Error during "Synchronize all users" from an LDAP Server
by Giovanni Baruzzi
Dear Friends,
I got the following exception trying to “synchronize all users” from a LDAP Server. The dialog user is „Settings->User Federation->Settings.
Please find the details about the LDAP Server further below after the Java LOG.
Thank for your attention,
Giovanni
=====================
20:23:38,119 ERROR [io.undertow.request] (default task-9) UT005023: Exception handling request to /auth/admin/realms/demo/user-federation/instances/6f4de879-f4b7-4d74-9141-46044c4b9e09/sync: java.lang.RuntimeException: request path: /auth/admin/realms/demo/user-fede ration/instances/6f4de879-f4b7-4d74-9141-46044c4b9e09/sync
at org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:54)
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132)
at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:85)
at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler. java:78)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java :131)
at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java :57)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstrai ntHandler.java:64)
at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58)
at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.ja va:72)
at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
at io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:274)
at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:253)
at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:80)
at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:172)
at io.undertow.server.Connectors.executeRootHandler(Connectors.java:199)
at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:774)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)
Caused by: org.jboss.resteasy.spi.UnhandledException: java.lang.IllegalStateException: Expected String but attribute was [adub, sdub] of type java.util.TreeSet
at org.jboss.resteasy.core.ExceptionHandler.handleApplicationException(ExceptionHandler.java:76)
at org.jboss.resteasy.core.ExceptionHandler.handleException(ExceptionHandler.java:212)
at org.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:149)
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)
at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)
at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:86)
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:130)
at org.keycloak.services.filters.ClientConnectionFilter.doFilter(ClientConnectionFilter.java:41)
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132)
at org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:40)
... 29 more
Caused by: java.lang.IllegalStateException: Expected String but attribute was [adub, sdub] of type java.util.TreeSet
at org.keycloak.federation.ldap.idm.model.LDAPObject.getAttributeAsString(LDAPObject.java:79)
at org.keycloak.federation.ldap.LDAPUtils.getUsername(LDAPUtils.java:76)
at org.keycloak.federation.ldap.LDAPFederationProvider.importLDAPUsers(LDAPFederationProvider.java:390)
at org.keycloak.federation.ldap.LDAPFederationProviderFactory.importLdapUsers(LDAPFederationProviderFactory.java:269)
at org.keycloak.federation.ldap.LDAPFederationProviderFactory$1.run(LDAPFederationProviderFactory.java:223)
at org.keycloak.models.utils.KeycloakModelUtils.runJobInTransaction(KeycloakModelUtils.java:241)
at org.keycloak.federation.ldap.LDAPFederationProviderFactory.syncImpl(LDAPFederationProviderFactory.java:219)
at org.keycloak.federation.ldap.LDAPFederationProviderFactory.syncAllUsers(LDAPFederationProviderFactory.java:177)
at org.keycloak.services.managers.UsersSyncManager.syncAllUsers(UsersSyncManager.java:50)
at org.keycloak.services.resources.admin.UserFederationProviderResource.syncUsers(UserFederationProviderResource.java:144)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:137)
at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:296)
at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:250)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:140)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:109)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:135)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:109)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:135)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:109)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:135)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:103)
