search for: keycloak

Hi, Can someone point out what I am doing wrong here? Background: I'm trying to make keycloak (saml) authenticate using kerberos, and I'm getting "client not found in kerberos database". Below are the steps I have taken. I'm using a domain member servers machine account (server$) to add the SPN, since keycloak is running on that member server. (for the record: the mem...

Hello, I'm trying to configure roundcube / dovecot to work with keycloak. I activated xoauth2 oauthbearer in dovecot. But a problem occurs when dovecot tries to contact the keycloak server (logs are below). My problem looks like this one: https://dovecot.org/pipermail/dovecot/2019-December/117768.html The response to this problem was about a bug in oauth driver (https:...

Hai Mourik-Jan, I think you missing your ptr record in the reverse zone. Or you missing the Krb5KeyTab variable in the apache setup. Test : dig keycloak.company.com ( results in A ip. ) dig -x ip_adres https://wiki.samba.org/index.php/Authenticating_Apache_against_Active_Directory Greetz, Louis > -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens lists via samba > Verzonden: maandag...

Hi, We are using keycloak with our samba-4.4.4 AD environment. (an ldaps client application) Keycloak is able to ask users to change their passwords, when the checkbox "require password change upon next logon" is set in ADUC. However, in our environment (samba-4.4.4) keycloak simply refuses the logons when th...

.../07/2020 19:43 Aki Tuomi <aki.tuomi at open-xchange.com> wrote: > > > > On 04/07/2020 21:12 la.jolie at paquerette <la.jolie at paquerette.org> wrote: > > > > > > Hello, > > > > I'm trying to configure roundcube / dovecot to work with keycloak. > > I activated xoauth2 oauthbearer in dovecot. > > But a problem occurs when dovecot tries to contact the keycloak server > > (logs are below). > > > > My problem looks like this one: > > https://dovecot.org/pipermail/dovecot/2019-December/117768.html > &gt...

Hello, Still trying to make roundcube / Dovecot works with Keycloak. Dovecot can't seem to validate the access_token that Roundcube gave. ----- Jul 08 20:48:05 auth: Debug: http-client[1]: request [Req1: GET https://my.keycloak.host/auth/realms/test_saml/protocol/openid-connect/tokeneyJhbGciOiJFUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJEZzR2aWtndzN2MWVpQVgxMU10Yk...

Hi Andrew and Rowland, Two replies, so quickly! I'm impressed :-) On 01/27/2017 10:47 AM, Andrew Bartlett via samba wrote: > And a very interesting one at that. I'm glad to see someone has taken > on some of the ADFS capability I hear folks ask for regularly. Yes I agree, keycloak is very cool. I have found the following samba bug report: https://bugzilla.samba.org/show_bug.cgi?id=9048 Judging from the bugreport above, I should ask keycloak devs to follow the errorcode number (49) only, and act based on that. As the errorcode itself is identical, it should make things co...

...t;>> >>>> >>>> I changed some of the tls options following the document, now config is following: >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> tokeninfo_url = https://keycloak.com/auth/realms/mail/protocol/openid-connect/token >>>> introspection_url = https://dovecot:7598e21b-ec34-481f-80d0-059bddae0923 at keycloak.com/auth/realms/demo/protocol/openid-connect/token/introspect >>>> introspection_mode = post >>>> debug = yes >>>...

I changed some of the tls options following the document, now config is following: tokeninfo_url = https://keycloak.com/auth/realms/mail/protocol/openid-connect/token introspection_url = https://dovecot:7598e21b-ec34-481f-80d0-059bddae0923 at keycloak.com/auth/realms/demo/protocol/openid-connect/token/introspect introspection_mode = post debug = yes rawlog_dir = /tmp/oauth2 #force_introspection = yes username_at...

...i <aki.tuomi at open-xchange.com> wrote: >> >> >>> On 04/07/2020 21:12 la.jolie at paquerette <la.jolie at paquerette.org> wrote: >>> >>> >>> Hello, >>> >>> I'm trying to configure roundcube / dovecot to work with keycloak. >>> I activated xoauth2 oauthbearer in dovecot. >>> But a problem occurs when dovecot tries to contact the keycloak server >>> (logs are below). >>> >>> My problem looks like this one: >>> https://dovecot.org/pipermail/dovecot/2019-December/117...

