Reputation: 93
Keycloak: Script Authenticator missing?
In our system we have so far been using Keycloak 3.4.3 and the Script Authenticator authentication provider functionality as part of the browser based authentication. Now, after upgrading to Keycloak 4.6.0.Final, we noticed that the option for Script Authenticator has disappeared from the list.
This functionality was still there in Keycloak 4.5.0.Final. Due to functionality that's been fixed in Keycloak 4.6.0.Final, we don't have the option to use 4.5.0.
We used the Script Authenticator -functionality to "whitelist" our users based on LDAP attributes. Now since the script option was removed, we're no longer able to use Keycloak.
Any ideas why the Script Authenticator has been removed? Or could it be that it has been moved to another place within the Keycloak admin console?
Just to add some details:
- There has not been any mention about removing this functionality in the Keycloak release notes
- Script authenticator is still mentioned in the Keycloak documentation for Keycloak 4.6.0
- There is also now an issue reported for this in Keycloak issue tracker KEYCLOAK-8872.
Upvotes: 9
Views: 10994
Answers (4)
Reputation: 535
For bitnami image, the env var should be KEYCLOAK_EXTRA_ARGS, instead of JAVA_OPTS_APPEND and also DO NOT ADD SINGLE/DOUBLE QUOTE around the argument! Here is a snippet in docker-compose.yaml
keycloak:
image: docker.io/bitnami/keycloak:16.1.0-debian-10-r0
environment:
- KEYCLOAK_EXTRA_ARGS=-Dkeycloak.profile.feature.scripts=enabled -Dkeycloak.profile.feature.upload_scripts=enabled -Dkeycloak.profile.feature.token_exchange=enabled -Dnashorn.args=--no-deprecation-warning
Upvotes: 0
Reputation: 2278
First of all thanks to the guys with the profile.feature solution.
Second, I wanted to add some input - if you use keycloak with docker you will need to run the container with the java_opts argument so you can do this:
-e JAVA_OPTS_APPEND="-Dkeycloak.profile.feature.scripts=enabled
-Dkeycloak.profile.feature.upload_scripts=enabled -server -Xms64m -Xmx512m
-XX:MetaspaceSize=96M -XX:MaxMetaspaceSize=256m -Djava.net.preferIPv4Stack=true
-Djboss.modules.system.pkgs=org.jboss.byteman -Djava.awt.headless=true"
Note that you will need also the other arguments like -server, -Xms64m, etc. (which you can adjust as it fits you).
Note: Starting with v16, v17 things may change as WildFly [JBoss] becomes deprecated (dev Roadmap 2021-2022).
Upvotes: 5
Reputation: 1917
you also need to enable upload_scripts as :
-Dkeycloak.profile.feature.scripts=enabled -Dkeycloak.profile.feature.upload_scripts=enabled
But this feature "upload_scripts" is deprecated since Keycloak 7.0.1.Final
For a best solution you have to use JavaScript Providers
Upvotes: 7
Reputation: 156
You can enable this feature by start the server with:
-Dkeycloak.profile.feature.scripts=enabled
or you can set this permanently in the profile.properties file (in configuration folder) by adding:
feature.scripts=enabled
Upvotes: 14
Related Questions
- Keycloak development instance: broken authentication configuration
- keycloak-js initialization failed because an ancestor violates the Content Security Policy directive: "frame-ancestors 'self'
- JS-based policy option missing in Keycloak?
- Keycloak : Client not found exception?
- Keycloak login ith chrome extension
- Keycloak Script base authenticator same error message on failure
- Keycloak authentication blocked by CORS
- Setting up Keycloak for authentication
- Keycloak login with API
- Error when keycloak.js is bundled with application but not otherwise