Re: [keycloak-user] How to configure what claim will be used as the user name in SpringSecurity adapter?
by Michael Furman
Works perfect!
Thanks!
________________________________
From: Sebastien Blanc <sblanc(a)redhat.com>
Sent: Tuesday, December 13, 2016 2:48 PM
To: Michael Furman
Subject: Re: [keycloak-user] How to configure what claim will be used as the user name in SpringSecurity adapter?
Ok I found the answer in older thread on this list (thx Thomas ;) ) :
try adding: "principal-attribute": "preferred_username" to your keycloak.json.
On Tue, Dec 13, 2016 at 1:33 PM, Michael Furman <michael_furman(a)hotmail.com<mailto:michael_furman@hotmail.com>> wrote:
HI Sebastien,
It is correct, the client settings mapper on IDP maps the username to the token claim name "preferred_username".
But after the SpringSecurity adapter authentication the SpringSecurity holds KeycloakAuthenticationToken while its principal name is equal to the claim with the name "sub" (it value is like e9cd6db8-378f-445e-8c83-265d439e3381).
What should I do on the SpringSecurity adapter side to allow to take the value from the claim "preferred_username"?
Any help will be appreciated.
Best regards,
Michael
________________________________
From: Sebastien Blanc <sblanc(a)redhat.com<mailto:sblanc@redhat.com>>
Sent: Tuesday, December 13, 2016 1:31 PM
To: Michael Furman
Cc: keycloak-user(a)lists.jboss.org<mailto:keycloak-user@lists.jboss.org>
Subject: Re: [keycloak-user] How to configure what claim will be used as the user name in SpringSecurity adapter?
Isn't this already the case ? If you go to your client settings and look at the mappers you can see that username has the token claim name "preferred_username"
On Tue, Dec 13, 2016 at 11:56 AM, Michael Furman <michael_furman(a)hotmail.com<mailto:michael_furman@hotmail.com>> wrote:
Hi all,
I want to configure the claim preferred_username will be used as the user name after SpringSecurity adapter authentication.
How can I configure it?
Any help will be appreciated.
Best regards,
Michael
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org<mailto:keycloak-user@lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user
7 years, 4 months
Re: [keycloak-user] Spring boot + keycloak
by Sebastien Blanc
I can still not reproduce it, could you file a jira ticket please ?
On Tue, Dec 13, 2016 at 8:47 AM, Ondra Pala <pala.ondra(a)gmail.com> wrote:
> Wildfly in version:2.0.10.Final
>
> 2016-12-12 17:12 GMT+01:00 Sebastien Blanc <sblanc(a)redhat.com>:
>
>> Do you have many a simple project that you can share with us on github
>> (your modified version of https://github.com/foo4u/keycloak-spring-demo
>> for instance) ?
>>
>> And can you also say which version of Wildfly you are using ?
>>
>>
>>
>> On Mon, Dec 12, 2016 at 3:48 PM, Ondra Pala <pala.ondra(a)gmail.com> wrote:
>>
>>> War in Wildfly ...
>>>
>>> 2016-12-12 15:45 GMT+01:00 Sebastien Blanc <sblanc(a)redhat.com>:
>>>
>>>> Are you running your Spring Boot app standalone or do you deploy a war
>>>> in Wildfly/EAP ?
>>>>
>>>> On Mon, Dec 12, 2016 at 3:43 PM, Ondra Pala <pala.ondra(a)gmail.com>
>>>> wrote:
>>>>
>>>>> Thanks you are right, but now I get exception:
>>>>>
>>>>> There was an unexpected error (type=Internal Server Error, status=500).
>>>>> loader constraint violation in interface itable initialization: when
>>>>> resolving method "org.keycloak.adapters.springs
>>>>> ecurity.facade.SimpleHttpFacade.getRequest()Lorg/keycloak/ad
>>>>> apters/spi/HttpFacade$Request;" the class loader (instance of
>>>>> org/jboss/modules/ModuleClassLoader) of the current class,
>>>>> org/keycloak/adapters/springsecurity/facade/SimpleHttpFacade, and the
>>>>> class loader (instance of org/jboss/modules/ModuleClassLoader) for
>>>>> interface org/keycloak/adapters/spi/HttpFacade have different Class
>>>>> objects for the type org/keycloak/adapters/spi/HttpFacade$Request
>>>>> used in the signature
>>>>>
>>>>>
>>>>>
>>>>> 2016-12-12 13:54 GMT+01:00 Sebastien Blanc <sblanc(a)redhat.com>:
>>>>>
>>>>>> But have you moved your keycloak config to applciation.properties
>>>>>> instead of using keycloak.json ? If you want to keep the keycloak.json,
>>>>>> just remove the SpringBoot Keycloak adapter dependency and it should be
>>>>>> also good.
