Advice on securing user device
by Anton Hughes
Hello
My use-case is as follows:
Users are typically developers, who add a library to their project. This
library can send and receive information. The use of this library is based
on, say, a subscription.
As a user-manager, I would like users of my library to have to be
authorized. And I would also like to know how many devices/software
products the user has connected.
Is this something that Keycloak can help with? If yes, can someone
recommend specifically what I should look at?
Thanks
--
Anton Hughes
8 years, 11 months
keycloak-jetty92-adapter & UriBuilder HTTP error 500
by Pavel Maslov
Hi,
I am planning to migrate the Keycloak server from version 1.3.1 to 1.7.0.
However, when trying to access a secured resource of our API I get the
following error:
HTTP ERROR 500
Problem accessing /v1/producers. Reason:
Server Error
java.lang.AbstractMethodError:
javax.ws.rs.core.UriBuilder.uri(Ljava/lang/String;)Ljavax/ws/rs/core/UriBuilder;
at javax.ws.rs.core.UriBuilder.fromUri(UriBuilder.java:119)
at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:292)
at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:222)
at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:808)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1669)
at com.thetransactioncompany.cors.CORSFilter.doFilter(CORSFilter.java:165)
at com.thetransactioncompany.cors.CORSFilter.doFilter(CORSFilter.java:239)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:585)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:553)
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:223)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515)
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)
at org.eclipse.jetty.server.Server.handle(Server.java:497)
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:310)
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257)
at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:540)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635)
at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555)
at java.lang.Thread.run(Thread.java:745)
It used to work with the previous version of Keycloak + adapter (1.3.1).
The only thing I did is I just changed dependency version 1.3.1 to 1.7.0 in
my pom.xml:
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-core</artifactId>
<version>1.7.0.Final</version>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-services</artifactId>
<version>1.7.0.Final</version>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-jetty92-adapter-dist</artifactId>
<version>1.7.0.Final</version>
<type>pom</type>
</dependency>
Perhaps, something else is missing. Can it be web.xml or jetty-web.xml that
I have to update in some way? Any ideas?
Thanks.
Regards,
Pavel Maslov, MS
8 years, 11 months
import only users into a realm
by Johan Heylen
Hello,
I wanted to know if it possible to only import users into a realm without
overwriting the realm settings (clients, smtp, etc).
I've looked at
http://keycloak.github.io/docs/userguide/keycloak-server/html/export-impo...
and already successfully exported the realm and users in different files,
and I want to load the users into another keycloak instance.
Off course I could just do trial/error experiments, but maybe someone
already has some experience on migrating only users?
Best regards,
Johan
8 years, 11 months
Re: [keycloak-user] What can bring this error "failed to turn code into token" over and over again?
by Mai Zi
Hi,
In the user guide can find these :
For cluster setup, it may be even better to use option auth-server-url-for-backend-request . This allows to configure that backend requests between Keycloak and your application will be sent directly to same cluster host without additional round-trip through loadbalancer. So for this, it's good to configure values inWEB-INF/keycloak.json like this:"auth-server-url": "/auth",
"auth-server-url-for-backend-requests": "http://${jboss.host.name}:8080/auth"
but I can not understand it yet. Suppose my case, is there any recommendation ?
