[keycloak-user] Keycloak sp filter
Bill Burke
bburke at redhat.com
Tue Mar 10 07:44:15 EDT 2015
Plan is to productize about the same time as EAP7.
On 3/10/2015 5:27 AM, Chen Keong Yap wrote:
> hi bill,
>
> thanks for the update. btw, can you advise when redhat will put keycloak
> into jboss eap roadmap?
>
> On Tue, Mar 10, 2015 at 2:02 AM, Bill Burke <bburke at redhat.com
> <mailto:bburke at redhat.com>> wrote:
>
> I fixed some bugs around logout in 1.2, master git, but we're not
> releasing this for a few weeks. I don't know if that is your
> problem or not. I have not yet been able to take the time to
> reproduce your problems on 1.1 yet.
>
> On 3/8/2015 9:53 PM, Chen Keong Yap wrote:
>
> hi bill,
>
> can you advise regarding the global sign out issue?
>
> On Thu, Mar 5, 2015 at 9:29 AM, Chen Keong Yap
> <chenkeong.yap at izeno.com <mailto:chenkeong.yap at izeno.com>
> <mailto:chenkeong.yap at izeno.__com
> <mailto:chenkeong.yap at izeno.com>>> wrote:
>
> hi bill,
>
> Thanks for the solution given and it has resolved the first
> issue
> ( login to the app via pl sp filter but the login session
> cannot be
> seen in keycloak admin console)
>
> However now there are few more issues with single sign out.
>
> a) When i click on the global logout link
> (http://localhost:8080/__employee/?GLO=true
> <http://localhost:8080/employee/?GLO=true>), the page just did a
> self
> refresh and it's not redirected to keycloak login page. I
> can see
> the keycloak session was gone from the keycloak admin
> console but
> the sample employee session still there.
>
> b) When i click on the local logout link
> (http://localhost:8080/__employee/?LLO=true
> <http://localhost:8080/employee/?LLO=true>), the page just did a
> self
> refresh and it's not redirected to keycloak login page. I
> can see
> the keycloak session still in the keycloak admin console
> but the
> sample employee session still there.
>
> c) When i click on the logout link
> (http://localhost:8080/__employee/logout.jsp
> <http://localhost:8080/employee/logout.jsp>), the page just did a
> self refresh and it's not redirected to keycloak login page. I
> noticed the keycloak session still in the keycloak admin
> console but
> the sample employee session still there. Just wondering do
> i need to
> implement session.invalidate() in the logout,jsp but how to
> invalidate the keycloak session?
>
>
> On Wed, Mar 4, 2015 at 11:12 PM, Bill Burke
> <bburke at redhat.com <mailto:bburke at redhat.com>
> <mailto:bburke at redhat.com <mailto:bburke at redhat.com>>> wrote:
>
> Ok, I may have diagnosed the problem. Go to the admin
> console.
> Go to the definition of your application. Look at the
> Admin
> Url. Does it have a "/" at the end of the URL? If
> not, add a
> '/' at the end of this.
>
> i.e.
>
> http://somhere.com/app/
>
> If that solves the issue, let me know and I'll explain
> what is
> going on. FYI, I ran into the same problem running the
> SAML
> example in the distro and this fixed the problem.
>
>
>
>
> On 3/4/2015 9:07 AM, Chen Keong Yap wrote:
>
> Hi bill,
>
> If i understand from you correctly,
> PL SAML SP and keycloak adapters are the same and
> referring
> to below items.
>
> Tomcat 6, 7, 8
> Jetty 8, 9
> EAP 6.x
> Wildfly
> Node.js
> Browser Javascript adapter.
>
> So far i have tested PL SAML SP filter using the
> following
> libs and it
> got the same 2 issues that was mentioned in the
> previous email.
>
> Picketlink lib : Picketlink 2.70 cr2, picketlink 2.5.3
> (commercial)
>
> keycloak lib : keycloak 1.1.0 final, keycloak 1.1.0
> beta 2
>
> On Mar 4, 2015 9:44 PM, "Bill Burke"
> <bburke at redhat.com <mailto:bburke at redhat.com>
> <mailto:bburke at redhat.com <mailto:bburke at redhat.com>>
> <mailto:bburke at redhat.com
> <mailto:bburke at redhat.com> <mailto:bburke at redhat.com
> <mailto:bburke at redhat.com>>>> wrote:
>
> Our testsuite uses PL SAML SP, not the filter
> though,
> and it works
> fine. I'd have to recreate the problem using
> the PL
> SAML SP filter.
>
> On 3/4/2015 8:04 AM, Chen Keong Yap wrote:
>
> Hi bill,
>
> Yup. I have configured the app in keycloak
> admin
> console. However i
> encountered 2 issues.
>
> First issue is that i was able to login to
> the app
> via pl sp
> filter but
> the login session cannot be seen in
> keycloak admin
> console
>
> Second issue is that global logout was not
> working
> and the
> landing page
> just did a self refresh.
