Dependency injection issues using keycloak.js adapter with AngularJs
by Dejan B
Hello,
we encountered a worrisome error while developing a SPA with Angular
1.5.3 and Keycloak 1.9.1 for authentication.
If we run the application with strict dependency injection,
bootstraping will fail with the following error:
Error: [$injector:modulerr] Failed to instantiate module zis due to:
[$injector:strictdi] routerConfig is not using explicit annotation and
cannot be invoked in strict mode
http://errors.angularjs.org/1.5.4/$injector/strictdi?p0=routerConfig
minErr/<@http://localhost:3000/bower_components/angular/angular.js:68:12
annotate@http://localhost:3000/bower_components/angular/angular.js:3903:1
injectionArgs@http://localhost:3000/bower_components/angular/angular.js:4626:21
invoke@http://localhost:3000/bower_components/angular/angular.js:4657:18
runInvokeQueue@http://localhost:3000/bower_components/angular/angular.js:4558:11
loadModules/<@http://localhost:3000/bower_components/angular/angular.js:4567:11
forEach@http://localhost:3000/bower_components/angular/angular.js:322:11
loadModules@http://localhost:3000/bower_components/angular/angular.js:4548:5
createInjector@http://localhost:3000/bower_components/angular/angular.js:4470:19
bootstrap/doBootstrap@http://localhost:3000/bower_components/angular/angular.js:1746:20
bootstrap@http://localhost:3000/bower_components/angular/angular.js:1767:1
zisStartup/<@http://localhost:3000/app/index.run.js:110:9
createPromise/p.setSuccess@http://localhost:3000/bower_components/keycloak/dist/keycloak.js:714:25
Keycloak/kc.init/<@http://localhost:3000/bower_components/keycloak/dist/keycloak.js:96:17
createPromise/p.setSuccess@http://localhost:3000/bower_components/keycloak/dist/keycloak.js:714:25
authSuccess@http://localhost:3000/bower_components/keycloak/dist/keycloak.js:518:36
processCallback/req.onreadystatechange@http://localhost:3000/bower_components/keycloak/dist/keycloak.js:490:29
Without strict DI, the application runs fine, but the issue occurs
every time we try to run minified code.
How could we solve this problem?
Cheers, Dejan
8 years, 8 months
Redirect URI accepted during "LOGIN" phase but rejected during "CODE_TO_TOKEN" phase
by Bartosz Andrzejczak
After upgrading to version 1.9.1 we’ve started to get rejections from keycloak.js while getting token based on code.
If we enter base url (http://example.com <http://example.com/>) then the app works fine, login is successful and token is retrieved.
Unfortunately when entering this child page (https://example.com/?redirect_fragment=/asset-library/card-view/ <https://example.com/?redirect_fragment=/asset-library/card-view/> - it is sent from javascript with redirect_fragment encoded, but in keycloak logs it’s visible with this fragment decoded) we get error 400 while getting token after succesful login and obtaining the code. The precise response is:
{"error_description":"Incorrect redirect_uri","error":"invalid_grant”}
Why is that? In valid redirects uri in keycloak we have (just in case):
- https://example.com <https://example.com/>*
- https://example.com <https://example.com/>/*
- https://example.com/?redirect_fragment=/asset-library/card-view/ <https://example.com/?redirect_fragment=/asset-library/card-view/>
- https://example.com/?redirect_fragment=%2Fasset-library%2Fcard-view%2F <https://example.com/?redirect_fragment=/asset-library/card-view/>
- http://example.com <http://example.com/>*
- http://example.com <http://example.com/>/*