>>>>>>
>>>>>> On Mon, Dec 12, 2016 at 12:38 PM, Ondra Pala <pala.ondra(a)gmail.com>
>>>>>> wrote:
>>>>>>
>>>>>>> My pom.xml file looks like:
>>>>>>>
>>>>>>> <!-- Spring boot - HTML templates -->
>>>>>>> <dependency>
>>>>>>> <groupId>org.springframework.boot</groupId>
>>>>>>> <artifactId>spring-boot-starter-thymeleaf</artifactId>
>>>>>>> </dependency>
>>>>>>>
>>>>>>> <!-- Spring boot - developers tools -->
>>>>>>> <dependency>
>>>>>>> <groupId>org.springframework.boot</groupId>
>>>>>>> <artifactId>spring-boot-devtools</artifactId>
>>>>>>> <optional>true</optional>
>>>>>>> </dependency>
>>>>>>>
>>>>>>> <!-- Spring boot - for deploying Spring boot application to Apache
>>>>>>> Tomcat -->
>>>>>>> <dependency>
>>>>>>> <groupId>org.springframework.boot</groupId>
>>>>>>> <artifactId>spring-boot-starter-tomcat</artifactId>
>>>>>>> <scope>provided</scope>
>>>>>>> </dependency>
>>>>>>>
>>>>>>> <!-- Spring boot security and actuator -->
>>>>>>> <dependency>
>>>>>>> <groupId>org.springframework.boot</groupId>
>>>>>>> <artifactId>spring-boot-starter-security</artifactId>
>>>>>>> </dependency>
>>>>>>> <dependency>
>>>>>>> <groupId>org.springframework.boot</groupId>
>>>>>>> <artifactId>spring-boot-starter-actuator</artifactId>
>>>>>>> </dependency>
>>>>>>>
>>>>>>> <!-- LDAP -->
>>>>>>> <dependency>
>>>>>>> <groupId>org.springframework.security</groupId>
>>>>>>> <artifactId>spring-security-ldap</artifactId>
>>>>>>> </dependency>
>>>>>>> <dependency>
>>>>>>> <groupId>org.apache.directory.server</groupId>
>>>>>>> <artifactId>apacheds-server-jndi</artifactId>
>>>>>>> <version>${apacheds.version}</version>
>>>>>>> </dependency>
>>>>>>>
>>>>>>> <!-- Slf4j logging - compatible with Apacheds-server-jndi -->
>>>>>>> <dependency>
>>>>>>> <groupId>org.slf4j</groupId>
>>>>>>> <artifactId>log4j-over-slf4j</artifactId>
>>>>>>> </dependency>
>>>>>>> <dependency>
>>>>>>> <groupId>org.slf4j</groupId>
>>>>>>> <artifactId>jul-to-slf4j</artifactId>
>>>>>>> </dependency>
>>>>>>> <dependency>
>>>>>>> <groupId>org.slf4j</groupId>
>>>>>>> <artifactId>jcl-over-slf4j</artifactId>
>>>>>>> </dependency>
>>>>>>> <dependency>
>>>>>>> <groupId>org.slf4j</groupId>
>>>>>>> <artifactId>slf4j-api</artifactId>
>>>>>>> </dependency>
>>>>>>> <dependency>
>>>>>>> <groupId>org.springframework</groupId>
>>>>>>> <artifactId>spring-web</artifactId>
>>>>>>> </dependency>
>>>>>>> <dependency>
>>>>>>> <groupId>com.fasterxml.jackson.core</groupId>
>>>>>>> <artifactId>jackson-databind</artifactId>
>>>>>>> </dependency>
>>>>>>> <!-- Keycloak -->
>>>>>>> <dependency>
>>>>>>> <groupId>org.keycloak</groupId>
>>>>>>> <artifactId>keycloak-spring-security-adapter</artifactId>
>>>>>>> <version>2.4.0.Final</version>
>>>>>>> </dependency>
>>>>>>> <dependency>
>>>>>>> <groupId>org.keycloak</groupId>
>>>>>>> <artifactId>keycloak-spring-boot-adapter</artifactId>
>>>>>>> <version>2.4.0.Final</version>
>>>>>>> </dependency>
>>>>>>> <dependency>