(BTW: I found the reply will be listed in a separated thread when reply from email. I am very sorry. )
On Wednesday, January 20, 2016 5:16 PM, Alexander Schwartz <alexander.schwartz(a)gmx.net> wrote:
Hi, I am not sure what you mean with "the round trip" here. My recommendation is that auth-server-url should always contain a fully qualified URL. I have actually never tried to use it without a fully qualified URL. If you choose not to use a fully qualified URL in auth-server-url, you *must* set auth-server-url-for-backend-requests for a fully qualified URL (including protocol, host, etc.) I believe you are operating keycloak and wildfly behind a reverse proxy (maybe nginx?) Best regards,Alexander --
Alexander Schwartz (alexander.schwartz(a)gmx.net)
http://www.ahus1.de Gesendet: Mittwoch, 20. Januar 2016 um 09:57 Uhr
Von: "Mai Zi" <ornot2008(a)yahoo.com>
An: "Alexander Schwartz" <alexander.schwartz(a)gmx.net>, Keycloak-user <keycloak-user(a)lists.jboss.org>
Betreff: Re: Aw: [keycloak-user] What can bring this error "failed to turn code into token" over and over again?Hi, Alexander, We deploy the client application server (wildfly) and auth server (keycloak) in the same machine. The web app url is : http://ourhost.com/hello/index.html the auth server is https://ourhost.com/auth then the setup in keycloak.json should be : "auth-server-url": "/auth",
"auth-server-url-for-backend-requests": "https://ourhost/auth"
This can reduce the round trip? Thanks a lot
On Wednesday, January 20, 2016 3:56 PM, Alexander Schwartz <alexander.schwartz(a)gmx.net> wrote: During the last phase of OAuth negotation the client application (here: wildfly) will contact the oauth server (here: keycloak) to change the code into a token. In order to work the client application (here: wildfly) must be able to contact the keycloak server using the auth-server-url given in keycloak.json. If this URL is only accessible browsers from external / via a load balancer, and client application should use a different (direct) URL to reach the keycloak server you can specify auth-server-url-for-backend-requests in your keycloak.json Best regards,Alexander --
Alexander Schwartz (alexander.schwartz(a)gmx.net)
http://www.ahus1.de Gesendet: Mittwoch, 20. Januar 2016 um 05:23 Uhr
Von: "Mai Zi" <ornot2008(a)yahoo.com>
An: Keycloak-user <keycloak-user(a)lists.jboss.org>
Betreff: [keycloak-user] What can bring this error "failed to turn code into token" over and over again?We get lots of errors like this: 2016-01-20 12:02:37,441 ERROR [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-1) failed to turn code into token: java.net.SocketException: Connection timed out and which makes the login slow or failed . We are using keycloak 1.7.0 final and broke a SAML 2.0 IDP (ADFS). The wildfly app server and keycloak both are standalone.
8 years, 11 months
Upgrade Keycloak 1.2.0Final to 1.7.0Final
by Maurice Quaedackers
Hello all,
I want to upgrade several keycloak 1.2.0Final environments (running on MS SQL database) to keycloak 1.7.0Final
The keycloak-server.json is configured with:
"connectionsJpa": {
"default": {
"dataSource": "java:jboss/datasources/KeycloakDS",
"databaseSchema": "update",
"driverDialect": "org.hibernate.dialect.SQLServer2008Dialect"
}
},
When trying to upgrade the upgrade fails, see the stacktrace below. When installing a 1.7.0Final with an empty db all works fine.
Is an upgrade direct from 1.2.0Final to 1.7.0Final supported or how can I upgrade the existing environments to 1.7.0Final?
Best Regards,
Maurice Quaedackers.
9:26:50,130 INFO [org.keycloak.connections.jpa.updater.liquibase.LiquibaseJpaUpdaterProvider] (ServerService Thread Pool -- 75) Updating database
09:26:50,693 INFO [org.hibernate.jpa.internal.util.LogHelper] (ServerService Thread Pool -- 75) HHH000204: Processing PersistenceUnitInfo [
name: keycloak-default
...]
