[keycloak-user] keycloak configuration

Bill Burke bburke at redhat.com
Thu Mar 24 09:25:19 EDT 2016


documentation hasn't received any love for more than a year. Screencasts 
are even more out of date.  The good news is that myself and the red hat 
documentation team is scheduled to focus on docs and screencasts the 
month of April.  Up until a few months ago, we were just an open source 
community.  Now that the Red Hat machine is getting behind us, areas 
like documentation should start to be improved.

BTW, If you want help, we need more than just "it doesn't work, your 
documentation sucks".  Walking us through the problem helps us improve 
error messages, general usability, and documentation. Threatening us 
doesn't really help as you are just as likely to get ignored.

On 3/24/2016 4:56 AM, Stian Thorgersen wrote:
> Firstly, that's not FreeIPA (community project) documentation, but Red 
> Hat Identity Management documentation (product). The FreeIPA 
> documentation is https://www.freeipa.org/page/Documentation.
>
> Secondly, just stating that our documentation is bad and pointing to 
> some better documentation doesn't give us anything to go on. We would 
> like to give a good experience and I would be very interested in 
> knowing exactly what documentation you are lacking, hard to understand 
> or whatever other issues you may have with the documentation. Help us 
> to help you ;)
>
> Finally we know the documentation is not as good as it could be and 
> are planning to improve it in the not to distant future. So input from 
> users would be valuable.
>
> On 23 March 2016 at 11:32, Pavlos Kleanthous <parsectix at gmail.com 
> <mailto:parsectix at gmail.com>> wrote:
>
>     Just compare the documentation from another redhat product FreeIPA
>     <https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/index.html>
>
>     I have read this documentation and setup/configure IPA server very
>     easy.
>
>     Keycloak's current documentation looks like more as a developers
>     manual to me.
>
>
>     On Tue, Mar 22, 2016 at 4:29 PM, Stian Thorgersen
>     <sthorger at redhat.com <mailto:sthorger at redhat.com>> wrote:
>
>         Could you elaborate on what is missing from the documentation?
>         That would be helpful.
>
>         On 22 Mar 2016 12:05, "Pavlos Kleanthous" <parsectix at gmail.com
>         <mailto:parsectix at gmail.com>> wrote:
>
>             Dear all,
>
>             I dropped the project at the moment. The lack of
>             documentation is too time consuming.
>
>             Hope that soon keycloak will have it.
>
>
>             On Fri, Mar 18, 2016 at 1:52 PM, Stian Thorgersen
>             <sthorger at redhat.com <mailto:sthorger at redhat.com>> wrote:
>
>                 What adapter? Is the server and client adapter both
>                 1.9.1? We did recently deprecate some OIDC endpoints.
>                 I think ../login is gone and it should be ../auth. So
>                 if you are using an old adapter that may be the issue.
>
>                 On 18 Mar 2016 2:20 p.m., "Pavlos Kleanthous"
>                 <parsectix at gmail.com <mailto:parsectix at gmail.com>> wrote:
>
>                     Yours.
>
>                     I  configured the realm with the same settings on
>                     both versions 1.9.1 and 1.8.1.
>
>
>                     On Fri, Mar 18, 2016 at 11:58 AM, Stian Thorgersen
>                     <sthorger at redhat.com <mailto:sthorger at redhat.com>>
>                     wrote:
>
>                         Client ID has nothing to do with this issue as
>                         it would show an login error page not a not
>                         found. So must be either realm name or another
>                         part of URL is wrong.
>
>                         Are you using our adapters or another library atm?
>
>                         I'm answering on my phone on the plane so
>                         can't look into it more atm.
>
>                         On 17 Mar 2016 10:00, "Pavlos Kleanthous"
>                         <parsectix at gmail.com
>                         <mailto:parsectix at gmail.com>> wrote:
>
>                             Hi,
>
>                             In jenkins, I'm pasting the JSON
>                             configuration that it can found inside
>                             "Installation" tab.
>
>                             Instead of using keycloak client plugins,
>                             can I use a generic oauth plugin in my
>                             apps? How can I configure my keycloak for
>                             this?
>                             i.e. Instead of using google's oauth URL
>                             use my own pointing to keycloak.
>
>
>                             On Wed, Mar 16, 2016 at 1:29 PM, Marko
>                             Strukelj <mstrukel at redhat.com
>                             <mailto:mstrukel at redhat.com>> wrote:
>
>                                 In your jenkins realm - under Clients
>                                 do you have a client called 'ci'?