>>>>>>> <groupId>org.keycloak</groupId>
>>>>>>> <artifactId>keycloak-tomcat8-adapter</artifactId>
>>>>>>> <version>2.4.0.Final</version>
>>>>>>> </dependency>
>>>>>>> <dependency>
>>>>>>> <groupId>net.rossillo.mvc.cache</groupId>
>>>>>>> <artifactId>spring-mvc-cache-control</artifactId>
>>>>>>> <version>1.1.1-RELEASE</version>
>>>>>>> </dependency>
>>>>>>> <dependency>
>>>>>>> <groupId>org.keycloak</groupId>
>>>>>>> <artifactId>keycloak-common</artifactId>
>>>>>>> <version>2.4.0.Final</version>
>>>>>>> </dependency>
>>>>>>> </dependencies>
>>>>>>>
>>>>>>> I add KeycloakConfigResolver bean from org.keycloak.adapters but I
>>>>>>> still get the same exception.
>>>>>>>
>>>>>>> Thanks very much for your answer.
>>>>>>>
>>>>>>> Ondra
>>>>>>>
>>>>>>>
>>>>>>> 2016-12-12 12:17 GMT+01:00 Ondra Pala <pala.ondra(a)gmail.com>:
>>>>>>>
>>>>>>>> Hello, thanks for you answer. Are you mean
>>>>>>>> remove keycloak-spring-boot-adapter?
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> 2016-12-12 10:54 GMT+01:00 Sebastien Blanc <sblanc(a)redhat.com>:
>>>>>>>>
>>>>>>>>> Hi,
>>>>>>>>> Did you also added the SpringBoot Keycloak Adapter ? In this case
>>>>>>>>> it will look for the configuration in application.properties but on the
>>>>>>>>> other side the Spring Security won't work, so you have 2 options :
>>>>>>>>> - Remove the SpringBoot adapter
>>>>>>>>> - Or tell the SpringSecurity it has to use the SpringBoot Config
>>>>>>>>> resolver. Add this in your SecurityConfig class :
>>>>>>>>>
>>>>>>>>> @Bean
>>>>>>>>> public KeycloakConfigResolver KeycloakConfigResolver(){
>>>>>>>>> return new KeycloakSpringBootConfigResolver();
>>>>>>>>> }
>>>>>>>>> FYI We have a ticket to make this integration seamless
>>>>>>>>> https://issues.jboss.org/browse/KEYCLOAK-4054?filter=12329075
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Mon, Dec 12, 2016 at 10:46 AM, Ondra Pala <pala.ondra(a)gmail.com
>>>>>>>>> > wrote:
>>>>>>>>>
>>>>>>>>>> Hello We use this example: https://github.com/foo4u/keycl
>>>>>>>>>> oak-spring-demo
>>>>>>>>>> (for Spring boot and Keycloak)
>>>>>>>>>>
>>>>>>>>>> I have keycloak.json(realm in this file exists) file in my
>>>>>>>>>> WEB-INF folder,
>>>>>>>>>> but when I run my application, I get exception:
>>>>>>>>>>
>>>>>>>>>> java.lang.RuntimeException: Must set 'realm' in config
>>>>>>>>>>
>>>>>>>>>> Full stack of this exception:
>>>>>>>>>>
>>>>>>>>>> java.lang.RuntimeException: Must set 'realm' in config
>>>>>>>>>> at
>>>>>>>>>> org.keycloak.adapters.KeycloakDeploymentBuilder.internalBuil
>>>>>>>>>> d(KeycloakDeploymentBuilder.java:53)
>>>>>>>>>>
>>>>>>>>>> ~[keycloak-adapter-core-2.4.0.Final.jar:2.4.0.Final]
>>>>>>>>>> at
>>>>>>>>>> org.keycloak.adapters.KeycloakDeploymentBuilder.build(Keyclo
>>>>>>>>>> akDeploymentBuilder.java:152)
>>>>>>>>>>
>>>>>>>>>> ~[keycloak-adapter-core-2.4.0.Final.jar:2.4.0.Final]
>>>>>>>>>> at
>>>>>>>>>> org.keycloak.adapters.springboot.KeycloakSpringBootConfigRes
