External Username, Password, Email... dataset with Keycloak
by Reed Lewis
Hi,
We are examining KeyCloak (It looks like it can do what we want), but we have the need to have an external lookup of accounts who are not in KeyCloak in an external database which is accessible via a REST call. I know about federation, but would prefer to only check the external datasource if the user is not in KeyCloak, but from then on have all the data “live” in KeyCloak and never refer to the external datasource again once the account is “migrated” into KeyCloak.
Can this be done with some modification of federation?
We do not want to add the user accounts directly into KeyCloak as there are many more there than will ever be in KeyCloak.
Thank you,
Reed Lewis
7 years, 11 months
SSO amongst two realms
by Sarp Kaya
Hi,
I want to know whether it is possible to have SSO amongst two realms. Ie User 1 logins to an app1 that auths against realm1, then user 1 tries to use app2 which auths against realm2 which should work fine as user 1 logged into realm1 before and it should SSO into app2 fine.
If this is possible then what would be the setup like?
Kind Regards,
Sarp
8 years, 9 months
Assign Role Fails Just After Creating the Role
by Malmi Samarasinghe
Hi Everyone,
In my application we create retrieve and assign role subsequently and it
seems that even for a small load (2-3 threads) with realm cache enabled
option, assign realm role call fails due to role not exist error and 404 is
returned from keycloak.
With the realm cache disabled option the load works fine.
Please get back to me if you have any information on any other option we
can follow to get this issue sorted or on what action the realm cache will
be persisted to DB.
Regards,
Malmi
8 years, 10 months
Update account - login action tokens - how to make them persistent
by Edgar Vonk - Info.nl
Hi,
See if I understand this correctly: in the default set up of Keycloak sessions and temporary tokens are not persisted in the Keycloak database? So consider this scenario:
1/ login as admin to master realm
2/ go to Users - Credentials and send a ‘Update Password’ reset action email
3/ user receives an email with a link with a unique token to update his/her password in Keycloak
4/ Keycloak server is restarted for whatever reason
5/ the temporary ‘login action token’ no longer exists and the link from 3/ no longer works
Is this correct and expected behaviour?
And if so, can somebody maybe point us in the direction to solve this? I.e. by making sessions/tokens by persistent I guess.
cheers
Edgar
8 years, 10 months
Upgrade error - 1.8.0 to 1.8.1
by Darcy Welsh
Hi,
I successfully upgraded from 1.7.0 to 1.8.0, however, seeing the following error when attempting to upgrade from 1.8.0 to either 1.8.1 or 1.9.0:
22:45:48,803 ERROR [org.keycloak.services.resources.KeycloakApplication] (ServerService Thread Pool -- 51) Failed to migrate datamodel: java.lang.RuntimeException: Failed to update database
at org.keycloak.connections.jpa.updater.liquibase.LiquibaseJpaUpdaterProvider.update(LiquibaseJpaUpdaterProvider.java:87)
at org.keycloak.connections.jpa.DefaultJpaConnectionProviderFactory.lazyInit(DefaultJpaConnectionProviderFactory.java:153)
at org.keycloak.connections.jpa.DefaultJpaConnectionProviderFactory.create(DefaultJpaConnectionProviderFactory.java:42)
at org.keycloak.connections.jpa.DefaultJpaConnectionProviderFactory.create(DefaultJpaConnectionProviderFactory.java:30)
at org.keycloak.services.DefaultKeycloakSession.getProvider(DefaultKeycloakSession.java:103)
at org.keycloak.models.jpa.JpaRealmProviderFactory.create(JpaRealmProviderFactory.java:34)
at org.keycloak.models.jpa.JpaRealmProviderFactory.create(JpaRealmProviderFactory.java:16)
at org.keycloak.services.DefaultKeycloakSession.getProvider(DefaultKeycloakSession.java:103)
at org.keycloak.models.cache.infinispan.DefaultCacheRealmProvider.getDelegate(DefaultCacheRealmProvider.java:61)
at org.keycloak.models.cache.infinispan.DefaultCacheRealmProvider.getMigrationModel(DefaultCacheRealmProvider.java:43)
at org.keycloak.migration.MigrationModelManager.migrate(MigrationModelManager.java:21)