>                                 That's the client_id used in your request.
>
>                                 AFAIK nothing changed in this part of
>                                 the code since 1.8.1.
>
>                                 On Mar 16, 2016 12:04 PM, "Pavlos
>                                 Kleanthous" <parsectix at gmail.com
>                                 <mailto:parsectix at gmail.com>> wrote:
>
>                                     yes I can.
>
>                                     Please note that this is a problem
>                                     of version 1.9.1.
>                                     I have tried now version 1.8.1 and
>                                     it redirect me to keycloak.
>
>                                     p.s. I'm using the official
>                                     containers from docker hub.
>
>                                     On Wed, Mar 16, 2016 at 10:56 AM,
>                                     Marko Strukelj
>                                     <mstrukel at redhat.com
>                                     <mailto:mstrukel at redhat.com>> wrote:
>
>                                         Are you able to login into
>                                         admin console at:
>                                         http://192.168.99.100:32786/auth
>
>                                         And you see the realm called
>                                         'jenkins' there?
>
>                                         On Mar 16, 2016 11:32 AM,
>                                         "Pavlos Kleanthous"
>                                         <parsectix at gmail.com
>                                         <mailto:parsectix at gmail.com>>
>                                         wrote:
>
>                                             Hi guys adding to this.
>                                             Please see the HTTP
>                                             requests and responses.
>
>                                                 1.
>                                                     Request URL:
>                                                     http://192.168.99.100:32769/securityRealm/commenceLogin?from=%2F
>                                                 2.
>                                                     Request Method:
>                                                     GET
>                                                 3.
>                                                     Status Code:
>                                                     302 Found
>                                                 4.
>                                                     Remote Address:
>                                                     192.168.99.100:32769
>                                                     <http://192.168.99.100:32769>
>                                              1. Response Headersview
>                                                 source
>                                                 1.
>                                                     Content-Length:
>                                                     0
>                                                 2.
>                                                     Location:
>                                                     http://192.168.99.100:32786/auth/realms/jenkins/protocol/openid-connect/login?client_id=ci&redirect_uri=http%3A%2F%2F192.168.99.100%3A32769%2FsecurityRealm%2FfinishLogin&state=cb0b57c5-c160-4861-ab36-ed1835e4b184
>                                                 3.
>                                                     Server:
>                                                     Jetty(winstone-2.9)
>                                                 4.
>                                                     X-Content-Type-Options:
>                                                     nosniff
>
>                                                 1.
>                                                     Request URL:
>                                                     http://192.168.99.100:32786/auth/realms/jenkins/protocol/openid-connect/login?client_id=ci&redirect_uri=http%3A%2F%2F192.168.99.100%3A32769%2FsecurityRealm%2FfinishLogin&state=cb0b57c5-c160-4861-ab36-ed1835e4b184
>                                                 2.
>                                                     Request Method:
>                                                     GET
>                                                 3.
>                                                     Status Code:
>                                                     *404 Not Found*
>                                                 4.
>                                                     Remote Address:
>                                                     192.168.99.100:32786
>                                                     <http://192.168.99.100:32786>
>                                              1. Response Headersview
>                                                 source
>                                                 1.
>                                                     Connection:
>                                                     keep-alive
>                                                 2.
>                                                     Content-Length:
>                                                     0
>                                                 3.
>                                                     Date:
>                                                     Wed, 16 Mar 2016
>                                                     10:30:40 GMT
>                                                 4.
>                                                     Server:
>                                                     WildFly/10
>                                                 5.
>                                                     X-Powered-By:
>                                                     Undertow/1
>                                              2. Request Headersview source
>                                                 1.
>                                                     Accept:
>                                                     text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
>                                                 2.
>                                                     Accept-Encoding:
>                                                     gzip, deflate, sdch
>                                                 3.
>                                                     Accept-Language:
>                                                     en-US,en;q=0.8,el;q=0.6
>                                                 4.
>                                                     Connection:
>                                                     keep-alive
>                                                 5.