- http://example.com/?redirect_fragment=/asset-library/card-view/ <http://example.com/?redirect_fragment=/asset-library/card-view/>
- http://example.com/?redirect_fragment=%2Fasset-library%2Fcard-view%2F <http://example.com/?redirect_fragment=/asset-library/card-view/>
Here are the logs of succesful log in with redirect URI beeing http://example.com <http://example.com/> :
11:38:47,934 DEBUG [org.jboss.jca.core.connectionmanager.pool.validator.ConnectionValidator] (ConnectionValidator) Notifying pools, interval: 30000
11:38:47,935 DEBUG [org.jboss.jca.core.connectionmanager.pool.strategy.OnePool] (ConnectionValidator) Checking for connection within frequency
11:38:47,936 DEBUG [org.jboss.jca.core.connectionmanager.pool.strategy.OnePool] (ConnectionValidator) Returning for connection within frequency
11:38:47,937 DEBUG [org.jboss.jca.core.connectionmanager.pool.strategy.OnePool] (ConnectionValidator) Checking for connection within frequency
11:38:47,938 DEBUG [org.jboss.jca.core.connectionmanager.pool.strategy.OnePool] (ConnectionValidator) Returning for connection within frequency
11:38:47,938 DEBUG [org.jboss.jca.core.connectionmanager.pool.strategy.OnePool] (ConnectionValidator) Checking for connection within frequency
11:38:49,335 DEBUG [org.springframework.boot.context.web.OrderedRequestContextFilter] (default task-14) Bound request context to thread: HttpServletRequestImpl [ GET /auth/realms/xxxxxx/protocol/openid-connect/auth ]
11:38:49,336 DEBUG [org.jboss.resteasy.resteasy_jaxrs.i18n] (default task-14) RESTEASY002315: PathInfo: /realms/xxxxxx/protocol/openid-connect/auth
11:38:49,348 DEBUG [org.keycloak.services] (default task-14) AUTHENTICATE
11:38:49,357 DEBUG [org.keycloak.services] (default task-14) AUTHENTICATE ONLY
11:38:49,358 DEBUG [org.keycloak.services] (default task-14) processFlow
11:38:49,358 DEBUG [org.keycloak.services] (default task-14) check execution: auth-cookie requirement: ALTERNATIVE
11:38:49,358 DEBUG [org.keycloak.services] (default task-14) authenticator: auth-cookie
11:38:49,359 DEBUG [org.keycloak.services] (default task-14) invoke authenticator.authenticate
11:38:49,360 DEBUG [org.keycloak.services] (default task-14) token active - active: true, issued-at: 1,461,152,319, not-before: 0
11:38:49,361 DEBUG [org.keycloak.services] (default task-14) authenticator SUCCESS: auth-cookie
11:38:49,361 DEBUG [org.keycloak.services] (default task-14) check execution: auth-spnego requirement: DISABLED
11:38:49,361 DEBUG [org.keycloak.services] (default task-14) execution is processed
11:38:49,362 DEBUG [org.keycloak.services] (default task-14) check execution: null requirement: ALTERNATIVE
11:38:49,362 DEBUG [org.keycloak.services] (default task-14) Skip alternative execution
11:38:49,362 DEBUG [org.keycloak.services] (default task-14) Using full scope for client
11:38:49,363 DEBUG [org.keycloak.events] (default task-14) type=LOGIN, realmId=xxxxxx, clientId=api, userId=64e2ec92-a6ee-4705-a8b3-adebe9c3c816, ipAddress=172.17.0.1, auth_method=openid-connect, auth_type=code, response_type=code, redirect_uri=https://example.com/ <https://example.com/>, consent=no_consent_required, code_id=1e564327-4775-4cbc-8e15-c3b553bc7585, response_mode=fragment, username=xxxxxx
11:38:49,384 DEBUG [org.keycloak.services] (default task-14) Create login cookie - name: KEYCLOAK_IDENTITY, path: /auth/realms/xxxxxx, max-age: -1
11:38:49,385 DEBUG [org.keycloak.services] (default task-14) redirectAccessCode: state: 0ecc910f-b0d2-4b9f-80ae-105c2dc28644
