[keycloak-user] Issue on Direct Grant API

Marcelo Miura marcelo.miura at gdcommunity.co.uk
Tue Dec 5 07:44:54 EST 2017 

Actually that’s because it’s been running for one year and just now it started with the issues. Just trying to figure out what was the cause.
Could this keys / providers missing has something to do with the direct grant authentication flow issue? 


> On 5 Dec 2017, at 06:16, Stian Thorgersen <sthorger at redhat.com> wrote:
> 
> Are you actually using 2.4.0.CR1? That's old and unsupported, maybe you actually wanted to use 3.4.0.CR1? "hmac-generated" was added in 2.5.5.
> 
> On 4 December 2017 at 18:40, Marcelo Miura <marcelo.miura at gdcommunity.co.uk <mailto:marcelo.miura at gdcommunity.co.uk>> wrote:
> Thanks for your answers.
> 
> http://localhost:8080/auth/admin/master/console/#/server-info/providers <http://localhost:8080/auth/admin/master/console/#/server-info/providers>
> On keys I see the following:
> rsa
> java-keystore
> rsa-generated
> On the COMPONENT table of the keycloak db, I could see 2 records related to hmac-generated. I removed both in attempt to fix the problem (it’s happening on my dev server). On production I do not see those records and it's currently working fine.
> Then, I tried to created the provider rsa again, so the old provider appeared back. Then I deleted the providers that I created and the error related to the keys is not showing anymore.
> But I’m still facing the authentication issue by Direct Grant. 
> 
> On my local server I do not have this issue.
> Version used: 2.4.0.CR1
> 
> 
>> On 4 Dec 2017, at 14:34, Marek Posolda <mposolda at redhat.com <mailto:mposolda at redhat.com>> wrote:
>> 
>> Does this happen when you start latest Keycloak from clean state? Or did you migrate from some previous version?
>> 
>> Marek
>> 
>> On 04/12/17 14:57, Marcelo Miura wrote:
>>> Hi,
>>> 
>>> I’m using Direct Grant to authenticate with an admin user to be able to create new users into Keycloak and be able to reset user passwords.
>>> 
>>> But for some reason, the authentication is not working anymore. It’s returning that the user credentials are invalid, as follows:
>>> {
>>>     "error": "invalid_grant",
>>>     "error_description": "Invalid user credentials"
>>> }
>>> 
>>> But when logging in into the Admin Console, the credentials are working fine.
>>> 
>>> Keycloak log:
>>> 
>>> 2017-11-30 20:22:31,631 WARN  [org.keycloak.events] (default task-29) type=LOGIN_ERROR, realmId=master, clientId=admin, userId=null, ipAddress=xxx.xx.xx.xx error=invalid_user_credentials, auth_method=openid-connect, grant_type=password, client_auth_method=client-secret, username=admin
>>> 2017-11-30 20:22:31,631 WARN  [org.keycloak.services] (Brute Force Protector) KC-SERVICES0053: login failure for user <userid> from xxx.xx.xx.xx
>>> 
>>> *replaced some values as required by the client
>>> 
>>> Not sure if it’s related but on the last days when accessing the realm settings - keys, it was displaying an error: "Error! An unexpected server error has occurred” and the tabs Active and Providers didn’t show any keys.
>>> Keycloak log:
>>> 
>>> 2017-11-30 20:20:52,033 ERROR [org.keycloak.keys.DefaultKeyManager] (default task-24) Failed to load provider <provider id>: java.lang.NullPointerException
>>> 	at org.keycloak.keys.DefaultKeyManager.getProviders(DefaultKeyManager.java:133)
>>> 	at org.keycloak.keys.DefaultKeyManager.getPublicKey(DefaultKeyManager.java:70)
>>> 	at org.keycloak.services.managers.AuthenticationManager.verifyIdentityToken(AuthenticationManager.java:688)
>>> 	at org.keycloak.services.managers.AppAuthManager.authenticateBearerToken(AppAuthManager.java:64)
>>> 	at org.keycloak.services.resources.admin.AdminRoot.authenticateRealmAdminRequest(AdminRoot.java:175)
>>> 	at org.keycloak.services.resources.admin.AdminRoot.getRealmsAdmin(AdminRoot.java:209)
>>> 	at sun.reflect.GeneratedMethodAccessor371.invoke(Unknown Source)
>>> 	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>>> 	at java.lang.reflect.Method.invoke(Method.java:498)
>>> 	at org.jboss.resteasy.core.ResourceLocatorInvoker.createResource(ResourceLocatorInvoker.java:79)
>>> 	at org.jboss.resteasy.core.ResourceLocatorInvoker.createResource(ResourceLocatorInvoker.java:58)
>>> 	at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:100)
>>> 	at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:395)
>>> 	at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:202)
>>> 	at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:221)
>>> 	at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
>>> 	at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
>>> 	at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
>>> 	at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
>>> 	at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
>>> 	at org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:90)
>>> 	at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)
>>> 	at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
>>> 	at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
>>> 	at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
>>> 	at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
>>> 	at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
>>> 	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>>> 	at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
>>> 	at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
>>> 	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>>> 	at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
>>> 	at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
>>> 	at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
>>> 	at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
>>> 	at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
>>> 	at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
