Re: [keycloak-user] Different theme for each client
by Stian Thorgersen
[Added the list back]
To reply to everyone just do "reply all" and it should include the list.
On 17 January 2018 at 10:29, <eric.kapitza(a)web.de> wrote:
> Hello Stian, Hello Marek,
>
> I really love that you want to developt this feature! :)
>
> I think it's good if you can set the theme per client, with a fallback to
> the default theme. This is probably what most people need when they look
> for this feature.
>
> Btw how do I correctly reply to somebody like you did, so everyone will
> get the new message? Must I just send a new mail to the email list with the
> same title?
>
> One other question, maybe you know it, do you think it is right now
> technically possible to use keycloak login page within an IFrame in our
> application with JS-Adapter?
>
> Eric
> *Gesendet:* Mittwoch, 17. Januar 2018 um 09:38 Uhr
> *Von:* "Stian Thorgersen" <sthorger(a)redhat.com>
> *An:* "Marek Posolda" <mposolda(a)redhat.com>
> *Cc:* keycloak-user <keycloak-user(a)lists.jboss.org>
> *Betreff:* Re: [keycloak-user] Different theme for each client
> On 17 January 2018 at 09:35, Marek Posolda <mposolda(a)redhat.com> wrote:
>
> > On 17/01/18 09:03, Stian Thorgersen wrote:
> >
> > Added a public ThemeSelectorSPI [1] that allows adding custom logic for
> > selecting what theme to use. The default implementation is very simple at
> > the moment [2]. It simply looks for the realm setting and fallbacks to
> the
> > default if not set.
> >
> > Changing the selector is a global thing and there is no mechanism to
> > configure a separate selector for a realm. That's something we could
> > consider adding later if needed.
> >
> > The question is should we provide the ability to set the theme per-client
> > or is that actually quite cumbersome to use? There could be hundreds of
> > clients.
> >
> > I think that yes. It can be cumbersome, but this applies for many
> > client-specific settings. For example you may have some custom
> > protocolMapper, which you want to use for more clients and then you also
> > need to edit protocolMappers in all clients to add this custom
> > protocolMapper.
> >
> > We can also support theme per clientTemplate, so if client doesn't have
> > theme set, it can try the theme from clientTemplate and fallback to realm
> > and finally to default if nothing is set.
> >
>
> OK. I guess implementation should be pretty straightforward as both clients
> and client templates have attributes.
>
>
> >
> >
> > Marek
> >
> >
> > [1] https://github.com/stianst/keycloak/tree/KEYCLOAK-6289
> > [2] https://github.com/stianst/keycloak/blob/KEYCLOAK-6289/services/src/
> > main/java/org/keycloak/theme/DefaultThemeSelectorProvider.java#L17
> >
> > On 17 January 2018 at 08:54, Marek Posolda <mposolda(a)redhat.com> wrote:
> >
> >> +1 to handle on the client. Seems to be better than handle in the theme
> >> itself.
> >>
> >> Marek
> >>
> >>
> >> On 17/01/18 08:19, Stian Thorgersen wrote:
> >>
> >>> I've started work on this as I needed a simple dev task to wake up ;)
> >>>
> >>> https://issues.jboss.org/browse/KEYCLOAK-3370
> >>>
> >>> On 16 January 2018 at 17:06, Josh Cain <jcain(a)redhat.com> wrote:
> >>>
> >>> +1 for that solution, would make some of what we're looking to do in
> the
> >>>> near future *way* cleaner!
> >>>>
> >>>> Josh Cain
> >>>> Senior Software Applications Engineer, RHCE
> >>>> Red Hat North America
> >>>> jcain(a)redhat.com IRC: jcain
> >>>>
> >>>> On 01/16/2018 08:54 AM, Stian Thorgersen wrote:
> >>>>
> >>>>> It makes sense to add two options:
> >>>>>
> >>>>> 1. Expose client attributes to theme. That would allow setting an
> >>>>>
> >>>> attribute
> >>>>
> >>>>> on a specific client or a client template to then have some
> conditions
> >>>>> to
> >>>>> provide variants within a theme.