11:38:49,387 DEBUG [org.springframework.boot.context.web.OrderedRequestContextFilter] (default task-14) Cleared thread-bound request context: HttpServletRequestImpl [ GET /auth/realms/xxxxxx/protocol/openid-connect/auth ]
11:38:50,139 DEBUG [org.springframework.boot.context.web.OrderedRequestContextFilter] (default task-6) Bound request context to thread: HttpServletRequestImpl [ POST /auth/realms/xxxxxx/protocol/openid-connect/token ]
11:38:50,140 DEBUG [org.jboss.resteasy.resteasy_jaxrs.i18n] (default task-6) RESTEASY002315: PathInfo: /realms/xxxxxx/protocol/openid-connect/token
11:38:50,147 DEBUG [org.keycloak.services] (default task-6) AUTHENTICATE CLIENT
11:38:50,148 DEBUG [org.keycloak.services] (default task-6) client authenticator: client-secret
11:38:50,148 DEBUG [org.keycloak.services] (default task-6) client authenticator SUCCESS: client-secret
11:38:50,149 DEBUG [org.keycloak.services] (default task-6) Client api authenticated by client-secret
11:38:50,178 DEBUG [org.keycloak.events] (default task-6) type=CODE_TO_TOKEN, realmId=xxxxxx, clientId=api, userId=64e2ec92-a6ee-4705-a8b3-adebe9c3c816, ipAddress=172.17.0.1, token_id=dd46b7cd-6233-4881-8fe1-96e4ed087b37, grant_type=authorization_code, refresh_token_type=Refresh, refresh_token_id=0751e640-397d-45d7-a799-485a0573f20a, code_id=1e564327-4775-4cbc-8e15-c3b553bc7585, client_auth_method=client-secret
11:38:50,182 DEBUG [org.springframework.boot.context.web.OrderedRequestContextFilter] (default task-6) Cleared thread-bound request context: HttpServletRequestImpl [ POST /auth/realms/xxxxxx/protocol/openid-connect/token ]
11:38:50,353 DEBUG [org.springframework.boot.context.web.OrderedRequestContextFilter] (default task-10) Bound request context to thread: HttpServletRequestImpl [ GET /auth/realms/xxxxxx/protocol/openid-connect/userinfo ]
11:38:50,354 DEBUG [org.jboss.resteasy.resteasy_jaxrs.i18n] (default task-10) RESTEASY002315: PathInfo: /realms/xxxxxx/protocol/openid-connect/userinfo
11:38:50,356 DEBUG [org.keycloak.events] (default task-10) type=USER_INFO_REQUEST, realmId=xxxxxx, clientId=api, userId=64e2ec92-a6ee-4705-a8b3-adebe9c3c816, ipAddress=172.17.0.1, auth_method=validate_access_token, username=xxxxxx
11:38:50,358 DEBUG [org.springframework.boot.context.web.OrderedRequestContextFilter] (default task-10) Cleared thread-bound request context: HttpServletRequestImpl [ GET /auth/realms/xxxxxx/protocol/openid-connect/userinfo ]
And here are the logs of failed login with redirect URI being https://example.com/?redirect_fragment=/asset-library/card-view/ <https://example.com/?redirect_fragment=/asset-library/card-view/>:
11:37:15,360 DEBUG [org.springframework.boot.context.web.OrderedRequestContextFilter] (default task-7) Bound request context to thread: HttpServletRequestImpl [ GET /auth/realms/xxxxxx/protocol/openid-connect/auth ]
11:37:15,361 DEBUG [org.jboss.resteasy.resteasy_jaxrs.i18n] (default task-7) RESTEASY002315: PathInfo: /realms/xxxxxx/protocol/openid-connect/auth
11:37:15,366 DEBUG [org.keycloak.services] (default task-7) AUTHENTICATE
11:37:15,367 DEBUG [org.keycloak.services] (default task-7) AUTHENTICATE ONLY
11:37:15,367 DEBUG [org.keycloak.services] (default task-7) processFlow
11:37:15,368 DEBUG [org.keycloak.services] (default task-7) check execution: auth-cookie requirement: ALTERNATIVE
11:37:15,368 DEBUG [org.keycloak.services] (default task-7) authenticator: auth-cookie
11:37:15,369 DEBUG [org.keycloak.services] (default task-7) invoke authenticator.authenticate
11:37:15,371 DEBUG [org.keycloak.services] (default task-7) token active - active: true, issued-at: 1,461,152,203, not-before: 0