at org.keycloak.services.resources.KeycloakApplication.migrateModel(KeycloakApplication.java:139)
at org.keycloak.services.resources.KeycloakApplication.<init>(KeycloakApplication.java:82)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:408)
at org.jboss.resteasy.core.ConstructorInjectorImpl.construct(ConstructorInjectorImpl.java:150)
at org.jboss.resteasy.spi.ResteasyProviderFactory.createProviderInstance(ResteasyProviderFactory.java:2209)
at org.jboss.resteasy.spi.ResteasyDeployment.createApplication(ResteasyDeployment.java:299)
at org.jboss.resteasy.spi.ResteasyDeployment.start(ResteasyDeployment.java:240)
at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.init(ServletContainerDispatcher.java:113)
at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.init(HttpServletDispatcher.java:36)
at io.undertow.servlet.core.LifecyleInterceptorInvocation.proceed(LifecyleInterceptorInvocation.java:117)
at org.wildfly.extension.undertow.security.RunAsLifecycleInterceptor.init(RunAsLifecycleInterceptor.java:78)
at io.undertow.servlet.core.LifecyleInterceptorInvocation.proceed(LifecyleInterceptorInvocation.java:103)
at io.undertow.servlet.core.ManagedServlet$DefaultInstanceStrategy.start(ManagedServlet.java:231)
at io.undertow.servlet.core.ManagedServlet.createServlet(ManagedServlet.java:132)
at io.undertow.servlet.core.DeploymentManagerImpl.start(DeploymentManagerImpl.java:526)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentService.startContext(UndertowDeploymentService.java:101)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentService$1.run(UndertowDeploymentService.java:82)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
at org.jboss.threads.JBossThread.run(JBossThread.java:320)
Caused by: liquibase.exception.DatabaseException: Incorrect database name '' [Failed SQL: CREATE TABLE ``.DATABASECHANGELOG (ID VARCHAR(255) NOT NULL, AUTHOR VARCHAR(255) NOT NULL, FILENAME VARCHAR(255) NOT NULL, DATEEXECUTED datetime NOT NULL, ORDEREXECUTED INT NOT NULL, EXECTYPE VARCHAR(10) NOT NULL, MD5SUM VARCHAR(35) NULL, DESCRIPTION VARCHAR(255) NULL, COMMENTS VARCHAR(255) NULL, TAG VARCHAR(255) NULL, LIQUIBASE VARCHAR(20) NULL, CONTEXTS VARCHAR(255) NULL, LABELS VARCHAR(255) NULL)]
at liquibase.executor.jvm.JdbcExecutor$ExecuteStatementCallback.doInStatement(JdbcExecutor.java:316)
at liquibase.executor.jvm.JdbcExecutor.execute(JdbcExecutor.java:55)
at liquibase.executor.jvm.JdbcExecutor.execute(JdbcExecutor.java:122)
at liquibase.executor.jvm.JdbcExecutor.execute(JdbcExecutor.java:112)
at liquibase.changelog.StandardChangeLogHistoryService.init(StandardChangeLogHistoryService.java:214)
at liquibase.Liquibase.checkLiquibaseTables(Liquibase.java:1074)
at liquibase.Liquibase.listUnrunChangeSets(Liquibase.java:1136)
at liquibase.Liquibase.listUnrunChangeSets(Liquibase.java:1126)
at liquibase.Liquibase.listUnrunChangeSets(Liquibase.java:1122)
at org.keycloak.connections.jpa.updater.liquibase.LiquibaseJpaUpdaterProvider.update(LiquibaseJpaUpdaterProvider.java:63)
... 36 more
Caused by: com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: Incorrect database name ''
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:408)
at com.mysql.jdbc.Util.handleNewInstance(Util.java:377)
at com.mysql.jdbc.Util.getInstance(Util.java:360)
at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:978)
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3887)
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3823)
at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:2435)
at com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:2582)
at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2526)
at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2484)
at com.mysql.jdbc.StatementImpl.execute(StatementImpl.java:848)
at com.mysql.jdbc.StatementImpl.execute(StatementImpl.java:742)
at org.jboss.jca.adapters.jdbc.WrappedStatement.execute(WrappedStatement.java:198)
at liquibase.executor.jvm.JdbcExecutor$ExecuteStatementCallback.doInStatement(JdbcExecutor.java:314)
... 45 more
Any ideas as to the potential cause/resolution?
