Iam trying to add new table in keycloak version: 13, extended jpaentity provider factory and jpaentity provider classes. deployment is sucess. But after login to keycloak when im selecting any realm showing this error.
Related
Can i use antmatcher without using
KeycloakWebSecurityConfigurerAdapter
Instead I will use WebSecurityConfigurerAdapter provided by spring is it possible?
I am using Quarkus 2.5.1.Final to build one microservice. I am using hibernate reactive with postgres as database. At my organization we use AWS IAM auth tokens for database authentication. AWS IAM token is generated using amazon awssdk and passed as password to database. To generate IAM auth token I have created custom CredentialsProvider.
#Named("iam-ds-credential-provider")
public class IamDataSourceCredentialProvider implements CredentialsProvider {
...
#Override
public Map<String, String> getCredentials(String credentialsProviderName) {
...
return Map.of(PASSWORD_PROPERTY_NAME, generatedAWSToken,
USER_PROPERTY_NAME, datasourceUsername);
}
application.properties
...
quarkus.datasource.db-kind=postgresql
quarkus.datasource.credentials-provider=custom
quarkus.datasource.credentials-provider-name=iam-ds-credential-provider
....
Our IAM auth tokens expire every 10 minutes. When server boots up, password/IAM auth token is cached somewhere in Quarkus framework. Connections created within first 10 minute work. After 10 minutes, new connections created try to use expired IAM auth token. Hence password authentication fails for these connections.
How can I refresh cached database credentials? Or how can i force postgres connection pool to get fresh password(IAM auth token) everytime? Or is there a way to intercept failed connection and then refresh password and retry connection?
Any help is much appreciated.
Setup:
We have a HTTPS strapi application and keycloak is configured as an identity provider with the corresponding client id and secret from the keycloak client. Both strapi and keycloak are behind nginx.
We have a keycloak server, where the strapi is added as a client with the necessary redirect URIs configured.
Also, the provider.js and bootstrap.js is setup as suggested in the reference:
Strapi Documentation,
Issue:
Strapi throws an error when trying to access the client:
{"statusCode":400,"error":"Bad Request","message":{"message":"No access_token."},"data":{"message":"No access_token."}}
https://our.website.domain/strapi/auth/keycloak/callback?error=request-compose%3A%20timeout
In the logs, we see that the access token is not received and hence the error is thrown from strapi end. example provider.js line
Verification:
Strapi is able to use other social identity providers like GitHub to authenticate as expected.
We are able to use Postman to get the access token from keycloak by posting to https://our.website.domain/auth/realms/exampleRealmName/protocol/openid-connect/token as suggested in this comment (step1).
We are able to use the access token to get response from Strapi through Postman. https://our.website.domain/connect/IDP-Name/callback as suggested here (step 2)
Any inputs or advise on what could be the issue?
Thank you in advance.
I have managed to set up a Keycloak server embedded in a Spring Boot Application successfully, following this tutorial:
Keycloak Embedded in a Spring Boot Application
in order to avoid setting it up manually.
Since I am dealing with an old implementation that already has it's own DB, I decided to use Keycloak's User Storage SPI to connect to an external postgresql DB and use this for authentication instead of Keycloak DB.
To do this, I followed the tutorial on Keycloak documentation, but it envolves a standalone Keycloak server, creating a .jar with the custom provider and injecting it to <pathToKeycloak>/standalone/deployments/.
I have created an implementation that works with a standalone Keycloak server, but now I want to include it to the embedded one. Is it possible to use a Keycloak server Embedded in a Spring Boot Application and also have an embedded custom User Storage Provider, to avoid setting up manually?
If you have already implemented the provider and the provider factory, you only need to declare the provider factory class in the resources/META-INF/services/org.keycloak.storage.UserStorageProviderFactory file.
Then you can log in to the administration console and enable user storage provider on the User Federation page.
I am exposing SOAP webservice from my custom portlet. I was able to generate and tried accessing the service from external application, it works fine.
But when i was tested the service from SOAP UI, it throws
java.rmi.RemoteException: Authenticated access required
. If i add AccessController annotation before my method of ServiceImpl as below, I can access from SOAP UI. But i cannot add this below annotation as it can be accessible without credential.
#AccessControlled(guestAccessEnabled=true)
I want to access my custom web service from SOAP UI? why it is throwing Authenticated access required even i add valid userName and Password of Liferay for the service while invoking? Any guess?