[keycloak-user] Keycloak sp filter

Bill Burke bburke at redhat.com
Tue Mar 10 07:44:15 EDT 2015


Plan is to productize about the same time as EAP7.

On 3/10/2015 5:27 AM, Chen Keong Yap wrote:
> hi bill,
>
> thanks for the update. btw, can you advise when redhat will put keycloak
> into jboss eap roadmap?
>
> On Tue, Mar 10, 2015 at 2:02 AM, Bill Burke <bburke at redhat.com
> <mailto:bburke at redhat.com>> wrote:
>
>     I fixed some bugs around logout in 1.2, master git, but we're not
>     releasing this for a few weeks.   I don't know if that is your
>     problem or not.  I have not yet been able to take the time to
>     reproduce your problems on 1.1 yet.
>
>     On 3/8/2015 9:53 PM, Chen Keong Yap wrote:
>
>         hi bill,
>
>         can you advise regarding the global sign out issue?
>
>         On Thu, Mar 5, 2015 at 9:29 AM, Chen Keong Yap
>         <chenkeong.yap at izeno.com <mailto:chenkeong.yap at izeno.com>
>         <mailto:chenkeong.yap at izeno.__com
>         <mailto:chenkeong.yap at izeno.com>>> wrote:
>
>              hi bill,
>
>              Thanks for the solution given and it has resolved the first
>         issue
>              ( login to the app via pl sp filter but the login session
>         cannot be
>              seen in keycloak admin console)
>
>              However now there are few more issues with single sign out.
>
>              a) When i click on the global logout link
>              (http://localhost:8080/__employee/?GLO=true
>         <http://localhost:8080/employee/?GLO=true>), the page just did a
>         self
>              refresh and it's not redirected to keycloak login page. I
>         can see
>              the keycloak session was gone from the keycloak admin
>         console but
>              the sample employee session still there.
>
>              b)  When i click on the local logout link
>              (http://localhost:8080/__employee/?LLO=true
>         <http://localhost:8080/employee/?LLO=true>), the page just did a
>         self
>              refresh and it's not redirected to keycloak login page. I
>         can see
>              the keycloak session still in the keycloak admin console
>         but the
>              sample employee session still there.
>
>              c) When i click on the logout link
>              (http://localhost:8080/__employee/logout.jsp
>         <http://localhost:8080/employee/logout.jsp>), the page just did a
>              self refresh and it's not redirected to keycloak login page. I
>              noticed the keycloak session still in the keycloak admin
>         console but
>              the sample employee session still there. Just wondering do
>         i need to
>              implement session.invalidate() in the logout,jsp but how to
>              invalidate the keycloak session?
>
>
>              On Wed, Mar 4, 2015 at 11:12 PM, Bill Burke
>         <bburke at redhat.com <mailto:bburke at redhat.com>
>              <mailto:bburke at redhat.com <mailto:bburke at redhat.com>>> wrote:
>
>                  Ok, I may have diagnosed the problem.  Go to the admin
>         console.
>                  Go to the definition of your application.  Look at the
>         Admin
>                  Url.  Does it have a "/" at the end of the URL?  If
>         not, add a
>                  '/' at the end of this.
>
>                  i.e.
>
>         http://somhere.com/app/
>
>                  If that solves the issue, let me know and I'll explain
>         what is
>                  going on.  FYI, I ran into the same problem running the
>         SAML
>                  example in the distro and this fixed the problem.
>
>
>
>
>                  On 3/4/2015 9:07 AM, Chen Keong Yap wrote:
>
>                      Hi bill,
>
>                      If i understand from you correctly,
>                      PL SAML SP and keycloak adapters are the same and
>         referring
>                      to below items.
>
>                      Tomcat 6, 7, 8
>                      Jetty 8, 9
>                      EAP 6.x
>                      Wildfly
>                      Node.js
>                      Browser Javascript adapter.
>
>                      So far i have tested PL SAML SP filter using the
>         following
>                      libs and it
>                      got the same 2 issues that was mentioned in the
>         previous email.
