I have keycloak on docker (v20.0.2) and as you know some versions change some or good part of the UI, so is hard to follow tutorials around the web...
I am trying to follow this particular tuto
https://developers.redhat.com/blog/2020/11/24/authentication-and-authorization-using-the-keycloak-rest-api#keycloak_sso_demo
that seems the more updated. My keycloak is actually behind traeffic and thomseddon/traeffic-fordward-auth with a docker-compose file (but the connection through traeffic is good and I have acces to admin UI)
So on step 10 of the tutorial things change for me, I have to look for that particular view inside:
Click on lateral menu Client Scope
Click on button Create client scope
Give a name to the scope, and click on Tab Mapper
All mappers are predefined... so there is no "New mapper" don't understand this bit
then just follow the tuto
With that series of steps I get an error when retriving the token...
https://keycloak:8443/realms/education/protocol/openid-connect/token
enter image description here
(this are fake local data from the realm I created for testing)
that responds with a or something similar I have also tried to change the grant_type to password, and the same happens can not query the token....
{
"error": "invalid_client",
"error_description": "Invalid client or Invalid client credentials"
}
But if I do not link a user with an scope/role as in the tuto suggest then I get the token, but of course I want to use the role or scope to limit who can see which endpoint and who can not
Any step that I'm missing from this update, do you have the same error?
Thank you in advance
I have tried to run it with different combinations of options to see if there is a toggle that actually allows me to fetch the token
Also with different types of grant_type
I will build an API in Python (I don't know Java and prefer Json instead of XML) that connect to this keycloak to allow users or not based on their scope/role/permission or something
I need to be able to block user so if user Student try to access an url from another Student he get blocked that url. So is based on the role or scope or I don't know which is prefered or easer to accomplish, the mission is to block users or not based on a factor that could be used for this in keycloak.
I have created dashboard and shared it to other computer which is demo user with the role-> kibana_dashboard_only_user.
now when i open shared with demo user login credentials it shows error like
Internal Server Error
Error: Internal Server Error
SearchError#http://10.42.35.14:5601/bundles/commons.bundle.js:3:298201
_callee2$/<.searching</<#http://10.42.35.14:5601/bundles/commons.bundle.js:4:324908
processQueue#http://10.42.35.14:5601/built_assets/dlls/vendors.bundle.dll.js:427:199687
scheduleProcessQueue/<#http://10.42.35.14:5601/built_assets/dlls/vendors.bundle.dll.js:427:200650
$digest#http://10.42.35.14:5601/built_assets/dlls/vendors.bundle.dll.js:427:210412
$apply#http://10.42.35.14:5601/built_assets/dlls/vendors.bundle.dll.js:427:213219
done#http://10.42.35.14:5601/built_assets/dlls/vendors.bundle.dll.js:427:132717
completeRequest#http://10.42.35.14:5601/built_assets/dlls/vendors.bundle.dll.js:427:136329
requestLoaded#http://10.42.35.14:5601/built_assets/dlls/vendors.bundle.dll.js:427:135225
Does the user have read permissions on the index? Just dashboard permissions alone are not enough; this is unfortunately not super obvious.
The user (or role) needs to have at least the read permission on the desired index in addition to the dashboard-only role.
Check the documentation here:
https://www.elastic.co/guide/en/kibana/current/xpack-dashboard-only-mode.html#grant-read-access-to-indices
BTW the feature has generally been reworked and is deprecated in the old form
I have absolutelly the same question as dan here - Facebook conversion pixel with "server to server" option . There was written, that there was no way, but it was 2013, so I hope something changed.
So, is there any way to call facebook pixel events (e.g. CompleteRegistration) from server side now?
I can describe situation in more details. Imagine, that user visits our site, where fb pixel tracks 'PageView' of course. When user passes form and sends his phone number, we call 'Lead' event. But then we need to track one more event, when our manager successfully confirmes this user! Of course, it happens on other computer and so on, so there is no idea, how to "connect" to base user.
I've seen a lot of documentation departments like this, but I can't fully understand even if it's possible or not.
Logically, we need to generate specific id for user (or it can be phone number really), when 'Lead' event is called. Then, we should use this id to 'CompleteRegistration' for that user. But I can't understand, how to do it technically.
It would be gratefull, if somebody could explain it.
P.S. As I understand, it is fully available in API for mobile apps. Is it ok idea to use it for our situation, if there is no other solution?
Use Offline Conversions to record events that happen after a user has left your website. Logging these conversions, technically, is very easy. Setting everything up takes a little effort
tldr; check the code below
Follow setup steps in the FB docs (Setup steps 1-5) which are:
Setup facebook Business Manager account
Add a new app to Business Manager account
Create an Ad account, if you don't already have one
Create a System User for the ad account
After the setup, follow Upload Event Data steps on the same page, steps 1-3 to create an offline event set and associate it with your ad. These can be carried out in the Graph API Explorer by following the links in the examples. These can be done programmatically, but is out of the scope of making the event calls from the server for one campaign.
Once you have created the event set, then you can upload your CompleteRegistration events!