>
> On Mar 4, 2015 8:55 PM, "Bill Burke"
> <bburke at redhat.com <mailto:bburke at redhat.com>
> <mailto:bburke at redhat.com <mailto:bburke at redhat.com>>
> <mailto:bburke at redhat.com
> <mailto:bburke at redhat.com> <mailto:bburke at redhat.com
> <mailto:bburke at redhat.com>>>
> <mailto:bburke at redhat.com
> <mailto:bburke at redhat.com>
> <mailto:bburke at redhat.com
> <mailto:bburke at redhat.com>> <mailto:bburke at redhat.com
> <mailto:bburke at redhat.com>
> <mailto:bburke at redhat.com
> <mailto:bburke at redhat.com>>>>> wrote:
>
> You can still use the PL Filter SP. Just
> configure the
> application
> in the admin console to use SAML.
>
> On 3/3/2015 11:36 PM, Chen Keong Yap
> wrote:
>
> Hi bill,
>
> the existing adapters cannot
> support jboss
> eap 5.0.2 and
> websphere 8.5
> and we are not allowed to use
> keycloak proxy.
>
> can you suggest any other alternative
> similar to
> picketlink sp
> filter?
>
> On Tue, Mar 3, 2015 at 11:45 PM,
> Bill Burke
> <bburke at redhat.com
> <mailto:bburke at redhat.com> <mailto:bburke at redhat.com
> <mailto:bburke at redhat.com>>
> <mailto:bburke at redhat.com
> <mailto:bburke at redhat.com> <mailto:bburke at redhat.com
> <mailto:bburke at redhat.com>>>
> <mailto:bburke at redhat.com
> <mailto:bburke at redhat.com>
> <mailto:bburke at redhat.com
> <mailto:bburke at redhat.com>> <mailto:bburke at redhat.com
> <mailto:bburke at redhat.com>
> <mailto:bburke at redhat.com <mailto:bburke at redhat.com>>>>
> <mailto:bburke at redhat.com
> <mailto:bburke at redhat.com>
> <mailto:bburke at redhat.com
> <mailto:bburke at redhat.com>> <mailto:bburke at redhat.com
> <mailto:bburke at redhat.com>
> <mailto:bburke at redhat.com <mailto:bburke at redhat.com>>>
> <mailto:bburke at redhat.com
> <mailto:bburke at redhat.com>
> <mailto:bburke at redhat.com
> <mailto:bburke at redhat.com>> <mailto:bburke at redhat.com
> <mailto:bburke at redhat.com>
> <mailto:bburke at redhat.com
> <mailto:bburke at redhat.com>>>>>> wrote:
>
> There is no Keycloak SP
> filter. We
> have various
> adapters
> for different
> platforms that hook into servlet
> security to make
> integration seamless:
>
> Tomcat 6, 7, 8
> Jetty 8, 9
> EAP 6.x
> Wildfly
> Node.js
> Browser Javascript adapter.
>
> On 3/2/2015 10:22 PM, Chen
> Keong Yap
> wrote:
> > Hi,
> >
> > Please share some lights for
> implementing
> Keycloak sp
> filter which is
> > similar to picketlink sp
> filter.
> >
> >
>
>
> org.picketlink.identity.________federation.web.filters.________SPFilter
> >
> >
> >
> _______________________________________________________
> > keycloak-user mailing list
> >
> keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org>
> <mailto:keycloak-user at lists.__jboss.org
> <mailto:keycloak-user at lists.jboss.org>>
> <mailto:keycloak-user at lists.
> <mailto:keycloak-user at lists.>____jboss.org <http://jboss.org>
> <mailto:keycloak-user at lists.__jboss.org
> <mailto:keycloak-user at lists.jboss.org>>>
> <mailto:keycloak-user at lists
> <mailto:keycloak-user at lists>.
> <mailto:keycloak-user at lists
> <mailto:keycloak-user at lists>.>______jboss.org <http://jboss.org>
> <http://jboss.org>
> <mailto:keycloak-user at lists.
> <mailto:keycloak-user at lists.>____jboss.org <http://jboss.org>
> <mailto:keycloak-user at lists.__jboss.org
> <mailto:keycloak-user at lists.jboss.org>>>>
> <mailto:keycloak-user at lists
> <mailto:keycloak-user at lists>
> <mailto:keycloak-user at lists
> <mailto:keycloak-user at lists>>.
> <mailto:keycloak-user at lists
> <mailto:keycloak-user at lists>
> <mailto:keycloak-user at lists
> <mailto:keycloak-user at lists>>.>________jboss.org <http://jboss.org>
> <http://jboss.org> <http://jboss.org>
> <mailto:keycloak-user at lists
> <mailto:keycloak-user at lists>.