The MySQL datasource is configured as follows:
<datasource jta="true" jndi-name="java:jboss/datasources/KeycloakDS" pool-name="KeycloakDS" enabled="true" use-java-context="true">
<connection-url>jdbc:mysql://localhost:3306/keycloak</connection-url>
<connection-property name="defaultFetchSize">
1000
</connection-property>
<driver>mysql</driver>
<pool>
<max-pool-size>20</max-pool-size>
</pool>
<security>
<user-name>keycloak</user-name>
<password>keycloakrocks!</password>
</security>
<timeout>
<set-tx-query-timeout>true</set-tx-query-timeout>
</timeout>
<statement>
<prepared-statement-cache-size>100</prepared-statement-cache-size>
<share-prepared-statements>true</share-prepared-statements>
</statement>
</datasource>
<drivers>
<driver name="mysql" module="com.mysql.jdbc">
<xa-datasource-class>com.mysql.jdbc.jdbc2.optional.MysqlXADataSource</xa-datasource-class>
<datasource-class>com.mysql.jdbc.jdbc2.optional.MysqlDataSource</datasource-class>
</driver>
.
.
.
</drivers>
Any help would be much appreciated.
Thank-you in advance,
Darcy Welsh
8 years, 10 months
Client Mappers. Can I define mappers programmatically?
by Reed Lewis
I have the need to define mappers programmatically instead of using fixed entries from user attributes. For example, I might want the following entries in my JWT:
xxx: {d1:{[V1:123, V2:345, V3:567]},d2:{[V1:321, V2:xyz, V3:876]}}
So I might have the following values in my attributes for the user:
Xxx.d1.v1 123
Xxx.d1.v2 345
Xxx.d1.v3 567
Xxx.d2.v1 321
Xxx.d2.v2 xyz
Xxx.d2.v3 876
But I might also have xxx.d3, xxx.d4, ….
Is there a way to have Keycloak generate a JWT with all of the entries? Can I write a plug in that does this?
Thank you,
Reed Lewis
8 years, 10 months
REST(MicroServices) authentication through SAML 2.0
by Siva
Hi Experts,
I've got scenario, seeking your valuable inputs to take this in right
direction.
My application is complete server side solution which has 6 different
modules and it expose only the REST(Microservices) end points(5 modules are
hosted in tomcat 8 container and 1 is hosted in Apache Karaf [OSGI bundle] )
to the external world ; which will be accessed by different enterprise and
they need to integrate their SAML 2.0 IDP for authentication.
These Microservices end points could be integrated with their existing
portals or could be integrated with their existing mobile app applications,
in some scenario's it could be an exclusive client application built to
consume our REST end points which could potentially be a browser based and
Mobile app.
The challenge here is, for now we could use only SAML 2.0 based
authentication since not all the organizations support OIDC/OAuth2.0 and as
well our application could be flexible enough to be integrated with the
existing client portals which uses SAML 2.0 authentication.
We are planning to use keycloak as IDP broker to secure our endpoints.
Questions :
1) Can this be achieved in keycloak? If yes, could you please provide
some inputs on architectural directions in keycloak; like should all the
modules need to be configured under 1 relam and need to have a separate
brokering relam?
2) Does keycloak support Apache karaf container? I couldn't find any
adapter for this under SAML adapter category.
3) For REST style endpoints, how should the user credential/Token
details need to shared? Any example links? kerberos is not a complete
solution here, since it need to work on all the devices(Desktop,Laptop &
handheld).
4) For the REST based solution, can the application completely rely on
keycloak for the session management, after the first time the user is
authenticated?
Any inputs on this will be highly valued.
Regards,
Siva.
8 years, 10 months
LDAP Query Failed - AD connection reset
by Adrian Matei
Hi everyone,
>From time to time we are experiencing the following error :
"LDAP Query Failed" (connection resets) for example by user registration,
but by the second try it usually works....
Connection to AD takes place via ldaps and keycloak (1.7.0.Final) running
on a JBoss EAP 6.4 with Java 8 installed.
