I'm trying to build User Storage SPI, so I put the Jar file of the plugin in /opt/jboss/keycloak/standalone/deployments/, but it didn't appeared in User Federation page of Keycloak admin console, so I'm sure there are some errors, the problem is I don't know how to debug it, the keycloak docker container logs don't show logs about the status of the plugin other than (DeploymentScanner-threads - 2) WFLYSRV0010:Deployed <name>.jar" (runtime-name : "<name>.jar")
Related
I have setup a jboss instance in a container and am trying to get the console working remotely. I setup the ingrerss to map /console and /management and can now get a login screen to present. Whenever I enter the default "admin" that is deployed, it fails with the following error:
Access Denied: Insufficient privileges to access this interface.
I looked at this page which was a similar issue but the resolution was for an apache server and does not work with K3s/Kubernetetes: Wildfly management console Access Denied Insufficient Privileges
Is there a way to get console authentication working in jboss from outside of a container?
Edit:
Jboss states the following error when attempting to login:
Request rejected due to HOST/ORIGIN mismatch
We are moving to JDK 17 and it is now supported by Redhat in EAP 7.4.7. In EAP 7.4.7, Redhat has disabled the legacy security approach to utilize Elytron. I have migrated my configurations to 7.4.7 with the supplied elytron migration scripts and the server starts without problems.
Access to parts of the web application and managed by spring security and http basic authentication. If I disable spring security, the application can be accessed and works as expected. However, when I enable spring security I see the browser dialog for user id and password. The validation of the userid and password appears to be intercepted by elytron because I see this in the logs and my breakpoint in our password validation does not get called.
2022-11-09 09:10:47,202 DEBUG [org.wildfly.security.http.password] (default task-2) Username authentication. Realm: [null], Username: [admin].
2022-11-09 09:10:47,202 DEBUG [org.wildfly.security.http.basic] (default task-2) User admin authentication failed.
The identical war file deploys and works as expected with Wildfly 26.12. I have tried making the configuration as much as possible with no differences. So there must be some differences between EAP 7.4.7 configuration that is causing the problem.
Any suggestions ?
I'm trying to setup Rancher to use Keycloak as an authentication provider and following the setups laid out here. The last step says to export the metadata in the SAML Metadata IDPSSODescriptor format but I only see SAML Metadata SPSSODescriptor as an option. I've tried using that but authentication isn't working - it opens another window with the same Keycloak setup page when clicking the Authenticate with Keycloak button to validate the setup. There are no errors in the Docker logs for either the Rancher or Keycloak containers when running docker logs CONTAINER command.
I'm wondering if I need to do something specific to setup Keycloak as an IDP to get the correct metadata option but I can't find anything in their documentation.
For Keycloak 6.0 and up, along with the location of the IDPSSODescriptor even its format has changed. This doc explains how that can be edited to be used by Rancher
From the Installation tab, choose the SAML Metadata IDPSSODescriptor format option and download your file.
Or you can directly visit Keycloak URL with IDPSSODescriptor metadata:
https://<keycloak-domain>/auth/realms/<realm>/protocol/saml/descriptor
Hi I am trying to deploy the Custom Login application give in
Github
to Bluemix I deployed the .wlapp to the container. But I could not deploy the AuthAdapter provided. It is failing to get deployed.
Keeping that aside I tried to deploy the starter application provided in the
https://mobilefirstplatform.ibmcloud.com/tutorials/en/foundation/7.1/ibm-containers/sample-app/
It is giving Error shown is as below
The request is coming to my localhost mobilefirst server
What should I do to solve this problem and get the apps deployed on bluemix mfp container
How to deploy custom auth adapters which is not getting deployed to Bluemix
You did not mention if you are using the pre-configured evaluation container, or your own container.
Pre-configured: https://mobilefirstplatform.ibmcloud.com/tutorials/en/foundation/7.1/ibm-containers/evaluate/
Your own container: https://mobilefirstplatform.ibmcloud.com/tutorials/en/foundation/7.1/ibm-containers/run/
You can't open a question and say "deployment fails". It's not going to help anyone solve your problem. mention the error you're getting during the deployment attempt.
An "auth adapter" implies it is using some security test(s). If your server on Bluemix (see "your own container") was not configured correctly with said security test(s) in its authenticationConfig.xml file, this could fail an adapter deployment.
The screen shot in your question clearly shows a CORS issue. Chrome does not allow CORS (attempting to get data for different domains).
Make sure that your application points to the correct server - not your local host one, since you want to use your Bluemix server, right? So in its worklight.plist file or wlclient.properties file, make sure the wlHost property is pointing to the correct server.
Unable to login to a newrelic service bound to a bluemix app, returns a Login Failed ! message on the browser
The bluemix app is hooked up to a SSO service, I was able to login to same newrelic instance 2 days ago, now for some reason it stopped working.
Is there a way to get this working without deleting this instance of newrelic ?
You may be encountering an issue with Bluemix restarting services to address a newly identified security vulnerability. See the status updates for individual services here: https://developer.ibm.com/bluemix/maint151023/