> >>>>> 2. Allow overriding theme in client and client template. No need to
> add
> >>>>> something additional to themes as they can already be extended. We
> >>>>> simply
> >>>>> need to allow users to specify a different theme. In this case we may
> >>>>>
> >>>> also
> >>>>
> >>>>> want to add a ThemeSelectorSPI that would allow some custom logic to
> >>>>>
> >>>> select
> >>>>
> >>>>> the theme (could be based on headers for instance in the case of a
> >>>>> mobile
> >>>>> theme).
> >>>>>
> >>>>> On 16 January 2018 at 14:09, Marek Posolda <mposolda(a)redhat.com>
> >>>>> wrote:
> >>>>>
> >>>>> We can probably do some builtin support for clients into the themes
> >>>>>> itself. Doing it properly may take few days. Depends if we want to
> >>>>>> support that. AFAIR Stian didn't like that, but to me it makes sense
> >>>>>> that some people want different look&feel based on client.
> >>>>>>
> >>>>>> For example template file can be lookup from the directory with the
> >>>>>> clientId (EG. theme/my-theme/login/customer-portal/login.ftl ). If
> it
> >>>>>> doesn't exists, then fallback to the current location without
> >>>>>> "clientId"
> >>>>>> directory. Maybe something similar would be needed for the CSS files
> >>>>>> and
> >>>>>> other resources.
> >>>>>>
> >>>>>> But for some very basic cases, people can probably already handle it
> >>>>>> by
> >>>>>> add some "if" into the freemarker template itself and use different
> >>>>>> CSS
> >>>>>> styles based on the client or something like this.
> >>>>>>
> >>>>>> Marek
> >>>>>>
> >>>>>>
> >>>>>> On 16/01/18 00:09, Bill Burke wrote:
> >>>>>>
> >>>>>>> I wonder how hard it would be to implement?
> >>>>>>>
> >>>>>>> On Mon, Jan 15, 2018 at 3:22 PM, Marek Posolda <
> mposolda(a)redhat.com>
> >>>>>>>
> >>>>>> wrote:
> >>>>>>
> >>>>>>> I think that Freemarker theme (at least login theme) has access to
> >>>>>>>> ClientBean through the "client" expression . So it's likely
> already
> >>>>>>>> possible to do some hacking in the template itself and provide
> >>>>>>>>
> >>>>>>> different
> >>>>
> >>>>> CSS according to the client used. Not very nice, but likely should be
> >>>>>>>> somehow possible.
> >>>>>>>>
> >>>>>>>> Marek
> >>>>>>>>
> >>>>>>>> On 15/01/18 18:26, Josh Cain wrote:
> >>>>>>>>
> >>>>>>>>> Was originally discussed here:
> >>>>>>>>> http://lists.jboss.org/pipermail/keycloak-user/2016-
> >>>>>>>>>
> >>>>>>>> January/004288.html
> >>>>>>
> >>>>>>> And I asked the same question again here:
> >>>>>>>>> http://lists.jboss.org/pipermail/keycloak-user/2016-July/007
> >>>>>>>>> 052.html
> >>>>>>>>>
> >>>>>>>>> But feel free to keep bumping. It's a feature I'd like to see
> >>>>>>>>> anyway
> >>>>>>>>>
> >>>>>>>> ;-)
> >>>>>>
> >>>>>>> Josh Cain
> >>>>>>>>> Senior Software Applications Engineer, RHCE
> >>>>>>>>> Red Hat North America
> >>>>>>>>> jcain(a)redhat.com IRC: jcain
> >>>>>>>>>
> >>>>>>>>> On 01/15/2018 06:10 AM, eric.kapitza(a)web.de wrote:
> >>>>>>>>>
> >>>>>>>>>> _______________________________________________
> >>>>>>>>>> keycloak-user mailing list
> >>>>>>>>>> keycloak-user(a)lists.jboss.org
> >>>>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
> >>>>>>>>>>
> >>>>>>>>>> _______________________________________________
> >>>>>>>>> keycloak-user mailing list
> >>>>>>>>> keycloak-user(a)lists.jboss.org
> >>>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
