[keycloak-user] Keycloak sp filter
Chen Keong Yap
chenkeong.yap at izeno.com
Tue Mar 10 17:01:49 EDT 2015
Hi bill,
Keycloack will be merged with picketlink as one product/module in eap 7?
On Mar 10, 2015 7:44 PM, "Bill Burke" <bburke at redhat.com> wrote:
> Plan is to productize about the same time as EAP7.
>
> On 3/10/2015 5:27 AM, Chen Keong Yap wrote:
>
>> hi bill,
>>
>> thanks for the update. btw, can you advise when redhat will put keycloak
>> into jboss eap roadmap?
>>
>> On Tue, Mar 10, 2015 at 2:02 AM, Bill Burke <bburke at redhat.com
>> <mailto:bburke at redhat.com>> wrote:
>>
>> I fixed some bugs around logout in 1.2, master git, but we're not
>> releasing this for a few weeks. I don't know if that is your
>> problem or not. I have not yet been able to take the time to
>> reproduce your problems on 1.1 yet.
>>
>> On 3/8/2015 9:53 PM, Chen Keong Yap wrote:
>>
>> hi bill,
>>
>> can you advise regarding the global sign out issue?
>>
>> On Thu, Mar 5, 2015 at 9:29 AM, Chen Keong Yap
>> <chenkeong.yap at izeno.com <mailto:chenkeong.yap at izeno.com>
>> <mailto:chenkeong.yap at izeno.__com
>> <mailto:chenkeong.yap at izeno.com>>> wrote:
>>
>> hi bill,
>>
>> Thanks for the solution given and it has resolved the first
>> issue
>> ( login to the app via pl sp filter but the login session
>> cannot be
>> seen in keycloak admin console)
>>
>> However now there are few more issues with single sign out.
>>
>> a) When i click on the global logout link
>> (http://localhost:8080/__employee/?GLO=true
>> <http://localhost:8080/employee/?GLO=true>), the page just did a
>> self
>> refresh and it's not redirected to keycloak login page. I
>> can see
>> the keycloak session was gone from the keycloak admin
>> console but
>> the sample employee session still there.
>>
>> b) When i click on the local logout link
>> (http://localhost:8080/__employee/?LLO=true
>> <http://localhost:8080/employee/?LLO=true>), the page just did a
>> self
>> refresh and it's not redirected to keycloak login page. I
>> can see
>> the keycloak session still in the keycloak admin console
>> but the
>> sample employee session still there.
>>
>> c) When i click on the logout link
>> (http://localhost:8080/__employee/logout.jsp
>> <http://localhost:8080/employee/logout.jsp>), the page just did a
>> self refresh and it's not redirected to keycloak login page.
>> I
>> noticed the keycloak session still in the keycloak admin
>> console but
>> the sample employee session still there. Just wondering do
>> i need to
>> implement session.invalidate() in the logout,jsp but how to
>> invalidate the keycloak session?
>>
>>
>> On Wed, Mar 4, 2015 at 11:12 PM, Bill Burke
>> <bburke at redhat.com <mailto:bburke at redhat.com>
>> <mailto:bburke at redhat.com <mailto:bburke at redhat.com>>>
>> wrote:
>>
>> Ok, I may have diagnosed the problem. Go to the admin
>> console.
>> Go to the definition of your application. Look at the
>> Admin
>> Url. Does it have a "/" at the end of the URL? If
>> not, add a
>> '/' at the end of this.
>>
>> i.e.
>>
>> http://somhere.com/app/
>>
>> If that solves the issue, let me know and I'll explain
>> what is
>> going on. FYI, I ran into the same problem running the
>> SAML
>> example in the distro and this fixed the problem.
>>
>>
>>
>>
>> On 3/4/2015 9:07 AM, Chen Keong Yap wrote:
>>
>> Hi bill,
>>
>> If i understand from you correctly,
>> PL SAML SP and keycloak adapters are the same and
>> referring
>> to below items.
>>
>> Tomcat 6, 7, 8
>> Jetty 8, 9
>> EAP 6.x
>> Wildfly
>> Node.js
>> Browser Javascript adapter.