11:37:15,373 DEBUG [org.keycloak.services] (default task-7) authenticator SUCCESS: auth-cookie
11:37:15,374 DEBUG [org.keycloak.services] (default task-7) check execution: auth-spnego requirement: DISABLED
11:37:15,374 DEBUG [org.keycloak.services] (default task-7) execution is processed
11:37:15,375 DEBUG [org.keycloak.services] (default task-7) check execution: null requirement: ALTERNATIVE
11:37:15,375 DEBUG [org.keycloak.services] (default task-7) Skip alternative execution
11:37:15,376 DEBUG [org.keycloak.services] (default task-7) Using full scope for client
11:37:15,377 DEBUG [org.keycloak.events] (default task-7) type=LOGIN, realmId=xxxxxx, clientId=api, userId=64e2ec92-a6ee-4705-a8b3-adebe9c3c816, ipAddress=172.17.0.1, auth_method=openid-connect, auth_type=code, response_type=code, redirect_uri=https://example.com/?redirect_fragment=/asset-library/card-v... <https://example.com/?redirect_fragment=/asset-library/card-view/>, consent=no_consent_required, code_id=a47d3089-699e-4bc5-811c-e4a45655994a, response_mode=fragment, username=xxxxxx
11:37:15,397 DEBUG [org.keycloak.services] (default task-7) Create login cookie - name: KEYCLOAK_IDENTITY, path: /auth/realms/xxxxxx, max-age: -1
11:37:15,398 DEBUG [org.keycloak.services] (default task-7) redirectAccessCode: state: 0e2f72bc-14a4-46f8-8169-c55c85a50830
11:37:15,398 DEBUG [org.springframework.boot.context.web.OrderedRequestContextFilter] (default task-7) Cleared thread-bound request context: HttpServletRequestImpl [ GET /auth/realms/xxxxxx/protocol/openid-connect/auth ]
11:37:16,148 DEBUG [org.springframework.boot.context.web.OrderedRequestContextFilter] (default task-13) Bound request context to thread: HttpServletRequestImpl [ POST /auth/realms/xxxxxx/protocol/openid-connect/token ]
11:37:16,148 DEBUG [org.jboss.resteasy.resteasy_jaxrs.i18n] (default task-13) RESTEASY002315: PathInfo: /realms/xxxxxx/protocol/openid-connect/token
11:37:16,150 DEBUG [org.keycloak.services] (default task-13) AUTHENTICATE CLIENT
11:37:16,150 DEBUG [org.keycloak.services] (default task-13) client authenticator: client-secret
11:37:16,151 DEBUG [org.keycloak.services] (default task-13) client authenticator SUCCESS: client-secret
11:37:16,151 DEBUG [org.keycloak.services] (default task-13) Client api authenticated by client-secret
11:37:16,151 WARN [org.keycloak.events] (default task-13) type=CODE_TO_TOKEN_ERROR, realmId=xxxxxx, clientId=api, userId=64e2ec92-a6ee-4705-a8b3-adebe9c3c816, ipAddress=172.17.0.1, error=invalid_code, grant_type=authorization_code, code_id=a47d3089-699e-4bc5-811c-e4a45655994a, client_auth_method=client-secret
11:37:16,153 DEBUG [org.springframework.boot.context.web.OrderedRequestContextFilter] (default task-13) Cleared thread-bound request context: HttpServletRequestImpl [ POST /auth/realms/xxxxxx/protocol/openid-connect/token ]
11:37:17,928 DEBUG [org.jboss.jca.core.connectionmanager.pool.validator.ConnectionValidator] (ConnectionValidator) Notifying pools, interval: 30000
11:37:17,928 DEBUG [org.jboss.jca.core.connectionmanager.pool.strategy.OnePool] (ConnectionValidator) Checking for connection within frequency
8 years, 8 months
Token Validation Endpoint
by Brian Watson
Hi all,
I have a question regarding token validation.
I have an access token, and I want to make sure it's still valid. In other
words, I need to ensure that either (a) the user hasn't logged out, or (b)
someone hasn't invalidated the session to which the token is associated.