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:356)
... 40 more
The LDAP Server is a port389 (nearly identical to RedHat) this is an excerpt of the LDIF of the people container
(all test data, not real people)
dn: ou=People, dc=syntlogo,dc=de
objectClass: top
objectClass: organizationalunit
ou: People
dn: uid=cros, ou=People, dc=syntlogo,dc=de
cn: Carlo Rossi
sn: Rossi
givenName: Carlo
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
ou: Accounting
ou: People
l: Milano
uid: cros
mail: carlo.rossi(a)mycompany.com<mailto:carlo.rossi@mycompany.com>
telephoneNumber: +39-02-2267-4798
facsimileTelephoneNumber: +39-02-2267-9751
roomNumber: 4612
userPassword: {SSHA}dvuiZA9vGMEqopNlIJ2qwxf0igE1fmJVLB8MRw==
dn: uid=gste, ou=People, dc=syntlogo,dc=de
cn: Gudrun Steinle
sn: Steinle
givenName: Gudrun
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
ou: Accounting
ou: People
l: Stuttgart
uid: gste
mail: gudrun.steinle(a)mycompany.com<mailto:gudrun.steinle@mycompany.com>
telephoneNumber: +49-711-2359-9187
facsimileTelephoneNumber: +49-711-2359-8473
roomNumber: 4117
userPassword: {SSHA}wc8v0cdM3GNzzQZ9EkfH5EdUBUMqVtMCDlTXFQ==
dn: uid=abia, ou=People, dc=syntlogo,dc=de
cn: Antonio Bianchi
sn: Bianchi
givenName: Antonio
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
ou: Human Resources
ou: People
l: Milano
uid: abia
mail: antonio.bianchi(a)mycompany.com<mailto:antonio.bianchi@mycompany.com>
telephoneNumber: +39-02-2267- 5625
facsimileTelephoneNumber: +39-02-2267- 3372
roomNumber: 2871
userPassword: {SSHA}+b2IRLQ2tPT5xLSiYAnM4vuUrY7FMac/NwGXFQ==
and in the log of the LDAP server is the following to see:
[18/May/2015:14:32:26 +0200] conn=168 fd=64 slot=64 connection from 10.1.0.90 to 10.1.0.93
[18/May/2015:14:32:26 +0200] conn=169 fd=65 slot=65 connection from 10.1.0.90 to 10.1.0.93
[18/May/2015:14:32:26 +0200] conn=169 op=0 BIND dn="cn=directory manager" method=128 version=3
[18/May/2015:14:32:26 +0200] conn=169 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager"
[18/May/2015:14:32:26 +0200] conn=169 op=1 SRCH base="ou=people,dc=syntlogo,dc=local" scope=1 filter="(&(objectClass=organizationalPerson)(objectClass=inetOrgPerson))" attrs="uid nsUniqueId mail createTimestamp sn cn objectClass modifyTimestamp"
[18/May/2015:14:32:26 +0200] conn=169 op=1 RESULT err=0 tag=101 nentries=19 etime=0 notes=P
10 years, 11 months
How read added mapper attribute from ldap?
by Adam Daduev
Hi.
I try use new feature of keycloak 1.3.1, i added new attribute, like
department, but i can not get it in my web bean, i try get new attribute
from KeycloakSecurityContext, but con not found.
How can i get my new added atribute?
Thanks!
10 years, 11 months
authentication level / chaining realms
by Steve Favez
Hi keycloak's experts,
I'm wondering if it's possible to chain realm's invocation in keycloak (and
also, if it's a good practice or not).
The use case is the following :
Keycloak is used as an SSO identity server for a set of application
with different security policies, but for the same users. (so, same user
directory).
- some applications require only "user / password" authentication.
- some applications require a second authentication factor. (for
example sms, or any other systems).
My idea was the following :
- we've a first realm - let's name it "simple realm", that require only
user / password
- we've a second realm - let's name it "2fa realm" that require a
token from "simple realm" and the second authentication factor.
- If I connect to an application secured by the "2fa realm", my
application will redirect to the "2fa realm", then, as it can't found any
simple token, the realm dispatch the invocation to the "simple
realm", and
then ask for the second authentication factor.
So, a user authenticated against the "2fa realm" get two tokens : the
simple realm token and the 2FA token.
Thanks in advance for your valuable comments , ideas or critics.
Best regards.