The complete stacktrace from server.log:
08:47:05,029 ERROR [org.keycloak.services.resources.ModelExceptionMapper]
(http-/159.232.186.74:8443-7) LDAP Query failed:
org.keycloak.models.ModelException: LDAP Query failed
at
org.keycloak.federation.ldap.idm.query.internal.LDAPQuery.getResultList(LDAPQuery.java:153)
[keycloak-ldap-federation-1.7.0.Final.jar:1.7.0.Final]
at
org.keycloak.federation.ldap.idm.query.internal.LDAPQuery.getFirstResult(LDAPQuery.java:160)
[keycloak-ldap-federation-1.7.0.Final.jar:1.7.0.Final]
at
org.keycloak.federation.ldap.LDAPFederationProvider.loadLDAPUserByUsername(LDAPFederationProvider.java:440)
[keycloak-ldap-federation-1.7.0.Final.jar:1.7.0.Final]
at
org.keycloak.federation.ldap.LDAPFederationProvider.loadAndValidateUser(LDAPFederationProvider.java:230)
[keycloak-ldap-federation-1.7.0.Final.jar:1.7.0.Final]
at
org.keycloak.federation.ldap.LDAPFederationProvider.validateAndProxy(LDAPFederationProvider.java:89)
[keycloak-ldap-federation-1.7.0.Final.jar:1.7.0.Final]
at
org.keycloak.models.UserFederationManager.validateAndProxyUser(UserFederationManager.java:130)
[keycloak-model-api-1.7.0.Final.jar:1.7.0.Final]
at
org.keycloak.models.UserFederationManager.getUserById(UserFederationManager.java:163)
[keycloak-model-api-1.7.0.Final.jar:1.7.0.Final]
at
org.keycloak.models.sessions.infinispan.compat.UserSessionAdapter.getUser(UserSessionAdapter.java:62)
[keycloak-model-sessions-infinispan-1.7.0.Final.jar:1.7.0.Final]
at
org.keycloak.services.resources.LoginActionsService.initEvent(LoginActionsService.java:732)
[keycloak-services-1.7.0.Final.jar:1.7.0.Final]
at
org.keycloak.services.resources.LoginActionsService.processRequireAction(LoginActionsService.java:798)
[keycloak-services-1.7.0.Final.jar:1.7.0.Final]
at
org.keycloak.services.resources.LoginActionsService.requiredActionPOST(LoginActionsService.java:750)
[keycloak-services-1.7.0.Final.jar:1.7.0.Final]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
[rt.jar:1.8.0_66]
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
[rt.jar:1.8.0_66]
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
[rt.jar:1.8.0_66]
at java.lang.reflect.Method.invoke(Method.java:497) [rt.jar:1.8.0_66]
at
org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:168)
[resteasy-jaxrs-2.3.12.Final-redhat-1.jar:]
at
org.jboss.resteasy.core.ResourceMethod.invokeOnTarget(ResourceMethod.java:269)
[resteasy-jaxrs-2.3.12.Final-redhat-1.jar:]
at org.jboss.resteasy.core.ResourceMethod.invoke(ResourceMethod.java:227)
[resteasy-jaxrs-2.3.12.Final-redhat-1.jar:]
at
org.jboss.resteasy.core.ResourceLocator.invokeOnTargetObject(ResourceLocator.java:158)
[resteasy-jaxrs-2.3.12.Final-redhat-1.jar:]
at org.jboss.resteasy.core.ResourceLocator.invoke(ResourceLocator.java:91)
[resteasy-jaxrs-2.3.12.Final-redhat-1.jar:]
at
org.jboss.resteasy.core.SynchronousDispatcher.getResponse(SynchronousDispatcher.java:561)
[resteasy-jaxrs-2.3.12.Final-redhat-1.jar:]
at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:543)
[resteasy-jaxrs-2.3.12.Final-redhat-1.jar:]
at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:128)
[resteasy-jaxrs-2.3.12.Final-redhat-1.jar:]
at
org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:208)
[resteasy-jaxrs-2.3.12.Final-redhat-1.jar:]
at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:55)
[resteasy-jaxrs-2.3.12.Final-redhat-1.jar:]
at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:50)
[resteasy-jaxrs-2.3.12.Final-redhat-1.jar:]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
[jboss-servlet-api_3.0_spec-1.0.2.Final-redhat-2.jar:1.0.2.Final-redhat-2]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:295)
[jbossweb-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214)
[jbossweb-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
at
org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:61)
[keycloak-services-1.7.0.Final.jar:1.7.0.Final]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:246)
[jbossweb-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214)
[jbossweb-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:231)
[jbossweb-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:149)
[jbossweb-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
at
org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:169)
[jboss-as-web-7.5.5.Final-redhat-3.jar:7.5.5.Final-redhat-3]
