[keycloak-user] Adding user from Java: Password credential not working

Brose, Sascha sascha.brose at adesso.ch
Wed Aug 31 07:09:36 EDT 2016


Hi Will

As far as I remember I had problems with that too. Therefore, I create users in two steps at the moment. First I create the user and afterwards I set password.
This works for me to set the password after user was created:

...
UserResource userRes = getUserResById(client, realm, keycloakUserId); // load created user

CredentialRepresentation credentialRep = new CredentialRepresentation();
credentialRep.setType(PASSWORD);
credentialRep.setValue(password);
credentialRep.setTemporary(temporary);

userRes.resetPassword(credentialRep);
...

Best,
Sascha

-----Ursprüngliche Nachricht-----
Von: keycloak-user-bounces at lists.jboss.org [mailto:keycloak-user-bounces at lists.jboss.org] Im Auftrag von keycloak-user-request at lists.jboss.org
Gesendet: Mittwoch, 31. August 2016 12:39
An: keycloak-user at lists.jboss.org
Betreff: keycloak-user Digest, Vol 32, Issue 148

Send keycloak-user mailing list submissions to
	keycloak-user at lists.jboss.org

To subscribe or unsubscribe via the World Wide Web, visit
	https://lists.jboss.org/mailman/listinfo/keycloak-user
or, via email, send a message with subject or body 'help' to
	keycloak-user-request at lists.jboss.org

You can reach the person managing the list at
	keycloak-user-owner at lists.jboss.org

When replying, please edit your Subject line so it is more specific than "Re: Contents of keycloak-user digest..."


Today's Topics:

   1. Adding user from Java: Password credential not	working
      (William Drescher [CELUM])
   2. user logout (yassine yas)
   3. Re: how to set 'scope=offline_access' in
      keycloak-nodejs-connect during login (sheishere b)


----------------------------------------------------------------------

Message: 1
Date: Wed, 31 Aug 2016 09:49:12 +0000
From: "William Drescher [CELUM]" <William.Drescher at celum.com>
Subject: [keycloak-user] Adding user from Java: Password credential
	not	working
To: "keycloak-user at lists.jboss.org" <keycloak-user at lists.jboss.org>
Message-ID:
	<80ececf5710a40b68719ec47d7ca8aac at EMEA-LNZ-EX01.werk3.local>
Content-Type: text/plain; charset="us-ascii"

Hi userlist,

I'm attempting to create a user in java in the way described here, from a java application and using the keycloak standalone server

http://www.first8.nl/blog/programmatically-adding-users-in-keycloak/

Specifically

CredentialRepresentation credential = new CredentialRepresentation(); credential.setType(CredentialRepresentation.PASSWORD);
credential.setValue("test123");
UserRepresentation user = new UserRepresentation(); user.setUsername("testuser"); user.setFirstName("Test"); user.setLastName("User"); user.setCredentials(Arrays.asList(credential));
kc.realm("master").users().create(user);

The user is created correctly no errors either java side or in the output from the standalone server and all data seems to be correct however when attempting to login with the user the credentials are incorrect. I've tried changing the password manually on the keycloak server and the login is then possible. Am I missing something or is this a bug?

Thanks,

Will
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160831/f9318e4a/attachment-0001.html 

------------------------------

Message: 2
Date: Wed, 31 Aug 2016 11:25:46 +0100
From: yassine yas <nizar2yas at gmail.com>
Subject: [keycloak-user] user logout
To: keycloak-user at lists.jboss.org
Message-ID:
	<CAMW2P2me_XmK8msd5M6N6Chkie0d9q=udf5KGMV2WtZ2vR9NcA at mail.gmail.com>
Content-Type: text/plain; charset="utf-8"

Hi,
when an authenticated user try to logout (using the sign out from auth/realms/*{realName}*/account/)
I get this error : Invalid redirect uri
here is the uri of the page that shows the pb:
http://10.129.3.27/auth/realms/*{realName}*
/protocol/openid-connect/logout?redirect_uri=http%3A%2F%2F10.129.3.27%2Fauth%2Frealms%2F
*{realName}*%2Faccount%2F
(the *{realName}* is the same )
how can I change the log out redirect uri cordially
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160831/f686efda/attachment-0001.html 

