I would like to implement myself the authentication part of keycloak. This is to be able to add a custom authentication that communicates with another identity server. I saw in keycloak documentation that we have authentication SPI that we can extend but i did not find any tutorials about this. Doc link: keycloak spi link
I was about to check the keycloak sample provider code for authentication on git hub Ref. link however the used version for keycloak was not found when i iported locally the project. Also I cant find the classes under package org.keycloak.authentication in any of keycloak jars (latest ones)
The section Authenticator SPI Walk Through of last release's Server Development guide is as good as a tutorial, as far as I can see.
If you want to use the samples against a Keycloak release, you have to select the tag on github that matches your Keycloak release, e.g. tag 4.2.1.Final if you are using Keycloak 4.2.1.Final.
The org.keycloak.authentication.AuthenticatorFactory class is in keycloak-server-spi-private dependency that is used in the pom.xml of the samples. This maven artifact is on Maven Central like the others used in the POM, so the JARs should be retrieved from there by Maven.
Related
We are a Java shop and use maven. Our app is on wildfly 18. Does anyone have any experiences on migrating a wildfly app to OIDC? We were given a security library that we can use to make OIDC calls to, but it requires a config file co-located with this library. Do we need to use a module for this? If so, do we need a particular section filled out in our standalone.xml?
You asked about Wildfly 18. This one for sure needs add-on modules, such as those provided by the keycloak project (https://www.keycloak.org/downloads).
Since Wildfly 25 the OpenID Connect functionality was added to the Wildfly releases, and since then the addon modules are no longer required. In fact, they should no longer get installed as they seem to break Wildfly.
See also
Secure WebApp in Wildfly 25 using OpenID Connect (OIDC) without installing a Keycloak client adapter
https://docs.wildfly.org/25/WildFly_Elytron_Security.html#validating-jwt-tokens
https://www.youtube.com/watch?v=2gQO4_7Z5CI
I currently try to automate the process of creating a new Bamboo linked repository and start the scan. I've already looked over the documentation of the REST API, tried to generate a new plan and enabling a scan, but that didn't work.
I also tried the Java Maven Package from Atlassian, but that needs user credentials as an authentication method, whilst I need to authenticate via a Security token. There is a link to an API in that Maven Package, which I tried to send a request to with the yaml code, but it always responds with the status code 500 and a Java Stacktrace. It's probably due to a wrong request body, but I can't figure out, how to include the yaml content the same way, as the maven package.
Is there a way to create a linked repository via the REST API?
Thanks in advance!
Is there a way to create a linked repository via the REST API?
No and there won't ever be one because they're deprecating the Bamboo server in favour of their cloud-based alternative (which is based on a totally different API). See https://jira.atlassian.com/browse/BAM-18453
Java Maven Package from Atlassian
What package is that? Based on what I said earlier the only way for you to programmatically create a linked repo is to mimic the browser POST request to updateLinkedRepository.action. That means that you'll need to login first to get a JSESSIONID cookie (xsrf token can be disabled, see https://confluence.atlassian.com/bamkb/rest-api-calls-fail-due-to-missing-xsrf-token-899447048.html#RESTAPIcallsfailduetoMissingXSRFToken-Workaround). Ping me if you need help, I still have ansible code for the login part.
The Mayan-EDMS is a great project and we are looking forward to using it in our project. Our project is having lots of users already in the system, so I am looking for SSO for Mayan-EDMS. We have already seen the LDAP doc, but we looking for Keycloak.
I develop Spring Boot Rest API project using JDBC and the database is PostgreSQL. I added authorization with Keycloak. I wanna use User Federation because I would like to use Users in my PostgreSQL DB. How can I use it and other ways not to use User Federation?
I have faced the same problem recently. I have different clients with different RDBMS, so I have decided to address this problem so that I could reuse my solution across multiple clients.
I published my solution as a multi RDBMS implementation (oracle, mysql, postgresl, sqlserver) to solve simple database federation needs, supporting bcrypt and several types of hashes.
Just build and deploy this solution on keycloak and configure it through the admin console providing jdbc connection string, login, password, the required SQL queries and the type of hash used.
Feel free to clone, fork or do whatever you need to solve your issue.
GitHub repo:
https://github.com/opensingular/singular-keycloak-database-federation
I'm doing similar development but with Oracle and JSF.
I created a project with three classes:
one implementing UserStorageProvider, UserLookupProvider and CredentialInputValidator
one implementing UserStorageProviderFactory
one extending AbstractUserAdapter
Then I created another project which creates an ear file containing the jar file generated in the previous project plus the driver jar file (of PostgreSQL in your case) inside a lib folder.
Finally the ear file is copied in the /opt/jboss/keycloak/standalone/deployments/ folder of the Keycloak server and it gets autodeployed as a SPI. It's necessary to add this provider in the User federation section of the administration application of Keycloak.
I followed official documentation from : https://docs.wso2.com/display/IS541/Integrating+WSO2+Identity+Server+with+Liferay to Login in my Liferay Portal with wso2is user, but it not work for me in wso2is-5.4.1 and liferay6.2ga6. When I try login, liferay's log print "Primary URL :https://wso2is.local:9443/services/Secondary URL :null" but no call to wso2is server is done.
I added this lines into my portal-ext.properties :
auth.pipeline.pre=org.wso2.liferay.is.authenticator.WSO2ISAuthenticator auth.pipeline.enable.liferay.check=false wso2is.auth.service.endpoint.primary=https://wso2is.local:9443/services/ wso2is.auth.thrift.endpoint=localhost wso2is.auth.thrift.port=10500 wso2is.auth.thrift.connection.timeout=10000 wso2is.auth.thrift.admin.user=admin wso2is.auth.thrift.admin.user.password=admin wso2is.auth.thrift.endpoint.login=https://wso2is.local:9443/ wso2is.auth.thrift.system.trusstore=/wso2is-5.4.1/repository/resources/security/wso2carbon.jks wso2is.auth.thrift.system.trusstore.password=wso2carbon
Is there something wrong?
Unfortunately, a lot of the WSO2 documentation is very crufty, containing articles that have been pulled forward from previous versions of the documentation without regression testing on the use cases they present. In short, there's stuff in the documentation that plain doesn't work. If you look at the bottom of the article you'll see the following:
Please note that the above configuration is tested with Liferay 6.1.1
and WSO2 Identity 3.2.3/4.0.0.
I recall I tested this a long time ago, and determined that it wouldn't work with the current version, but that was so long ago that I can't remember why. In any case, the approach presented for integrating Liferay was offered at a time where Liferay didn't have the ability to use standardized authentication protocols like SAML. Now that it does, you probably want to do it in a standards compliant manner instead of using an authentication interface Liferay only promotes using for proprietary authentication systems.
My suggestion is that if you are using Liferay portal enterprise with LDAP that you use the built-in SAML connector. If you aren't using Enterprise, there are some compatible authenticator extensions in the extensions store that will also integrate with Liferay. If you configure Liferay to be a client against WSO2 and then integrate Liferay to LDAP on the backend, it also allows Liferay to be used as a user dashboard instead of the jaggery based one that comes in the product.