>                                                     Cookie:
>                                                     KEYCLOAK_STATE_CHECKER=VJrM9jv37wPkh_NmI101cofXzDzfVqK-MNEmt9V5Hic;
>                                                     KC_RESTART=eyJhbGciOiJIUzI1NiJ9.eyJjcyI6IjhlYWY3ZjM2LWZhOGMtNGFiZi04ZDQ0LWVlN2RlODI0ZmE2NyIsImNpZCI6ImFjY291bnQiLCJwdHkiOiJvcGVuaWQtY29ubmVjdCIsInJ1cmkiOiJodHRwOi8vMTkyLjE2OC45OS4xMDA6MzI3ODYvYXV0aC9yZWFsbXMvamVua2lucy9hY2NvdW50L2xvZ2luLXJlZGlyZWN0IiwiYWN0IjoiQVVUSEVOVElDQVRFIiwibm90ZXMiOnsiYWN0aW9uX2tleSI6IjIyMGExNzllLWM1OGQtNDAyOS1hMmIwLTQ5MmI3MTVkMWI3ZiIsImF1dGhfdHlwZSI6ImNvZGUiLCJpc3MiOiJodHRwOi8vMTkyLjE2OC45OS4xMDA6MzI3ODYvYXV0aC9yZWFsbXMvamVua2lucyIsInJlc3BvbnNlX3R5cGUiOiJjb2RlIiwicmVkaXJlY3RfdXJpIjoiaHR0cDovLzE5Mi4xNjguOTkuMTAwOjMyNzg2L2F1dGgvcmVhbG1zL2plbmtpbnMvYWNjb3VudC9sb2dpbi1yZWRpcmVjdCIsInN0YXRlIjoiMC8zMjFhMDk0Zi03ODYwLTRkOTAtOWU4Yy1iMmM5ZmFkYWVjZmIifX0.QAucuHQLj_-5s3dgnFaxDenigQ9FnaP6DEyOvd8v2Yo;
>                                                     KEYCLOAK_IDENTITY=eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiJmYjc3NDc0NS1jNDA4LTQ5ODctYjE2My03NWFiNTc1YmYzYTMiLCJleHAiOjE0NTgxNTczNDcsIm5iZiI6MCwiaWF0IjoxNDU4MTIxMzQ3LCJpc3MiOiJodHRwOi8vMTkyLjE2OC45OS4xMDA6MzI3ODYvYXV0aC9yZWFsbXMvamVua2lucyIsInN1YiI6ImM1ZWU4OGQ2LTE1Y2MtNDMwOS1hMjdjLTBmYjAwMmI2NDA2YiIsInNlc3Npb25fc3RhdGUiOiJkMDkxYzNkMi04YzQ0LTQyMTEtYWEyNi1lM2Y3ZmRhY2I1YWUiLCJyZXNvdXJjZV9hY2Nlc3MiOnt9fQ.a2A3wZ6-VSAErHebIuV1maEEHYknzB7eiiogT03Ab6t_d95bj8FDNl5YrDrS6hoJqgJXQrGYdp5xurb8zcEQIUCnwxFs1Kh62UtMytYyyaDyJEfQeJf8o2QSZdyAs_OZHDtPeY8qVbVvJkttQ_umsiQMPUmi9ADKeLE-nqq5T9fuo29WMEf9SFiEwJJE4ya3-Ut8NPa5iG-TbxSmDrDRGJXNrCuN2stOuYNHXwWRVd7DckZS0ZOB-ReQQM9NBMw-gDjaEv_0_2oG-whv1dQKpGlrQObNL9sNqvV_PgIEUgRGB6sn2U1zFnwao-bwxYIYXbXqiIaiLC9ObnqYCuYVtg;
>                                                     KEYCLOAK_SESSION=jenkins/c5ee88d6-15cc-4309-a27c-0fb002b6406b/d091c3d2-8c44-4211-aa26-e3f7fdacb5ae;
>                                                     JSESSIONID.96a98541=1a8t1iio7w9ol14h8gslmkjvr4;
>                                                     screenResolution=1920x1080
>                                                 6.
>                                                     DNT:
>                                                     1
>                                                 7.
>                                                     Host:
>                                                     192.168.99.100:32786
>                                                     <http://192.168.99.100:32786>
>                                                 8.
>                                                     Referer:
>                                                     http://192.168.99.100:32769/
>                                                 9.
>                                                     Save-Data:
>                                                     on
>                                                10.
>                                                     Upgrade-Insecure-Requests:
>                                                     1
>
>
>                                             On Tue, Mar 15, 2016 at
>                                             4:26 PM, Pavlos Kleanthous
>                                             <parsectix at gmail.com
>                                             <mailto:parsectix at gmail.com>>
>                                             wrote:
>
>                                                 Thanks for pointing
>                                                 this out. I think it
>                                                 does not matter as the
>                                                 same name can be found
>                                                 in "Installation" tab
>                                                 where
>                                                 I copied the
>                                                 configuration.