------------------------------

Message: 3
Date: Wed, 31 Aug 2016 16:09:04 +0530
From: sheishere b <sheishere48 at gmail.com>
Subject: Re: [keycloak-user] how to set 'scope=offline_access' in
	keycloak-nodejs-connect during login
To: Sebastien Blanc <sblanc at redhat.com>
Cc: Bruno Oliveira da Silva <abstractj at redhat.com>,	keycloak-user
	<keycloak-user at lists.jboss.org>
Message-ID:
	<CAKmGKAFLBn3uhrPc1AJpc5FB+58v=eV+iUDkLhP1CoofWi1Szw at mail.gmail.com>
Content-Type: text/plain; charset="utf-8"

Is there some workaround ? Is it possible to override the login url & replace "scope=openid" to "scope=offline" ?

On Wed, Aug 31, 2016 at 2:39 PM, sheishere b <sheishere48 at gmail.com> wrote:

> Ok, thanks.
> It would be great if you could create jira & share the information.
>
> On Wed, Aug 31, 2016 at 2:03 PM, Sebastien Blanc <sblanc at redhat.com>
> wrote:
>
>> I just made some tests and looked at the nodejs adapter code, it 
>> doesn't look like it supports offline_access since it's hardcoded to "scope=openid"
>> ( https://github.com/keycloak/keycloak-nodejs-connect/blob/mas
>> ter/index.js#L304 ).
>>
>> Fix would be quite simple since we have access to the original url 
>> query parameters through the redirectUrl parameter of the function.
>>
>> I can create a jira for this.
>>
>>
>>
>> On Wed, Aug 31, 2016 at 9:43 AM, Stian Thorgersen 
>> <sthorger at redhat.com>
>> wrote:
>>
>>> Do we support offline_access param in Node.js adapter?
>>>
>>> On 31 August 2016 at 09:11, Marek Posolda <mposolda at redhat.com> wrote:
>>>
>>>> It depends if keycloak-nodejs adapter has some nice support for 
>>>> "inject" the custom value of scope parameter into the initial 
>>>> Keycloak login ( AuthorizationEndpoint ) URL.
>>>>
>>>> Our java adapter has support for it, as it "forwards" the value of 
>>>> scope parameter from the secured URL to the Keycloak login URL. For 
>>>> example if you open "http://localhost:/yourapp/secured?scope=offline_access"
>>>> <http://localhost:/yourapp/secured?scope=offline_access>, the 
>>>> adapter forwards the "scope=offline_access" to the Keycloak. Our 
>>>> keycloak.js adapter also has support for adding custom scope. 
>>>> However not really sure about keycloak-nodejs-connect.
>>>>
>>>> Maybe either someone more familiar with keycloak nodeJS adapter 
>>>> will reply. Or you can try to dig yourself and eventually create 
>>>> JIRA (or even better send PR) for adding the missing functionality.
>>>>
>>>> Marek
>>>>
>>>>
>>>> On 30/08/16 11:51, sheishere b wrote:
>>>>
>>>> Hello,
>>>>
>>>> From nodejs, I am trying to integrate with keycloak server.
>>>> Have followed the steps mentioned in 
>>>> <https://github.com/keycloak/keycloak-nodejs-connect>
>>>> https://github.com/keycloak/keycloak-nodejs-connect
>>>> But I need to use offline access to generate offline token as 
>>>> mentioned here, 
>>>> https://keycloak.gitbooks.io/server-adminstration-guide/cont
>>>> ent/v/2.1/topics/sessions/offline.html
>>>> How can this be done from nodejs?
>>>>
>>>>
>>>> _______________________________________________
>>>> keycloak-user mailing 
>>>> listkeycloak-user at lists.jboss.orghttps://lists.jboss.org/mailman/li
>>>> stinfo/keycloak-user
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> keycloak-user mailing list
>>>> keycloak-user at lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>
>>>
>>>
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160831/22a8f6c9/attachment.html 

------------------------------

_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user

End of keycloak-user Digest, Vol 32, Issue 148
**********************************************



More information about the keycloak-user mailing list