Steve
10 years, 11 months
Errors while running LDAP integration test
by Nair, Rajat
Hi,
During LDAP integration with Keycloak (v1.3.1), we get to see a "Unique index or primary key violation" exception while trying to login with an LDAP using on Keycloak's account service site. I setup latest Keycloak source (from Github) to debug this issue. During build, I saw the same error when LDAP integration tests were running. Here are the logs -
21:40:24,624 INFO [org.keycloak.testsuite.KeycloakServer] Imported realm test
21:40:24,709 INFO [org.keycloak.federation.ldap.LDAPIdentityStoreRegistry] Creating new LDAP based partition manager for the Federation provider: test-ldap, LDAP Configuration: {bindDn=uid=admin,ou=system, userObjectClasses=null, baseDn=dc=keycloak,dc=org, usersDn=ou=People,dc=keycloak,dc=org, vendor=other, kerberosRealm=KEYCLOAK.ORG, syncRegistrations=false, userAccountControlsAfterPasswordUpdate=false, debug=true, connectionPooling=true, serverPrincipal=HTTP/localhost(a)KEYCLOAK.ORG, usernameLDAPAttribute=null, allowKerberosAuthentication=false, useKerberosForPasswordAuthentication=false, rdnLDAPAttribute=null, keyTab=/home/USER/apps/keycloak/testsuite/integration/target/test-classes/kerberos/http.keytab, batchSizeForSync=3, connectionUrl=ldap://localhost:10389, allowPasswordAuthentication=true, editMode=WRITABLE, updateProfileFirstLogin=true, pagination=true}
21:40:25,790 INFO [org.keycloak.federation.ldap.LDAPFederationProviderFactory] Sync all users from LDAP to local store: realm: test, federation provider: test-ldap
21:40:25,845 INFO [org.keycloak.federation.ldap.LDAPFederationProviderFactory] Sync all users finished: 5 imported users, 0 updated users, 0 removed users
21:40:26,862 INFO [org.keycloak.federation.ldap.LDAPFederationProviderFactory] Sync changed users from LDAP to local store: realm: test, federation provider: test-ldap, last sync time: Wed Jul 08 21:40:25 IST 2015
21:40:26,900 INFO [org.keycloak.federation.ldap.LDAPFederationProviderFactory] Sync changed users finished: 1 imported users, 1 updated users, 0 removed users
21:40:26,920 INFO [org.keycloak.federation.ldap.LDAPFederationProviderFactory] Sync all users from LDAP to local store: realm: test, federation provider: test-ldap
21:40:26,962 WARN [org.keycloak.federation.ldap.LDAPFederationProviderFactory] User 'user7' is not updated during sync as he already exists in Keycloak database but is not linked to federation provider 'test-ldap'
21:40:26,969 INFO [org.keycloak.federation.ldap.LDAPFederationProviderFactory] Sync all users finished: 0 imported users, 6 updated users, 0 removed users, 1 users failed sync! See server log for more details
21:40:26,981 INFO [org.keycloak.federation.ldap.LDAPFederationProviderFactory] Sync all users from LDAP to local store: realm: test, federation provider: test-ldap
21:40:27,054 ERROR [org.keycloak.federation.ldap.LDAPFederationProviderFactory] Failed during import user from LDAP
org.keycloak.models.ModelDuplicateException: javax.persistence.PersistenceException: org.hibernate.exception.ConstraintViolationException: Unique index or primary key violation: "UK_DYKN684SL8UP1CRFEI6ECKHD7_INDEX_D ON PUBLIC.USER_ENTITY(REALM_ID, EMAIL_CONSTRAINT) VALUES ('test', 'user7(a)email.org', 21)"; SQL statement:
update USER_ENTITY set CREATED_TIMESTAMP=?, EMAIL=?, EMAIL_CONSTRAINT=?, EMAIL_VERIFIED=?, ENABLED=?, federation_link=?, FIRST_NAME=?, LAST_NAME=?, REALM_ID=?, TOTP=?, USERNAME=? where ID=? [23505-187]
at org.keycloak.connections.jpa.PersistenceExceptionConverter.convert(PersistenceExceptionConverter.java:40)
at org.keycloak.connections.jpa.JpaKeycloakTransaction.commit(JpaKeycloakTransaction.java:30)
at org.keycloak.services.DefaultKeycloakTransactionManager.commit(DefaultKeycloakTransactionManager.java:58)
