[keycloak-dev] Keycload Admin page Failed Executing GET /admin/serverinfo

Vlastimil Elias velias at redhat.com
Fri Feb 26 03:29:38 EST 2016 

What about configuring Loadbalancer to use sticky sessions?

Vlastimil

On 25.2.2016 16:10, Peter Krivansky wrote:
>
> Hello,
>
> I have a Keycloak cluster with two servers, in front of each Keaycloak 
> is Apache running.
>
> LB
>
> /\
>
>   Host A    Host B
>
> Now, Host-A and Host-B are in different subnets, due to this design we 
> are running jGroups via TCP.
>
> Now everything is working fine, except for the Keycloak Admin console, 
> once a user tries to log in, they get for a milisecond in to the Admin 
> console, but then they get redirected to the login page immediately.
>
> When I disable Host-A or Host-B on the Loadbalancer, (new sessions 
> will land only on Hst-A or Host-B) the Login to Keycloak Admin Console 
> will work normally.
>
> During the immediate redirection there is only this one WARNING in the 
> Server.log:
>
> 15:41:42,886 WARN [org.jboss.resteasy.core.ExceptionHandler] (default 
> task-10) Failed executing GET /admin/serverinfo: 
> org.jboss.resteasy.spi.UnauthorizedException: Bearer
>
>          at 
> org.keycloak.services.resources.admin.AdminRoot.authenticateRealmAdminRequest(AdminRoot.java:156)
>
>          at 
> org.keycloak.services.resources.admin.AdminRoot.getServerInfo(AdminRoot.java:209)
>
>          at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>
>          at 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>
>          at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>
>          at java.lang.reflect.Method.invoke(Method.java:498)
>
>          at 
> org.jboss.resteasy.core.ResourceLocatorInvoker.createResource(ResourceLocatorInvoker.java:81)
>
>          at 
> org.jboss.resteasy.core.ResourceLocatorInvoker.createResource(ResourceLocatorInvoker.java:60)
>
>          at 
> org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:102)
>
>          at 
> org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:356)
>
>          at 
> org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)
>
>          at 
> org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)
>
>          at 
> org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
>
>          at 
> org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
>
>          at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
>
>          at 
> io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:86)
>
>          at 
> io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:130)
>
>          at 
> org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:61)
>
>          at 
> io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)
>
>          at 
> io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132)
>
>          at 
> io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:85)
>
>          at 
> io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
>
>          at 
> io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
>
>          at 
> org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
>
>          at 
> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>
>          at 
> io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
>
>          at 
> io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
>
>          at 
> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>
>          at 
> io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
>
>          at 
> io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
>
>          at 
> io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58)
>
>          at 
> io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:72)
>
>          at 
> io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
>
>          at 
> io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76)
>
>          at 
> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>
>          at 
> org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
>
>          at 
> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>
>          at 
> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>
>          at 
> io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:282)
>
>          at 
> io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:261)
>
>          at 
> io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:80)
>
>          at 
> io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:172)
>
>          at 
> io.undertow.server.Connectors.executeRootHandler(Connectors.java:199)
>
>          at 
> io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:774)
>
>          at 
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
>
>          at 
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
>
>          at java.lang.Thread.run(Thread.java:745)
>
> I attached my domain.xml
>
> Have I missed something, or what did I wrong?
>
> With Kind regards Peter
>
>
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev

-- 
Vlastimil Elias
Principal Software Engineer
Developer Portal Engineering Team

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20160226/2434de2c/attachment-0001.html

More information about the keycloak-dev mailing list