I deployed Zeppelin (v0.8.2) on my Kubernetes cluster and configured it to connect to Keycloak for user authentication and authorization. However, as you can see in the image (upper-right corner), it shows the User ID generated by Keycloak.
How can I change this to show the username/user name instead?
This is a shiro config problem solved by adding pac4jRealm.principalNameAttribute = name to the shiro.ini.
The solution can be referenced from https://github.com/bujiio/buji-pac4j/issues/61
Related
I have deployed keycloak on my EKS cluster and able to access dashboard successfully and created a new realm already.
So I thought of testing my keycloak, and went to https://www.keycloak.org/app/ for testing.
I have created a client with the root URL "https://www.keycloak.org/app/" and created one User also.
I have tested successfully my user using account login of my realm.
then I went to https://www.keycloak.org/app/ entered my keycloak URL as https://keycloak.test.nip.io , the realm as Test(same name of my realm), and then client name as a portal(same name client created on keycloak).
When I hit Sign in, it redirects to my keycloak URL but shown We are Sorry... Page not found
Anyone knows why I am receiving this error and how can I avoid that.
Issue fixed. So there is a catch My realm name was Test. So I was entering the same and it was not working and then I tried writing in lowercase as a test. Boom It worked.
TIP: No matter what case your realm name is there, if facing this issue try in Lowercase it solved for me and hope for others also it should work.
Thanks, guys...
I too had this error. I followed instructions somewhere for configuring the keycloak client application's url, realm, and clientId properties. In the instructions it said to configure the url to http://localhost:8080/auth. I think this must have changed somewhere along the way.
Changing the url property to http://localhost:8080 fixed the error :)
I have setup a local (debian) installation of spinnaker and everything looks fine. I had also setup the authentication as ldap and able to sign in as well.
For authorization, I am using the FILE and have already enabled.
However, When I am trying to select an account in the application which I have created, it does not list any of the accounts.
I checked the logs and I am getting the following error in the logs:
Request GET:http://localhost:7002/applications/samit-app/serverGroups?expand=false is missing [X-SPINNAKER-ACCOUNTS] authentication headers and will be treated as anonymous.
Also, the deck and gate URLs are overridden and are behind a nginx proxy.
Can someone help me here and let me know what part I am missing in this setup?
You must choose an Account provider to deploy to and set it as a new Account in Halyard.
Set up an Account provider
I'm trying to setup Rancher to use Keycloak as an authentication provider and following the setups laid out here. The last step says to export the metadata in the SAML Metadata IDPSSODescriptor format but I only see SAML Metadata SPSSODescriptor as an option. I've tried using that but authentication isn't working - it opens another window with the same Keycloak setup page when clicking the Authenticate with Keycloak button to validate the setup. There are no errors in the Docker logs for either the Rancher or Keycloak containers when running docker logs CONTAINER command.
I'm wondering if I need to do something specific to setup Keycloak as an IDP to get the correct metadata option but I can't find anything in their documentation.
For Keycloak 6.0 and up, along with the location of the IDPSSODescriptor even its format has changed. This doc explains how that can be edited to be used by Rancher
From the Installation tab, choose the SAML Metadata IDPSSODescriptor format option and download your file.
Or you can directly visit Keycloak URL with IDPSSODescriptor metadata:
https://<keycloak-domain>/auth/realms/<realm>/protocol/saml/descriptor
I have created OpenShift account, and I can login to OpenShift web console from browser, but I can't connect from eclipse. Server type is set to OpenShift 2 and "use default server" is checked. I entered the email address for username and password, the same stuff I use for logging in on OpenShift Web Console.
When I try to login I get :
Your credentials are not authorized to access "https://openshift.redhat.com/broker/rest/user"
The problem you're running into is that you're actually using OpenShift Online 3. You can find a blog post about using eclipse with OpenShift Online 3 here. The only difference being that you need to replace the console url with the correct url from your cluster.
Your cluster's console URL will look like https://console.<cluster-name>.openshift.com.
I've created a new cluster with AAD for client auth using ARM by following the document linked to below. The cluster deployed and my app works fine but my browser is still asking me to select an X.509 certificate when I attempt to use the SF Explorer at: https://mycluster.northcentralus.cloudapp.azure.com:19080/Explorer
I thought when I hooked up Azure AD that the client cert would no longer be needed. Note that I do see that the SF Explorer displays my name in the upper right (with a logout option), indicating to me it's using AAD.
So, what's up with this? Any ideas?
https://azure.microsoft.com/en-us/documentation/articles/service-fabric-cluster-creation-via-arm/
That happens if there's an issue with AAD authentication - the cluster will fallback to certificate authentication.
If SF Explorer isn't re-directing to an AAD login page at all, then double-check that the web application reply URL in the AAD cluster application matches the SF Explorer URL.
If the re-direction is happening and AAD login was successful, then double-check that the AAD cluster application has the expected user roles and that your user has been assigned a role.