at org.keycloak.models.utils.KeycloakModelUtils.runJobInTransaction(KeycloakModelUtils.java:247)
at org.keycloak.federation.ldap.LDAPFederationProviderFactory.importLdapUsers(LDAPFederationProviderFactory.java:286)
at org.keycloak.federation.ldap.LDAPFederationProviderFactory.syncImpl(LDAPFederationProviderFactory.java:241)
at org.keycloak.federation.ldap.LDAPFederationProviderFactory.syncAllUsers(LDAPFederationProviderFactory.java:200)
at org.keycloak.services.managers.UsersSyncManager.syncAllUsers(UsersSyncManager.java:50)
at org.keycloak.testsuite.federation.SyncProvidersTest.test02duplicateUsernameSync(SyncProvidersTest.java:200)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50)
at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47)
at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:325)
at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:78)
at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:57)
at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290)
at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71)
at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288)
at org.junit.runners.ParentRunner.access$000(ParentRunner.java:58)
at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268)
at org.junit.rules.ExternalResource$1.evaluate(ExternalResource.java:48)
at org.junit.rules.ExternalResource$1.evaluate(ExternalResource.java:48)
at org.junit.rules.RunRules.evaluate(RunRules.java:20)
at org.junit.runners.ParentRunner.run(ParentRunner.java:363)
at org.apache.maven.surefire.junit4.JUnit4Provider.execute(JUnit4Provider.java:264)
at org.apache.maven.surefire.junit4.JUnit4Provider.executeTestSet(JUnit4Provider.java:153)
at org.apache.maven.surefire.junit4.JUnit4Provider.invoke(JUnit4Provider.java:124)
at org.apache.maven.surefire.booter.ForkedBooter.invokeProviderInSameClassLoader(ForkedBooter.java:200)
at org.apache.maven.surefire.booter.ForkedBooter.runSuitesInProcess(ForkedBooter.java:153)
at org.apache.maven.surefire.booter.ForkedBooter.main(ForkedBooter.java:103)
Caused by: javax.persistence.PersistenceException: org.hibernate.exception.ConstraintViolationException: Unique index or primary key violation: "UK_DYKN684SL8UP1CRFEI6ECKHD7_INDEX_D ON PUBLIC.USER_ENTITY(REALM_ID, EMAIL_CONSTRAINT) VALUES ('test', 'user7(a)email.org', 21)"; SQL statement:
update USER_ENTITY set CREATED_TIMESTAMP=?, EMAIL=?, EMAIL_CONSTRAINT=?, EMAIL_VERIFIED=?, ENABLED=?, federation_link=?, FIRST_NAME=?, LAST_NAME=?, REALM_ID=?, TOTP=?, USERNAME=? where ID=? [23505-187]
at org.hibernate.ejb.AbstractEntityManagerImpl.convert(AbstractEntityManagerImpl.java:1361)
at org.hibernate.ejb.AbstractEntityManagerImpl.convert(AbstractEntityManagerImpl.java:1289)
at org.hibernate.ejb.TransactionImpl.commit(TransactionImpl.java:78)
at org.keycloak.connections.jpa.JpaKeycloakTransaction.commit(JpaKeycloakTransaction.java:28)
... 33 more
Caused by: org.hibernate.exception.ConstraintViolationException: Unique index or primary key violation: "UK_DYKN684SL8UP1CRFEI6ECKHD7_INDEX_D ON PUBLIC.USER_ENTITY(REALM_ID, EMAIL_CONSTRAINT) VALUES ('test', 'user7(a)email.org', 21)"; SQL statement:
update USER_ENTITY set CREATED_TIMESTAMP=?, EMAIL=?, EMAIL_CONSTRAINT=?, EMAIL_VERIFIED=?, ENABLED=?, federation_link=?, FIRST_NAME=?, LAST_NAME=?, REALM_ID=?, TOTP=?, USERNAME=? where ID=? [23505-187]
at org.hibernate.exception.internal.SQLStateConversionDelegate.convert(SQLStateConversionDelegate.java:128)
at org.hibernate.exception.internal.StandardSQLExceptionConverter.convert(StandardSQLExceptionConverter.java:47)
at org.hibernate.engine.jdbc.spi.SqlExceptionHelper.convert(SqlExceptionHelper.java:125)
at org.hibernate.engine.jdbc.spi.SqlExceptionHelper.convert(SqlExceptionHelper.java:110)
