Attempting to build authenticator example and failing.
by Reed Lewis
I downloaded Keycloak version 2.5.1 example file. Extracted it onto a CentOS 7 machine, and installed Java-1.8.0 and java-devel.
When I attempted to use the example file: /examples/providers/authenticator
By typing: mvn clean install wildfly:deploy
I got the following error on the terminal where I was executing mvn:
ERROR] Failed to execute goal org.wildfly.plugins:wildfly-maven-plugin:1.1.0.Beta1:deploy (default-cli) on project authenticator-required-action-example: Failed to execute goal deploy: {"WFLYCTL0062: Composite operation failed and was rolled back. Steps that failed:" => {"Operation step-1" => {"WFLYCTL0080: Failed services" => {"jboss.deployment.unit.\"authenticator-required-action-example.jar\".POST_MODULE" => "org.jboss.msc.service.StartException in service jboss.deployment.unit.\"authenticator-required-action-example.jar\".POST_MODULE: WFLYSRV0153: Failed to process phase POST_MODULE of deployment \"authenticator-required-action-example.jar\"
[ERROR] Caused by: java.lang.NoClassDefFoundError: Failed to link org/keycloak/examples/authenticator/SecretQuestionAuthenticatorFactory (Module \"deployment.authenticator-required-action-example.jar:main\" from Service Module Loader): org/keycloak/authentication/AuthenticatorFactory"}}}}
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException
[root@localhost authenticator]# pwd
/root/keycloak-demo-2.5.1.Final/examples/providers/authenticator
Thank you,
Reed Lewis
This was what was displayed on the Keycloak server.
12:06:20,685 INFO [org.jboss.as.server.deployment] (MSC service thread 1-1) WFLYSRV0027: Starting deployment of "authenticator-required-action-example.jar" (runtime-name: "authenticator-required-action-example.jar")
12:06:20,761 INFO [org.keycloak.subsystem.server.extension.KeycloakProviderDeploymentProcessor] (MSC service thread 1-4) Deploying Keycloak provider: {0}
12:06:20,767 WARN [org.jboss.modules] (MSC service thread 1-4) Failed to define class org.keycloak.examples.authenticator.SecretQuestionAuthenticatorFactory in Module "deployment.authenticator-required-action-example.jar:main" from Service Module Loader: java.lang.NoClassDefFoundError: Failed to link org/keycloak/examples/authenticator/SecretQuestionAuthenticatorFactory (Module "deployment.authenticator-required-action-example.jar:main" from Service Module Loader): org/keycloak/authentication/AuthenticatorFactory
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
at org.jboss.modules.ModuleClassLoader.defineClass(ModuleClassLoader.java:446)
at org.jboss.modules.ModuleClassLoader.loadClassLocal(ModuleClassLoader.java:274)
at org.jboss.modules.ModuleClassLoader$1.loadClassLocal(ModuleClassLoader.java:78)
at org.jboss.modules.Module.loadModuleClass(Module.java:605)
at org.jboss.modules.ModuleClassLoader.findClass(ModuleClassLoader.java:190)
at org.jboss.modules.ConcurrentClassLoader.performLoadClassUnchecked(ConcurrentClassLoader.java:363)
at org.jboss.modules.ConcurrentClassLoader.performLoadClass(ConcurrentClassLoader.java:351)
at org.jboss.modules.ConcurrentClassLoader.loadClass(ConcurrentClassLoader.java:93)
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:348)
at java.util.ServiceLoader$LazyIterator.nextService(ServiceLoader.java:370)
at java.util.ServiceLoader$LazyIterator.next(ServiceLoader.java:404)
at java.util.ServiceLoader$1.next(ServiceLoader.java:480)
at org.keycloak.provider.DefaultProviderLoader.load(DefaultProviderLoader.java:47)
at org.keycloak.provider.ProviderManager.load(ProviderManager.java:93)
at org.keycloak.services.DefaultKeycloakSessionFactory.loadFactories(DefaultKeycloakSessionFactory.java:206)
at org.keycloak.services.DefaultKeycloakSessionFactory.deploy(DefaultKeycloakSessionFactory.java:112)
at org.keycloak.provider.ProviderManagerRegistry.deploy(ProviderManagerRegistry.java:42)