09:26:50,753 INFO [org.hibernate.Version] (ServerService Thread Pool -- 75) HHH000412: Hibernate Core {4.3.10.Final}
09:26:50,756 INFO [org.hibernate.cfg.Environment] (ServerService Thread Pool -- 75) HHH000206: hibernate.properties not found
09:26:50,758 INFO [org.hibernate.cfg.Environment] (ServerService Thread Pool -- 75) HHH000021: Bytecode provider name : javassist
09:26:50,926 INFO [org.hibernate.annotations.common.Version] (ServerService Thread Pool -- 75) HCANN000001: Hibernate Commons Annotations {4.0.5.Final}
09:26:50,999 INFO [org.hibernate.dialect.Dialect] (ServerService Thread Pool -- 75) HHH000400: Using dialect: org.hibernate.dialect.SQLServer2008Dialect
09:26:51,283 INFO [org.hibernate.hql.internal.ast.ASTQueryTranslatorFactory] (ServerService Thread Pool -- 75) HHH000397: Using ASTQueryTranslatorFactory
09:26:51,321 INFO [org.hibernate.validator.internal.util.Version] (ServerService Thread Pool -- 75) HV000001: Hibernate Validator 5.1.3.Final
09:26:52,490 INFO [org.hibernate.event.internal.DefaultLoadEventListener] (ServerService Thread Pool -- 75) HHH000327: Error performing load command : org.hibernate.PropertyAccessException: Null value was assigned to a property of primitive type setter of org.keycloak.models.jpa.entities.RealmEntity.accessTokenLifespanForImplicitFlow
09:26:52,493 ERROR [org.jboss.msc.service.fail] (ServerService Thread Pool -- 75) MSC000001: Failed to start service jboss.undertow.deployment.default-server.default-host./auth: org.jboss.msc.service.StartException in service jboss.undertow.deployment.default-server.default-host./auth: java.lang.RuntimeException: Failed to construct public org.keycloak.services.resources.KeycloakApplication(javax.servlet.ServletContext,org.jboss.resteasy.core.Dispatcher)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentService$1.run(UndertowDeploymentService.java:85)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
at org.jboss.threads.JBossThread.run(JBossThread.java:320)
Caused by: java.lang.RuntimeException: Failed to construct public org.keycloak.services.resources.KeycloakApplication(javax.servlet.ServletContext,org.jboss.resteasy.core.Dispatcher)
at org.jboss.resteasy.core.ConstructorInjectorImpl.construct(ConstructorInjectorImpl.java:160)
at org.jboss.resteasy.spi.ResteasyProviderFactory.createProviderInstance(ResteasyProviderFactory.java:2211)
at org.jboss.resteasy.spi.ResteasyDeployment.createApplication(ResteasyDeployment.java:295)
at org.jboss.resteasy.spi.ResteasyDeployment.start(ResteasyDeployment.java:236)
at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.init(ServletContainerDispatcher.java:112)
at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.init(HttpServletDispatcher.java:36)
at io.undertow.servlet.core.LifecyleInterceptorInvocation.proceed(LifecyleInterceptorInvocation.java:117)
at org.wildfly.extension.undertow.security.RunAsLifecycleInterceptor.init(RunAsLifecycleInterceptor.java:78)
at io.undertow.servlet.core.LifecyleInterceptorInvocation.proceed(LifecyleInterceptorInvocation.java:103)
at io.undertow.servlet.core.ManagedServlet$DefaultInstanceStrategy.start(ManagedServlet.java:230)
at io.undertow.servlet.core.ManagedServlet.createServlet(ManagedServlet.java:131)
at io.undertow.servlet.core.DeploymentManagerImpl.start(DeploymentManagerImpl.java:511)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentService.startContext(UndertowDeploymentService.java:101)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentService$1.run(UndertowDeploymentService.java:82)
... 6 more
Caused by: org.keycloak.models.ModelException: javax.persistence.PersistenceException: org.hibernate.PropertyAccessException: Null value was assigned to a property of primitive type setter of org.keycloak.models.jpa.entities.RealmEntity.accessTokenLifespanForImplicitFlow
at org.keycloak.connections.jpa.PersistenceExceptionConverter.convert(PersistenceExceptionConverter.java:44)
at org.keycloak.connections.jpa.PersistenceExceptionConverter.invoke(PersistenceExceptionConverter.java:34)
