Where does ${authAdminUrl} come from? - keycloak

for the default clients (i.e. admin) the Base URL is set to /realms/something/account/. The Root URL is set to ${authBaseUrl}.
When I look in the clients overview, I can see the Base URL is shown as https://mydomain/auth/realms/something/account/
I'm trying to understand where the values mydomain and auth come from.
I´ve read Where does ${authAdminUrl} come from and how do I manipulate it? and can confirm that the variable is not set in standalone.xml and also not set via environment variable KEYCLOAK_HOSTNAME.

This page: https://www.keycloak.org/server/hostname#_administration_console doesn't mention authAdminUrl explicitly, but the value specified in --hostname-admin-url as suggested there got picked in admin clients that use authAdminUrl in my environment.

Related

Keycloak Identity Broker - Possible to create invalid User-Accounts

When using Keycloak as an Identity Broker there seems to be an issue with some usernames. Default behavior of Keycloak is that when some info (username/email/firstname/lastname) is missing the "Update Account Information" is displayed.
So far so good. The issue though is that you can actually save an invalid username that way, e.g. (asd/fölkj - notice the slash). Now I basically created a broken user that can no longer be modified, not even using the Admin-UI:
[
You can't save it like that because the username is invalid, but you can't change the username since it is read-only.
This seems to be a bug. The bigger issue for me though is that the IDP we are connecting to does not return the email-claim (otherwise I could use that as username too). It only returns a "sub" and since sadly this DOES contain slashes the account is broken if the user does not pick another username. I took a look at the "UsernameTemplateMapper", but they seem a bit limited. Is there any way to just remove all slashes from the "sub"-claim and STILL use it as default username?

How to set AppClip invocation for URL with QueryParam?

I am trying to set the AppClip invocation for my App which is already released on app store.
I need an url such that it provides me a jobId e.g.: https://example.com/task?jobId=00001.
My use case is that I send the sms with the url https://example.com/task?jobId=00001 to the user, the user clicks on the url and the app gets started. Then for the other user I send the next url with corresponding jobId.
I did setup the AASA file for my domain (contains the JSON with "applinks" and "appclip" objects) which is valid, also the Domain status is valid on App Store Connect. There is a default experience set with title, subtitle, image and action. I also configured an advance experience for the url https://example.com/task.
However, my app clip doesn't get invoked if I access the url from either sms text or safari. :(
I do not have a web page for https://example.com/task therefore I haven't set up the meta data for this.
Is it possible to invoke the AppClip this way? It is really important for me that the URL is dynamic and I pass that jobId every time for each individual booking.
There s no much documentation and I already read at least twice Apple documentation about AppClip.
Because of this:
I do not have a web page for https://example.com/task therefore I haven't set up the meta data for this.
The answer to this:
Is it possible to invoke the AppClip this way?
Is no. Sorry, you need to own the domain you're working with, or at the very least have means to access its CNAME config (thus, be able to induce the owner of that domain to change the CNAME configs to what you want it to be, similar to what branch.io and AppsFlyer does with its users/clients).

Google Search Console Add Domain and/or Site URL?

If I have added a property as https://example.com, and then decide I would rather add the whole domain using TXT, should I then remove the url-based property please?
It's not really needed !
Personnaly I kept both of them !
Like that, you can see more details datas : In the url-based you see only the subdomain concerned; and with the domain using TXT you see the all domain.
Sometime could be usefull to have also an or some subdomnains + the global..

How to use login sessions in Typo3 multiple subdomains?

I am using version 8 of TYPO3 and I ask your help to know if it is possible to use the login session of a domain in another subdomain, within the same installation?
For example, log in to www.example.com/login and use the session on a.example.com
Thanks.
You have to set the correct cookieDomain.
This example is for your suggested behaviour:
$GLOBALS['TYPO3_CONF_VARS']['FE']['cookieDomain'] = '.example.com';
You can set this with FE for frontend only, BE for backend only and SYS for the general behaviour (which will be overwritten by FE or BE).

Jenkins embeddable build status icon not shown

I want to use the Embeddable Build Status Plugin for Jenkins. I am using Cloudbees. I granted Job/ViewStatus permissions to the anonymous user. When I add the Markdown to the README.md no icon is shown. I tried both the protected and the unprotected link.
# protected
[![Build Status](https://johnjohndoe.ci.cloudbees.com/job/TypedPreferences/badge/icon)](https://johnjohndoe.ci.cloudbees.com/job/TypedPreferences/)
# unprotected
[![Build Status](https://johnjohndoe.ci.cloudbees.com/buildStatus/icon?job=TypedPreferences)](https://johnjohndoe.ci.cloudbees.com/job/TypedPreferences/)
By default DEV#cloud Jenkins instances are not visible, at all, to anonymous users. If you have configured role-based security and want anonymous users to have the selected roles, configure your system and check the box Enable read-only access for anonymous users.
Well, the question has been asked some time ago, but for others reaching it here, having the problem, that the image is still not shown within the Readme.md on GitHub/GitHub-Enterprise after performing the above mentioned configuration:
Make sure that both services are using the same protocol. In my case, we had GitHub-Enterprise running under HTTPS and Jenkins was running on HTTP.
The badge will not be shown in this case because of the possible security breach introduced by mixed content. You will find an appropriate error message in the console output of your browser (i.e. F12 in Chrome):
Mixed Content: The page at 'https://.../README.md' was loaded over HTTPS,
but requested an insecure image 'http://.../job/master/badge/icon'.
This request has been blocked; the content must be served over HTTPS.
It's of course quite obvious but something that can also be easily missed when searching on the wrong track.
I had an issue with space in the project name, so do not forget to replace spaces with %20
example:
[![Build Status](../Long%20Project%20Name/...)](.../Long%20Project%20Name/...)