>
>                      Picketlink lib : Picketlink 2.70 cr2, picketlink 2.5.3
>                      (commercial)
>
>                      keycloak lib : keycloak 1.1.0 final, keycloak 1.1.0
>         beta 2
>
>                      On Mar 4, 2015 9:44 PM, "Bill Burke"
>         <bburke at redhat.com <mailto:bburke at redhat.com>
>                      <mailto:bburke at redhat.com <mailto:bburke at redhat.com>>
>                      <mailto:bburke at redhat.com
>         <mailto:bburke at redhat.com> <mailto:bburke at redhat.com
>         <mailto:bburke at redhat.com>>>> wrote:
>
>                           Our testsuite uses PL SAML SP, not the filter
>         though,
>                      and it works
>                           fine.  I'd have to recreate the problem using
>         the PL
>                      SAML SP filter.
>
>                           On 3/4/2015 8:04 AM, Chen Keong Yap wrote:
>
>                               Hi bill,
>
>                               Yup. I have configured the app in keycloak
>         admin
>                      console. However i
>                               encountered 2 issues.
>
>                               First issue is that i was able to login to
>         the app
>                      via pl sp
>                               filter but
>                               the login session cannot be seen in
>         keycloak admin
>                      console
>
>                               Second issue is that global logout was not
>         working
>                      and the
>                               landing page
>                               just did a self refresh.
>
>                               On Mar 4, 2015 8:55 PM, "Bill Burke"
>                      <bburke at redhat.com <mailto:bburke at redhat.com>
>         <mailto:bburke at redhat.com <mailto:bburke at redhat.com>>
>                               <mailto:bburke at redhat.com
>         <mailto:bburke at redhat.com> <mailto:bburke at redhat.com
>         <mailto:bburke at redhat.com>>>
>                               <mailto:bburke at redhat.com
>         <mailto:bburke at redhat.com>
>                      <mailto:bburke at redhat.com
>         <mailto:bburke at redhat.com>> <mailto:bburke at redhat.com
>         <mailto:bburke at redhat.com>
>                      <mailto:bburke at redhat.com
>         <mailto:bburke at redhat.com>>>>> wrote:
>
>                                    You can still use the PL Filter SP.  Just
>                      configure the
>                               application
>                                    in the admin console to use SAML.
>
>                                    On 3/3/2015 11:36 PM, Chen Keong Yap
>         wrote:
>
>                                        Hi bill,
>
>                                        the existing adapters cannot
>         support jboss
>                      eap 5.0.2 and
>                                        websphere 8.5
>                                        and we are not allowed to use
>         keycloak proxy.
>
>                                        can you suggest any other alternative
>                      similar to
>                               picketlink sp
>                                        filter?
>
>                                        On Tue, Mar 3, 2015 at 11:45 PM,
>         Bill Burke
>                               <bburke at redhat.com
>         <mailto:bburke at redhat.com> <mailto:bburke at redhat.com
>         <mailto:bburke at redhat.com>>
>                      <mailto:bburke at redhat.com
>         <mailto:bburke at redhat.com> <mailto:bburke at redhat.com
>         <mailto:bburke at redhat.com>>>
>                                        <mailto:bburke at redhat.com
>         <mailto:bburke at redhat.com>
>                      <mailto:bburke at redhat.com
>         <mailto:bburke at redhat.com>> <mailto:bburke at redhat.com
>         <mailto:bburke at redhat.com>
>                      <mailto:bburke at redhat.com <mailto:bburke at redhat.com>>>>
>                                        <mailto:bburke at redhat.com
>         <mailto:bburke at redhat.com>
>                      <mailto:bburke at redhat.com
>         <mailto:bburke at redhat.com>> <mailto:bburke at redhat.com
>         <mailto:bburke at redhat.com>
>                      <mailto:bburke at redhat.com <mailto:bburke at redhat.com>>>
>                               <mailto:bburke at redhat.com
>         <mailto:bburke at redhat.com>
>                      <mailto:bburke at redhat.com
>         <mailto:bburke at redhat.com>> <mailto:bburke at redhat.com
>         <mailto:bburke at redhat.com>
>                      <mailto:bburke at redhat.com
>         <mailto:bburke at redhat.com>>>>>> wrote:
>
>                                             There is no Keycloak SP
>         filter.  We
>                      have various
>                               adapters
>                                        for different
>                                             platforms that hook into servlet
>                      security to make
>                                        integration seamless:
>
>                                             Tomcat 6, 7, 8
>                                             Jetty 8, 9
>                                             EAP 6.x
>                                             Wildfly
>                                             Node.js
>                                             Browser Javascript adapter.
