We Keep Coding

Getting "500 Internal Server Error" when trying to create oidc-full-name-mapper via kcadm.sh

I am using Keycloak kcadm.sh tool to define a client. I am now trying to define protocol mappers similar to the ones that can be defined by the Keycloak's Web interface. The following command executes successfully:
./kcadm.sh create clients/myclientid/protocol-mappers/models -r myrealm -s name="full name" -s protocolMapper=oidc-full-name-mapper -s protocol=openid-connect
However when I examine the created full name mapper, I see that it's created with "Add to ID token" - OFF, and "Add to access token" - OFF. I want them to be ON. So, after deleting the created mapper I tried adding -s config.access.token.claim=true -s config.id.token.claim=true to the above command. So the command becomes:
./kcadm.sh create clients/myclientid/protocol-mappers/models -r myrealm -s name="full name" -s protocolMapper=oidc-full-name-mapper -s protocol=openid-connect -s config.access.token.claim=true -s config.id.token.claim=true
but this results in "HTTP error - 500 Internal Server Error"
I tried creating a mapper with the options turned off as before, then setting them on using the Web interface, then exporting the client and examine the result. The resulting json includes the following protocol mapper for my client:
"protocolMappers": [
{
"id": "...",
"name": "full name",
"protocol": "openid-connect",
"protocolMapper": "oidc-full-name-mapper",
"consentRequired": false,
"config": {
"id.token.claim": "true",
"access.token.claim": "true"
}
}
],
so it seems that the path I gave was correct. Any idea what I am doing wrong?

Found it! On Linux, I had to use \" after the config. So the command became:
./kcadm.sh create clients/myclientid/protocol-mappers/models -r myrealm -s name="full name" -s protocolMapper=oidc-full-name-mapper -s protocol=openid-connect -s config.\"access.token.claim\"=true -s config.\"id.token.claim\"=true
JustinT's (https://stackoverflow.com/users/1717360/justint) comment to
Add protocol-mapper to keycloak using kcadm.sh gave me the direction.

Specify the config values in Linux like this:
-s 'config."id.token.claim"=true'
-s 'config."access.token.claim"=true'

Wget, preventing session log out

I'm trying to crawl a website which needs to be logged in with wget but it stops everytime it finds a logout url (https://example.com/logout/).
I've tried excluding the directories but without success.
This is my command:
wget --content-disposition --header "Cookie: session_cookies" -k -m -r -E -p --level=inf --retry-connrefused -D site.com -X */logout/*,*/settings/* -o log.txt https://example.com/
I've tried with -R option instead of -X but that didn't work.

Can be solved by the keyword "--reject-regex", like this: "--reject-regex logout", see:wget-devTips

PMCMD Stop workflow

Hi i am trying to stop workflow through PMCMD but unsuccessfully.
i am doing it through powershell
&"$INFS_ROOT\pmcmd.exe" stopworkflow -usd DS -u $IFPC_USER -p $IFPC_PASS -sv ISUD -d DomainIF -f ("$Folder") ("$wf");
But everytime i got error:
ERROR: Option value cannot start with one leading '-'. Usage: pmcmd
stopworkflow
<<-service|-sv> service <-domain|-d> domain [<-timeout|-t> timeout]>
[<<-user|-u> username|<-uservar|-uv> userEnvVar>]
[<<-password|-p> password|<-passwordvar|-pv> passwordEnvVar>]
[<<-usersecuritydomain|-usd> usersecuritydomain|<-usersecuritydomainvar|-usdv> userSecuritydomainEnvVar>]
[<-folder|-f> folder] [<-runinsname|-rin> runInsName]
[-wfrunid workflowRunId] [-wait|-nowait] workflow
For example getworkflowstatus works clear
&"$INFS_ROOT\pmcmd.exe" getworkflowdetails -usd DS -u $IFPCUser -p $IFPCPass -sv ISUD -d DomainIF -f ("$Folder") ("$wf")
Can anyone help me with stopping workflow through pmcmd? Thanks

Add provider to User federation in RedHat SSO/keycloak using CLI

I have custom provider created and deployed.
Now I goto user federation select the drop down and add my provider using UI and fine. Image using UI
Can some one please let me know how to add the same using CLI as I want to automate the manual process.

This worked for me:
kcadm.bat create user-federation/instances -r Test1 \
-s providerName=tatts-asg-authentication \
-s priority=0 \
-s config.debug=false

This is what works for Keycloak 3.4.3:
kcadm.bat create components -x -r MyRealm \
-s providerType=org.keycloak.storage.UserStorageProvider \
-s name=my-provider \
-s parentId=MyRealm \
-s providerId=my-provider \
-s 'config.path=["C:\\path\\to\\properties"]' \
-s 'config.priority=["0"]'
user-federation/instances has been replaced with components: issues.jboss.org/browse/KEYCLOAK-6583
The -x option is to output the stacktrace on error.

create-metadata-templ in ssoadm/OpenAM fails

I'm trying to create metadata template using ssoadm in OpenAM with the following command:
ssoadm create-metadata-templ -u amadmin -f pwd.txt -m sp.xml -x sp-extended.xml -s /sp -a -y https://stage1.abc.xyz.com/OpenAM
It gives the following error:
Incorrect option(s), ssoadm create-metadata-templ -u amadmin -f pwd.txt -m sp.xml -x sp-extended.xml -s /sp -a -y https://stage1.agileworkbe
nch.accenture.com/OpenAM.
ssoadm create-metadata-templ --options [--global-options]
Create new metadata template.
Usage:
ssoadm create-metadata-templ
--entityid|-y
--adminid|-u
--password-file|-f
[--meta-data-file|-m]
[--extended-data-file|-x]
[--serviceprovider|-s]
[--identityprovider|-i]
[--attrqueryprovider|-S]
[--attrauthority|-I]
[--authnauthority|-C]
[--xacmlpep|-e]
[--xacmlpdp|-p]
[--affiliation|-F]
[--affiownerid|-N]
...
...
....
......
I use OpenAM 12.0.0 in Windows 2008 Server R2 Enterprise deployed in Tomcat 7/Java 7.
Any help is highly appreciated.
-Aravind

In your case -y (which is mandatory for the command) is treated as a value for -a key.
You should provide a value for -a key or remove the key from the command.