> >>>>>>>>>
> >>>>>>>> _______________________________________________
> >>>>>>>> keycloak-user mailing list
> >>>>>>>> keycloak-user(a)lists.jboss.org
> >>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
> >>>>>>>>
> >>>>>>>
> >>>>>>> _______________________________________________
> >>>>>> keycloak-user mailing list
> >>>>>> keycloak-user(a)lists.jboss.org
> >>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
> >>>>>>
> >>>>>> _______________________________________________
> >>>>> keycloak-user mailing list
> >>>>> keycloak-user(a)lists.jboss.org
> >>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
> >>>>>
> >>>>>
> >>>> _______________________________________________
> >>>> keycloak-user mailing list
> >>>> keycloak-user(a)lists.jboss.org
> >>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
> >>>>
> >>>> _______________________________________________
> >>> keycloak-user mailing list
> >>> keycloak-user(a)lists.jboss.org
> >>> https://lists.jboss.org/mailman/listinfo/keycloak-user
> >>>
> >>
> >>
> >>
> >
> >
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
6 years, 11 months
Re: [keycloak-user] [keycloak-dev] Keycloak support
by Stian Thorgersen
http://www.keycloak.org/support.html ;)
On 18 January 2018 at 01:00, Kalidindi, Sai Soma Kala <
sai-soma-kala.kalidindi(a)microfocus.com> wrote:
> Hi,
>
> We are having an issue where we see some of the entries getting deleted
> from user_entity table when we start our keycloak. After days of debugging
> we don't know why this is happening. We are planning to buy commercial
> support for this issue. Looks like only the Red hat versions of keycloak
> has commercial support. We are using open source verison 1.9.8. Can someone
> point me in right direction on where we can get commercial support for open
> source versions.
>
> Thanks,
> Sai.
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
6 years, 11 months
Diagnosing SAMLv2 Identity Provider
by Michael Poettgen
I've got a 3.4.3 Keycloak server deployed in a Docker environment and I am having some trouble setting up attribute mapping for an external SAML v2 Identity Provider. I'm not sure what exactly the external Identity Provider is sending so I was wondering whether there is an easy way to diagnose the SAML assertions that we are getting from them. However I couldn't find any details in the Events section.
Thanks,
Michael
This message may contain confidential information. If you are not the intended recipient, do not disseminate, distribute, or copy this e-mail or its attachments. Please notify the sender of the error immediately by e-mail or at the telephone number listed below, and delete this e-mail and any attachments from your system. Receipt by anyone other than the intended recipient(s) is not a waiver of any trade secrets, proprietary interests, or other applicable rights. E-mail transmission is not necessarily secure or error-free, as information could be intercepted, corrupted, lost, destroyed, delayed, incomplete, or may contain viruses. The sender disclaims all liability for any errors or omissions arising as a result of the e-mail transmission.
OEConnection LLC, (888) 776-5792, www.oeconnection.com
6 years, 11 months
Timeout during import
by Knurr, Michael
When importing realm data from json, the import with default settings will run into a timeout after exactly 5 minutes.