>
>                                             On 3/2/2015 10:22 PM, Chen
>         Keong Yap
>                      wrote:
>                                              > Hi,
>                                              >
>                                              > Please share some lights for
>                      implementing
>                               Keycloak sp
>                                        filter which is
>                                              > similar to picketlink sp
>         filter.
>                                              >
>                                              >
>
>
>         org.picketlink.identity.________federation.web.filters.________SPFilter
>                                              >
>                                              >
>                                              >
>                      _______________________________________________________
>                                              > keycloak-user mailing list
>                                              >
>         keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org>
>                      <mailto:keycloak-user at lists.__jboss.org
>         <mailto:keycloak-user at lists.jboss.org>>
>                               <mailto:keycloak-user at lists.
>         <mailto:keycloak-user at lists.>____jboss.org <http://jboss.org>
>                      <mailto:keycloak-user at lists.__jboss.org
>         <mailto:keycloak-user at lists.jboss.org>>>
>                                        <mailto:keycloak-user at lists
>         <mailto:keycloak-user at lists>.
>                      <mailto:keycloak-user at lists
>         <mailto:keycloak-user at lists>.>______jboss.org <http://jboss.org>
>         <http://jboss.org>
>                               <mailto:keycloak-user at lists.
>         <mailto:keycloak-user at lists.>____jboss.org <http://jboss.org>
>                      <mailto:keycloak-user at lists.__jboss.org
>         <mailto:keycloak-user at lists.jboss.org>>>>
>                                        <mailto:keycloak-user at lists
>         <mailto:keycloak-user at lists>
>                      <mailto:keycloak-user at lists
>         <mailto:keycloak-user at lists>>.
>                               <mailto:keycloak-user at lists
>         <mailto:keycloak-user at lists>
>                      <mailto:keycloak-user at lists
>         <mailto:keycloak-user at lists>>.>________jboss.org <http://jboss.org>
>                      <http://jboss.org> <http://jboss.org>
>                                        <mailto:keycloak-user at lists
>         <mailto:keycloak-user at lists>.
>                      <mailto:keycloak-user at lists
>         <mailto:keycloak-user at lists>.>______jboss.org <http://jboss.org>
>         <http://jboss.org>
>                               <mailto:keycloak-user at lists.
>         <mailto:keycloak-user at lists.>____jboss.org <http://jboss.org>
>                      <mailto:keycloak-user at lists.__jboss.org
>         <mailto:keycloak-user at lists.jboss.org>>>>>
>                                              >
>         https://lists.jboss.org/________mailman/listinfo/keycloak-user
>         <https://lists.jboss.org/______mailman/listinfo/keycloak-user>
>
>         <https://lists.jboss.org/______mailman/listinfo/keycloak-user
>         <https://lists.jboss.org/____mailman/listinfo/keycloak-user>__>
>
>
>         <https://lists.jboss.org/______mailman/listinfo/keycloak-user
>         <https://lists.jboss.org/____mailman/listinfo/keycloak-user>
>
>         <https://lists.jboss.org/____mailman/listinfo/keycloak-user
>         <https://lists.jboss.org/__mailman/listinfo/keycloak-user>__>__>
>
>
>
>         <https://lists.jboss.org/______mailman/listinfo/keycloak-user
>         <https://lists.jboss.org/____mailman/listinfo/keycloak-user>
>
>         <https://lists.jboss.org/____mailman/listinfo/keycloak-user
>         <https://lists.jboss.org/__mailman/listinfo/keycloak-user>__>
>
>
>         <https://lists.jboss.org/____mailman/listinfo/keycloak-user
>         <https://lists.jboss.org/__mailman/listinfo/keycloak-user>
>
>         <https://lists.jboss.org/__mailman/listinfo/keycloak-user
>         <https://lists.jboss.org/mailman/listinfo/keycloak-user>__>__>__>
>                                              >
>
>                                             --
>                                             Bill Burke
>                                             JBoss, a division of Red Hat
>         http://bill.burkecentral.com
>
>                      _______________________________________________________
>                                             keycloak-user mailing list
>         keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org>
>                      <mailto:keycloak-user at lists.__jboss.org
>         <mailto:keycloak-user at lists.jboss.org>>
>                      <mailto:keycloak-user at lists.