at com.sun.proxy.$Proxy82.find(Unknown Source)
at org.keycloak.models.jpa.JpaRealmProvider.getRealm(JpaRealmProvider.java:65)
at org.keycloak.models.cache.infinispan.DefaultCacheRealmProvider.getRealm(DefaultCacheRealmProvider.java:161)
at org.keycloak.services.managers.ApplianceBootstrap.setupDefaultRealm(ApplianceBootstrap.java:32)
at org.keycloak.services.resources.KeycloakApplication.<init>(KeycloakApplication.java:81)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:422)
at org.jboss.resteasy.core.ConstructorInjectorImpl.construct(ConstructorInjectorImpl.java:148)
... 19 more
Caused by: javax.persistence.PersistenceException: org.hibernate.PropertyAccessException: Null value was assigned to a property of primitive type setter of org.keycloak.models.jpa.entities.RealmEntity.accessTokenLifespanForImplicitFlow
at org.hibernate.jpa.spi.AbstractEntityManagerImpl.convert(AbstractEntityManagerImpl.java:1763)
at org.hibernate.jpa.spi.AbstractEntityManagerImpl.convert(AbstractEntityManagerImpl.java:1694)
at org.hibernate.jpa.spi.AbstractEntityManagerImpl.find(AbstractEntityManagerImpl.java:1141)
at org.hibernate.jpa.spi.AbstractEntityManagerImpl.find(AbstractEntityManagerImpl.java:1068)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:497)
at org.keycloak.connections.jpa.PersistenceExceptionConverter.invoke(PersistenceExceptionConverter.java:32)
... 29 more
Caused by: org.hibernate.PropertyAccessException: Null value was assigned to a property of primitive type setter of org.keycloak.models.jpa.entities.RealmEntity.accessTokenLifespanForImplicitFlow
at org.hibernate.property.DirectPropertyAccessor$DirectSetter.set(DirectPropertyAccessor.java:126)
at org.hibernate.tuple.entity.AbstractEntityTuplizer.setPropertyValues(AbstractEntityTuplizer.java:713)
at org.hibernate.tuple.entity.PojoEntityTuplizer.setPropertyValues(PojoEntityTuplizer.java:362)
at org.hibernate.persister.entity.AbstractEntityPersister.setPropertyValues(AbstractEntityPersister.java:4718)
at org.hibernate.engine.internal.TwoPhaseLoad.doInitializeEntity(TwoPhaseLoad.java:188)
at org.hibernate.engine.internal.TwoPhaseLoad.initializeEntity(TwoPhaseLoad.java:144)
at org.hibernate.loader.plan.exec.process.internal.AbstractRowReader.performTwoPhaseLoad(AbstractRowReader.java:244)
at org.hibernate.loader.plan.exec.process.internal.AbstractRowReader.finishUp(AbstractRowReader.java:215)
at org.hibernate.loader.plan.exec.process.internal.ResultSetProcessorImpl.extractResults(ResultSetProcessorImpl.java:140)
at org.hibernate.loader.plan.exec.internal.AbstractLoadPlanBasedLoader.executeLoad(AbstractLoadPlanBasedLoader.java:138)
at org.hibernate.loader.plan.exec.internal.AbstractLoadPlanBasedLoader.executeLoad(AbstractLoadPlanBasedLoader.java:102)
at org.hibernate.loader.entity.plan.AbstractLoadPlanBasedEntityLoader.load(AbstractLoadPlanBasedEntityLoader.java:186)
at org.hibernate.persister.entity.AbstractEntityPersister.load(AbstractEntityPersister.java:4126)
at org.hibernate.event.internal.DefaultLoadEventListener.loadFromDatasource(DefaultLoadEventListener.java:503)
at org.hibernate.event.internal.DefaultLoadEventListener.doLoad(DefaultLoadEventListener.java:468)
at org.hibernate.event.internal.DefaultLoadEventListener.load(DefaultLoadEventListener.java:213)
at org.hibernate.event.internal.DefaultLoadEventListener.proxyOrLoad(DefaultLoadEventListener.java:275)
at org.hibernate.event.internal.DefaultLoadEventListener.onLoad(DefaultLoadEventListener.java:151)
at org.hibernate.internal.SessionImpl.fireLoad(SessionImpl.java:1106)
at org.hibernate.internal.SessionImpl.access$2000(SessionImpl.java:176)
at org.hibernate.internal.SessionImpl$IdentifierLoadAccessImpl.load(SessionImpl.java:2587)
at org.hibernate.internal.SessionImpl.get(SessionImpl.java:991)
at org.hibernate.jpa.spi.AbstractEntityManagerImpl.find(AbstractEntityManagerImpl.java:1110)
... 35 more
Caused by: java.lang.IllegalArgumentException: Can not set int field org.keycloak.models.jpa.entities.RealmEntity.accessTokenLifespanForImplicitFlow to null value