at org.hibernate.engine.jdbc.internal.proxy.AbstractStatementProxyHandler.continueInvocation(AbstractStatementProxyHandler.java:129)
at org.hibernate.engine.jdbc.internal.proxy.AbstractProxyHandler.invoke(AbstractProxyHandler.java:81)
at com.sun.proxy.$Proxy54.executeUpdate(Unknown Source)
at org.hibernate.engine.jdbc.batch.internal.NonBatchingBatch.addToBatch(NonBatchingBatch.java:56)
at org.hibernate.persister.entity.AbstractEntityPersister.update(AbstractEntityPersister.java:3006)
at org.hibernate.persister.entity.AbstractEntityPersister.updateOrInsert(AbstractEntityPersister.java:2908)
at org.hibernate.persister.entity.AbstractEntityPersister.update(AbstractEntityPersister.java:3237)
at org.hibernate.action.internal.EntityUpdateAction.execute(EntityUpdateAction.java:113)
at org.hibernate.engine.spi.ActionQueue.execute(ActionQueue.java:272)
at org.hibernate.engine.spi.ActionQueue.executeActions(ActionQueue.java:264)
at org.hibernate.engine.spi.ActionQueue.executeActions(ActionQueue.java:187)
at org.hibernate.event.internal.AbstractFlushingEventListener.performExecutions(AbstractFlushingEventListener.java:326)
at org.hibernate.event.internal.DefaultFlushEventListener.onFlush(DefaultFlushEventListener.java:52)
at org.hibernate.internal.SessionImpl.flush(SessionImpl.java:1081)
at org.hibernate.internal.SessionImpl.managedFlush(SessionImpl.java:315)
at org.hibernate.engine.transaction.internal.jdbc.JdbcTransaction.beforeTransactionCommit(JdbcTransaction.java:101)
at org.hibernate.engine.transaction.spi.AbstractTransactionImpl.commit(AbstractTransactionImpl.java:175)
at org.hibernate.ejb.TransactionImpl.commit(TransactionImpl.java:73)
... 34 more
Caused by: org.h2.jdbc.JdbcSQLException: Unique index or primary key violation: "UK_DYKN684SL8UP1CRFEI6ECKHD7_INDEX_D ON PUBLIC.USER_ENTITY(REALM_ID, EMAIL_CONSTRAINT) VALUES ('test', 'user7(a)email.org', 21)"; SQL statement:
update USER_ENTITY set CREATED_TIMESTAMP=?, EMAIL=?, EMAIL_CONSTRAINT=?, EMAIL_VERIFIED=?, ENABLED=?, federation_link=?, FIRST_NAME=?, LAST_NAME=?, REALM_ID=?, TOTP=?, USERNAME=? where ID=? [23505-187]
at org.h2.message.DbException.getJdbcSQLException(DbException.java:345)
at org.h2.message.DbException.get(DbException.java:179)
at org.h2.message.DbException.get(DbException.java:155)
at org.h2.index.BaseIndex.getDuplicateKeyException(BaseIndex.java:102)
at org.h2.mvstore.db.MVSecondaryIndex.checkUnique(MVSecondaryIndex.java:233)
at org.h2.mvstore.db.MVSecondaryIndex.add(MVSecondaryIndex.java:191)
at org.h2.mvstore.db.MVTable.addRow(MVTable.java:638)
at org.h2.table.Table.updateRows(Table.java:478)
at org.h2.command.dml.Update.update(Update.java:145)
at org.h2.command.CommandContainer.update(CommandContainer.java:78)
at org.h2.command.Command.executeUpdate(Command.java:254)
at org.h2.jdbc.JdbcPreparedStatement.executeUpdateInternal(JdbcPreparedStatement.java:157)
at org.h2.jdbc.JdbcPreparedStatement.executeUpdate(JdbcPreparedStatement.java:143)
at sun.reflect.GeneratedMethodAccessor261.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.hibernate.engine.jdbc.internal.proxy.AbstractStatementProxyHandler.continueInvocation(AbstractStatementProxyHandler.java:122)
... 51 more
21:40:27,103 INFO [org.keycloak.federation.ldap.LDAPFederationProviderFactory] Sync all users finished: 1 imported users, 6 updated users, 0 removed users, 1 users failed sync! See server log for more details
21:40:27,110 INFO [org.keycloak.federation.ldap.LDAPFederationProviderFactory] Sync all users from LDAP to local store: realm: test, federation provider: test-ldap
21:40:27,167 INFO [org.keycloak.federation.ldap.LDAPFederationProviderFactory] Sync all users finished: 1 imported users, 6 updated users, 0 removed users
21:40:28,175 INFO [org.keycloak.testsuite.DummyUserFederationProviderFactory] syncChangedUsers invoked
Is this a known issue?