>>
>> So far i have tested PL SAML SP filter using the
>> following
>> libs and it
>> got the same 2 issues that was mentioned in the
>> previous email.
>>
>> Picketlink lib : Picketlink 2.70 cr2, picketlink
>> 2.5.3
>> (commercial)
>>
>> keycloak lib : keycloak 1.1.0 final, keycloak 1.1.0
>> beta 2
>>
>> On Mar 4, 2015 9:44 PM, "Bill Burke"
>> <bburke at redhat.com <mailto:bburke at redhat.com>
>> <mailto:bburke at redhat.com <mailto:bburke at redhat.com
>> >>
>> <mailto:bburke at redhat.com
>> <mailto:bburke at redhat.com> <mailto:bburke at redhat.com
>> <mailto:bburke at redhat.com>>>> wrote:
>>
>> Our testsuite uses PL SAML SP, not the filter
>> though,
>> and it works
>> fine. I'd have to recreate the problem using
>> the PL
>> SAML SP filter.
>>
>> On 3/4/2015 8:04 AM, Chen Keong Yap wrote:
>>
>> Hi bill,
>>
>> Yup. I have configured the app in keycloak
>> admin
>> console. However i
>> encountered 2 issues.
>>
>> First issue is that i was able to login to
>> the app
>> via pl sp
>> filter but
>> the login session cannot be seen in
>> keycloak admin
>> console
>>
>> Second issue is that global logout was not
>> working
>> and the
>> landing page
>> just did a self refresh.
>>
>> On Mar 4, 2015 8:55 PM, "Bill Burke"
>> <bburke at redhat.com <mailto:bburke at redhat.com>
>> <mailto:bburke at redhat.com <mailto:bburke at redhat.com>>
>> <mailto:bburke at redhat.com
>> <mailto:bburke at redhat.com> <mailto:bburke at redhat.com
>> <mailto:bburke at redhat.com>>>
>> <mailto:bburke at redhat.com
>> <mailto:bburke at redhat.com>
>> <mailto:bburke at redhat.com
>> <mailto:bburke at redhat.com>> <mailto:bburke at redhat.com
>> <mailto:bburke at redhat.com>
>> <mailto:bburke at redhat.com
>> <mailto:bburke at redhat.com>>>>> wrote:
>>
>> You can still use the PL Filter SP.
>> Just
>> configure the
>> application
>> in the admin console to use SAML.
>>
>> On 3/3/2015 11:36 PM, Chen Keong Yap
>> wrote:
>>
>> Hi bill,
>>
>> the existing adapters cannot
>> support jboss
>> eap 5.0.2 and
>> websphere 8.5
>> and we are not allowed to use
>> keycloak proxy.
>>
>> can you suggest any other
>> alternative
>> similar to
>> picketlink sp
>> filter?
>>
>> On Tue, Mar 3, 2015 at 11:45 PM,
>> Bill Burke
>> <bburke at redhat.com
>> <mailto:bburke at redhat.com> <mailto:bburke at redhat.com
>> <mailto:bburke at redhat.com>>
>> <mailto:bburke at redhat.com
>> <mailto:bburke at redhat.com> <mailto:bburke at redhat.com
>> <mailto:bburke at redhat.com>>>
>> <mailto:bburke at redhat.com
>> <mailto:bburke at redhat.com>
>> <mailto:bburke at redhat.com
>> <mailto:bburke at redhat.com>> <mailto:bburke at redhat.com
>> <mailto:bburke at redhat.com>
>> <mailto:bburke at redhat.com <mailto:bburke at redhat.com
>> >>>>
>> <mailto:bburke at redhat.com
>> <mailto:bburke at redhat.com>
>> <mailto:bburke at redhat.com
>> <mailto:bburke at redhat.com>> <mailto:bburke at redhat.com
>> <mailto:bburke at redhat.com>
>> <mailto:bburke at redhat.com <mailto:bburke at redhat.com
>> >>>
>> <mailto:bburke at redhat.com
>> <mailto:bburke at redhat.com>
>> <mailto:bburke at redhat.com
>> <mailto:bburke at redhat.com>> <mailto:bburke at redhat.com
>> <mailto:bburke at redhat.com>
>> <mailto:bburke at redhat.com
>> <mailto:bburke at redhat.com>>>>>> wrote:
>>
>> There is no Keycloak SP
>> filter. We
>> have various
>> adapters
>> for different
>> platforms that hook into
>> servlet
>> security to make
>> integration seamless:
>>
>> Tomcat 6, 7, 8
>> Jetty 8, 9
>> EAP 6.x
>> Wildfly
>> Node.js
>> Browser Javascript adapter.
