using the modules
> >>>> from distribution\as7-adapter-zip\target\unpacked in
> >>>> my ApplicationServer\modules\system\layers\base with the following
> >>>> differences:
> >>>> 1. Had to add 'org/bouncycastle/main/bcprov-jdk16-1.46.jar'
> >>> otherwise
> >>>> Keycloak complained on startup in server.log.
> >>>> 2. Had to remove 'org/jboss/as' and 'org/jboss/aesh' as they were
> >>>> overwriting older JBoss EAP 6.1.0alpha versions and preventing
> >>> startup.
> >>>> 4. Deploying the auth-server.war by zipping the contents and
> >>>> renaming
> >>>> 'auth.war', placing in my standalone/deployments folder.
> >>>> 5. Updating the standalone.xml file with the required Keycloak
> >>>> config.
> >>>> Defining the realm and secure deployments in that XML directly.
> >>>> 6. Starting with a missing H2 datasource to ensure old data/schema
> >>>> is
> >>>> not the problem. On startup, I confirm admin's password and then
> >>> re-build
> >>>> my DSIS realm.
> >>>>
> >>>> Any help you can provide would be most appreciated. I'm using the
> >>> Keycloak
> >>>> master as features being added now such as Kerberos/Spnego and Identity
> >>>> Brokering are critical use cases for our adoption.
> >>>>
> >>>> Thanks,
> >>>> Guy
> >>>>
> >>>>
> >>>> On Thu, Mar 12, 2015 at 3:49 AM, Stian Thorgersen <stian at redhat.com>
> >>> wrote:
> >>>>
> >>>>> Are you still having issues or did you figure it out?
> >>>>>
> >>>>> ----- Original Message -----
> >>>>>> From: "Guy Davis" <guydavis.ca at gmail.com>
> >>>>>> To: keycloak-dev at lists.jboss.org
> >>>>>> Sent: Wednesday, 4 March, 2015 1:10:52 AM
> >>>>>> Subject: [keycloak-dev] Issue with latest Github master and SAML IDP
> >>>>> providers?
> >>>>>>
> >>>>>> Good day,
> >>>>>>
> >>>>>> I've been using a sample Picketlink IDP locally for testing the SAML
> >>>>> v2.0 ID
> >>>>>> brokering, however after updating to latest master and re-deploying
> >>>>>> components, I'm getting the following error. Any tips?
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>> Thanks in advance,
> >>>>>> Guy
> >>>>>>
> >>>>>> _______________________________________________
> >>>>>> keycloak-dev mailing list
> >>>>>> keycloak-dev at lists.jboss.org
> >>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
> >>>>>
> >>>>
> >>>
> >>
> > _______________________________________________
> > keycloak-dev mailing list
> > keycloak-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-dev
> >
>
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
More information about the keycloak-dev
mailing list