stianst / keycloak-containers-demo Goto Github PK

Hello,

I have 2 features to suggest :

1. Email domain whitelisting :
   It would be nice to be able to whitelist the domain that will be allowed to use the magic link. I bump into this lib https://github.com/micedre/keycloak-mail-whitelisting that works perfectly but I would like to know if it would be hard to combine the magic link with this whitelisting domain?
   I currently update the source code of magic link to include the following code that will whitelist the domain :

if (!email.endsWith("@gruion.com")) {
              context.challenge(context.form().createForm("view-error.ftl"));
         }
         else{

But it would be great to have it included in the lib.
Would it be hard to "merge" the libraries (magic link and whitelisting domain)?
We can maybe try to collaborate with @micedre.
I dont have the knowledge to do it myself, but i can help

2. redirect to register page instead of creating user if user does not exist
   On top of above feature it would be nice to have the possibility to allow of not the user creation if he exists or not.
   Currently if the user does not exist, it is automatically created, even if the email is not valid.
   I would like to redirect the user to the registration page (to force the user fill up user details for example).
   once registered, he can use the magic link

Best regards
Cyril

It appears this demo depends on some upcoming version... I changed to 4.4.0.Final but the build breaks at

import org.keycloak.crypto.SignatureProvider;
import org.keycloak.crypto.SignatureVerifierContext;

Is there any workaround to reproduce this demo for now? Maybe disabling some feature?
When 4.5.0 will be released?

PS D:\docker\keycloak-containers-demo> docker build -t demo-keycloak -f keycloak/Dockerfile .
[+] Building 1.6s (10/11)
 => [internal] load build definition from Dockerfile                                                                                                  0.1s
 => => transferring dockerfile: 32B                                                                                                                   0.0s
 => [internal] load .dockerignore                                                                                                                     0.1s
 => => transferring context: 2B                                                                                                                       0.0s
 => CANCELED [1/7] FROM docker.io/jboss/keycloak:9.0.2@sha256:4d1013ff0a26d535140374a667a82da7a0271413d4efe283ff0bf1c6055d9ab9                        0.1s
 => => resolve docker.io/jboss/keycloak:9.0.2@sha256:4d1013ff0a26d535140374a667a82da7a0271413d4efe283ff0bf1c6055d9ab9                                 0.0s
 => => sha256:4d1013ff0a26d535140374a667a82da7a0271413d4efe283ff0bf1c6055d9ab9 1.37kB / 1.37kB                                                        0.0s
 => => sha256:dbab16e66e048eb1469906763c03dc5e5946760e3f4a07160693e5ea36ec4a1e 8.38kB / 8.38kB                                                        0.0s
 => [internal] load build context                                                                                                                     0.1s
 => => transferring context: 131B                                                                                                                     0.0s
 => ERROR [2/7] COPY magic-link/target/magic-link.jar /opt/jboss/keycloak/standalone/deployments/                                                     0.0s
 => CACHED [3/7] RUN touch /opt/jboss/keycloak/standalone/deployments/magic-link.jar.dodeploy                                                         0.0s
 => ERROR [4/7] COPY themes/target/themes.jar /opt/jboss/keycloak/standalone/deployments/                                                             0.0s
 => CACHED [5/7] RUN touch /opt/jboss/keycloak/standalone/deployments/themes.jar.dodeploy                                                             0.0s
 => ERROR [6/7] COPY token-validation/target/token-validation.jar /opt/jboss/keycloak/standalone/deployments/                                         0.0s
------
 > [2/7] COPY magic-link/target/magic-link.jar /opt/jboss/keycloak/standalone/deployments/:
------
------
 > [4/7] COPY themes/target/themes.jar /opt/jboss/keycloak/standalone/deployments/:
------
------
 > [6/7] COPY token-validation/target/token-validation.jar /opt/jboss/keycloak/standalone/deployments/:
------
failed to compute cache key: "/token-validation/target/token-validation.jar" not found: not found

why?

The dockerfile has something.../target/.jar file it wants to execute but isn't found

This command failes with "/opt/jboss/tools/docker-entrypoint.sh: line 165: DB_ADDR: unbound variable"
docker run --name demo-keycloak -e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=admin -p 8080:8080 --net demo-network demo-keycloak

Upon googling this specific issue I added this to the dockerfile:

ENV DB_VENDOR=POSTGRES
ENV DB_ADDR=postgres
ENV DB_DATABASE=keycloak

It gets further but I get other more complicated errors:

ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([("subsystem" => "microprofile-metrics-smallrye")]): java.lang.NullPointerException

It appears t hat updates to keycloak or postgresql have broken your original project.

Re produce steps:

• Login jsconsole
• Integrate GitHub
• Open chrome or Firefox browser normal or incognito window
• login with GitHub
• enter username and password of GitHub
• Now jsconsole will be redirected
• click logout from jsconsole
• now key cloak login page will be redirected along
• we can see github idp in login page
• click and GitHub to login with GitHub credentials

This time, it GitHub is not asking user credentials, it logging in with existing user itself. but actually we logged out that user. session should be destroyed in both keycloak and GitHub.

• same issue happening in keycloak with other IDP like Okta with OpenID protocol.

The configured port on demo-mail is 1025, not 25.

While running 'docker run --name devnation-keycloak -e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=admin -p 8080:8080 --net devnation-network devnation-keycloak' I got
21:06:45,967 FATAL [org.keycloak.services] (ServerService Thread Pool -- 72) java.util.ServiceConfigurationError: org.keycloak.authentication.AuthenticatorFactory: Provider org.keycloak.experimental.magic.MagicLinkFormAuthenticatorFactory could not be instantiated

While trying the autoregister feature, when I click on the confirmation email, js-console responds "Init Error" and that's what in demo-keycloak log:
18:48:05,811 WARN [org.keycloak.events] (default task-26) type=LOGIN_ERROR, realmId=demo, clientId=js-console, userId=833aea1c-7108-4710-8137-e41afca637c9, ipAddress=172.18.0.1, error=invalid_user_credentials, auth_method=openid-connect, auth_type=code, redirect_uri=http://localhost:8000/, code_id=e3d8da0a-526d-464d-b75a-133f4475ba29, username=demouser, authSessionParentId=e3d8da0a-526d-464d-b75a-133f4475ba29, authSessionTabId=spPsG8ZPOYc