>>
>> On 3/2/2015 10:22 PM, Chen
>> Keong Yap
>> wrote:
>> > Hi,
>> >
>> > Please share some lights
>> for
>> implementing
>> Keycloak sp
>> filter which is
>> > similar to picketlink sp
>> filter.
>> >
>> >
>>
>>
>> org.picketlink.identity.________federation.web.filters._____
>> ___SPFilter
>> >
>> >
>> >
>> ______________________________
>> _________________________
>> > keycloak-user mailing list
>> >
>> keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.
>> jboss.org>
>> <mailto:keycloak-user at lists.__jboss.org
>> <mailto:keycloak-user at lists.jboss.org>>
>> <mailto:keycloak-user at lists.
>> <mailto:keycloak-user at lists.>____jboss.org <http://jboss.org>
>> <mailto:keycloak-user at lists.__jboss.org
>> <mailto:keycloak-user at lists.jboss.org>>>
>> <mailto:keycloak-user at lists
>> <mailto:keycloak-user at lists>.
>> <mailto:keycloak-user at lists
>> <mailto:keycloak-user at lists>.>______jboss.org <http://jboss.org>
>> <http://jboss.org>
>> <mailto:keycloak-user at lists.
>> <mailto:keycloak-user at lists.>____jboss.org <http://jboss.org>
>> <mailto:keycloak-user at lists.__jboss.org
>> <mailto:keycloak-user at lists.jboss.org>>>>
>> <mailto:keycloak-user at lists
>> <mailto:keycloak-user at lists>
>> <mailto:keycloak-user at lists
>> <mailto:keycloak-user at lists>>.
>> <mailto:keycloak-user at lists
>> <mailto:keycloak-user at lists>
>> <mailto:keycloak-user at lists
>> <mailto:keycloak-user at lists>>.>________jboss.org <
>> http://jboss.org>
>> <http://jboss.org> <http://jboss.org>
>> <mailto:keycloak-user at lists
>> <mailto:keycloak-user at lists>.
>> <mailto:keycloak-user at lists
>> <mailto:keycloak-user at lists>.>______jboss.org <http://jboss.org>
>> <http://jboss.org>
>> <mailto:keycloak-user at lists.
>> <mailto:keycloak-user at lists.>____jboss.org <http://jboss.org>
>> <mailto:keycloak-user at lists.__jboss.org
>> <mailto:keycloak-user at lists.jboss.org>>>>>
>> >
>> https://lists.jboss.org/________mailman/listinfo/keycloak-user
>> <https://lists.jboss.org/______mailman/listinfo/keycloak-user>
>>
>> <https://lists.jboss.org/______mailman/listinfo/keycloak-user
>> <https://lists.jboss.org/____mailman/listinfo/keycloak-user>__>
>>
>>
>> <https://lists.jboss.org/______mailman/listinfo/keycloak-user
>> <https://lists.jboss.org/____mailman/listinfo/keycloak-user>
>>
>> <https://lists.jboss.org/____mailman/listinfo/keycloak-user
>> <https://lists.jboss.org/__mailman/listinfo/keycloak-user>__>__>
>>
>>
>>
>> <https://lists.jboss.org/______mailman/listinfo/keycloak-user
>> <https://lists.jboss.org/____mailman/listinfo/keycloak-user>
>>
>> <https://lists.jboss.org/____mailman/listinfo/keycloak-user
>> <https://lists.jboss.org/__mailman/listinfo/keycloak-user>__>
>>
>>
>> <https://lists.jboss.org/____mailman/listinfo/keycloak-user
>> <https://lists.jboss.org/__mailman/listinfo/keycloak-user>
>>
>> <https://lists.jboss.org/__mailman/listinfo/keycloak-user
>> <https://lists.jboss.org/mailman/listinfo/keycloak-user>__>__>__>
>> >
>>
>> --
>> Bill Burke
>> JBoss, a division of Red Hat
>> http://bill.burkecentral.com
>>
>> ______________________________
>> _________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.