>>>>>>>>>> olver.resolve(KeycloakSpringBootConfigResolver.java:37)
>>>>>>>>>>
>>>>>>>>>> ~[keycloak-spring-boot-adapter-2.4.0.Final.jar:2.4.0.Final]
>>>>>>>>>> at
>>>>>>>>>> org.keycloak.adapters.AdapterDeploymentContext.resolveDeploy
>>>>>>>>>> ment(AdapterDeploymentContext.java:88)
>>>>>>>>>>
>>>>>>>>>> ~[keycloak-adapter-core-2.4.0.Final.jar:2.4.0.Final]
>>>>>>>>>> at
>>>>>>>>>> org.keycloak.adapters.PreAuthActionsHandler.preflightCors(Pr
>>>>>>>>>> eAuthActionsHandler.java:107)
>>>>>>>>>>
>>>>>>>>>> ~[keycloak-adapter-core-2.4.0.Final.jar:2.4.0.Final]
>>>>>>>>>> at
>>>>>>>>>> org.keycloak.adapters.PreAuthActionsHandler.handleRequest(Pr
>>>>>>>>>> eAuthActionsHandler.java:79)
>>>>>>>>>>
>>>>>>>>>> ~[keycloak-adapter-core-2.4.0.Final.jar:2.4.0.Final]
>>>>>>>>>> at
>>>>>>>>>> org.keycloak.adapters.tomcat.AbstractKeycloakAuthenticatorVa
>>>>>>>>>> lve.invoke(AbstractKeycloakAuthenticatorValve.java:183)
>>>>>>>>>>
>>>>>>>>>> ~[keycloak-tomcat-core-adapter-2.4.0.Final.jar:2.4.0.Final]
>>>>>>>>>> at
>>>>>>>>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHo
>>>>>>>>>> stValve.java:140)
>>>>>>>>>>
>>>>>>>>>> ~[tomcat-embed-core-8.5.5.jar:8.5.5]
>>>>>>>>>> at
>>>>>>>>>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorRepo
>>>>>>>>>> rtValve.java:79)
>>>>>>>>>>
>>>>>>>>>> [tomcat-embed-core-8.5.5.jar:8.5.5]
>>>>>>>>>> at
>>>>>>>>>> org.apache.catalina.core.StandardEngineValve.invoke(Standard
>>>>>>>>>> EngineValve.java:87)
>>>>>>>>>>
>>>>>>>>>> [tomcat-embed-core-8.5.5.jar:8.5.5]
>>>>>>>>>> at
>>>>>>>>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAd
>>>>>>>>>> apter.java:349)
>>>>>>>>>> [tomcat-embed-core-8.5.5.jar:8.5.5]
>>>>>>>>>> at
>>>>>>>>>> org.apache.coyote.http11.Http11Processor.service(Http11Proce
>>>>>>>>>> ssor.java:784)
>>>>>>>>>> [tomcat-embed-core-8.5.5.jar:8.5.5]
>>>>>>>>>> at
>>>>>>>>>> org.apache.coyote.AbstractProcessorLight.process(AbstractPro
>>>>>>>>>> cessorLight.java:66)
>>>>>>>>>>
>>>>>>>>>> [tomcat-embed-core-8.5.5.jar:8.5.5]
>>>>>>>>>> at
>>>>>>>>>> org.apache.coyote.AbstractProtocol$ConnectionHandler.process
>>>>>>>>>> (AbstractProtocol.java:802)
>>>>>>>>>>
>>>>>>>>>> [tomcat-embed-core-8.5.5.jar:8.5.5]
>>>>>>>>>> at
>>>>>>>>>> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun
>>>>>>>>>> (NioEndpoint.java:1410)
>>>>>>>>>>
>>>>>>>>>> [tomcat-embed-core-8.5.5.jar:8.5.5]
>>>>>>>>>> at
>>>>>>>>>> org.apache.tomcat.util.net.SocketProcessorBase.run(SocketPro
>>>>>>>>>> cessorBase.java:49)
>>>>>>>>>>
>>>>>>>>>> [tomcat-embed-core-8.5.5.jar:8.5.5]
>>>>>>>>>> at
>>>>>>>>>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPool
>>>>>>>>>> Executor.java:1142)
>>>>>>>>>>
>>>>>>>>>> [na:1.8.0_101]
>>>>>>>>>> at
>>>>>>>>>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoo
>>>>>>>>>> lExecutor.java:617)
>>>>>>>>>>
>>>>>>>>>> [na:1.8.0_101]
>>>>>>>>>> at
>>>>>>>>>> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.r
>>>>>>>>>> un(TaskThread.java:61)