at org.keycloak.subsystem.server.extension.KeycloakProviderDeploymentProcessor.deploy(KeycloakProviderDeploymentProcessor.java:54)
at org.jboss.as.server.deployment.DeploymentUnitPhaseService.start(DeploymentUnitPhaseService.java:147)
at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1948)
at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1881)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
12:06:20,768 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-4) MSC000001: Failed to start service jboss.deployment.unit."authenticator-required-action-example.jar".POST_MODULE: org.jboss.msc.service.StartException in service jboss.deployment.unit."authenticator-required-action-example.jar".POST_MODULE: WFLYSRV0153: Failed to process phase POST_MODULE of deployment "authenticator-required-action-example.jar"
at org.jboss.as.server.deployment.DeploymentUnitPhaseService.start(DeploymentUnitPhaseService.java:154)
at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1948)
at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1881)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.NoClassDefFoundError: Failed to link org/keycloak/examples/authenticator/SecretQuestionAuthenticatorFactory (Module "deployment.authenticator-required-action-example.jar:main" from Service Module Loader): org/keycloak/authentication/AuthenticatorFactory
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
at org.jboss.modules.ModuleClassLoader.defineClass(ModuleClassLoader.java:446)
at org.jboss.modules.ModuleClassLoader.loadClassLocal(ModuleClassLoader.java:274)
at org.jboss.modules.ModuleClassLoader$1.loadClassLocal(ModuleClassLoader.java:78)
at org.jboss.modules.Module.loadModuleClass(Module.java:605)
at org.jboss.modules.ModuleClassLoader.findClass(ModuleClassLoader.java:190)
at org.jboss.modules.ConcurrentClassLoader.performLoadClassUnchecked(ConcurrentClassLoader.java:363)
at org.jboss.modules.ConcurrentClassLoader.performLoadClass(ConcurrentClassLoader.java:351)
at org.jboss.modules.ConcurrentClassLoader.loadClass(ConcurrentClassLoader.java:93)
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:348)
at java.util.ServiceLoader$LazyIterator.nextService(ServiceLoader.java:370)
at java.util.ServiceLoader$LazyIterator.next(ServiceLoader.java:404)
at java.util.ServiceLoader$1.next(ServiceLoader.java:480)
at org.keycloak.provider.DefaultProviderLoader.load(DefaultProviderLoader.java:47)
at org.keycloak.provider.ProviderManager.load(ProviderManager.java:93)
at org.keycloak.services.DefaultKeycloakSessionFactory.loadFactories(DefaultKeycloakSessionFactory.java:206)
at org.keycloak.services.DefaultKeycloakSessionFactory.deploy(DefaultKeycloakSessionFactory.java:112)
at org.keycloak.provider.ProviderManagerRegistry.deploy(ProviderManagerRegistry.java:42)
at org.keycloak.subsystem.server.extension.KeycloakProviderDeploymentProcessor.deploy(KeycloakProviderDeploymentProcessor.java:54)
at org.jboss.as.server.deployment.DeploymentUnitPhaseService.start(DeploymentUnitPhaseService.java:147)
... 5 more
12:06:20,769 ERROR [org.jboss.as.controller.management-operation] (management-handler-thread - 4) WFLYCTL0013: Operation ("add") failed - address: ([("deployment" => "authenticator-required-action-example.jar")]) - failure description: {"WFLYCTL0080: Failed services" => {"jboss.deployment.unit.\"authenticator-required-action-example.jar\".POST_MODULE" => "org.jboss.msc.service.StartException in service jboss.deployment.unit.\"authenticator-required-action-example.jar\".POST_MODULE: WFLYSRV0153: Failed to process phase POST_MODULE of deployment \"authenticator-required-action-example.jar\"
Caused by: java.lang.NoClassDefFoundError: Failed to link org/keycloak/examples/authenticator/SecretQuestionAuthenticatorFactory (Module \"deployment.authenticator-required-action-example.jar:main\" from Service Module Loader): org/keycloak/authentication/AuthenticatorFactory"}}