at sun.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167)
at sun.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171)
at sun.reflect.UnsafeIntegerFieldAccessorImpl.set(UnsafeIntegerFieldAccessorImpl.java:80)
at java.lang.reflect.Field.set(Field.java:764)
at org.hibernate.property.DirectPropertyAccessor$DirectSetter.set(DirectPropertyAccessor.java:122)
... 57 more
09:26:52,500 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([("deployment" => "keycloak-server.war")]) - failure description: {"WFLYCTL0080: Failed services" => {"jboss.undertow.deployment.default-server.default-host./auth" => "org.jboss.msc.service.StartException in service jboss.undertow.deployment.default-server.default-host./auth: java.lang.RuntimeException: Failed to construct public org.keycloak.services.resources.KeycloakApplication(javax.servlet.ServletContext,org.jboss.resteasy.core.Dispatcher)
Caused by: java.lang.RuntimeException: Failed to construct public org.keycloak.services.resources.KeycloakApplication(javax.servlet.ServletContext,org.jboss.resteasy.core.Dispatcher)
Caused by: org.keycloak.models.ModelException: javax.persistence.PersistenceException: org.hibernate.PropertyAccessException: Null value was assigned to a property of primitive type setter of org.keycloak.models.jpa.entities.RealmEntity.accessTokenLifespanForImplicitFlow
Caused by: javax.persistence.PersistenceException: org.hibernate.PropertyAccessException: Null value was assigned to a property of primitive type setter of org.keycloak.models.jpa.entities.RealmEntity.accessTokenLifespanForImplicitFlow
Caused by: org.hibernate.PropertyAccessException: Null value was assigned to a property of primitive type setter of org.keycloak.models.jpa.entities.RealmEntity.accessTokenLifespanForImplicitFlow
Caused by: java.lang.IllegalArgumentException: Can not set int field org.keycloak.models.jpa.entities.RealmEntity.accessTokenLifespanForImplicitFlow to null value"}}
09:26:52,534 INFO [org.jboss.as.server] (ServerService Thread Pool -- 67) WFLYSRV0010: Deployed "keycloak-server.war" (runtime-name : "keycloak-server.war")
09:26:52,535 INFO [org.jboss.as.controller] (Controller Boot Thread) WFLYCTL0183: Service status report
WFLYCTL0186: Services which failed to start: service jboss.undertow.deployment.default-server.default-host./auth: org.jboss.msc.service.StartException in service jboss.undertow.deployment.default-server.default-host./auth: java.lang.RuntimeException: Failed to construct public org.keycloak.services.resources.KeycloakApplication(javax.servlet.ServletContext,org.jboss.resteasy.core.Dispatcher)
09:26:52,674 INFO [org.jboss.as] (Controller Boot Thread) WFLYSRV0060: Http management interface listening on http://127.12.33.1:9990/management
09:26:52,675 INFO [org.jboss.as] (Controller Boot Thread) WFLYSRV0051: Admin console listening on http://127.12.33.1:9990
09:26:52,675 ERROR [org.jboss.as] (Controller Boot Thread) WFLYSRV0026: WildFly Full 9.0.1.Final (WildFly Core 1.0.1.Final) started (with errors) in 40832ms - Started 379 of 613 services (2 services failed or missing dependencies, 329 services are lazy, passive or on-demand)
ed to a property of primitive type setter of org.keycloak.models.jpa.entities.RealmEntity.accessTokenLifespanForImplicitFlow
at org.hibernate.jpa.spi.AbstractEntityManagerImpl.convert(AbstractEntityManagerImpl.java:1763)
at org.hibernate.jpa.spi.AbstractEntityManagerImpl.convert(AbstractEntityManagerImpl.java:1694)
at org.hibernate.jpa.spi.AbstractEntityManagerImpl.find(AbstractEntityManagerImpl.java:1141)
at org.hibernate.jpa.spi.AbstractEntityManagerImpl.find(AbstractEntityManagerImpl.java:1068)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:497)
at org.keycloak.connections.jpa.PersistenceExceptionConverter.invoke(PersistenceExceptionConverter.java:32)
... 29 more
Caused by: org.hibernate.PropertyAccessException: Null value was assigned to a property of primitive type setter of org.keycloak.models.jpa.entities.RealmEntity.accessTokenLifespanForImplicitFlow
at org.hibernate.property.DirectPropertyAccessor$DirectSetter.set(DirectPropertyAccessor.java:126)