>>>>>>>>>>
>>>>>>>>>> [tomcat-embed-core-8.5.5.jar:8.5.5]
>>>>>>>>>> at java.lang.Thread.run(Thread.java:745) [na:1.8.0_101]
>>>>>>>>>>
>>>>>>>>>> Our configuration of security looks like:
>>>>>>>>>>
>>>>>>>>>> /**
>>>>>>>>>> * Application security configuration.
>>>>>>>>>> *
>>>>>>>>>> *
>>>>>>>>>> * @author Scott Rossillo
>>>>>>>>>> */
>>>>>>>>>> @Configuration
>>>>>>>>>> @EnableWebSecurity
>>>>>>>>>> @ComponentScan(basePackageClasses =
>>>>>>>>>> KeycloakSecurityComponents.class)
>>>>>>>>>> public class SecurityConfig extends KeycloakWebSecurityConfigurerA
>>>>>>>>>> dapter
>>>>>>>>>> {
>>>>>>>>>>
>>>>>>>>>> @Autowired
>>>>>>>>>> public void configureGlobal(AuthenticationManagerBuilder
>>>>>>>>>> auth)
>>>>>>>>>> throws Exception {
>>>>>>>>>> auth
>>>>>>>>>> .authenticationProvider(keycloakAuthenticationProvider());
>>>>>>>>>> }
>>>>>>>>>>
>>>>>>>>>> @Autowired
>>>>>>>>>> public KeycloakClientRequestFactory
>>>>>>>>>> keycloakClientRequestFactory;
>>>>>>>>>>
>>>>>>>>>> @Bean
>>>>>>>>>> public CacheControlHandlerInterceptor
>>>>>>>>>> cacheControlHandlerInterceptor() {
>>>>>>>>>> return new CacheControlHandlerInterceptor();
>>>>>>>>>> }
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> @Bean
>>>>>>>>>> public FilterRegistrationBean
>>>>>>>>>> keycloakAuthenticationProcessingFilterRegistrationBean(
>>>>>>>>>> KeycloakAuthenticationProcessingFilter filter) {
>>>>>>>>>> FilterRegistrationBean registrationBean = new
>>>>>>>>>> FilterRegistrationBean(filter);
>>>>>>>>>> registrationBean.setEnabled(false);
>>>>>>>>>> return registrationBean;
>>>>>>>>>> }
>>>>>>>>>>
>>>>>>>>>> @Bean
>>>>>>>>>> public FilterRegistrationBean
>>>>>>>>>> keycloakPreAuthActionsFilterRegistrationBean(
>>>>>>>>>> KeycloakPreAuthActionsFilter filter) {
>>>>>>>>>> FilterRegistrationBean registrationBean = new
>>>>>>>>>> FilterRegistrationBean(filter);
>>>>>>>>>> registrationBean.setEnabled(false);
>>>>>>>>>> return registrationBean;
>>>>>>>>>> }
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> @Bean
>>>>>>>>>> @Scope(ConfigurableBeanFactory.SCOPE_PROTOTYPE)
>>>>>>>>>> public KeycloakRestTemplate keycloakRestTemplate() {
>>>>>>>>>> return new KeycloakRestTemplate(keycloakC
>>>>>>>>>> lientRequestFactory);
>>>>>>>>>> }
>>>>>>>>>>
>>>>>>>>>> @Bean
>>>>>>>>>> @Override
>>>>>>>>>> protected SessionAuthenticationStrategy
>>>>>>>>>> sessionAuthenticationStrategy() {
>>>>>>>>>> return new RegisterSessionAuthenticationStrategy(new
>>>>>>>>>> SessionRegistryImpl());
>>>>>>>>>> }
>>>>>>>>>>
>>>>>>>>>> @Override
>>>>>>>>>> protected void configure(HttpSecurity http) throws Exception
>>>>>>>>>> {
>>>>>>>>>> System.out.println("config");
>>>>>>>>>> super.configure(http);
>>>>>>>>>> http
>>>>>>>>>> .authorizeRequests()
>>>>>>>>>> .antMatchers("/*").denyAll();
>>>>>>>>>> }
>>>>>>>>>>
>>>>>>>>>> }
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Can you please tell me, where it could by mistake.