You will need to make a multipart form data request to FB, the data key will be an array of your conversion events. As #Cbroe mentioned, you must hash your match keys (the data you have available about your user to match them with a FB user) before sending to FB. The more match keys you are able to provide, the better chance at matching your user. So if you can get their email and phone at the same time, you're much more likely to match your user.
Here's an example of the call to FB using node.js:
var request = require('request')
// The access token you generated for your system user
var access_token = 'your_access_token'
// The ID of the conversion set you created
var conversionId = 'your_conversion_set_id'
var options = {
url: 'https://graph.facebook.com/v2.12/' + conversionId + '/events',
formData: {
access_token: access_token,
upload_tag: 'registrations', //optional
data: [{
match_keys: {
"phone": ["<HASH>", "<HASH>"]
},
currency: "USD",
event_name: "CompleteRegistration",
event_time: 1456870902,
custom_data: { // optional
event_source: "manager approved"
},
}]
}
}
request(options, function(err, result) {
// error handle and check for success
})
Offline Conversion Docs
Facebook has now a Server-Side API: https://developers.facebook.com/docs/marketing-api/server-side-api/get-started
Implementing this is similar to implementing the offline events outlined in the accepted answer.
Keep in mind that it will always be cumbersome to track and connect events from the browser and from your server. You need to share a unique user id between the browser and server, so that Facebook (or any other analytics provider) will know that the event belongs to the same user.
Tools like mixpanel.com and amplitude.com may be more tailored to your needs, but will get very expensive once you move out of the free tier (100+ EUR at mixpanel, 1000+ EUR at Amplitude, monthly). Those tools are tailored towards company success, whereas Facebook is tailored towards selling and measuring Facebook ads.
I'm trying to generate documents using conga composer 8 from apex code but its failing with error Failed to run the post-merge process. I have looked into url and its same as the one I used initially in another salesforce org. I couldn't find any help online or on conga-composer form.
Here is my conga endpoint URL:
https://composer.congamerge.com/Composer8/Index.Html? sessionId=00D41000000dorw!ARQAQKbinH5TXMR_70s3XCShQh5GuSVdrFcq0Fg9OidZLo9MLxzWSby8QY1B4xM8e72DPawVziclnXBjTzpG41RiCAPKQqOt
&serverUrl=https://na35.salesforce.com/services/Soap/u/29.0/00D41000000dorwEAA
&id=a1J410000012BwS
&TemplateId=a0C41000000kg5GEAQ
&APIMODE=13
&ESAgreementName=Contract+for+Test
&queryid=a0441000001PwI7AAK,a0441000001PwICAA0
&ESSignatureType=2
&ESSignatureOrder=2
&ESVisible=1
&ESCustomField=cldocgen__App__c
&ESCustomFieldValue=a1J410000012BwSEAU
&ESRecipient1=00541000000Ke9pAAC
&ESRecipient2=003410000078zVbAAI
&ESRecipient3=003410000078zVhAAI, Method=GET]
Any insight what might be causing this issue.
I had the same problem and was able to solve it using permissions. In this case make sure the user id whose sessionID is passing to Conga has the correct CRUD access to the primary object in your conga call (id=a1J410000012BwS). My guess is that this is something to do with Conga not being able to write the attachment back to salesforce.
Apart from what Greg has mentioned, there are 2 more observations for this error:
Under Email Administration -> Deliverability -> Access to Send Email (All Email Services) should be set to All email.
In case you are using the EmailTemplateId parameter then the classic email template must be available for use.
Also mostly this error is also because of some discrepancy in the URL.
I've been running the echo.html example that comes with Strophe.js. When I start it up I sign in using a user I made called user1. When I click the connect button I get the following output:
Strophe is connecting.
Strophe is connected.
ECHOBOT: Send a message to 5ee09j8v8y#ubuntu/5ee09j8v8y to talk to me.
I am able to successfully test this example using the Gajim client. In Gajim I simply start a new chat using the above JID (5ee09j8v8y#ubuntu/5ee09j8v8y). When I send a message using Gajim it shows up on the echobot example and everything is hunky dory.
So here's my question, I see from this official site that the JID is in this format:
<JID> ::= [<node>"#"]<domain>["/"<resource>]
And I get that the resource is optional, and that the domain in my case above is simply my computer's name (my computer's name is ubuntu). BUT what I don't get is how the heck you get 5ee09j8v8y from the username user1.
The code inside echobot.js which prints the JID line above uses this command to get the information:
connection.jid
Which is just a Strophe.Connection Object retrieving it's JID.
So to sum all of this up, I cannot communicate from Gajim using user1#ubuntu/5ee09j8v8y the only way it works is when I use the JID 5ee09j8v8y#ubuntu/5ee09j8v8y. So what exactly is the node (5ee09j8v8y), how does it get mapped to the username (user1), how can I get Gajim to work with user1#ubuntu/5ee09j8v8y instead of using 5ee09j8v8y#ubuntu/5ee09j8v8y and at the very least can someone point me in the right direction to some documentation on this JID problem?
Note: This tutorial will explain my setup (and help others who are curious in how I set all of this up).