On Fri, 27 Jan 2017 10:30:22 +0100 mj via samba <samba at lists.samba.org> wrote: > Hi, > > We are using keycloak with our samba-4.4.4 AD environment. (an ldaps > client application) > > Keycloak is able to ask users to change their passwords, when the > checkbox "require password change upon next logon" is set in ADUC. > > However, in our environment (samba-4.4.4) keycloak simp...

On Fri, 2017-01-27 at 10:30 +0100, mj via samba wrote: > Hi, > > We are using keycloak with our samba-4.4.4 AD environment. (an ldaps  > client application) And a very interesting one at that. I'm glad to see someone has taken on some of the ADFS capability I hear folks ask for regularly. > Keycloak is able to ask users to change their passwords, when the  > checkbox...

> On 04/07/2020 21:12 la.jolie at paquerette <la.jolie at paquerette.org> wrote: > > > Hello, > > I'm trying to configure roundcube / dovecot to work with keycloak. > I activated xoauth2 oauthbearer in dovecot. > But a problem occurs when dovecot tries to contact the keycloak server > (logs are below). > > My problem looks like this one: > https://dovecot.org/pipermail/dovecot/2019-December/117768.html > The response to this problem was...

...gt; > > > > > > > > > > > I changed some of the tls options following the document, now config is following: > > > > > > > > > > > > > > > > > > > > > > > > tokeninfo_url = https://keycloak.com/auth/realms/mail/protocol/openid-connect/token > > > introspection_url = https://dovecot:7598e21b-ec34-481f-80d0-059bddae0923 at keycloak.com/auth/realms/demo/protocol/openid-connect/token/introspect > > > introspection_mode = post > > > debug = yes > > >...

Hello everyone, I received a somewhat strange and complicated demand today. The idea of the manager is to use samba as a domain server but the directory tree (authentication and authorization of users) is on an external SAML server using keycloak. The samba will pass only GPO. Is this possible? As far as I've seen samba works the version of Windows Active Directory as well, and I've used it a lot as a domain server authenticating and authorizing users in addition to group policies. Thank you all, Thiago

...: > > Hello everyone, > > I received a somewhat strange and complicated demand today. > > > > The idea of the manager is to use samba as a domain server but the > > directory tree (authentication and authorization of users) is on an > > external SAML server using keycloak. The samba will pass only GPO. > > > > Is this possible? > > > > As far as I've seen samba works the version of Windows Active > > Directory as > > well, and I've used it a lot as a domain server authenticating and > > authorizing users in addition...

...t;> I changed some of the tls options following the document, now config > is following: > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> tokeninfo_url = > https://keycloak.com/auth/realms/mail/protocol/openid-connect/token > >>>> introspection_url = > https://dovecot:7598e21b-ec34-481f-80d0-059bddae0923 at keycloak.com/auth/realms/demo/protocol/openid-connect/token/introspect > >>>> introspection_mode = post > >>>> debu...

Hai Louis, On 21-11-2016 14:33, L.P.H. van Belle via samba wrote: > I think you missing your ptr record in the reverse zone. > Or you missing the Krb5KeyTab variable in the apache setup. > > Test : > dig keycloak.company.com ( results in A ip. ) > dig -x ip_adres Correct, I had no reverse. But reading that page, I also discovered something else: <QUOTE> We next need to setup an SPN (Service Principal Names) for the server name that any website resolves to (so the actual server name that a...

Hi all, We'd like to enable OAuth with Keycloak in Dovecot, after enabling 'OAUTHBEARER XOAUTH2' in Dovecot based on online document, I can confirm Dovecot is ready for OAuth using openssl command, however when the auth request comes in, it failed in establishing a SSL connection with Keycloak server on port 443, shown as following in de...

...derson Santos via samba wrote: > Hello everyone, > I received a somewhat strange and complicated demand today. > > The idea of the manager is to use samba as a domain server but the > directory tree (authentication and authorization of users) is on an > external SAML server using keycloak. The samba will pass only GPO. > > Is this possible? > > As far as I've seen samba works the version of Windows Active > Directory as > well, and I've used it a lot as a domain server authenticating and > authorizing users in addition to group policies. > > Tha...