Following the guide on https://mirocupak.com/enabling-long-deployments-on-wildfly/, I set the jboss.as.management.blocking.timeout and deployment-scanner deployment-timeout to 900 seconds. Now the process does not run into a timeout any longer. However after 5 minutes the process shows a huge number of warnings like these
10:47:24,804 WARN [com.arjuna.ats.arjuna] (Transaction Reaper) ARJUNA012117: TransactionReaper::check timeout for TX 0:ffff7f000101:148e7def:5a5f1a7f:e in state RUN
10:47:24,805 WARN [org.hibernate.resource.transaction.backend.jta.internal.synchronization.SynchronizationCallbackCoordinatorTrackingImpl] (Transaction Reaper Worker 0) HHH000451: Transaction afterCompletion called by a background thread; delaying afterCompletion processing until the original thread can handle it. [status=4]
10:47:24,805 WARN [org.hibernate.resource.transaction.backend.jta.internal.synchronization.SynchronizationCallbackCoordinatorTrackingImpl] (Transaction Reaper Worker 0) HHH000451: Transaction afterCompletion called by a background thread; delaying afterCompletion processing until the original thread can handle it. [status=4]
10:47:24,805 WARN [org.hibernate.resource.transaction.backend.jta.internal.synchronization.SynchronizationCallbackCoordinatorTrackingImpl] (Transaction Reaper Worker 0) HHH000451: Transaction afterCompletion called by a background thread; delaying afterCompletion processing until the original thread can handle it. [status=4]
The import seems to go through but the server startup finally fails with an error:
10:49:25,924 INFO [org.keycloak.services] (ServerService Thread Pool -- 58) KC-SERVICES0032: Import finished successfully
10:49:25,942 WARN [com.arjuna.ats.arjuna] (ServerService Thread Pool -- 58) ARJUNA012077: Abort called on already aborted atomic action 0:ffff7f000101:148e7def:5a5f1a7f:e
10:49:25,945 INFO [org.jboss.as.server] (Thread-2) WFLYSRV0220: Server shutdown has been requested via an OS signal
10:49:25,949 ERROR [org.jboss.msc.service.fail] (ServerService Thread Pool -- 58) MSC000001: Failed to start service jboss.undertow.deployment.default-server.default-host./auth: org.jboss.msc.service.StartException in service jboss.undertow.deployment.default-server.default-host./auth: java.lang.RuntimeException: RESTEASY003325: Failed to construct public org.keycloak.services.resources.KeycloakApplication(javax.servlet.ServletContext,org.jboss.resteasy.core.Dispatcher)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentService$1.run(UndertowDeploymentService.java:84)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
at org.jboss.threads.JBossThread.run(JBossThread.java:320)
Caused by: java.lang.RuntimeException: RESTEASY003325: Failed to construct public org.keycloak.services.resources.KeycloakApplication(javax.servlet.ServletContext,org.jboss.resteasy.core.Dispatcher)
at org.jboss.resteasy.core.ConstructorInjectorImpl.construct(ConstructorInjectorImpl.java:162)
at org.jboss.resteasy.spi.ResteasyProviderFactory.createProviderInstance(ResteasyProviderFactory.java:2298)
at org.jboss.resteasy.spi.ResteasyDeployment.createApplication(ResteasyDeployment.java:340)
at org.jboss.resteasy.spi.ResteasyDeployment.start(ResteasyDeployment.java:253)
at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.init(ServletContainerDispatcher.java:120)
at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.init(HttpServletDispatcher.java:36)
at io.undertow.servlet.core.LifecyleInterceptorInvocation.proceed(LifecyleInterceptorInvocation.java:117)
at org.wildfly.extension.undertow.security.RunAsLifecycleInterceptor.init(RunAsLifecycleInterceptor.java:78)
at io.undertow.servlet.core.LifecyleInterceptorInvocation.proceed(LifecyleInterceptorInvocation.java:103)
at io.undertow.servlet.core.ManagedServlet$DefaultInstanceStrategy.start(ManagedServlet.java:250)
at io.undertow.servlet.core.ManagedServlet.createServlet(ManagedServlet.java:133)
at io.undertow.servlet.core.DeploymentManagerImpl$2.call(DeploymentManagerImpl.java:565)
at io.undertow.servlet.core.DeploymentManagerImpl$2.call(DeploymentManagerImpl.java:536)
at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:42)
at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
at org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508)
at io.undertow.servlet.core.DeploymentManagerImpl.start(DeploymentManagerImpl.java:578)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentService.startContext(UndertowDeploymentService.java:100)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentService$1.run(UndertowDeploymentService.java:81)
... 6 more
Caused by: java.lang.RuntimeException: javax.transaction.RollbackException: ARJUNA016102: The transaction is not active! Uid is 0:ffff7f000101:148e7def:5a5f1a7f:e
at org.keycloak.transaction.JtaTransactionWrapper.handleException(JtaTransactionWrapper.java:77)
at org.keycloak.transaction.JtaTransactionWrapper.commit(JtaTransactionWrapper.java:94)
at org.keycloak.services.DefaultKeycloakTransactionManager.commit(DefaultKeycloakTransactionManager.java:136)
at org.keycloak.models.utils.KeycloakModelUtils.runJobInTransaction(KeycloakModelUtils.java:233)
at org.keycloak.services.resources.KeycloakApplication.<init>(KeycloakApplication.java:137)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
at org.jboss.resteasy.core.ConstructorInjectorImpl.construct(ConstructorInjectorImpl.java:150)
... 28 more
Caused by: javax.transaction.RollbackException: ARJUNA016102: The transaction is not active! Uid is 0:ffff7f000101:148e7def:5a5f1a7f:e
at com.arjuna.ats.internal.jta.transaction.arjunacore.TransactionImple.commitAndDisassociate(TransactionImple.java:1279)
at com.arjuna.ats.internal.jta.transaction.arjunacore.BaseTransaction.commit(BaseTransaction.java:126)
at com.arjuna.ats.jbossatx.BaseTransactionManagerDelegate.commit(BaseTransactionManagerDelegate.java:89)
at org.wildfly.transaction.client.LocalTransaction.commitAndDissociate(LocalTransaction.java:73)
at org.wildfly.transaction.client.ContextTransactionManager.commit(ContextTransactionManager.java:71)
at org.keycloak.transaction.JtaTransactionWrapper.commit(JtaTransactionWrapper.java:92)
... 36 more
It seems like the import is still running in some sort of transaction timeout. Is there any other way to configure the transaction timeout?