> <mailto:keycloak-user at lists
> <mailto:keycloak-user at lists>.>______jboss.org <http://jboss.org>
> <http://jboss.org>
> <mailto:keycloak-user at lists.
> <mailto:keycloak-user at lists.>____jboss.org <http://jboss.org>
> <mailto:keycloak-user at lists.__jboss.org
> <mailto:keycloak-user at lists.jboss.org>>>>>
> >
> https://lists.jboss.org/________mailman/listinfo/keycloak-user
> <https://lists.jboss.org/______mailman/listinfo/keycloak-user>
>
> <https://lists.jboss.org/______mailman/listinfo/keycloak-user
> <https://lists.jboss.org/____mailman/listinfo/keycloak-user>__>
>
>
> <https://lists.jboss.org/______mailman/listinfo/keycloak-user
> <https://lists.jboss.org/____mailman/listinfo/keycloak-user>
>
> <https://lists.jboss.org/____mailman/listinfo/keycloak-user
> <https://lists.jboss.org/__mailman/listinfo/keycloak-user>__>__>
>
>
>
> <https://lists.jboss.org/______mailman/listinfo/keycloak-user
> <https://lists.jboss.org/____mailman/listinfo/keycloak-user>
>
> <https://lists.jboss.org/____mailman/listinfo/keycloak-user
> <https://lists.jboss.org/__mailman/listinfo/keycloak-user>__>
>
>
> <https://lists.jboss.org/____mailman/listinfo/keycloak-user
> <https://lists.jboss.org/__mailman/listinfo/keycloak-user>
>
> <https://lists.jboss.org/__mailman/listinfo/keycloak-user
> <https://lists.jboss.org/mailman/listinfo/keycloak-user>__>__>__>
> >
>
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
>
> _______________________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org>
> <mailto:keycloak-user at lists.__jboss.org
> <mailto:keycloak-user at lists.jboss.org>>
> <mailto:keycloak-user at lists.
> <mailto:keycloak-user at lists.>____jboss.org <http://jboss.org>
> <mailto:keycloak-user at lists.__jboss.org
> <mailto:keycloak-user at lists.jboss.org>>>
> <mailto:keycloak-user at lists
> <mailto:keycloak-user at lists>.
> <mailto:keycloak-user at lists
> <mailto:keycloak-user at lists>.>______jboss.org <http://jboss.org>
> <http://jboss.org>
> <mailto:keycloak-user at lists.
> <mailto:keycloak-user at lists.>____jboss.org <http://jboss.org>
> <mailto:keycloak-user at lists.__jboss.org
> <mailto:keycloak-user at lists.jboss.org>>>>
> <mailto:keycloak-user at lists
> <mailto:keycloak-user at lists>
> <mailto:keycloak-user at lists
> <mailto:keycloak-user at lists>>.
> <mailto:keycloak-user at lists
> <mailto:keycloak-user at lists>
> <mailto:keycloak-user at lists
> <mailto:keycloak-user at lists>>.>________jboss.org <http://jboss.org>
> <http://jboss.org> <http://jboss.org>
> <mailto:keycloak-user at lists
> <mailto:keycloak-user at lists>.
> <mailto:keycloak-user at lists
> <mailto:keycloak-user at lists>.>______jboss.org <http://jboss.org>
> <http://jboss.org>
> <mailto:keycloak-user at lists.
> <mailto:keycloak-user at lists.>____jboss.org <http://jboss.org>
> <mailto:keycloak-user at lists.__jboss.org
> <mailto:keycloak-user at lists.jboss.org>>>>>
> https://lists.jboss.org/________mailman/listinfo/keycloak-user
> <https://lists.jboss.org/______mailman/listinfo/keycloak-user>
>
> <https://lists.jboss.org/______mailman/listinfo/keycloak-user
> <https://lists.jboss.org/____mailman/listinfo/keycloak-user>__>
>
>
> <https://lists.jboss.org/______mailman/listinfo/keycloak-user
> <https://lists.jboss.org/____mailman/listinfo/keycloak-user>
>
> <https://lists.jboss.org/____mailman/listinfo/keycloak-user
> <https://lists.jboss.org/__mailman/listinfo/keycloak-user>__>__>
>
>
>
> <https://lists.jboss.org/______mailman/listinfo/keycloak-user
> <https://lists.jboss.org/____mailman/listinfo/keycloak-user>
>
> <https://lists.jboss.org/____mailman/listinfo/keycloak-user
> <https://lists.jboss.org/__mailman/listinfo/keycloak-user>__>
>
>
> <https://lists.jboss.org/____mailman/listinfo/keycloak-user
> <https://lists.jboss.org/__mailman/listinfo/keycloak-user>
>
> <https://lists.jboss.org/__mailman/listinfo/keycloak-user
> <https://lists.jboss.org/mailman/listinfo/keycloak-user>__>__>__>
>
>
>
>
>
>
>
>
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
>
>
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
>
>
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
>
>
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-user
mailing list