We recently upgraded Keycloak from 3.4.3 to 12.0.2 and since then the users locale is not set anymore during registration.
Previously the locale in the user profile was set to the locale used to display the registration page.
I attached a debugger to a local 12.0.2 keycloak and if you look at the UserLocaleUpdateAction the user locale is determined based on the authnote locale_user_requested, but this is not set when using the openid-connect registration url (which is created by the keycloak.js register function):
http://localhost/auth/realms/<realm>/protocol/openid-connect/registrations?client_id=<clientid>&redirect_uri=http%3A%2F%2Flocalhost%3A4200%2F&state=4917895c-ef91-403c-98ee-49f4025c3018&response_mode=fragment&response_type=code&scope=openid&nonce=df3574be-ddfc-4d42-8f88-bfc3094e29ff&ui_locales=de&kc_locale=de
If I go through the login page and click register, I eventually end up on http://localhost/auth/realms/<realm>/login-actions/registration?client_id=<clientid>...., from here the locale is set, but I can't seem to access this url directly.
I'm not sure if it is a bug with Keycloak or am I missing some new configuration?
Related
I am trying to set up SSO between two Keycloaks. The target Keycloak, where I want to configure the SSO has user federation set up in place and the user management is disabled. I was thinking of configuring IdP brokering between my source Keycloak and the target Keycloak so that I can use the same authentication token.
I have configured login redirection and when I try to login to the target system, I was promptly redirected to the source Keycloak. Unfortunately, upon entering the username and password, I was presented with a dialog box stating that my user already exists and offering me to either Review the profile or Add to existing profile.
Initially, I thought it is because the user modification is disabled by the user federation. I have manually created the same username on the system, which is providing a list of the users but even with this in place, I am still unable to log in and am presented with exactly the same error message.
I was able to create my own Keycloak 18.0.2 login theme called custom. Now, I'd like to add Ukrainian translation for the login screen. I created the following file:
/keycloak/themes/custom/login/messages/messages_uk.properties
but unable to find uk locale in Keycloak admin console.
What am I doing wrong and how do I correctly add new translation properties for the Keycloak login theme?
I am using keycloak 4.8.3 Final for my project. I have been reading keycloak documentation for 6 days.
I am using keycloak registration page. When i register, user always enabled, but in my scenario admin has to enable created user. I do not know why but i can not find it in keycloak documantation. I tried to change register flow but nothing change.
I found that we can't change this in 4.8.3 Final version. You can change java code and rebuild it, or you can use REST API.
Our team is working on a project that integrates into Keycloak. We created a custom realm, say ProjectX and enable our custom theme on it to be applied in the login page of Keycloak.
Since our theme is applied on the realm ProjectX and not in master, then how can we default the custom realm to be displayed(with the theme) when we first access the keycloak login page?
Not sure which project you are building and how you are configure keycloak in your ProjectX project. Ok lets ignore all these thing and see how we generally browse keycloak .We Simply hit https://<IP ADDRESS>:<PORT>/auth then it will show some link and we click to Administration Console and it will redirect to MASTER realm url.
Which look like this https://<IP ADDRESS>:<PORT>/auth/realms/master/protocol/openid-connect/auth?client_id=security-admin-console&redirect_uri=https%3A%2F%2F135.250.138.93%3A8666%2Fauth%2Fadmin%2Fmaster%2Fconsole%2F%3Fredirect_fragment%3D%252Frealms%252Fbasic-auth%252Ftheme-settings&state=47381ff9-eb03-4419-bac3-8824d57f9c0d&nonce=be95ef5a-0737-49a3-be0b-4577f7a050ae&response_mode=fragment&response_type=code&scope=openid
Now in your case you want to access the url for particular realm and not default(Master) realm,So here is the Solution hit below url.
https://<IP ADDRESS>:<PORT>/auth/realms/<REALM-NAME>/account
But make sure you created user for your realm and give proper rights to particular user.
According to https://docs.wso2.org/display/IS460/Enabling+IWA+in+WSO2+Identity+Server IS seems to be configured to use WAFFLE which can be used only on Windows.
Did anyone have a chance to successfully install using http://spnego.sourceforge.net/ framework?
It would be appreciated to not limit the environment to Windows only.
If you use Tomcat, you can simply use my library: http://tomcatspnegoad.sourceforge.net/
We have managed to create a custom authenticator where
the authenticator redirects user to a page hosted in Tomcat (Custom logon page
the logon page doesn't display any logon form, but using the Tomcat SPNEGO user is authenticated with SPNEGO / Kerberos and a JWT ticket is posted back to the authenticator (commonAuthId) instead of username and password
the authenticator assumes identity of the user (set the username in the authentication context)
This is de facto a custom claim authentication, do not forget to sign / validate the posted ticket.