>         <mailto:keycloak-user at lists.>____jboss.org <http://jboss.org>
>                      <mailto:keycloak-user at lists.__jboss.org
>         <mailto:keycloak-user at lists.jboss.org>>>
>                                        <mailto:keycloak-user at lists
>         <mailto:keycloak-user at lists>.
>                      <mailto:keycloak-user at lists
>         <mailto:keycloak-user at lists>.>______jboss.org <http://jboss.org>
>         <http://jboss.org>
>                               <mailto:keycloak-user at lists.
>         <mailto:keycloak-user at lists.>____jboss.org <http://jboss.org>
>                      <mailto:keycloak-user at lists.__jboss.org
>         <mailto:keycloak-user at lists.jboss.org>>>>
>                                        <mailto:keycloak-user at lists
>         <mailto:keycloak-user at lists>
>                      <mailto:keycloak-user at lists
>         <mailto:keycloak-user at lists>>.
>                               <mailto:keycloak-user at lists
>         <mailto:keycloak-user at lists>
>                      <mailto:keycloak-user at lists
>         <mailto:keycloak-user at lists>>.>________jboss.org <http://jboss.org>
>                      <http://jboss.org> <http://jboss.org>
>                                        <mailto:keycloak-user at lists
>         <mailto:keycloak-user at lists>.
>                      <mailto:keycloak-user at lists
>         <mailto:keycloak-user at lists>.>______jboss.org <http://jboss.org>
>         <http://jboss.org>
>                               <mailto:keycloak-user at lists.
>         <mailto:keycloak-user at lists.>____jboss.org <http://jboss.org>
>                      <mailto:keycloak-user at lists.__jboss.org
>         <mailto:keycloak-user at lists.jboss.org>>>>>
>         https://lists.jboss.org/________mailman/listinfo/keycloak-user
>         <https://lists.jboss.org/______mailman/listinfo/keycloak-user>
>
>         <https://lists.jboss.org/______mailman/listinfo/keycloak-user
>         <https://lists.jboss.org/____mailman/listinfo/keycloak-user>__>
>
>
>         <https://lists.jboss.org/______mailman/listinfo/keycloak-user
>         <https://lists.jboss.org/____mailman/listinfo/keycloak-user>
>
>         <https://lists.jboss.org/____mailman/listinfo/keycloak-user
>         <https://lists.jboss.org/__mailman/listinfo/keycloak-user>__>__>
>
>
>
>         <https://lists.jboss.org/______mailman/listinfo/keycloak-user
>         <https://lists.jboss.org/____mailman/listinfo/keycloak-user>
>
>         <https://lists.jboss.org/____mailman/listinfo/keycloak-user
>         <https://lists.jboss.org/__mailman/listinfo/keycloak-user>__>
>
>
>         <https://lists.jboss.org/____mailman/listinfo/keycloak-user
>         <https://lists.jboss.org/__mailman/listinfo/keycloak-user>
>
>         <https://lists.jboss.org/__mailman/listinfo/keycloak-user
>         <https://lists.jboss.org/mailman/listinfo/keycloak-user>__>__>__>
>
>
>
>
>
>
>
>
>                                    --
>                                    Bill Burke
>                                    JBoss, a division of Red Hat
>         http://bill.burkecentral.com
>
>
>                           --
>                           Bill Burke
>                           JBoss, a division of Red Hat
>         http://bill.burkecentral.com
>
>
>                  --
>                  Bill Burke
>                  JBoss, a division of Red Hat
>         http://bill.burkecentral.com
>
>
>

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com


More information about the keycloak-user mailing list