I have now two domains pointing to the same server where Keycloak is running.
Now Keycloak is set to domain testa.com. What I would like to do is to change the domain to domain b testb.com.
We added a new domain. Which steps do I need to perform? I will change the URL under the clients, but still, Keycloak will always use the admin console URL of the old domain.
Thank you
Related
We have a web application written using Liferay 6.2 and deployed on tomcat server. Application is accessed using Integrated Windows Authentication. Everything works fine if hostname is directly used to in url to access.
To hide the actual hostname, a CNAME record was created. When that is used to access, users get repeated prompts for credentials and authentication is rejected despite entering correct credentials.
We tried creating SPN for CNAME using the command setspn -a "HTTP/<<friendly name>>". Since connection is made on standard port 443 using HTTPS, no port number was specified when creating SPN. However, repeated authentication prompts still continue to appear. The application runs using a service account. Including the service account when creating SPN could be an option. Please share if there are any suggestions on what else could be tried.
What does "everything works fine" mean? Are you getting prompted and when you enter creds it works correctly, or it does SSO and logs you in without a prompt?
The fact that you're getting prompted is because a) the new cname isn't considered to be in the intranet/trusted internet zone. See Internet Options > Security > Local Intranet/Trusted Sites > Sites. Or b) the requested ticket sent to the server failed.
Also usually you don't register the cname as an SPN. You register the A record the cname is pointing to as the SPN. My guess is this is causing the failure. The SPN is getting registered to the wrong service account so the KDC is using the wrong service account key.
We use Keycloak REST api to send update password email to users. In my setup Keycloak and application making REST calls to Keycloak (using keycloak admin client library) is deployed inside Kubernetes cluster. From my application I am using Kubernetes service name to talk to keycloak.
e.g. http://keycloak-http:8100/auth
With this setup, update password link in email becomes like this
http://keycloak-http:8100/auth/realms/test/login-actions/action-token?key=somekey
So I need to change only host in this URL.
I looked at executeActions.ftl file in keycloak theme and it doesn't have any specific parameter for just host which I can customize.
Any ideas how I can achieve this?
Thanks in advance.
In my case, Keycloak 9+, I used the "Frontend URL" in the Realm Setting to specify the hostname.
I had a similar issue, and it turns out that by default, the host name is filled with the request hostname. (Using Keycloak 6.0.1)
All i had to do was to trigger the email generation with the hostname i wanted in the email.
--> Trigger the update action from the url you need (and that is accessible)
http://externalurl.keycloak.com/auth/...
You can also change the hostname provider, to use a FixedHostnameProvider, or a custom one (it is RequestHostnameProvider by default)
https://www.keycloak.org/docs/latest/server_installation/#_hostname
I want to redirect my subdomain to specific URI without making any changes to my code.
I found the domain forwarding services from Bigrock, they have a sub-domain forwarding service which specifies all subdomains will be redirected as "subdomain.mydomain.com to yourdestinationurl/subdomain/"
I replaced yourdestinationurl, with www.mydomain.com but it's not working.
Am I doing something wrong?Is there any alternative way to do this?
You may create the subdomain in the DNS Manager/Domain name zone file and point it to any URL using 'URL-Redirect' DNS record.
In other words, you need to login into the account of your domain name registrar (if the domain name is delegated to the default nameservers) or into your hosting cPanel (if you have a hosting plan). Then you need to find where to configure DNS records and configure URL-Redirect (also called URL-Forwarding) for your subdomain.
There is no need to have any plugins.
I have two hosting accounts (Personal one and a work one). I am doing some testing and would like to create a subdomain of a work domain (manage.domain.com) and host it on my personal account. Currently, my personal host is through 1and1 and is dedicated while the work one is shared with GoDaddy.
Work
I have gone into go daddy and created the subdomain. I have also added DNS records such as A, AAAA AND NS (i did not record a CNAME). I have noticed that if is type manage.domain.com it is redirecting to my personal server. However, it is directing to the blank admin page of the root of the server (which is maintained using Plesk).
Personal
Using Plesk I added the website (domain.com) and created the subdomain (manage.domain.com). I have also updated the websites hosting access using Plesk and assigned it the default values of my personal account. Using Plesk I also set the subdomain to the particular location of the files I want to test. However, I cannot get my server to recognize the address and redirect it to the proper location.
Any help is greatly appreciated!
J
You can just create:
in personal account domain(not subdomain) manage.domain.com
on domain.com add DNS record of type A, name "manage" and IP address of personal hosting:
After that "manage.domain.com" will resolving to hosting of your personal account and can be accessed because such domain exists.
I figured it out
What i did above was correct expect do not change the name servers on the work DNS(godaddy).
Add the website to plesk - it will give you an error about not being able to control the DNS settings which you have already adjusted on the original server (godaddy)
Add a subdomain of the website.
*** Ensure the subdomain is pointed to the correct folder within your server
Done
jira.service.bd
confluence.service.bd
crowd.service.bd
These should have the same SSO domain, so I set .service.bd
My crowd console URL:
http://crowd.service.bd:8095/crowd/console
I configure the custom domain in /etc/hosts as:
172.16.20.101 crowd.service.bd
If I configure the SSO domain as crowd.service.bd, I get Crowd login success.
If I use .service.bd, then the Crowd login will be a redirect. As this link Crowd Login Redirected said.
I suppose I should have something wrong about domain and subdomain. Should I configure second level domain on my host?
The solution is:
Change
jira.service.bd
confluence.service.bd
crowd.service.bd
To
jira.bdservice.com
confluence.bdservice.com
crowd.bdservice.com
And then set sso domain to .bdservice.com, then everything is OK.
I suppose crowd couldn't recognize .bd as top level domain.