12:06:20,769 ERROR [org.jboss.as.server] (management-handler-thread - 4) WFLYSRV0021: Deploy of deployment "authenticator-required-action-example.jar" was rolled back with the following failure message:
{"WFLYCTL0080: Failed services" => {"jboss.deployment.unit.\"authenticator-required-action-example.jar\".POST_MODULE" => "org.jboss.msc.service.StartException in service jboss.deployment.unit.\"authenticator-required-action-example.jar\".POST_MODULE: WFLYSRV0153: Failed to process phase POST_MODULE of deployment \"authenticator-required-action-example.jar\"
Caused by: java.lang.NoClassDefFoundError: Failed to link org/keycloak/examples/authenticator/SecretQuestionAuthenticatorFactory (Module \"deployment.authenticator-required-action-example.jar:main\" from Service Module Loader): org/keycloak/authentication/AuthenticatorFactory"}}
12:06:20,772 INFO [org.jboss.as.server.deployment] (MSC service thread 1-1) WFLYSRV0028: Stopped deployment authenticator-required-action-example.jar (runtime-name: authenticator-required-action-example.jar) in 2ms
12:06:20,773 INFO [org.jboss.as.controller] (management-handler-thread - 4) WFLYCTL0183: Service status report
WFLYCTL0186: Services which failed to start: service jboss.deployment.unit."authenticator-required-action-example.jar".POST_MODULE
7 years, 1 month
JavaScript client, iframe and IE
by Thomas Raehalme
Hi!
Has anyone encountered any problems with a JavaScript client running on
Internet Explorer?
It seems that IE applies some restrictions regarding <iframe /> and
cookies. Unless the Keycloak server in question returns a P3P header, IE
does not allow any cookies to be set by Keycloak inside the <iframe> on a
JavaScript client.
Here's Microsoft's blog post regarding the issue:
https://blogs.msdn.microsoft.com/ieinternals/2013/09/17/a-quick-look-at-p3p/
If I have understood correctly IE doesn't really care about the header's
value as long as it has been set. For example Google returns:
P3P: CP="This is not a P3P policy! See
https://www.google.com/support/accounts/answer/151657?hl=en for more info."
What do you think, should Wildfly in the Keycloak distribution add the P3P
header by default?
Best regards,
Thomas
7 years, 1 month
Keycloak Social Login
by Anunay Sinha
Hi
I am using keycloak as security layer and working towards enabling social
login.
Social login was working and I was able to integrate Facebook with just
configurations using the doicuments.
However I have a requirement where in I need to provide an API end points
for the same.
Our mobile devices will be communicating to facebook via the app and will
have the token from the facebook (Implicit Flow).
I will then be exchanging the token with keycloak for the keycloak access
token.
I have two questions
1. Is this approach correct, if not why
2. How can I achieve this. I was thinking of writing a custom authenticator
(Am not sure if thats the right approoach as I have to register user are
well if FB Access token user is not available with us (We can afford to
login user and with jsut emailID as we can onbaord new users later)
I am blocked because authenticator is not working with any build from 2.4.0
onwards
Let me know if my approach is correct and if so how to proceed about it.
7 years, 1 month
Anonymous access to scoped resources
by ebondu
Hi all,
I am using Keycloak filters to secure a spring REST API and I need to
provide an anonymous access to a subset of resources having a given scope
(like 'urn:scope:read:public'). To me, anonymous means a unauthenticated
user without access token.
I defined a dedicted security chain to bybass the authentication filter but
the authorization filter is expecting an access token to grant requests, so
I can't use it.
Do I need to implement my own filter only based on the protection API to
retrieve and check scopes of requested resources or is there a better way to
grant access to resources for anonymous users ?
Thanks.