>>>>>>>>>>
>>>>>>>>>> Thanks for your answer and time.
>>>>>>>>>>
>>>>>>>>>> Ondrej Pala
>>>>>>>>>> _______________________________________________
>>>>>>>>>> keycloak-user mailing list
>>>>>>>>>> keycloak-user(a)lists.jboss.org
>>>>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>
7 years, 4 months
Minimal complete example
by Aidan Delaney
Dear all,
I'm trying to put together a keycloak example that executes on
a `mvn wildfly:run` and I'd appreciate some help. My assumptions are
that I can:
1. package both an example app and keycloak-server up in an EAR,
2. make the EAR depend on keycloak-server-overlay and keycloak-
wildfly-adapter-dist
3. provide configuration similar to keycloak-examples-
2.4.0.Final/preconfigured-demo
4. execute a `wildfly:run` to see a small demo.
I fully appreciate that keycloak should not be run in the above manner.
That the keycloak server _should_ be separated from the demo
application. However, I'm using this as a hands-on demo for
undergraduate students and, thereafter, high-school students. As such,
I want to make the initial example as straightforward to run as
possible. In these situations, running keycloak-standalone and
executing the example app leads to inevitable complications. Moreover,
I don't have access to Docker or Vagrant in the teaching environment.
I'm running into a few issues which I can work through. But I'm
wondering if it's possible to come up with such an example of if I'm
barking up the wrong tree?
--
Dr Aidan Delaney
Principal Lecturer
Computing, Engineering & Maths
University of Brighton
@aidandelaney
7 years, 4 months
Validate Token on IDP
by Laghuvaram, Raghu
I am trying to validate the token(Access Token) using the URL /auth/realms/<realm>/protocol/openid-connect/validate?access_token=<token> but I am getting 404 all the time. I am using 2.3.0 Final, is the token validate URL still valid?
Thanks,
Raghu.
________________________________
Notice: This communication may contain privileged and/or confidential information. If you are not the intended recipient, please notify the sender by email, and immediately delete the message and any attachments without copying or disclosing them. LB may, for any reason, intercept, access, use, and disclose any information that is communicated by or through, or which is stored on, its networks, applications, services, and devices.
7 years, 4 months
Exception while executing example security question required action
by abhishek raghav
Hi
I have implemented the example security question authenticator custom
authenticator independently. I am able to register it as a required action.
But when I am trying to login with the user for whom I set it as a
required action, I am facing this exception at run time. my pom.xml is also
attached.