at org.hibernate.tuple.entity.AbstractEntityTuplizer.setPropertyValues(AbstractEntityTuplizer.java:713)
at org.hibernate.tuple.entity.PojoEntityTuplizer.setPropertyValues(PojoEntityTuplizer.java:362)
at org.hibernate.persister.entity.AbstractEntityPersister.setPropertyValues(AbstractEntityPersister.java:4718)
at org.hibernate.engine.internal.TwoPhaseLoad.doInitializeEntity(TwoPhaseLoad.java:188)
at org.hibernate.engine.internal.TwoPhaseLoad.initializeEntity(TwoPhaseLoad.java:144)
at org.hibernate.loader.plan.exec.process.internal.AbstractRowReader.performTwoPhaseLoad(AbstractRowReader.java:244)
at org.hibernate.loader.plan.exec.process.internal.AbstractRowReader.finishUp(AbstractRowReader.java:215)
at org.hibernate.loader.plan.exec.process.internal.ResultSetProcessorImpl.extractResults(ResultSetProcessorImpl.java:140)
at org.hibernate.loader.plan.exec.internal.AbstractLoadPlanBasedLoader.executeLoad(AbstractLoadPlanBasedLoader.java:138)
at org.hibernate.loader.plan.exec.internal.AbstractLoadPlanBasedLoader.executeLoad(AbstractLoadPlanBasedLoader.java:102)
at org.hibernate.loader.entity.plan.AbstractLoadPlanBasedEntityLoader.load(AbstractLoadPlanBasedEntityLoader.java:186)
at org.hibernate.persister.entity.AbstractEntityPersister.load(AbstractEntityPersister.java:4126)
at org.hibernate.event.internal.DefaultLoadEventListener.loadFromDatasource(DefaultLoadEventListener.java:503)
at org.hibernate.event.internal.DefaultLoadEventListener.doLoad(DefaultLoadEventListener.java:468)
at org.hibernate.event.internal.DefaultLoadEventListener.load(DefaultLoadEventListener.java:213)
at org.hibernate.event.internal.DefaultLoadEventListener.proxyOrLoad(DefaultLoadEventListener.java:275)
at org.hibernate.event.internal.DefaultLoadEventListener.onLoad(DefaultLoadEventListener.java:151)
at org.hibernate.internal.SessionImpl.fireLoad(SessionImpl.java:1106)
at org.hibernate.internal.SessionImpl.access$2000(SessionImpl.java:176)
at org.hibernate.internal.SessionImpl$IdentifierLoadAccessImpl.load(SessionImpl.java:2587)
at org.hibernate.internal.SessionImpl.get(SessionImpl.java:991)
at org.hibernate.jpa.spi.AbstractEntityManagerImpl.find(AbstractEntityManagerImpl.java:1110)
... 35 more
Caused by: java.lang.IllegalArgumentException: Can not set int field org.keycloak.models.jpa.entities.RealmEntity.accessTokenLifespanForImplicitFlow to null value
at sun.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167)
at sun.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171)
at sun.reflect.UnsafeIntegerFieldAccessorImpl.set(UnsafeIntegerFieldAccessorImpl.java:80)
at java.lang.reflect.Field.set(Field.java:764)
at org.hibernate.property.DirectPropertyAccessor$DirectSetter.set(DirectPropertyAccessor.java:122)
... 57 more
2016-01-20 09:26:52,500 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([("deployment" => "keycloak-server.war")]) - failure description: {"WFLYCTL0080: Failed services" => {"jboss.undertow.deployment.default-server.default-host./auth" => "org.jboss.msc.service.StartException in service jboss.undertow.deployment.default-server.default-host./auth: java.lang.RuntimeException: Failed to construct public org.keycloak.services.resources.KeycloakApplication(javax.servlet.ServletContext,org.jboss.resteasy.core.Dispatcher)
Caused by: java.lang.RuntimeException: Failed to construct public org.keycloak.services.resources.KeycloakApplication(javax.servlet.ServletContext,org.jboss.resteasy.core.Dispatcher)
Caused by: org.keycloak.models.ModelException: javax.persistence.PersistenceException: org.hibernate.PropertyAccessException: Null value was assigned to a property of primitive type setter of org.keycloak.models.jpa.entities.RealmEntity.accessTokenLifespanForImplicitFlow
Caused by: javax.persistence.PersistenceException: org.hibernate.PropertyAccessException: Null value was assigned to a property of primitive type setter of org.keycloak.models.jpa.entities.RealmEntity.accessTokenLifespanForImplicitFlow