>
>                                                 On Tue, Mar 15, 2016
>                                                 at 4:21 PM, Marko
>                                                 Strukelj
>                                                 <mstrukel at redhat.com
>                                                 <mailto:mstrukel at redhat.com>>
>                                                 wrote:
>
>                                                     Looks like you
>                                                     mistyped your
>                                                     client id: 'jenknis'.
>
>                                                     On Mar 15, 2016
>                                                     5:19 PM, "Pavlos
>                                                     Kleanthous"
>                                                     <parsectix at gmail.com
>                                                     <mailto:parsectix at gmail.com>>
>                                                     wrote:
>
>                                                         Hello,
>
>
>                                                         I'm trying to
>                                                         configure
>                                                         keycloak for
>                                                         first time. My
>                                                         setup has 2
>                                                         containers
>                                                         keycloak and
>                                                         jenkins.
>                                                         Following the
>                                                         example how to
>                                                         integrate
>                                                         those two, I
>                                                         created a
>                                                         realm and a
>                                                         client called
>                                                         "jenkins".
>
>                                                         It seams that
>                                                         the realm
>                                                         configuration
>                                                         it's not
>                                                         correct as I
>                                                         get the
>                                                         following
>                                                         debug error.
>                                                         "15:47:55,791
>                                                         ERROR
>                                                         [org.jboss.resteasy.resteasy_jaxrs.i18n]
>                                                         (default
>                                                         task-12)
>                                                         RESTEASY002010: Failed
>                                                         to execute:
>                                                         javax.ws.rs.NotFoundException:
>                                                         RESTEASY003210: Could
>                                                         not find
>                                                         resource for
>                                                         full path:
>                                                         http://192.168.99.100:32786/auth/realms/ci/protocol/openid-connect/login?client_id=jenknis&redirect_uri=http%3A%2F%2F192.168.99.100%3A32769%2FsecurityRealm%2FfinishLogin&state=fb8e0ecd-7a59-4c5e-9fcd-0c90c25a4261"
>
>                                                         I noticed
>                                                         that 
>                                                         "http://192.168.99.100:32786/auth/realms/ci/protocol/openid-connect"
>                                                         does not work
>                                                         generally. The
>                                                         URL ending
>                                                         with
>                                                         "/auth/realms/ci/account"
>                                                         it works.
>
>                                                         if I access
>                                                         the URL:
>                                                         http://192.168.99.100:32786/auth/realms/ci
>
>                                                         {"realm":"ci","public_key":"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj0IQoyEf8wt4ZkD0Jf6t8ppM4MVtiR+QJkaWctQvYRPeg9HGBHLDcsnQnpQ+zZ6Rl5sn5CArqcEygpALpglUiiGdSuH8X0VwfATpWB/0KBwylPJ7CJObDiKoBD7ZMjR67IRa9e8ySdbbCb/Ehapk9SkDfAU7dgHscEkVMuHWUilSpGrqUPPMX9dl6rpIZGX/87DxuHGi4e3d9RYrvKS6wliZF+Pvar5A48OmmklTIpPoPr4NXyQx7a1gsk3VjHLtK2NBLcbMVY+juJTCxa2reukl0eMGVITYFyQgQrXtCyDh18M3TTyFQsS3H2+dLcUdob8r1f973HHXaOUDiD7TrwIDAQAB","token-service":"http://192.168.99.100:32786/auth/realms/ci/protocol/openid-connect","account-service":"http://192.168.99.100:32786/auth/realms/ci/account","admin-api":"http://192.168.99.100:32786/auth/admin","tokens-not-before":0}
>
>                                                         Can you help
>                                                         how to find
>                                                         the problem ?
>
>                                                         p.s. is there
>                                                         any other way
>                                                         to find help
>                                                         on those
>                                                         matters? Tried
>                                                         IRC but nobody
>                                                         is replying
>                                                         there...
>
>                                                         Thank you
>
>                                                         _______________________________________________
>                                                         keycloak-user
>                                                         mailing list
>                                                         keycloak-user at lists.jboss.org
>                                                         <mailto:keycloak-user at lists.jboss.org>
>                                                         https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
>
>
>
>                             _______________________________________________
>                             keycloak-user mailing list
>                             keycloak-user at lists.jboss.org
>                             <mailto:keycloak-user at lists.jboss.org>
>                             https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
>
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160324/8671c72a/attachment-0001.html 


More information about the keycloak-user mailing list