Skip to content

Instantly share code, notes, and snippets.

View thomasdarimont's full-sized avatar
🏠
Working from home

Thomas Darimont thomasdarimont

🏠
Working from home
1.1k followers · 834 following
View GitHub Profile
@thomasdarimont
thomasdarimont / docker-scan-output1.txt
Created May 9, 2022 21:04
Custom Keycloak.X Image docker scan output
$ docker scan thomasdarimont/custom-keycloakx:1.0.0-SNAPSHOT
Testing thomasdarimont/custom-keycloakx:1.0.0-SNAPSHOT...
Package manager: apk
Project name: docker-image|thomasdarimont/custom-keycloakx
Docker image: thomasdarimont/custom-keycloakx:1.0.0-SNAPSHOT
Platform: linux/amd64
Base image: alpine:3.15.4
@thomasdarimont
thomasdarimont / keycloak-18-custom-findings.txt
Last active May 8, 2022 21:02
CVEs reported in Keycloak Image quay.io/keycloak/keycloak:18.0.0 by aquasec/trivy
docker run --privileged --rm -v /home/tom/.trivy/cache:/root/.cache/ -v /var/run/docker.sock:/var/run/docker.sock:z aquasec/trivy:0.27.1 image thomasdarimont/custom-keycloakx:1.0.0-SNAPSHOT
docker run --privileged --rm -v /home/tom/.trivy/cache:/root/.cache/ -v /var/run/docker.sock:/var/run/docker.sock:z aquasec/trivy:0.27.1 image thomasdarimont/custom-keycloakx:1.0.0-SNAPSHOT
2022-05-07T11:40:04.324Z INFO Detected OS: redhat
2022-05-07T11:40:04.324Z INFO Detecting RHEL/CentOS vulnerabilities...
2022-05-07T11:40:04.356Z INFO Number of language-specific files: 1
2022-05-07T11:40:04.356Z INFO Detecting jar vulnerabilities...
thomasdarimont/custom-keycloakx:1.0.0-SNAPSHOT (redhat 8.5)
===========================================================
@thomasdarimont
thomasdarimont / Main.java
Created May 6, 2022 07:30
PoC for Quarkus Jar Patcher
package demo;
import io.quarkus.bootstrap.app.AdditionalDependency;
import io.quarkus.bootstrap.app.CuratedApplication;
import io.quarkus.bootstrap.app.QuarkusBootstrap;
import io.quarkus.bootstrap.model.AppArtifactKey;
import io.quarkus.bootstrap.model.AppModel;
import io.quarkus.bootstrap.model.ApplicationModel;
import io.quarkus.bootstrap.model.DefaultApplicationModel;
import io.quarkus.bootstrap.model.MutableJarApplicationModel;
@thomasdarimont
thomasdarimont / index.md
Last active April 28, 2022 09:14
Keycloak.X Dependencies (Keycloak 18 Snapshot) 
mvn  dependency:tree --also-make-dependents --projects quarkus/deployment,quarkus/dist,quarkus/runtime,quarkus/server

[INFO] Scanning for projects...
[WARNING] 
[WARNING] Some problems were encountered while building the effective model for org.keycloak:keycloak-model-map-jpa:jar:999-SNAPSHOT
[WARNING] 'dependencies.dependency.(groupId:artifactId:type:classifier)' must be unique: jakarta.persistence:jakarta.persistence-api:jar -> duplicate declaration of version (?) @ line 54, column 21
[WARNING]
@thomasdarimont
thomasdarimont / readme.md
Created April 25, 2022 12:09
Keycloak 18.0.0 with new admin console

docker run \
-it \
--rm
--name kcx
-e KEYCLOAK_ADMIN=admin
-e KEYCLOAK_ADMIN_PASSWORD=admin
-e KC_HTTP_RELATIVE_PATH=auth
-p 8080:8080
quay.io/keycloak/keycloak:18.0.0
start-dev

@thomasdarimont
thomasdarimont / readme.md
Created April 23, 2022 12:06
RESTler example 
docker run -it --rm  mcr.microsoft.com/restlerfuzzer/restler:v7.4.0 dotnet /RESTler/restler/Restler.dll

See also: microsoft/restler-fuzzer#371

@thomasdarimont
thomasdarimont / Dockerfile
Created April 8, 2022 10:58
Keycloak.X JGroups JDBC Ping
FROM quay.io/keycloak/keycloak:17.0.1 as builder
ENV KC_METRICS_ENABLED=true
ENV KC_FEATURES=preview
ENV KC_DB=postgres
ENV KC_HTTP_RELATIVE_PATH=/auth
# specify the custom cache config file here
ENV KC_CACHE_CONFIG_FILE=cache-ispn-jdbc-ping.xml
# copy the custom cache config file into the keycloak conf dir
@thomasdarimont
thomasdarimont / WebSecurityConfig.java
Last active March 31, 2022 17:03
Lazy OAuth2ClientRegistrationRepositoryConfiguration bootstrap without requiring an IdP to be available when application starts. On first request that requires authentication the app will initialize the ClientRegistrationRepository
package com.github.thomasdarimont.keycloak.webapp.config;
import com.github.thomasdarimont.keycloak.webapp.support.security.KeycloakLogoutHandler;
import lombok.RequiredArgsConstructor;
import org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientProperties;
import org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientPropertiesRegistrationAdapter;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.core.GrantedAuthority;
@thomasdarimont
thomasdarimont / SuperJump.java
Created March 21, 2022 13:57
Run skip overriden method of a Java class - just for fun
package demo;
import java.lang.invoke.MethodHandle;
import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodType;
import java.lang.reflect.Constructor;
// Run with --add-opens java.base/java.lang.invoke=ALL-UNNAMED
public class SuperJump {
@thomasdarimont
thomasdarimont / readme.md
Created February 14, 2022 21:10
tokens.ts userinfo.ts

tokens.ts

import AddressClaimSet from './addressClaimSet';
import AccessTokenAccess from './AccessTokenAccess';
import AccessTokenCertConf from './accessTokenCertConf';

export interface JsonWebToken {

    jti?: string;