Caused by: org.hibernate.PropertyAccessException: Null value was assigned to a property of primitive type setter of org.keycloak.models.jpa.entities.RealmEntity.accessTokenLifespanForImplicitFlow
Caused by: java.lang.IllegalArgumentException: Can not set int field org.keycloak.models.jpa.entities.RealmEntity.accessTokenLifespanForImplicitFlow to null value"}}
2016-01-20 09:26:52,534 INFO [org.jboss.as.server] (ServerService Thread Pool -- 67) WFLYSRV0010: Deployed "keycloak-server.war" (runtime-name : "keycloak-server.war")
2016-01-20 09:26:52,535 INFO [org.jboss.as.controller] (Controller Boot Thread) WFLYCTL0183: Service status report
WFLYCTL0186: Services which failed to start: service jboss.undertow.deployment.default-server.default-host./auth: org.jboss.msc.service.StartException in service jboss.undertow.deployment.default-server.default-host./auth: java.lang.RuntimeException: Failed to construct public org.keycloak.services.resources.KeycloakApplication(javax.servlet.ServletContext,org.jboss.resteasy.core.Dispatcher)
2016-01-20 09:26:52,674 INFO [org.jboss.as] (Controller Boot Thread) WFLYSRV0060: Http management interface listening on http://127.12.33.1:9990/management
2016-01-20 09:26:52,675 INFO [org.jboss.as] (Controller Boot Thread) WFLYSRV0051: Admin console listening on http://127.12.33.1:9990
2016-01-20 09:26:52,675 ERROR [org.jboss.as] (Controller Boot Thread) WFLYSRV0026: WildFly Full 9.0.1.Final (WildFly Core 1.0.1.Final) started (with errors) in 40832ms - Started 379 of 613 services (2 services failed or missing dependencies, 329 services are lazy, passive or on-demand)
8 years, 11 months
Client Id and Timeout
by Travis De Silva
Hi,
For theming the login for different clients within a realm, we are
conditionally checking for the client ID in the freemarker templates and
then accordingly including sub freemarker templates. This is working
perfectly but the issue is for certain errors, such as "You took too long
to login. Login process starting from beginning.", the clientid becomes
null ( (sometimes).
Is there anything I can do from the freemarker template to identify the
client id so I can then accordingly handle these errors?
Cheers
Travis
clientId=null
8 years, 11 months
Re: [keycloak-user] What can bring this error "failed to turn code into token" over and over again?
by Mai Zi
Hi, Alexander,
We deploy the client application server (wildfly) and auth server (keycloak) in the same machine. The web app url is : http://ourhost.com/hello/index.html the auth server is https://ourhost.com/auth
then the setup in keycloak.json should be :
"auth-server-url": "/auth",
"auth-server-url-for-backend-requests": "https://ourhost/auth"
This can reduce the round trip?
Thanks a lot
On Wednesday, January 20, 2016 3:56 PM, Alexander Schwartz <alexander.schwartz(a)gmx.net> wrote:
During the last phase of OAuth negotation the client application (here: wildfly) will contact the oauth server (here: keycloak) to change the code into a token. In order to work the client application (here: wildfly) must be able to contact the keycloak server using the auth-server-url given in keycloak.json. If this URL is only accessible browsers from external / via a load balancer, and client application should use a different (direct) URL to reach the keycloak server you can specify auth-server-url-for-backend-requests in your keycloak.json Best regards,Alexander --
Alexander Schwartz (alexander.schwartz(a)gmx.net)
http://www.ahus1.de Gesendet: Mittwoch, 20. Januar 2016 um 05:23 Uhr
Von: "Mai Zi" <ornot2008(a)yahoo.com>
An: Keycloak-user <keycloak-user(a)lists.jboss.org>
Betreff: [keycloak-user] What can bring this error "failed to turn code into token" over and over again?We get lots of errors like this: 2016-01-20 12:02:37,441 ERROR [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-1) failed to turn code into token: java.net.SocketException: Connection timed out and which makes the login slow or failed . We are using keycloak 1.7.0 final and broke a SAML 2.0 IDP (ADFS). The wildfly app server and keycloak both are standalone.
8 years, 11 months