The use case is an integration with an API gateway, in which the API
gateway ensures the validity of a token with Keycloak before passing it to
downstream services.
Is there an endpoint I can call with a token that will tell me if the token
is still valid? Is there another way I should be performing this check?
Thank you.
8 years, 8 months
Unexpected behaviour of infinispan local cache in KC 1.9.2
by Vlcko Rastislav
Hi,
I have the following problem. I am struggling with the configuration of the
infinispan local cache. Especially with the configuration of "max-entries".
In the previous version of Keycloak (1.7.0), the "max-entries" was doing
exactly what I have expected - it was not possible to enter more entries
than max-entries value. On the other hand, in the Keycloak 1.9.2 it seems
that it is possible. At least with the configuration I have in the
standalone.xml
<cache-container name="myCacheContainer">
<local-cache name="myCache">
<eviction strategy="LRU" max-entries="2"/>
<expiration lifespan="600000"/>
</local-cache>
</cache-container>
My testing scenario is following: I have deployed my application to the
Wildfly where the KC is running. In my app I was accessing instance of
MyCache to add value to the cache using some REST endpoint. Then I was using
another REST endpoint to display the content of MyCache. In the previous
version of KC, I was able to add exactly 2 entries. Adding third one caused
the first one to be replaced. In KC 1.9.2, the number of entries keeps
growing like if there is no limit for it.
The way I am using the cache in code is pretty standard. Here is MyCache
class:
@ManagedBean
@Singleton
@Named("myCache")
public class MyCache implements IMyCache<String, String> {
@Resource(lookup = "java:jboss/infinispan/container/myCacheContainer")
protected EmbeddedCacheManager container;
private Cache<String, String> cache;
@PostConstruct
@Override
public void init() {
this.cache = container.getCache("myCache");
}
...
}
MyCache class is then injected to the class with REST resources where it is
a part of some business logic.
I would appreciate any suggestions or hints how to fix this.
Thanks.
8 years, 8 months
Import users and groups in existing realm?
by Guus der Kinderen
Hi,
Is there a way where I can use the JSON-based import (or any other import
that can be executed before Keycloak is accessible to users) to import
users and groups into an existing realm?
The relevant bits of the manual appear to be here:
https://keycloak.github.io/docs/userguide/keycloak-server/html/export-imp...
I don't want to overwrite pre-existing realm configuration, other then the
groups and users. So for, neither the 'IGNORE_EXISTING' nor the
'OVERWRITE_EXISTING' strategy appear to have the desired effect: one skips
importing data completely (as the realm already exists), the other causes
the entire realm to be replaced.
Regards,
Guus
8 years, 8 months
Keycloak login/logout on Android
by Emanuel Couto
Hello.
I'm trying to login and logout to KeyCloak through an Android application.
So far I was able to login using AeroGear Authz. What happens is that a web
view is created every time login is required. However I don't understand
how logout works. In the documentation it states that you should point to
'auth/realms/.../logout'. How does it figure out which client am I? Through
a session or maybe cookies?
The other question is how would customer-portal and product-portal be
implemented in android, theoretically?
8 years, 8 months
Google as identity provider
by Martijn Claus
Hello,
I've got a question regarding the identity provider google (and maybe others). We are building a multi-tenant saas environment where the tenants are dynamically added (which I think is a valid usecase). We use the keycloak admin api to create a realm per tenant. We want to use (amongst others) the google identity provider. For this you need to set up the callback url in the google api client. The problem is that the callback url is different for each realm and Google does not allow wildcards in redirect urls.
The redirect url format now:
http://ourserver:8080/auth/realms/{realm}/broker/google/endpoint<http://ourserver:8080/auth/realms/%7brealm%7d/broker/google/endpoint>
I don't want to dynamically add redirect urls to the google api account. Google has a solution for this, the client (ie KeyCloak) should use the "state" queryparameter to add the realm. But this is a change Keycloak needs to make imo.
Someone with a related problem (not with keycloak)
http://stackoverflow.com/questions/13652062/subdomain-in-google-console-r...
