apicurio / apicurio-keycloak-extensions Goto Github PK

View Code? Open in Web Editor NEW

5.0 9.0 4.0 46 KB

Project that contains extensions to the Keycloak auth server.

License: Apache License 2.0

Java 100.00%

apicurio-keycloak-extensions's Introduction

apicurio-keycloak-extensions

Project that contains extensions to the Keycloak auth server.

Social Connectors

This project contains two custom Keycloak identity providers, one for GitHub Enterprise and one for GitLab (local). As of version 9, Keycloak does not have support for locally installed versions of GitHub and GitLab beyond the standard OpenID Connect v1.0 connector. This connector does not work well for GitLab and not at all for GitHub Enterprise. The social module found in this repository corrects this by providing GitHub and GitLab specific identity providers that can be configured to point to local installations.

GitLab Identity Provider

This package contains a variant of the Keycloak GitLab social provider that is capable of using a local GitLab installation. This solves the issues that appear when trying to use the Keycloak OpenID Connect identity provider.

For more information about why this provider is necessary, see this issue.

The following are steps to using this provider:

Clone and build the custom Keycloak provider here: https://github.com/Apicurio/apicurio-keycloak-extensions
Copy the resulting JAR file from apicurio-keycloak-extensions/social/target/apicurio-keycloak-extensions-social-9.0.0-SNAPSHOT.jar into your Keycloak installation's standalone/deployments directory
Before starting Keycloak, add the following system property: -Dapicurio.hub.gitlab.url=http://local-gitlab.example.org where the value is obviously the real URL to your local GitLab install
When configuring Keycloak, you will now have two GitLab options when creating the Identity Provider. Instead of choosing GitLab (or OpenID Connect v1.0) instead choose GitLab (Local).
All other configuration is the same as documented for using the public GitLab service.

The result of doing this is that you will be using the custom GitLab ID provider implementation instead of the Keycloak baked-in one. And the only difference between the custom one and the default is that custom provider checks for that System Property to determine the location of the various GitLab OpenID Connect endpoints. So if you start Keycloak with the apicurio.hub.gitlab.url system property properly set, everything should work!

GitHub Identity Provider

This package contains a variant of the Keycloak GitHub social provider that is capable of using a local GitHub Enterprise installation. This solves the issues that appear when trying to use the Keycloak OpenID Connect identity provider.

For more information about why this provider is necessary, see this issue.

The following are steps to using this provider:

Clone and build the custom Keycloak provider(s) here: https://github.com/Apicurio/apicurio-keycloak-extensions
Copy the resulting JAR file from apicurio-keycloak-extensions/social/target/apicurio-keycloak-extensions-social-9.0.0-SNAPSHOT.jar into your Keycloak installation's standalone/deployments directory
Before starting Keycloak, add the following two system properties to it (either via command line or via standalone.xml):

-Dapicurio.hub.github.baseUrl=https://github.com
-Dapicurio.hub.github.apiUrl=https://api.github.com

(Obviously change the above values to be your local GitHub Enterprise installation rather than the public URLs)

When configuring Keycloak, you will now have two GitHub options when creating the Identity Provider. Instead of choosing GitHub (or OpenID Connect v1.0) instead choose GitHub Enterprise.
All other configuration is the same as documented for configuring public GitHub integration.

The result of doing this is that you will be using a custom GitHub Identity provider implementation instead of the Keycloak baked-in impl. And the only difference between mine and the default is that mine checks for those System Properties to determine the location of the various GitHub OpenID Connect endpoints. So if you start Keycloak with the apicurio.hub.github.baseUrl and apicurio.hub.github.apiUrl system properties properly set, everything should work!

apicurio-keycloak-extensions's People

Contributors

Stargazers

Watchers

Forkers

soleverxu dystudio nngo carlesarnal

apicurio-keycloak-extensions's Issues

Generate release?

Would it be possible to generate a release for these extensions on github? Thanks!

Failed to create GitHub identity provider running under Keycloak server 9.0.3

I am running Keycloak server 9.0.3.
I have built this plugin and deployed per the README.
When I attempt to create a "GitHub (Local)" Identity Provider, the save button causes:
"Error! An unexpected server error has occurred"

Looks like io.apicurio.kc.ext.social.LocalGitHubIdentityProviderFactory does not define or inherit an implementation of the resolved method 'abstract org.keycloak.models.IdentityProviderModel createConfig()' of interface org.keycloak.broker.provider.IdentityProviderFactory.

