[keycloak-dev] Possible bug in Tomcat8 adapter
Marc Savy
marc.savy at redhat.com
Thu May 19 15:17:48 EDT 2016
Uh oh, operator error :-).
I'd actually been on that exact page and not joined those dots.
Thanks!
On 19 May 2016 at 20:05, Stian Thorgersen <sthorger at redhat.com> wrote:
> By default it returns the UUID for the user. So in Tomcat you are seeing the
> default behavior, while on WildFly you are seeing the behavior if
> principal-attribute is set to principal-attribute in keycloak.json. See
> http://keycloak.github.io/docs/userguide/keycloak-server/html/ch08.html#adapter-config
>
>
> On 19 May 2016 at 20:07, Marc Savy <marc.savy at redhat.com> wrote:
>>
>> Hi All,
>>
>> I've been setting up apiman's quickstart tomcat8 distro with Keycloak
>> (rather than using the inbuilt auth).
>>
>> I've managed to get everything working swimmingly, with one strange issue:
>>
>> HttpServletRequest#getRemoteUser()
>>
>> - On WildFly, this code[1] returns the preferred_username (e.g.
>> admin). Expected behaviour.
>>
>> - On Tomcat8 it return the subject[2] (e.g.
>> 5291684c-225a-4b3d-8795-15486feaf2ae)
>>
>> I think the problem might stem from where the principal is being built:
>>
>>
>> https://github.com/keycloak/keycloak/blob/master/adapters/spi/tomcat-adapter-spi/src/main/java/org/keycloak/adapters/tomcat/GenericPrincipalFactory.java#L39
>>
>> Are we misusing #getRemoteUser, or is there an error in the adapter?
>>
>> Regards,
>> Marc
>>
>> [1]
>> https://github.com/apiman/apiman/blob/master/manager/ui/war/src/main/java/io/apiman/manager/ui/server/servlets/ConfigurationServlet.java#L105
>> [2] 'id' in UI
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
>
More information about the keycloak-dev
mailing list