Any thoughts on this problem?
PS: I can imagine this holds also true for other identity providers, but Google was the first I tried.
8 years, 8 months
[keycloak-overlay-1.9.2.Final] Issue with deployment keycloak-server.war in domain mode
by Andrej Prievalsky
Hi all,
in my machine setup:
two nodes: 1st node with domain controller (DC) and 2nd node with host
controller.
Here is part of log with ERROR (the whole log is attached):
*...*
*...*
*2016-04-20 09:36:37,566 INFO [org.jboss.ws.common.management] (MSC
service thread 1-1) JBWS022052: Starting JBossWS 5.1.3.Final (Apache CXF
3.1.4)*
*2016-04-20 09:36:37,798 INFO
[org.infinispan.factories.GlobalComponentRegistry] (MSC service thread 1-1)
ISPN000128: Infinispan version: Infinispan 'Mahou' 8.1.0.Final*
*2016-04-20 09:36:38,136 INFO [org.jboss.as.server.deployment] (MSC
service thread 1-1) WFLYSRV0027: Starting deployment of
"keycloak-server.war" (runtime-name: "keycloak-server.war")*
*2016-04-20 09:36:41,275 INFO
[org.jboss.as.connector.subsystems.datasources] (MSC service thread 1-2)
WFLYJCA0001: Bound data source [java:jboss/datasources/KeycloakDS]*
*2016-04-20 09:36:51,054 INFO
[org.infinispan.remoting.transport.jgroups.JGroupsTransport] (MSC service
thread 1-1) ISPN000078: Starting JGroups channel keycloak*
*2016-04-20 09:36:51,258 INFO
[org.infinispan.remoting.transport.jgroups.JGroupsTransport] (MSC service
thread 1-1) ISPN000094: Received new cluster view for channel keycloak:
[ci-security:idm-server-ci-security|0] (1)
[ci-security:idm-server-ci-security]*
*2016-04-20 09:36:51,325 INFO
[org.infinispan.remoting.transport.jgroups.JGroupsTransport] (MSC service
thread 1-1) ISPN000079: Channel keycloak local address is
ci-security:idm-server-ci-security, physical addresses are
[172.31.32.153:7800 <http://172.31.32.153:7800>]*
*2016-04-20 09:36:53,731 INFO [org.jboss.as.clustering.infinispan]
(ServerService Thread Pool -- 66) WFLYCLINF0002: Started realmVersions
cache from keycloak container*
*2016-04-20 09:36:54,250 INFO [org.jboss.as.clustering.infinispan]
(ServerService Thread Pool -- 62) WFLYCLINF0002: Started work cache from
keycloak container*
*2016-04-20 09:36:53,922 INFO [org.jboss.as.clustering.infinispan]
(ServerService Thread Pool -- 68) WFLYCLINF0002: Started users cache from
keycloak container*
*2016-04-20 09:36:54,591 INFO [org.jboss.as.clustering.infinispan]
(ServerService Thread Pool -- 63) WFLYCLINF0002: Started offlineSessions
cache from keycloak container*
*2016-04-20 09:36:54,791 INFO [org.jboss.as.clustering.infinispan]
(ServerService Thread Pool -- 64) WFLYCLINF0002: Started realms cache from
keycloak container*
*2016-04-20 09:36:54,952 INFO [org.jboss.as.clustering.infinispan]
(ServerService Thread Pool -- 67) WFLYCLINF0002: Started loginFailures
cache from keycloak container*
*2016-04-20 09:36:54,966 INFO [org.jboss.as.clustering.infinispan]
(ServerService Thread Pool -- 65) WFLYCLINF0002: Started sessions cache
from keycloak container*
*2016-04-20 09:37:05,645 ERROR [org.jboss.msc.service.fail] (ServerService
Thread Pool -- 65) MSC000001: Failed to start service
jboss.undertow.deployment.default-server.default-host./auth:
org.jboss.msc.service.StartException in service
jboss.undertow.deployment.default-server.default-host./auth:
java.lang.RuntimeException: RESTEASY003325: Failed to construct public
org.keycloak.services.resources.KeycloakApplication(javax.servlet.ServletContext,org.jboss.resteasy.core.Dispatcher)*
* at
org.wildfly.extension.undertow.deployment.UndertowDeploymentService$1.run(UndertowDeploymentService.java:85)*
