Keycloak does not seem to save any modifications I make to role policies.
When I configure my role policy inside keycloak and I click save, there is indeed a row added in the POLICY_CONFIG table inside my database. However when I reload the policy page inside the keycloak admin interface, the policy is empty again. I am not seeing any error inside the logs.
Steps to reproduce
Configure policy
Save policy (successful)
Reload policy page
All fields are empty again. I waited a minute but nothing is being loaded.
Oracle database
POLICY_CONFIG table
ID:
13b25a3a-95f9-4fb7-bbed-bb758c887c8d
TYPE: roles
VALUE
[{"id":"fac49c05-2e78-40a3-98cc-e6206188ed8c","required":false},{"id":"a141db57-
51b5-469d-9266-4bd14fcd024e","required":false},{"id":"679dbf0e-47da-449a-832a-28
0c766381f4","required":false},{"id":"c4993ff8-32fa-4731-9b50-2b75084d1974","requ
ired":false},{"id":"cdc2ac65-7bde-4883-a2b7-7a4af56770e1","required":false}]
Related
I was reading Keycloak documentation about Login Events and configuring external database and I could not find the answers for the following:
What is the maximum expiration time for Login Events for its built in database?
If nothing is configured for expiration time in Admin Console, what will be the default value?
If I configure external database does that mean that all Keycloak schema is generated and data persisted in external database or can I specify to persist only Login Events there?
UPDATE: I manage to find the answers;
Maximum expiration time is forever
If nothing is configured for expiration time in Admin Console,default value is 0, which means never expire
Configuring external database means that all Keycloak schema is
generated automatically upon deployment and all data will be
persisted in configured external data source
I'm trying to create a user in Keycloak admin console, but it has effective roles that should not be there. In addition to default realm roles, each user, when created, has odd Effective Roles. And I can't understand, where they come from. Even when I delete all assigned roles, effective roles just stay there.
This does not happen usually, seems like a problem with your Keycloak setup and installation.
Have you checked the default roles at realm level? Roles shown in screenshot belong to realm-management client.
If you are using master realm, I'd suggest you to create a new realm other than master and use it.
I configured okta snowflake SSO. I assigned users as well. I configures scim which has permission to create users, deactivate users, sync password. After i configure scim i am having errors for existing users Automatic provisioning of user to app snowflake failed. Error while creating user. Conflict. Error reported by remote server. User exist with given user name. Same thing happening when I am assigning the app to existing user with same user name. Is there any way to fix it or is it best to remove scim.
In order for the merge to be successful, the login mapping needs to be exactly the same (the rest gets updated by okta). So make sure users can login via SSO first.
You also need to transfer ownership manually. Documentation provides this command:
use role accountadmin;
grant ownership on user <user_name> to role okta_provisioner;
Snowflake SCIM doc
I am having following same named instances as shown in image
Names are as follows:-
stage-tas-postgres-service
stage-tas-postgres-service
stage-tas-postgres-service
And I am tried to delete it from three dots option but since the stage environment is blocked for deletion activity.
I have referred the below link for deletionIBM Cloud Deletion DB
We have IAM identity and through which tried to delete the instance from Jenkins job
and the command I tried to delete after successful login into IAM user is as follows :-
stage("Deleting resource") {
ibmcloud "resource service-instance-delete stage-tas-postgres-service --recursive"
}
The problem is this job ends with success results, but did not delete the instance.
I am using only 3rd from all list and other two are unused show in image and in above list.
Is there any way to delete the DB from crn or deployment id
Thanks in advance.
The error says that you do not have the required permissions to delete the database. You can see and probably use that database instance, but not delete it.
It seems you are not the account owner or someone with administrator privilege. Therefore, someone else needs to delete the service.
For the future, you could set up a serviceID with the required permissions. Then, use a script which uses the serviceID for login to IBM Cloud and deletion of that service.
I am trying to limit user to see only one schema over XMLA.
For that i have done:
created separate role without full access check
Created separate role without full access check
In Applications tab checked only XMLA
In Schemas tab selected "Authorize Selected" and select only one schema
Created user with just created role
applied new user definitions
After that steps, when i connect via XMLA with just created users i still see all schemas.
What i am doing wrong?
One point that is important when using XMLA interface is to disable the 'anonymous' login. When doing XMLA if this mode is activate it is going to be used in priority.
To change this you need to modify icCube.xml and restart icCube Server. See more on online doc here.