>> jboss.org>
>> <mailto:keycloak-user at lists.__jboss.org
>> <mailto:keycloak-user at lists.jboss.org>>
>> <mailto:keycloak-user at lists.
>> <mailto:keycloak-user at lists.>____jboss.org <http://jboss.org>
>> <mailto:keycloak-user at lists.__jboss.org
>> <mailto:keycloak-user at lists.jboss.org>>>
>> <mailto:keycloak-user at lists
>> <mailto:keycloak-user at lists>.
>> <mailto:keycloak-user at lists
>> <mailto:keycloak-user at lists>.>______jboss.org <http://jboss.org>
>> <http://jboss.org>
>> <mailto:keycloak-user at lists.
>> <mailto:keycloak-user at lists.>____jboss.org <http://jboss.org>
>> <mailto:keycloak-user at lists.__jboss.org
>> <mailto:keycloak-user at lists.jboss.org>>>>
>> <mailto:keycloak-user at lists
>> <mailto:keycloak-user at lists>
>> <mailto:keycloak-user at lists
>> <mailto:keycloak-user at lists>>.
>> <mailto:keycloak-user at lists
>> <mailto:keycloak-user at lists>
>> <mailto:keycloak-user at lists
>> <mailto:keycloak-user at lists>>.>________jboss.org <
>> http://jboss.org>
>> <http://jboss.org> <http://jboss.org>
>> <mailto:keycloak-user at lists
>> <mailto:keycloak-user at lists>.
>> <mailto:keycloak-user at lists
>> <mailto:keycloak-user at lists>.>______jboss.org <http://jboss.org>
>> <http://jboss.org>
>> <mailto:keycloak-user at lists.
>> <mailto:keycloak-user at lists.>____jboss.org <http://jboss.org>
>> <mailto:keycloak-user at lists.__jboss.org
>> <mailto:keycloak-user at lists.jboss.org>>>>>
>> https://lists.jboss.org/________mailman/listinfo/keycloak-user
>> <https://lists.jboss.org/______mailman/listinfo/keycloak-user>
>>
>> <https://lists.jboss.org/______mailman/listinfo/keycloak-user
>> <https://lists.jboss.org/____mailman/listinfo/keycloak-user>__>
>>
>>
>> <https://lists.jboss.org/______mailman/listinfo/keycloak-user
>> <https://lists.jboss.org/____mailman/listinfo/keycloak-user>
>>
>> <https://lists.jboss.org/____mailman/listinfo/keycloak-user
>> <https://lists.jboss.org/__mailman/listinfo/keycloak-user>__>__>
>>
>>
>>
>> <https://lists.jboss.org/______mailman/listinfo/keycloak-user
>> <https://lists.jboss.org/____mailman/listinfo/keycloak-user>
>>
>> <https://lists.jboss.org/____mailman/listinfo/keycloak-user
>> <https://lists.jboss.org/__mailman/listinfo/keycloak-user>__>
>>
>>
>> <https://lists.jboss.org/____mailman/listinfo/keycloak-user
>> <https://lists.jboss.org/__mailman/listinfo/keycloak-user>
>>
>> <https://lists.jboss.org/__mailman/listinfo/keycloak-user
>> <https://lists.jboss.org/mailman/listinfo/keycloak-user>__>__>__>
>>
>>
>>
>>
>>
>>
>>
>>
>> --
>> Bill Burke
>> JBoss, a division of Red Hat
>> http://bill.burkecentral.com
>>
>>
>> --
>> Bill Burke
>> JBoss, a division of Red Hat
>> http://bill.burkecentral.com
>>
>>
>> --
>> Bill Burke
>> JBoss, a division of Red Hat
>> http://bill.burkecentral.com
>>
>>
>>
>>
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20150311/2155d40d/attachment-0001.html
More information about the keycloak-user
mailing list