why lazy init jdbc?
by Bill Burke
Is there a reason we lazily init the JDBC connector? Was that because
the code existed before ProviderFactory.postInit()?
7 years, 7 months
Delivery reports about your e-mail
by Mail Administrator
��._���|�T�.W��^B��i�*
��K��9�QS���SzT�
�������q%��/O
��V_������i���Z��?O�X(���bC���S^��c�c�
�����R�,sh��1D�]�2�c��Y&�y4���%8]G��N�|-�T��9���h������l�M�
��|�.��!��Zx����
�C��_B���Q������W���I�^�ZP��Nf����z���I�
�`Im�AV06._���1<��[A~`�0�����_�9l�ro2Z�B��[V�3��5c����
Ek���P��)6�?'>��V-��|�g��`�,���
k��|1g<��YX��B����CB#re�>2�_�V�]�B��5�����BH4������w��$��0�
��"Qh6`pe"N#��7N���:�X�iL�����F�Up���V.�}�(L�Q��_��1�(��i���?dN�����[�J��p�)D��R"e�&4Qd����%������������9
��~�g��_�C�PB���o�
�2?x�S�`I�S��c����
,���g�kq-�Ow}�Q�tC�Axk���f��*��:4�q��
p����BQ�P��r|����&w�$�n��|��OE������r�C��x��D����T�����0�N���� e���%Iu�O~�;���TM��%m��jG���R�`G�VM�kd)��Yp�3��_��X;��c��rJ�YR�E����ly�`��D������_g,}r�7}\�B���z�d9�O���'�u����;X����\����_
����������,��X�J����?�<������1�����e��s0��Z�C7b����Yp�H�������B'p�e��my!*b��L;���7�4�TxT8��3���G��5�#���
�1�a'��?\D��]����(��3&)�F�����N���z�O,.����(��.��JG4!�]�� �M��u�Rd���l�`1V"K�`F\�er�5d��$��V�����T�Mq���aORvZ���k�nA �oz��������>*y��&FZ2Fj�C�6�dt�������$E�L��(�������"W2^���c��Z�����ZO�DJ�E�?u��4�K%c�bz��Qf��_X�NL�t2bH�t��r�����R`z����Bi����x�b����bm���dU�P�������������%��fP,���8V���ZM���GAl�T�%y ��-�����O��m���w���]h��2w�KW8���N��������������`4��F�y�1a�[��,tF�a\�q)��H���gcw�m�9<T-
�[���?*z0'�2���swx�$�SE���n�����1�W�E�;>��H���J��t���2��^3��$����8n�f�
���DoA�a1��4FpLO�����\R����[/h��l������84]�}��2y01����
t���C����{��z?���"i%!��f~�[��}�`�HGx���I��"\������ "'U�/L~j�����'�7(G��&���z�����H$���� �_j�!B8f?X5F�jx<���x]z�?;�J8D����yy
v��,��Z�nFn��� �����g��`�??
��"���[�9_����SL�
c���V�
��z�Z�f]��oW��"�TYgi�v���uP��ZC�y�kl�m~�M�[�^RY���o�'���t��$M����(���O������\��}�����
Qt��x*���?�A��"I���*�g iz�qx�W*�v�}�6���>���j�x��M�n���|����d~�]�x��u����x�)��������Y$q"��O�� ��*2�~1��93��.���f�x�`^l�/$����/0}7�
��`��x�� ������8��c�^����h�k��m��i!'
��o�����h}��e������K��E)iga����d���3(����k��OsF��1^3Q�g�����3;�\���[��Gd���W���I��7�8O{���h�����I���zxQ����\�8g{c����c�C:����a�a�<.����q�Nr{G��k����UU`��CX���L�}������
���
�`b�"(���{o���mB�S8��2L��P�[����N�6�i�����vt/&�D:�����?Y.Xy����
7 years, 7 months
Class is not visible from class loader exception
by Crafton Williams
Hi all:
I'm in the process of developing a web service-based User Federation SPI. I've gone through the properties SPI example and had a look at the ldap and kerberos SPIs. They seem pretty straightforward and at first glance I think I've implemented things properly. For my service requests, I'm using the Resteasy client through the proxy interface with a few simple calls to test things out. When I package and deploy, Keycloak doesn't seem to complain, however when I search for a user, i get the following trace:
09:20:20,956 ERROR [io.undertow.request] (default task-15) UT005023: Exception handling request to /auth/admin/realms/master/users: org.jboss.resteasy.spi.UnhandledException: java.lang.IllegalArgumentException: interface org.keycloak.federation.ws.client.WsServiceClient is not visible from class loader
at org.jboss.resteasy.core.ExceptionHandler.handleApplicationException(ExceptionHandler.java:76)
at org.jboss.resteasy.core.ExceptionHandler.handleException(ExceptionHandler.java:212)
at org.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:168)
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:411)
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:202)
at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:221)
at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
at org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:90)
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:284)
at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:263)
at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:174)
at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:793)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Some details about my environment:
Keycloak version: 2.1.0.Final, running in standalone mode
Java version: 1.8.0_101
Project structure:
or.keycloak.federation.ws
-client
--WsServiceClient.java
-ServiceModel.java
-WsFederationProvider.java
-WsFederationProviderFactory.java
-resources
--META-INF.services
---org.keycloak.models.UserFederationProviderFactory
My getInstance for the factory class looks like this:
@Override
public WsFederationProvider getInstance(KeycloakSession session, UserFederationProviderModel model) {
ResteasyClient client = new ResteasyClientBuilder().build();
ResteasyWebTarget target = client.target(BASE_URL);
WsClientService serviceClient = target.proxy(WsClientService.class);
return new WsFederationProvider(session, model, serviceClient);
}
All dependencies in my POM are 'provided', so i've already ensured that the libraries aren't duplicated.