16:16:49,916 ERROR [io.undertow.request] (default task-25) UT005023:
Exception handling request to
/auth/realms/DCI/login-actions/required-action:
org.jboss.resteasy.spi.UnhandledException: java.lang.NoSuchMethodError:
org.keycloak.authentication.RequiredActionContext.form()Lorg/keycloak/login/LoginFormsProvider;
at
org.jboss.resteasy.core.ExceptionHandler.handleApplicationException(ExceptionHandler.java:76)
at
org.jboss.resteasy.core.ExceptionHandler.handleException(ExceptionHandler.java:212)
at
org.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:168)
at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:411)
at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:202)
at
org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:221)
at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
at
io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
at
org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:90)
at
io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)
at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
at
io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
at
io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
at
io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
at
org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
at
io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
at
io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
at
io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
at
io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
at
io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
at
io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:284)
at
io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:263)
at
io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
at
io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:174)
at
io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
at
io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:793)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.NoSuchMethodError:
org.keycloak.authentication.RequiredActionContext.form()Lorg/keycloak/login/LoginFormsProvider;
at
com.dci.examples.providers.events.SecretQuestionRequiredAction.requiredActionChallenge(SecretQuestionRequiredAction.java:40)
at
org.keycloak.services.managers.AuthenticationManager.executionActions(AuthenticationManager.java:619)
at
org.keycloak.services.managers.AuthenticationManager.actionRequired(AuthenticationManager.java:542)
at
org.keycloak.services.managers.AuthenticationManager.nextActionAfterAuthentication(AuthenticationManager.java:464)
at
org.keycloak.services.resources.LoginActionsService$Checks.verifyRequiredAction(LoginActionsService.java:299)
at
org.keycloak.services.resources.LoginActionsService.processRequireAction(LoginActionsService.java:860)
at
org.keycloak.services.resources.LoginActionsService.requiredActionGET(LoginActionsService.java:853)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at
org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:139)
at
org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:295)
at
org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:249)
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:138)
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:101)
at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:395)
... 37 more
pom.xml :
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="
http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd">
<name>Authenticator Example</name>
<description/>
<modelVersion>4.0.0</modelVersion>
<artifactId>SampleAuthenticator-listener-provider</artifactId>
<groupId>org.keycloak</groupId>
<version>2.5.0.Final-SNAPSHOT</version>
<packaging>jar</packaging>
<dependencies>
<!--
https://mvnrepository.com/artifact/org.keycloak/keycloak-authentication-api
-->
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-authentication-api</artifactId>
<version>1.0-beta-3</version>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-services</artifactId>
<version>1.8.1.Final</version>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-server-spi</artifactId>
<version>2.4.0.Final</version>
</dependency>
<!-- https://mvnrepository.com/artifact/org.keycloak/keycloak-core -->
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-core</artifactId>
<version>2.4.0.Final</version>
</dependency>
<dependency>
<groupId>org.json</groupId>
<artifactId>json</artifactId>
<version>20140107</version>
</dependency>
<dependency>
<groupId>org.jboss.resteasy</groupId>
<artifactId>resteasy-client</artifactId>
<version>3.0.6.Final</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>javax</groupId>
<artifactId>javaee-web-api</artifactId>
<version>6.0</version>
<scope>provided</scope>
</dependency>
</dependencies>
<build>
<finalName>SampleAuthenticator-listener-provider</finalName>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<configuration>
<source>1.8</source>
<target>1.8</target>
</configuration>
</plugin>
<plugin>
<groupId>org.wildfly.plugins</groupId>
<artifactId>wildfly-maven-plugin</artifactId>
<configuration>
<skip>false</skip>
</configuration>
</plugin>
</plugins>
</build>
</project>
7 years, 4 months
Keycloak admin client API connection timeout
by Haim Vana
Hi,
We are using keycloak admin client API for various user management operations - most are create and update user and password.
In the Keycloak getInstance method we can't specify the connection pool size or timeout - see below, can you please advise what is the connection default timeout ?
And is there any way to change it (pool size or timeout) ?
public static Keycloak getInstance(String serverUrl, String realm, String username, String password, String clientId) {
return new Keycloak(serverUrl, realm, username, password, clientId, (String)null, "password", (ResteasyClient)null);
}
Keycloak(String serverUrl, String realm, String username, String password, String clientId, String clientSecret, String grantType, ResteasyClient resteasyClient) {
this.config = new Config(serverUrl, realm, username, password, clientId, clientSecret, grantType);
this.client = resteasyClient != null?resteasyClient:(new ResteasyClientBuilder()).connectionPoolSize(10).build();
this.tokenManager = new TokenManager(this.config, this.client);
this.target = this.client.target(this.config.getServerUrl());
this.target.register(new BearerAuthFilter(this.tokenManager));
}
Thanks,
Haim.
The information contained in this message is proprietary to the sender, protected from disclosure, and may be privileged. The information is intended to be conveyed only to the designated recipient(s) of the message. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, use, distribution or copying of this communication is strictly prohibited and may be unlawful. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank you.
7 years, 4 months