Change Keycloak logout redirect url - keycloak

I would like to set a Keycloak redirect url. After click on Sign out button in template.ftl template which is set in account directory
It is represented by list item:
<li>${msg("doSignOut")}</li>
How it is now:
I'm redirect to the main site of keycloak (actually it is a site of login into keycloak)
What I want:
change this site and redirect user to main page of project. How can I define it as
I use Keycloak version 12.0.2
I haven't found any appropriate settings in realmName.json file or Administration Console which is available at http://localhost:8088/auth/admin/master/console/#/realms/realmName

Related

Keycloak Client settings, what URLs do I need?

I have problems setting up Keycloak for a project I do.
Keycloak is running on http://localhost:8180.
Thorntail server is running on http://localhost:8080/users which serves data for an
Angular frontend on http://localhost:4200/*. What I want to do is that a User can only see http://localhost:4200/sign-in without logging in. Once logged in they can access for example http://localhost:4200/list-user.
I was using this guide to set up Keycloak, but I'm not sure what I my Client settings should be. This is what I thought:
Root URL: http://localhost:4200/sign-in
*Valid Redirect URIs: http://localhost:4200/list-user
Base URL: http://localhost:4200/sign-in
Admin URL: http://localhost:8080
Somebody please explain the purpose of these settings as I struggle to understand.
Root url is just a value that will be used for relative paths resolving.
Root: http://localhost:4200/sign-in
Valid Redirects: /* (After login user could be redirected to any URI that matches pattern http://localhost:4200/sign-in/*)
Base URL: / (Is not mandatory. Used when keycloak need to calculate application url by client_id only)
Admin URL: / (Used when Keycloak need to notify applications about revocation or when user logs out. For example when user logs out in application A if he has session in application B, Keycloak will send backchannel request to Admin URL of application B, so Application B will also flush user session in it)
Check out docs and info badges in Admin Console

Default custom realm in keycloak

Our team is working on a project that integrates into Keycloak. We created a custom realm, say ProjectX and enable our custom theme on it to be applied in the login page of Keycloak.
Since our theme is applied on the realm ProjectX and not in master, then how can we default the custom realm to be displayed(with the theme) when we first access the keycloak login page?
Not sure which project you are building and how you are configure keycloak in your ProjectX project. Ok lets ignore all these thing and see how we generally browse keycloak .We Simply hit https://<IP ADDRESS>:<PORT>/auth then it will show some link and we click to Administration Console and it will redirect to MASTER realm url.
Which look like this https://<IP ADDRESS>:<PORT>/auth/realms/master/protocol/openid-connect/auth?client_id=security-admin-console&redirect_uri=https%3A%2F%2F135.250.138.93%3A8666%2Fauth%2Fadmin%2Fmaster%2Fconsole%2F%3Fredirect_fragment%3D%252Frealms%252Fbasic-auth%252Ftheme-settings&state=47381ff9-eb03-4419-bac3-8824d57f9c0d&nonce=be95ef5a-0737-49a3-be0b-4577f7a050ae&response_mode=fragment&response_type=code&scope=openid
Now in your case you want to access the url for particular realm and not default(Master) realm,So here is the Solution hit below url.
https://<IP ADDRESS>:<PORT>/auth/realms/<REALM-NAME>/account
But make sure you created user for your realm and give proper rights to particular user.

WebSphere form based authentication logout mechanism not logging out

I am analyzing code. It is a Wicket application using WebSphere form based authentication.
The program has the ibm_security_logout form mechanism implemented.
When being logged in, I copy the current URL to the clipboard.
When logging out using the form, I seem to be logged out. However, when using the copied URL, I am back in the GUI, being logged in.
So the session is still valid? How can I make sure I am actually logged out, and redirected to the login page when using 'old' URLs?
Thanks!
Check that security is enabled for applications in admin console, menu Security > Global security, checkbox "Application security".
Check that there is no security interceptor in menu Security > Global Security > Trust association > Interceptor
Connect to your application using Chrome or Firefox and open "developer tools" panel. Check what happens when you click on logout:
in network tab, browser should send GET request to ibm_security_logout url
in Websphere answer, there should be header Set-Cookie:LtpaToken2="" which should remove LtapToken2. LtpaToken2 is basically session cookie for Websphere.
Look at your cookies using developer tools. LtpaToken2 should not be there anymore.
If step 1 is not OK: your client application logout button is not properly implemented.
If step 2 is not OK: there should be an error in Websphere log file.
If step 3 is not OK (very unlikely): there might cross-domain error, meaning the cookie was set for another domain name.

Keycloak autologin after registration with direct link

I have a spring boot web app with a direct registration link to keycloak.
My spring boot application.properties looks like this:
keycloak.auth-server-url=http://localhost:8888/auth<br>
keycloak.realm=myrealm<br>
keycloak.public-client=true<br>
keycloak.principal-attribute=preferred_username<br>
keycloak.security-constraints[1].authRoles[0]=user<br>
keycloak.security-constraints[1].securityCollections[0].patterns[0]=/user<br>
A click on the link redirects me to keycloak where I can sign up. After registration I should have the default realm role user and should I be redirected to the restriced path http://localhost:9999/user. But after registration I don't have the role user and so I'm redirected back from /user to keycloak login page. When I login I have the role user and can access /user. Why doesn't direct login work when I use registration link?

Avoid CAS login page, use my own login page

I am new to CAS and single signon. Please correct me if my understanding is incorrect, below if what I understand about CAS.
I have 2 web applications
I setup CAS, and when I access URL of WebApp1, it shows me the CAS login page
I fill correct username/password
It takes me in WebApp1
From there I access WebApp2, and it works fine
What I need is as follows:
When I access WebApp1, I must see WebApp1 login page, not that of CAS
Let CAS generate some token for the session
Use this token to authenticate WebApp2 (which the way its working now - step 5 above)
Can someone suggest me how to achieve this?
I am using Java 1.6, CAS 3.4.11, Tomcat 6.
I've made a summary recently on how CAS works.
The principles are written there. Basically it is like this
Access The WebApp1
Show the CAS login page and authenticate
redirect to WebApp1
Now subsequently you do the following
Access WebApp2
the access request is redirected to CAS which without showing a login page authenticates the user
Always under the assumption that both WebApps are configured to use CAS as a login provider and CAS is setup to support both WebApps.
Now in the CAS way what you want to achieve is done like this:
exchange the standard CAS login page with your login page and your done