>>> 	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>>> 	at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
>>> 	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>>> 	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>>> 	at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:284)
>>> 	at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:263)
>>> 	at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
>>> 	at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:174)
>>> 	at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
>>> 	at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:793)
>>> 	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
>>> 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
>>> 	at java.lang.Thread.run(Thread.java:745)
>>> 
>>> 2017-11-30 20:20:52,038 ERROR [io.undertow.request] (default task-24) UT005023: Exception handling request to /auth/admin/realms/master/components: org.jboss.resteasy.spi.UnhandledException: java.lang.RuntimeException: java.lang.IllegalArgumentException: No such provider 'hmac-generated'
>>> 	at org.jboss.resteasy.core.ExceptionHandler.handleApplicationException(ExceptionHandler.java:76)
>>> 	at org.jboss.resteasy.core.ExceptionHandler.handleException(ExceptionHandler.java:212)
>>> 	at org.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:168)
>>> 	at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:411)
>>> 	at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:202)
>>> 	at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:221)
>>> 	at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
>>> 	at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
>>> 	at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
>>> 	at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
>>> 	at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
>>> 	at org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:90)
>>> 	at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)
>>> 	at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
>>> 	at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
>>> 	at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
>>> 	at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
>>> 	at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
>>> 	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>>> 	at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
>>> 	at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
>>> 	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>>> 	at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
>>> 	at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
>>> 	at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
>>> 	at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
>>> 	at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
>>> 	at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
>>> 	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>>> 	at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
>>> 	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>>> 	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>>> 	at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:284)
>>> 	at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:263)
>>> 	at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
>>> 	at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:174)
>>> 	at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
>>> 	at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:793)
>>> 	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
>>> 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
>>> 	at java.lang.Thread.run(Thread.java:745)
>>> Caused by: java.lang.RuntimeException: java.lang.IllegalArgumentException: No such provider 'hmac-generated'
>>> 	at org.keycloak.models.utils.ComponentUtil.getComponentConfigProperties(ComponentUtil.java:69)
>>> 	at org.keycloak.models.utils.ComponentUtil.getComponentConfigProperties(ComponentUtil.java:39)
>>> 	at org.keycloak.models.utils.StripSecretsUtils.strip(StripSecretsUtils.java:39)
>>> 	at org.keycloak.models.utils.ModelToRepresentation.toRepresentation(ModelToRepresentation.java:815)
>>> 	at org.keycloak.services.resources.admin.ComponentResource.getComponents(ComponentResource.java:118)
>>> 	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>> 	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>>> 	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>>> 	at java.lang.reflect.Method.invoke(Method.java:498)
>>> 	at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:139)
>>> 	at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:295)
>>> 	at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:249)
>>> 	at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:138)
>>> 	at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:107)
>>> 	at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:133)
>>> 	at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:107)
>>> 	at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:133)
>>> 	at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:101)
>>> 	at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:395)
>>> 	... 37 more
>>> Caused by: java.lang.IllegalArgumentException: No such provider 'hmac-generated'
>>> 	at org.keycloak.models.utils.ComponentUtil.getComponentFactory(ComponentUtil.java:81)
>>> 	at org.keycloak.models.utils.ComponentUtil.getComponentConfigProperties(ComponentUtil.java:56)
>>> 	... 55 more
>>> 
>>> 
>>> But when I check the keycloak database, seems that the key and provider are there.
>>> Any thoughts?
>>> 
>>> 
>>> 
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org>
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user <https://lists.jboss.org/mailman/listinfo/keycloak-user>
>> 
>> 
> 
>

More information about the keycloak-user mailing list