-- Rajat
10 years, 11 months
Issues syncing users with LDAP (Keycloak v1.3.1/v1.2.0)
by Nair, Rajat
Hi,
I have setup LDAP server and configured Keycloak (under User Federation) to communicate with LDAP. Test connection and test authentication both work and Keycloak "seems" to be communicating with LDAP successfully, but when I try to sync users, no data is imported to Keycloak. I have tried with Keycloak release 1.3.1 and 1.2.0 Final. Also tried with simple LDAP schema (ou=customers,dc=xyz,dc=com) but still no luck.
I'm attaching my LDAP setting (from phpLdap) and my Keycloak settings - could this be configuration issues?
On Keycloak logs, I can see -
06:32:57,286 INFO [org.keycloak.federation.ldap.LDAPFederationProviderFactory] (default task-15) Sync all users from LDAP to local store: realm: 4b921ecb-e068-41d0-956d-fea12f2706cf, federation provider: myldapserver
06:32:57,301 INFO [org.keycloak.federation.ldap.LDAPFederationProviderFactory] (default task-15) Sync all users finished: 0 imported users, 0 updated users, 0 removed users
Any way I can debug further to figure out what is going on? Currently, Keycloak and LDAP are setup on different boxes.
-- Rajat
10 years, 11 months
Is it possible to make the login keycloak page look different between several applications?
by Fabio Monteiro
Hi there, We have a client that uses KeyCloak as a centralized server solution for grant and security access. We would like to know if it is possible to make the login page of KeyCloak look COMPLETELY different and different between several apps ? Even better, is it possible to simply use ONLY REST communications from a business app to handle everything Keycloak has to offer in terms of security and identity ??
Thanks a lot for your help, we are not sure about how to handle all this. Fabio Mfmrage(a)hotmail.com
10 years, 11 months
Error decoding JSON response from custom identity provider
by Eugene Chow
Hi all,
I’m trying to integrate Keycloak with a custom OpenID Connect identity provider. I got to the point where the server returned Keycloak a JSON response.
I got the following error:
2015-07-07 02:39:46,013 ERROR [org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider] (default task-12) Failed to make identity provider oauth callback: org.keycloak.broker.provider.IdentityBrokerException: Could not fetch attributes from userinfo endpoint.
…
...
Caused by: org.codehaus.jackson.JsonParseException: Unexpected character (',' (code 44)): expected a valid value (number, String, array, object, 'true', 'false' or 'null') at [Source: java.io.StringReader@183b074c; line: 3, column: 10]
Is there a way to peek at the content of the JSON response? I tried switching on debug mode in Wildfly, but the token wasn’t printed in the logs.
Thanks!
Eugene
10 years, 11 months
Change keycloak.json adapter config on the fly
by Orestis Tsakiridis
Hello,
I'm securing a REST bearer-only application using keycloak.
Is there any way to change keycloak.json adapter config file on the fly so
that it can take effect without restarting the container?
Will just editing keycloak.json work? I guess not.
What i want to do is complete an administrative task that will provide the
information needed for keycloak.json such as 'resource', edit keycloak.json
and then make this configuration effective for the REST api.
Best regards
Orestis
10 years, 11 months