6 years, 11 months
SAML Attribute to Role
by Michael Poettgen
On Keycloak 3.4.3 I'm trying to use a "SAML Attribute to Role" role mapper to extract roles from a "roles" attribute sent by an external SAML IdP. I know that the attribute has values as when I try to map it to a user attribute I get an exception that the user attribute cannot be saved, because the value exceeds the maximum length of 256. What I don't know is whether the roles are sent in
1 - one attribute with multiple values,
2 - multiple attributes with one value or
3 - one attribute with one concatenated value.
I guess looking at the code that only 2 would work, 3 would be unusual, but 1 should work as well.
Can anyone share his experience with this? At the moment none of my roles get applied.
Thanks,
Michael
This message may contain confidential information. If you are not the intended recipient, do not disseminate, distribute, or copy this e-mail or its attachments. Please notify the sender of the error immediately by e-mail or at the telephone number listed below, and delete this e-mail and any attachments from your system. Receipt by anyone other than the intended recipient(s) is not a waiver of any trade secrets, proprietary interests, or other applicable rights. E-mail transmission is not necessarily secure or error-free, as information could be intercepted, corrupted, lost, destroyed, delayed, incomplete, or may contain viruses. The sender disclaims all liability for any errors or omissions arising as a result of the e-mail transmission.
OEConnection LLC, (888) 776-5792, www.oeconnection.com
6 years, 11 months
offlineSessions data in cache vs db
by Tonnis Wildeboer
Hello Keycloak Users,
Ultimately, what we want to do is have three nodes in one Kubernetes
namespace that define a cluster. Then be able to add three more nodes to
the cluster in a new namespace that shares the same subnet and database,
then kill off the original three nodes, effectively migrating the
cluster to the new namespace and do all this without anyone being logged
out. The namespace distinction is invisible to Keycloak, as far as I can
tell.
What we have tried:
* Start with 3 standalone-ha mode instances clustered with
JGroups/JDBC_PING.
* Set the number of cache owners for sessions to 6.
* Start the three new instances in the new Kubernetes namespace,
configured exactly the same as the first three - that is, same db, same
number of cache owners.
* Kill the original three
But it seems this caused offlineSession tokens to be expired immediately.
I found this in the online documentation
(http://www.keycloak.org/docs/latest/server_installation/index.html#server...):
> The second type of cache handles managing user sessions, offline
tokens, and keeping track of login failures... The data held in these
caches is temporary, in memory only, but is possibly replicated across
the cluster.
> The sessions, authenticationSessions, offlineSessions and
loginFailures caches are the only caches that may perform replication.
Entries are not replicated to every single node, but instead one or more
nodes is chosen as an owner of that data. If a node is not the owner of
a specific cache entry it queries the cluster to obtain it. What this
means for failover is that if all the nodes that own a piece of data go
down, that data is lost forever. By default, Keycloak only specifies one
owner for data. So if that one node goes down that data is lost. This
usually means that users will be logged out and will have to login again.