--
View this message in context: http://keycloak-user.88327.x6.nabble.com/Anonymous-access-to-scoped-resou...
Sent from the keycloak-user mailing list archive at Nabble.com.
7 years, 1 month
Re: [keycloak-user] Additional attributes for an authorization request
by Ori Doolman
Hi Pedro Igor,
You wrote:
You can't pass additional attributes along with an authorization request.
However, that is something we want to support on future versions.
I have some questions about that:
1. Which future version will support that? Any plan for it at the moment?
2. Until it is supported, what would be the best practice recommendation to authorize resources such as account numbers?
For example: The REST API (resource) I want to protect in the resource server is /api/getAccountDetails/{accountNum}. How should I configure the policy/permissions/resources/scopes in the PDP and how should I utilize the PEP (I'm using Java adapter for JBOSS Fuse)?
Thank you,
Ori.
This message and the information contained herein is proprietary and confidential and subject to the Amdocs policy statement,
you may review at http://www.amdocs.com/email_disclaimer.asp
7 years, 1 month
Authorization: Javascript policy
by Ori Doolman
Hi,
How rich can the Javascript policy be?
Is it limited to only specific interface ($evaluation), or can I use any Javascript package/code I want ?
Specifically, I need to have a mapping table between a token claim (user attribute) to a list-of-IDs.
Can I query another server using HTTP request within a policy code?
Or can I query the user database from the policy code?
Or can I pre-load the mapping table into PDP memory and query it from policy code?
Thanks,
Ori.
This message and the information contained herein is proprietary and confidential and subject to the Amdocs policy statement,
you may review at http://www.amdocs.com/email_disclaimer.asp
7 years, 1 month
[HELP] Unable To Deploy Authenticator-Requirement-Action-Example
by Sagar Ahire
Hello,
In Keycloak 2.4.0 I tried to deploy authenticator requirement action
example (keycloak-2.4.0.Final/examples/providers/authenticator) using the
following command:
$ mvn clean install wildfly:deploy
Getting:
[ERROR] Failed to execute goal
org.wildfly.plugins:wildfly-maven-plugin:1.0.1.Final:deploy (default-cli)
on project authenticator-required-action-example: Deployment failed and was
rolled back. -> [Help 1]
-PFA for server log.
I also tried to copy authentication-requirement-action-example.jar into
standalone/deployment/providers directory but didn't work.
Can someone please help with this?
regards,
-Sagar
7 years, 1 month
Stack Overflow
by Stian Thorgersen
We're considering dropping the Keycloak user mailing list and moving to
Stack Overflow instead.
Thoughts?
7 years, 1 month
Keycloak onLoad option
by Andreea Ciuprina
Hello!
I am running into the following issue when using the Keycloak JavaScript adapter in order to connect our React frontend client with the Keycloak server.
The following code, where the onLoad option is set to "login-required" causes the webpage to refresh every 10 seconds, after logging in:
const SEC_UPDATE_TOKEN = 30;
const kc: Keycloak.KeycloakInstance = Keycloak("/keycloak.json");
kc.init({onLoad: "login-required"}).success((authenticated: boolean) => {
if (authenticated) {
kc.updateToken(SEC_UPDATE_TOKEN).success(() => {
loadData();
}).error(() => {
alert("Failed to refresh token");
});
}
else {
// show possibly other page here...
kc.login();
}
}).error(() => {
alert("failed to initialize");
});
If I replace the onLoad option to "check-sso", the problem dissapears.
Reading the documentation, i.e. this part:
login-required will authenticate the client if the
user is logged-in to Keycloak or display the login page if not. check-sso will only
authenticate the client if the user is already logged-in, if the user is not logged-in the browser
will be redirected back to the application and remain unauthenticated.
was not very clear for me, regarding to the behaviour that I am observing in my case.
Could you please explain me the difference between "login-required" and "check-sso" and why using one of them instead of the other in my case
causes the unwanted, constant page refresh?
Thank you!
Best regards,
Andreea
7 years, 1 month