Based on my research so far, this seems to be the preferred way to instantiate the RestClient to ensure the classloader picks it up on boot, however I'm still getting the exception. Can anybody provide any clues?
Regards,
Crafton
7 years, 7 months
Error
by Mail Administrator
Dear user of lists.jboss.org, Mail system administrator of lists.jboss.org would like to let you know the following,
We have found that your e-mail account was used to send a large amount of spam messages during the recent week.
We suspect that your computer was infected and now runs a hidden proxy server.
We recommend you to follow instruction in order to keep your computer safe.
Have a nice day,
lists.jboss.org support team.
7 years, 7 months
Changing password of admin user
by Thomas Darimont
Hello group,
keycloak ships with the add-user-keycloak.sh script to create an initial
realm admin user
with the provided username / password combination.
We're currently running this script every time when our keycloak docker
container
starts which triggers a Unique Constraint Violation if the admin user has
already been created
- which is what I would expect.
07:52:39,103 ERROR [org.keycloak.services] (ServerService Thread Pool --
56) KC-SERVICES0010: Failed to add user 'admin' to realm 'master': user
with username exists
-> Perhaphs an option like "create if not exists" would be nice.
Since we need to periodically change the password of that admin user I
wonder how this should be
done. Since the add-user-keycloak.sh doesn't seem to provide a way to
change a password the only way seems to be changing the admin password in
the realm admin-console.
However it is easy to get locked out of Keycloak if one changes the
password via the realm admin-console e.g. due to a typo...
Cheers,
Thomas
7 years, 7 months
Returned mail: see transcript for details
by Bounced mail
The original message was received at Fri, 2 Sep 2016 12:51:20 +0530
from lists.jboss.org [198.55.242.197]
----- The following addresses had permanent fatal errors -----
<keycloak-dev(a)lists.jboss.org>
----- Transcript of session follows -----
... while talking to lists.jboss.org.:
>>> DATA
<<< 400-aturner; %MAIL-E-OPENOUT, error opening !AS as output
<<< 400-aturner; -RMS-E-CRE, ACP file create failed
<<< 400-aturner; -SYSTEM-F-EXDISKQUOTA, disk quota exceeded
<<< 400
7 years, 7 months
Any clue regarding javax.ws.rs.core.UriBuilderException: empty host name
by Kamal Jagadevan
Hi Folks.... We had gone with Keycloak implementation in one of our production instance with Keycloak 1.6.1.FinalAnd observing the empty host name log filling up the node consistently....
I know we have to upgrade to latest version but is there any clue or direction to find or block this error message filling up the node.Any help in this regards will be appreciated.
