I am wondering how to set the name for a client service account in Keycloak. At the moment it defaults to 'service-account-{client_id}', I would like to change that.
How can I do it? Is it not possible?
Thanks bunches
Related
Hi StackOverflow users,
I'm struggling with KeyCloak configuration because we want to change our current Identity provider to KeyCloak.
Our current solution exposes url with /openid prefix which causes i.e. issuer to be HOSTNAME/openid or event service discovery under HOSTNAME/openid/.well-known/openid-configuration.
When I'm trying to use KeyCloak everything what I have achieved is /auth/realms/openid/.well-known/openid-configuration.
Does anyone know how to remove /auth/realms prefix for KeyCloak?
Instead of changing keycloak urls (of course that is bit difficult). What if you can put a proxy in front of your keycloak to resolve '/openid/.well-known/openid-configuration' to '/auth/realms/openid/.well-known/openid-configuration'.
Or else by changing keycloak web.xml file's
<web-context>auth</web-context>
to
<web-context></web-context>
you can get rid of "auth" part.
I have setup a local (debian) installation of spinnaker and everything looks fine. I had also setup the authentication as ldap and able to sign in as well.
For authorization, I am using the FILE and have already enabled.
However, When I am trying to select an account in the application which I have created, it does not list any of the accounts.
I checked the logs and I am getting the following error in the logs:
Request GET:http://localhost:7002/applications/samit-app/serverGroups?expand=false is missing [X-SPINNAKER-ACCOUNTS] authentication headers and will be treated as anonymous.
Also, the deck and gate URLs are overridden and are behind a nginx proxy.
Can someone help me here and let me know what part I am missing in this setup?
You must choose an Account provider to deploy to and set it as a new Account in Halyard.
Set up an Account provider
My target site needs AD auth to browse and use the admin portal. All is fine there. This means syncing to this server via username and password authentication doesn't work. Does this mean i need to enable x.509 authentication?
If you mean using the Staging Module, the staging module's "Username and password" really is not linked to the actual CMS Users. You can put whatever Username and Password on the Destination server, and connect to it from the Source.
x.509 is also fine.
Tell me if you aren't talking about the Staging Module though.
You may need to do 1 of 2 things:
Enable mixed mode authentication. Yes the overall authentication doesn't need to use a physical cms_user user but since you have AD Authentication enabled, anytime another user or service tries to access a system page it may require them to log in.
Create a web.config location node in your /CMSPages/Staging/web.config file that excludes anyone or everyone to access a the SyncServer.asmx page within there.
Otherwise configure the x.509 certificate setup.
When I bind SQL Database service to an application I can see credentials from application panel. But in case I've created a service and would like to work with it before I'm binding to any application, is it possible? I haven't find a way to see credentials, only internal tools to work with database.
Thank you.
Once you provision a new SQL Database instance, you need to enter the service details page in bluemix, find the 'Launch' button to go to the service page which will open up separately. On the service page go to Set up `-->` Connect Applications `-- >` Connection settings. You will get all the connection details except the username and password.
If you are not able to resolve the username and password then you have got two alternatives :-
1. Create a dummy application, bind it to your SQL Database, get the credentials from VCAP_SERVICES, and you can use them externally.
2. If you are looking for something only on `DB2` then you have another alternative called `DashDB` available in Bluemix. Here the settings are well defined, credentials are clearly available and will work even without binding the service to an application.
Hope this helps you. Thanks.
I've got a Cloudant service that is associated with my Bluemix app. When it was setup, a username/password combo was created automatically. I accidentally shared the credentials (it is just a demo), so now I want to change the password. As far as I can see, there is no way to actually change the password - either on the dashboard or the site itself. Where is this done?
There is no UI to change your credentials. You can contact support. I recommend you create a new instance, use the Replication tab in the Cloudant console to migrate your database, and then delete the old one.
Service credentials are usually created by binding the service instance to an application. Not every service broker works this way, but most do. Simply unbinding the service:
cf unbind-service myapp myservice-instance
And then rebinding:
cf bind-service myapp myservice-instance
Should result in new credentials being generated to the same service instance. Since you can bind a service to multiple applications, each application generally gets different credentials (depending on the service broker implementation).