It appears, based on these documentation comments and our experience,
that the "source of truth" regarding offlineSessions is the data in the
"owner" caches, is NOT the database, as I would have expected. It also
seems to be the case that if a node joins the cluster (as defined by
JGroups/JDBC_PING), it will NOT be able to populate its offlineSessions
cache from the database, but must rely on replication from one of the
owner nodes.
Questions:
1. Is the above understanding regarding the db vs cache correct?
2. If so, please explain the design/reasoning behind this behavior.
Otherwise, please correct my understanding.
3. Is there a way to perform this simple migration without losing any
sessions?
Thanks,
--Tonnis
6 years, 11 months
Failed to initialize in KC 3.4
by Corentin Dupont
Hi guys,
I use this code in my javascript application:
var keycloak = Keycloak();
keycloak.init().success(function(authenticated) {
alert(authenticated ? 'authenticated' : 'not authenticated');
}).error(function() {
alert('failed to initialize');
});
Since I updated Keycloak I get the message 'failed to initialize'.
It was working well with the previous version of KC 3.2.
What could it be? How can I get a better error message?
Thanks!
6 years, 11 months
Running two Keycloak instances in parallel
by Knurr, Michael
Hi all
When trying to upgrade Keycloak to the latest version I ran into problems. Unfortunately It turned out that we ran into different upgrade behaviors on different machines. With the latest version, the upgrade is running locally, on test and on stage. As a last step I now tried to test the upgrade procedure on the production machine with a keycloak instance running on a different port.
When running the upgrade on a server with an already running keycloak instance, the new server runs into a timeout because of concurrency.
10:16:24,926 INFO [org.keycloak.connections.jpa.updater.liquibase.LiquibaseJpaUpdaterProvider] (ServerService Thread Pool -- 58) Updating database. Using changelog META-INF/jpa-changelog-master.xml
10:21:22,322 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0348: Timeout after [300] seconds waiting for service container stability. Operation will roll back. Step that first updated the service container was 'add' at address '[
("core-service" => "management"),
("management-interface" => "http-interface")
]'
10:21:23,397 WARN [com.arjuna.ats.arjuna] (Transaction Reaper) ARJUNA012117: TransactionReaper::check timeout for TX 0:ffff7f000101:73d290d3:5a5dc2e6:d in state RUN
10:21:23,402 WARN [com.arjuna.ats.arjuna] (Transaction Reaper Worker 0) ARJUNA012121: TransactionReaper::doCancellations worker Thread[Transaction Reaper Worker 0,5,main] successfully canceled TX 0:ffff7f000101:73d290d3:5a5dc2e6:d
10:21:23,668 WARN [com.arjuna.ats.arjuna] (Transaction Reaper) ARJUNA012117: TransactionReaper::check timeout for TX 0:ffff7f000101:73d290d3:5a5dc2e6:10 in state RUN
10:21:23,669 WARN [com.arjuna.ats.arjuna] (Transaction Reaper Worker 0) ARJUNA012121: TransactionReaper::doCancellations worker Thread[Transaction Reaper Worker 0,5,main] successfully canceled TX 0:ffff7f000101:73d290d3:5a5dc2e6:10
10:21:27,328 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0190: Step handler org.jboss.as.server.DeployerChainAddHandler$FinalRuntimeStepHandler@20b4c4cb for operation add-deployer-chains at address [] failed handling operation rollback -- java.util.concurrent.TimeoutException: java.util.concurrent.TimeoutException
at org.jboss.as.controller.OperationContextImpl.waitForRemovals(OperationContextImpl.java:522)
...
What might be the reason for this? Shouldn't it possible to run two keycloak servers (with a different port offset) on a single machine? How can I test the keycloak upgrade on the production machine without stopping the running server instance?
Best regards
Michael
6 years, 11 months
Re-authenticate user and populate login form with session data
by Christer Vaskinn
Hi.
We're trying to implement re-authentication for privileged functions using OIDC and prompt=login. As such, we'd like to populate the username field in login.ftl with the username of the currently logged in user. Is that possible?
Best regards
Christer Vaskinn
6 years, 11 months