* at
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
[rt.jar:1.8.0_45]*
* at java.util.concurrent.FutureTask.run(FutureTask.java:266)
[rt.jar:1.8.0_45]*
* at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
[rt.jar:1.8.0_45]*
* at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
[rt.jar:1.8.0_45]*
* at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_45]*
* at org.jboss.threads.JBossThread.run(JBossThread.java:320)
[jboss-threads-2.2.1.Final.jar:2.2.1.Final]*
*Caused by: java.lang.RuntimeException: RESTEASY003325: Failed to construct
public
org.keycloak.services.resources.KeycloakApplication(javax.servlet.ServletContext,org.jboss.resteasy.core.Dispatcher)*
* at
org.jboss.resteasy.core.ConstructorInjectorImpl.construct(ConstructorInjectorImpl.java:162)*
* at
org.jboss.resteasy.spi.ResteasyProviderFactory.createProviderInstance(ResteasyProviderFactory.java:2209)*
* at
org.jboss.resteasy.spi.ResteasyDeployment.createApplication(ResteasyDeployment.java:299)*
* at
org.jboss.resteasy.spi.ResteasyDeployment.start(ResteasyDeployment.java:240)*
* at
org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.init(ServletContainerDispatcher.java:113)*
* at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.init(HttpServletDispatcher.java:36)*
* at
io.undertow.servlet.core.LifecyleInterceptorInvocation.proceed(LifecyleInterceptorInvocation.java:117)*
* at
org.wildfly.extension.undertow.security.RunAsLifecycleInterceptor.init(RunAsLifecycleInterceptor.java:78)*
* at
io.undertow.servlet.core.LifecyleInterceptorInvocation.proceed(LifecyleInterceptorInvocation.java:103)*
* at
io.undertow.servlet.core.ManagedServlet$DefaultInstanceStrategy.start(ManagedServlet.java:231)*
* at
io.undertow.servlet.core.ManagedServlet.createServlet(ManagedServlet.java:132)*
* at
io.undertow.servlet.core.DeploymentManagerImpl.start(DeploymentManagerImpl.java:526)*
* at
org.wildfly.extension.undertow.deployment.UndertowDeploymentService.startContext(UndertowDeploymentService.java:101)*
* at
org.wildfly.extension.undertow.deployment.UndertowDeploymentService$1.run(UndertowDeploymentService.java:82)*
* ... 6 more*
*Caused by: java.lang.RuntimeException:
org.jboss.modules.ModuleNotFoundException:
org.keycloak.keycloak-model-api:main*
* at
org.keycloak.provider.wildfly.ModuleProviderLoaderFactory.create(ModuleProviderLoaderFactory.java:44)*
* at
org.keycloak.provider.ProviderManager.<init>(ProviderManager.java:56)*
* at
org.keycloak.services.DefaultKeycloakSessionFactory.init(DefaultKeycloakSessionFactory.java:71)*
* at
org.keycloak.services.resources.KeycloakApplication.createSessionFactory(KeycloakApplication.java:225)*
* at
org.keycloak.services.resources.KeycloakApplication.<init>(KeycloakApplication.java:77)*
* at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native
Method) [rt.jar:1.8.0_45]*
* at
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
[rt.jar:1.8.0_45]*
* at
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
[rt.jar:1.8.0_45]*
* at java.lang.reflect.Constructor.newInstance(Constructor.java:422)
[rt.jar:1.8.0_45]*
* at
org.jboss.resteasy.core.ConstructorInjectorImpl.construct(ConstructorInjectorImpl.java:150)*
* ... 19 more*
*Caused by: org.jboss.modules.ModuleNotFoundException:
org.keycloak.keycloak-model-api:main*
* at org.jboss.modules.Module.addPaths(Module.java:1092)
[jboss-modules.jar:1.5.1.Final]*
* at org.jboss.modules.Module.link(Module.java:1448)
[jboss-modules.jar:1.5.1.Final]*
* at org.jboss.modules.Module.relinkIfNecessary(Module.java:1476)
