[keycloak-dev] Issue with latest Github master and SAML IDP providers?

Stian Thorgersen stian at redhat.com
Tue Mar 17 09:41:54 EDT 2015 

Fixed #1

----- Original Message -----
> From: "Bill Burke" <bburke at redhat.com>
> To: keycloak-dev at lists.jboss.org
> Sent: Tuesday, March 17, 2015 12:47:18 PM
> Subject: Re: [keycloak-dev] Issue with latest Github master and SAML IDP	providers?
> 
> I was going to look into these problems today.  Let me know if you've
> gotten to them.
> 
> On 3/17/2015 5:05 AM, Stian Thorgersen wrote:
> >
> >
> > ----- Original Message -----
> >> From: "Guy Davis" <guydavis.ca at gmail.com>
> >> To: "Stian Thorgersen" <stian at redhat.com>
> >> Cc: keycloak-dev at lists.jboss.org
> >> Sent: Sunday, March 15, 2015 2:17:19 AM
> >> Subject: Re: [keycloak-dev] Issue with latest Github master and SAML IDP
> >> providers?
> >>
> >> Hi Stian,
> >>
> >> I tried the following using the very latest Github master.
> >>
> >>     1. Keycloak appliance (built in distribution folder so Wildfly 8.2).
> >>     Had a problem:
> >>        1. Doesn't list SAML or Open ID Connect in the Identity Providers
> >>        picklist like previous versions.  Please see screenshot
> >> attached.  Did the
> >>        IdP choice get moved?
> >>        2. Deploying Keycloak into a JBoss EAP 6.3 (from Teiid 8.10).  Had
> >>     following errors:
> >>        1. Failed deployment due to lack of org.bouncycastle module.  Not
> >>        part of JBoss 6 Adapter?  bcprov and bcpix are in
> >>        auth-server.war/WEB-INF/lib, but something is trying to load it
> >> as a module.
> >>        2. After adding a org.bouncycastle module manually using the bc
> >>        1.50
> >>        jars, I got a resteasy-crypto module missing error.  If I add that
> >>        I
> >>        get
> >>        conflicts between resteasy-2.3.8 in JBoss EAP and resteasy 3
> >> that provides
> >>        resteasy-crypto.
> >>
> >> So, I'm struggling to see the best way forward.  I need to remain
> >> compatible with Teiid which is tied to JBoss EAP, not Wildfly.  As well,
> >> our app is still geared toward JBoss EAP 6.1.0alpha (aka JBoss AS 7).
> >> Keycloak indicates adapters for WF, EAP, and AS 7 are all supported.  I
> >> was
> >> able to demo Identity Brokering just two weeks ago successfully on AS7
> >> (6.1.0alpha), so this is a recent change on master.
> >>
> >> Please advise on the best path forward.  A key benefit of Keycloak over
> >> other IDP/SSO options was that it could exist in the same JBoss container
> >> as our other apps and frameworks.
> >
> > We support adapters for EAP and AS7, but not deploying the server itself.
> > We will provide an option for other JBoss projects to build their own
> > Keycloak to embed into their project though, which would be the
> > recommended route for Teiid if they'd like to include it.
> >
> >>
> >> Thanks,
> >> Guy
> >>
> >>
> >> On Thu, Mar 12, 2015 at 11:50 PM, Stian Thorgersen <stian at redhat.com>
> >> wrote:
> >>
> >>> I assume this happens after you've clicked on 'PicketLink IDP' on the
> >>> login screen?
> >>>
> >>> Can you try the same with the appliance download? We don't support JBoss
> >>> EAP 6.1.0alpha, so maybe that's the problem.
> >>>
> >>> ----- Original Message -----
> >>>> From: "Guy Davis" <guydavis.ca at gmail.com>
> >>>> To: "Stian Thorgersen" <stian at redhat.com>
> >>>> Cc: keycloak-dev at lists.jboss.org
> >>>> Sent: Thursday, March 12, 2015 7:52:00 PM
> >>>> Subject: Re: [keycloak-dev] Issue with latest Github master and SAML IDP
> >>> providers?
> >>>>
> >>>> Hi Stian,
> >>>>
> >>>> Thanks for the response.  Yes, I'm still seeing this issue with the very
> >>>> latest Github master (including today's commit #1038).  This was working
> >>>> for me a couple of weeks ago, before more recent commits.  We demoed the
> >>>> identity broker to our management using a PicketLink test idp.war (in
> >>> same
> >>>> container) and also using MS WAAD on Azure.  It's a key feature for us.
> >>>>
> >>>> Let me provide more details about my environment:
> >>>>
> >>>>     1. Building/running with Java 1.7
> >>>>     2. Building master with 'mvn clean install -DskipTests=true
> >>>>     -Pdistribution'
> >>>>     3. Running within a JBoss EAP 6.1.0alpha container using the modules
> >>>>     from distribution\as7-adapter-zip\target\unpacked in
> >>>>     my ApplicationServer\modules\system\layers\base with the following
> >>>>     differences:
> >>>>        1. Had to add 'org/bouncycastle/main/bcprov-jdk16-1.46.jar'
> >>> otherwise
> >>>>        Keycloak complained on startup in server.log.
> >>>>        2. Had to remove 'org/jboss/as' and 'org/jboss/aesh' as they were
> >>>>        overwriting older JBoss EAP 6.1.0alpha versions and preventing
> >>> startup.
> >>>>     4. Deploying the auth-server.war by zipping the contents and
> >>>>     renaming
> >>>>     'auth.war', placing in my standalone/deployments folder.
> >>>>     5. Updating the standalone.xml file with the required Keycloak
> >>>>     config.
> >>>>     Defining the realm and secure deployments in that XML directly.
> >>>>     6. Starting with a missing H2 datasource to ensure old data/schema
> >>>>     is
> >>>>     not the problem.  On startup, I confirm admin's password and then
> >>> re-build
> >>>>     my DSIS realm.
> >>>>
> >>>> Any help you can provide would be most appreciated.  I'm using the
> >>> Keycloak
> >>>> master as features being added now such as Kerberos/Spnego and Identity
> >>>> Brokering are critical use cases for our adoption.
> >>>>
> >>>> Thanks,
> >>>> Guy
> >>>>
> >>>>
> >>>> On Thu, Mar 12, 2015 at 3:49 AM, Stian Thorgersen <stian at redhat.com>
> >>> wrote:
> >>>>
> >>>>> Are you still having issues or did you figure it out?
> >>>>>
> >>>>> ----- Original Message -----
> >>>>>> From: "Guy Davis" <guydavis.ca at gmail.com>
> >>>>>> To: keycloak-dev at lists.jboss.org
> >>>>>> Sent: Wednesday, 4 March, 2015 1:10:52 AM
> >>>>>> Subject: [keycloak-dev] Issue with latest Github master and SAML IDP
> >>>>> providers?
> >>>>>>
> >>>>>> Good day,
> >>>>>>
> >>>>>> I've been using a sample Picketlink IDP locally for testing the SAML
> >>>>> v2.0 ID
> >>>>>> brokering, however after updating to latest master and re-deploying
> >>>>>> components, I'm getting the following error. Any tips?
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>> Thanks in advance,
> >>>>>> Guy
> >>>>>>
> >>>>>> _______________________________________________
> >>>>>> keycloak-dev mailing list
> >>>>>> keycloak-dev at lists.jboss.org
> >>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
> >>>>>
> >>>>
> >>>
> >>
> > _______________________________________________
> > keycloak-dev mailing list
> > keycloak-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-dev
> >
> 
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>

More information about the keycloak-dev mailing list