This issue is similar to #1.

on the Keycloak terminal, I see this error/stacktrace:

16:06:07,845 ERROR [org.keycloak.services.error.KeycloakErrorHandler] (default task-5) Uncaught server error: java.lang.AbstractMethodError: Receiver class io.apicurio.kc.ext.social.LocalGitHubIdentityProviderFactory does not define or inherit an implementation of the resolved method 'abstract org.keycloak.models.IdentityProviderModel createConfig()' of interface org.keycloak.broker.provider.IdentityProviderFactory.
        at [email protected]//org.keycloak.models.utils.RepresentationToModel.toModel(RepresentationToModel.java:1897)
        at [email protected]//org.keycloak.services.resources.admin.IdentityProvidersResource.create(IdentityProvidersResource.java:192)
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.base/java.lang.reflect.Method.invoke(Method.java:566)
        at [email protected]//org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:138)
        at [email protected]//org.jboss.resteasy.core.ResourceMethodInvoker.internalInvokeOnTarget(ResourceMethodInvoker.java:517)
        at [email protected]//org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTargetAfterFilter(ResourceMethodInvoker.java:406)
        at [email protected]//org.jboss.resteasy.core.ResourceMethodInvoker.lambda$invokeOnTarget$0(ResourceMethodInvoker.java:370)
        at [email protected]//org.jboss.resteasy.core.interception.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:356)
        at [email protected]//org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:372)
        at [email protected]//org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:344)
        at [email protected]//org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:137)
        at [email protected]//org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:106)
        at [email protected]//org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:132)
        at [email protected]//org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:106)
        at [email protected]//org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:132)
        at [email protected]//org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:100)
        at [email protected]//org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:440)
        at [email protected]//org.jboss.resteasy.core.SynchronousDispatcher.lambda$invoke$4(SynchronousDispatcher.java:229)
        at [email protected]//org.jboss.resteasy.core.SynchronousDispatcher.lambda$preprocess$0(SynchronousDispatcher.java:135)
        at [email protected]//org.jboss.resteasy.core.interception.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:356)
        at [email protected]//org.jboss.resteasy.core.SynchronousDispatcher.preprocess(SynchronousDispatcher.java:138)
        at [email protected]//org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:215)
        at [email protected]//org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:227)
        at [email protected]//org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
        at [email protected]//org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
        at [email protected]//javax.servlet.http.HttpServlet.service(HttpServlet.java:590)
        at [email protected]//io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74)
        at [email protected]//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
        at [email protected]//org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:91)
        at [email protected]//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
        at [email protected]//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
        at [email protected]//io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
        at [email protected]//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
        at [email protected]//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
        at [email protected]//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
        at [email protected]//org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
        at [email protected]//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
        at [email protected]//io.undertow.servlet.handlers.RedirectDirHandler.handleRequest(RedirectDirHandler.java:68)
        at [email protected]//io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:132)
        at [email protected]//io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
        at [email protected]//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
        at [email protected]//io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
        at [email protected]//io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
        at [email protected]//io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
        at [email protected]//io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
        at [email protected]//io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
        at [email protected]//io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
        at [email protected]//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
        at [email protected]//org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
        at [email protected]//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
        at [email protected]//org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68)
        at [email protected]//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
        at [email protected]//io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:269)
        at [email protected]//io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:78)
        at [email protected]//io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:133)
        at [email protected]//io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:130)
        at [email protected]//io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
        at [email protected]//io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
        at [email protected]//org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)
        at [email protected]//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1504)
        at [email protected]//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1504)
        at [email protected]//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1504)
        at [email protected]//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1504)
        at [email protected]//io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:249)
        at [email protected]//io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:78)
        at [email protected]//io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:99)
        at [email protected]//io.undertow.server.Connectors.executeRootHandler(Connectors.java:376)
        at [email protected]//io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:830)
        at [email protected]//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
        at [email protected]//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982)
        at [email protected]//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
        at [email protected]//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
        at java.base/java.lang.Thread.run(Thread.java:834)

Failed to create Gitlab identity provider

Hi,
I have compiled the JAR and load in Keycloak. But when I configure it and save changes, it crashes:

 04:30:41,835 ERROR [org.keycloak.services.error.KeycloakErrorHandler] (default task-6) Uncaught server error: java.lang.AbstractMethodError: Receiver class io.apicurio.kc.ext.social.LocalGitLabIdentityProviderFactory does not define or inherit an implementation of the resolved method 'abstract org.keycloak.models.IdentityProviderModel createConfig()' of interface org.keycloak.broker.provider.IdentityProviderFactory.

Start command:
command: ["-b", "0.0.0.0", "-Dkeycloak.profile.feature.docker=enabled", "-Dapicurio.hub.gitlab.url=https://gitlab.example.com"

Keycloak version: 9.0.2
Gitlab version: GitLab Community Edition 12.9.2

Thanks

GitHub (Local) hides GitHub identity provider

I have built and deploy this plugin under Keycloak 9.0.3.
When I try to add a new identity provider, I only see "GitHub (Local)", the "GitHub" identify provider is not in the list.

Could it be because LocalGitHubIdentityProviderFactory.getId() returns "github"? should that be changed to return "github-enterprise" or "github-local" or something like that.

Another thing, should LocalGitHubIdentityProviderFactory.getName() return "GitHub (Enterprise)" instead of "Git (Local)"?

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.