[jboss-modules.jar:1.5.1.Final]*
* at
org.jboss.modules.ModuleLoader.loadModule(ModuleLoader.java:225)
[jboss-modules.jar:1.5.1.Final]*
* at
org.keycloak.provider.wildfly.ModuleProviderLoaderFactory.create(ModuleProviderLoaderFactory.java:40)*
* ... 28 more*
*2016-04-20 09:37:05,900 ERROR
[org.jboss.as.controller.management-operation] (Controller Boot Thread)
WFLYCTL0013: Operation ("add") failed - address: ([("deployment" =>
"keycloak-server.war")]) - failure description: {"WFLYCTL0080: Failed
services" => {"jboss.undertow.deployment.default-server.default-host./auth"
=> "org.jboss.msc.service.StartException in service
jboss.undertow.deployment.default-server.default-host./auth:
java.lang.RuntimeException: RESTEASY003325: Failed to construct public
org.keycloak.services.resources.KeycloakApplication(javax.servlet.ServletContext,org.jboss.resteasy.core.Dispatcher)*
* Caused by: java.lang.RuntimeException: RESTEASY003325: Failed to
construct public
org.keycloak.services.resources.KeycloakApplication(javax.servlet.ServletContext,org.jboss.resteasy.core.Dispatcher)*
* Caused by: java.lang.RuntimeException:
org.jboss.modules.ModuleNotFoundException:
org.keycloak.keycloak-model-api:main*
* Caused by: org.jboss.modules.ModuleNotFoundException:
org.keycloak.keycloak-model-api:main"}}*
*2016-04-20 09:37:06,339 INFO [org.jboss.as.server] (ServerService Thread
Pool -- 59) WFLYSRV0010: Deployed "keycloak-server.war" (runtime-name :
"keycloak-server.war")*
*2016-04-20 09:37:06,618 INFO [org.jboss.as.controller] (Controller Boot
Thread) WFLYCTL0183: Service status report*
*WFLYCTL0186: Services which failed to start: service
jboss.undertow.deployment.default-server.default-host./auth:
org.jboss.msc.service.StartException in service
jboss.undertow.deployment.default-server.default-host./auth:
java.lang.RuntimeException: RESTEASY003325: Failed to construct public
org.keycloak.services.resources.KeycloakApplication(javax.servlet.ServletContext,org.jboss.resteasy.core.Dispatcher)*
*2016-04-20 09:37:07,917 ERROR [org.jboss.as <http://org.jboss.as>]
(Controller Boot Thread) WFLYSRV0026: WildFly Full 10.0.0.Final (WildFly
Core 2.0.10.Final) started (with errors) in 67571ms - Started 481 of 952
services (2 services failed or missing dependencies, 686 services are lazy,
passive or on-demand)*
8 years, 8 months
Keycloak - Spring-Security-adapter: Call method after authentication
by Daniele Capasso Barbato
I develop a rest based api application with spring security and
keycloak. I'd like to execute custom code when users are log in in to my
application in any rest controller, I try with my filter putting in the
last position of filter chain, but the KeycloakPrincipal in the request
is null (seems that Keycloak value was set after that)
How can I execute custom code when users are login in the right way?
Thanx
8 years, 8 months
Question re app timeout
by Richard Lavallee
Does anyone know the answer to this?
I want to setup up a Keycloak SSO for, say, five apps: only one of which is required (by U.S. State Law) to become logged out upon ten inactive minutes timeout. How can I achieve this in Keycloak?
So for example: user signs in to Keycloak and begins working in APP1 then switches to APP2 and stays there for more than ten minutes. User re-visits APP1 which has been idle for more than ten minutes. By law he needs to re-authenticate to APP1 even though he remains already authenticated in Keycloak. How to force re-authentication for at least APP1?
-Richard
8 years, 8 months