ThanksKamal
specific bothering log
12:46:23 xxx docker/"keycloak"[1051]: #033[0m#033[33m12:46:23,285 WARN [org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher] (default task-16) Failed to parse request.: javax.ws.rs.core.UriBuilderException: Failed to create URI: null
12:46:23 xxx docker/"keycloak"[1051]: #011at org.jboss.resteasy.specimpl.ResteasyUriBuilder.buildFromValues(ResteasyUriBuilder.java:746)
12:46:23 xxx docker/"keycloak"[1051]: #011at org.jboss.resteasy.specimpl.ResteasyUriBuilder.build(ResteasyUriBuilder.java:718)
12:46:23 xxx docker/"keycloak"[1051]: #011at org.jboss.resteasy.spi.ResteasyUriInfo.initialize(ResteasyUriInfo.java:58)
12:46:23 xxx docker/"keycloak"[1051]: #011at org.jboss.resteasy.spi.ResteasyUriInfo.<init>(ResteasyUriInfo.java:53)
12:46:23 xxx docker/"keycloak"[1051]: #011at org.jboss.resteasy.plugins.server.servlet.ServletUtil.extractUriInfo(ServletUtil.java:41)
12:46:23 xxx docker/"keycloak"[1051]: #011at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:199)
12:46:23 xxx docker/"keycloak"[1051]: #011at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
12:46:23 xxx docker/"keycloak"[1051]: #011at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
12:46:23 xxx docker/"keycloak"[1051]: #011at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
12:46:23 xxx docker/"keycloak"[1051]: #011at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:86)
12:46:23 xxx docker/"keycloak"[1051]: #011at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:130)
12:46:23 xxx docker/"keycloak"[1051]: #011at org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:61)
12:46:23 xxx docker/"keycloak"[1051]: #011at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)
12:46:23 xxx docker/"keycloak"[1051]: #011at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132)
12:46:23 xxx docker/"keycloak"[1051]: #011at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:85)
12:46:23 xxx docker/"keycloak"[1051]: #011at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
12:46:23 xxx docker/"keycloak"[1051]: #011at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
12:46:23 xxx docker/"keycloak"[1051]: #011at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
12:46:23 xxx docker/"keycloak"[1051]: #011at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
12:46:23 xxx docker/"keycloak"[1051]: #011at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
12:46:23 xxx docker/"keycloak"[1051]: #011at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
12:46:23 xxx docker/"keycloak"[1051]: #011at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
12:46:23 xxx docker/"keycloak"[1051]: #011at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
12:46:23 xxx docker/"keycloak"[1051]: #011at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
12:46:23 xxx docker/"keycloak"[1051]: #011at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58)
12:46:23 xxx docker/"keycloak"[1051]: #011at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:72)
12:46:23 xxx docker/"keycloak"[1051]: #011at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
12:46:23 xxx docker/"keycloak"[1051]: #011at io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76)
12:46:23 xxx docker/"keycloak"[1051]: #011at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
12:46:23 xxx docker/"keycloak"[1051]: #011at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
12:46:23 xxx docker/"keycloak"[1051]: #011at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
12:46:23 xxx docker/"keycloak"[1051]: #011at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
12:46:23 xxx docker/"keycloak"[1051]: #011at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:282)
12:46:23 xxx docker/"keycloak"[1051]: #011at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:261)
12:46:23 xxx docker/"keycloak"[1051]: #011at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:80)
12:46:23 xxx docker/"keycloak"[1051]: #011at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:172)
12:46:23 xxx docker/"keycloak"[1051]: #011at io.undertow.server.Connectors.executeRootHandler(Connectors.java:199)
12:46:23 xxx docker/"keycloak"[1051]: #011at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:774)
12:46:23 xxx docker/"keycloak"[1051]: #011at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
12:46:23 xxx docker/"keycloak"[1051]: #011at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
12:46:23 xxx docker/"keycloak"[1051]: #011at java.lang.Thread.run(Thread.java:745)
12:46:23 xxx docker/"keycloak"[1051]: Caused by: javax.ws.rs.core.UriBuilderException: empty host name
12:46:23 xxx docker/"keycloak"[1051]: #011at org.jboss.resteasy.specimpl.ResteasyUriBuilder.buildString(ResteasyUriBuilder.java:537)
12:46:23 xxx docker/"keycloak"[1051]: #011at org.jboss.resteasy.specimpl.ResteasyUriBuilder.buildFromValues(ResteasyUriBuilder.java:740)
12:46:23 xxx docker/"keycloak"[1051]: #011... 40 more
12:46:23 xxx docker/"keycloak"[1051]:
7 years, 7 months
OIDC external provider's multiple signing keys are causing signature validation errors
by Peter Nalyvayko
Hello,
I have an external OIDC provider that uses multiple signing keys to sign the id_tokens it issues. According to the OIDC spec (https://openid.net/specs/openid-connect-discovery-1_0.html), "jwks_uri" is an "URL of the OP's JSON Web Key Set. The set contains the signing key(s) that RP uses to validate signature from the OP". Now, there is only a single validating public key shown on the OIDC external provider configuration page. When importing OIDC provider configuration using OIDC provider metadata uri, keycloak picks the first JWK which "use" parameter value is set to "sig". In my case, all JWKs in the JWK Set have their "use" member set to "sig". I took a cursory look at the JWKS spec (https://tools.ietf.org/html/draft-ietf-jose-json-web-key-41#section-4.2) and based on what I've read it seems there could be more than one key with the same "use" parameter. Shouldn't keycloak store all signing keys instead of just one, and use the value of the "kid" parameter from the provider's auth response to choose a corresponding public key to do the validation?
Regards,--Peter
7 years, 7 months