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:150)
[jbossweb-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:97)
[jbossweb-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:102)
[jbossweb-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:344)
[jbossweb-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:854)
[jbossweb-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:653)
[jbossweb-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:926)
[jbossweb-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_66]
Caused by: org.keycloak.models.ModelException: Querying of LDAP failed
org.keycloak.federation.ldap.idm.query.internal.LDAPQuery@7434dc3b
at
org.keycloak.federation.ldap.idm.store.ldap.LDAPIdentityStore.fetchQueryResults(LDAPIdentityStore.java:158)
[keycloak-ldap-federation-1.7.0.Final.jar:1.7.0.Final]
at
org.keycloak.federation.ldap.idm.query.internal.LDAPQuery.getResultList(LDAPQuery.java:149)
[keycloak-ldap-federation-1.7.0.Final.jar:1.7.0.Final]
... 42 more
Caused by: javax.naming.CommunicationException: simple bind failed:
ldaps.AD_hostname:636 [Root exception is java.net.SocketException:
Connection reset]
at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:219)
[rt.jar:1.8.0_66]
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2788) [rt.jar:1.8.0_66]
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319) [rt.jar:1.8.0_66]
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192)
[rt.jar:1.8.0_66]
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)
[rt.jar:1.8.0_66]
at
com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153)
[rt.jar:1.8.0_66]
at
com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83)
[rt.jar:1.8.0_66]
at
org.jboss.as.naming.InitialContext.getDefaultInitCtx(InitialContext.java:122)
at org.jboss.as.naming.InitialContext.init(InitialContext.java:107)
at
javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
[rt.jar:1.8.0_66]
at org.jboss.as.naming.InitialContext.<init>(InitialContext.java:98)
at
org.jboss.as.naming.InitialContextFactory.getInitialContext(InitialContextFactory.java:44)
at
javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
[rt.jar:1.8.0_66]
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)
[rt.jar:1.8.0_66]
at javax.naming.InitialContext.init(InitialContext.java:244)
[rt.jar:1.8.0_66]
at
javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
[rt.jar:1.8.0_66]
at
org.keycloak.federation.ldap.idm.store.ldap.LDAPOperationManager.createLdapContext(LDAPOperationManager.java:453)
[keycloak-ldap-federation-1.7.0.Final.jar:1.7.0.Final]
at
org.keycloak.federation.ldap.idm.store.ldap.LDAPOperationManager.execute(LDAPOperationManager.java:518)
[keycloak-ldap-federation-1.7.0.Final.jar:1.7.0.Final]
at
org.keycloak.federation.ldap.idm.store.ldap.LDAPOperationManager.search(LDAPOperationManager.java:148)
[keycloak-ldap-federation-1.7.0.Final.jar:1.7.0.Final]
at
org.keycloak.federation.ldap.idm.store.ldap.LDAPIdentityStore.fetchQueryResults(LDAPIdentityStore.java:149)
[keycloak-ldap-federation-1.7.0.Final.jar:1.7.0.Final]
... 43 more
Caused by: java.net.SocketException: Connection reset
at java.net.SocketInputStream.read(SocketInputStream.java:209)
[rt.jar:1.8.0_66]
at java.net.SocketInputStream.read(SocketInputStream.java:141)
[rt.jar:1.8.0_66]
at sun.security.ssl.InputRecord.readFully(InputRecord.java:465)
[jsse.jar:1.8.0_66]
at sun.security.ssl.InputRecord.read(InputRecord.java:503)
[jsse.jar:1.8.0_66]
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:973)
[jsse.jar:1.8.0_66]
at
sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
[jsse.jar:1.8.0_66]
at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:747)
[jsse.jar:1.8.0_66]
at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123)
[jsse.jar:1.8.0_66]
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
[rt.jar:1.8.0_66]
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)
[rt.jar:1.8.0_66]
at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:426)
[rt.jar:1.8.0_66]
at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:399)
[rt.jar:1.8.0_66]
at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:359)
[rt.jar:1.8.0_66]
at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:214)
[rt.jar:1.8.0_66]
... 62 more
Anybody else experienced and fixed this?
Thanks,
Adrian
8 years, 10 months