May 2017 - keycloak-user - Jboss List Archives

NullPointerException while adding userFederationMappers

by Nabeel Ahmed

Hi Everyone, I am using keycloak 2.4.0.Final and creating ldap user federation provider. Getting the following error when creating UserFederationMappers. 14:09:27,255 ERROR [io.undertow.request] (default task-11) UT005023: Exception handling request to /auth/admin/realms/DecisionSpace_Integration_Server/user-federation/instances/79a731e1-6d8d-499e-a62f-73cb38af72e2/mappers: org.jboss.resteasy.spi.UnhandledException: java.lang.NullPointerException at org.jboss.resteasy.core.ExceptionHandler.handleApplicationException(ExceptionHandler.java:76) at org.jboss.resteasy.core.ExceptionHandler.handleException(ExceptionHandler.java:212) at org.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:168) at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:411) at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:202) at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:221) at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56) at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51) at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85) at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129) at org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:90) at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60) at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84) at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131) at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46) at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64) at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60) at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77) at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50) at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:284) at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:263) at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81) at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:174) at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202) at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:793) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) Caused by: java.lang.NullPointerException at org.keycloak.services.resources.admin.UserFederationProviderResource.validateModel(UserFederationProviderResource.java:450) at org.keycloak.services.resources.admin.UserFederationProviderResource.addMapper(UserFederationProviderResource.java:321) at sun.reflect.GeneratedMethodAccessor789.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:139) at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:295) at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:249) at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:138) at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:107) at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:133) at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:107) at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:133) at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:107) at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:133) at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:101) at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:395) ... 37 more Regards, Nabeel Ahmed Cell # +92 333 540 5542

7 years, 7 months

4
8
0 / 0

REST API for creating user federation not working - Keycloak 2.5.5.Final

by ansarihaseb

I am trying to do a post request on the following URI: <mydomain.com>/auth/admin/realms/<realm-name>/user-federation/instances But I always get that the resource has not been found in my log. Also I cannot find a documentation regarding a REST API for creating a user federation in this link http://www.keycloak.org/docs-api/3.1/rest-api/index.html#_identity_provid... Can anyone please help out in this ? Regards, Haseb -- View this message in context: http://keycloak-user.88327.x6.nabble.com/REST-API-for-creating-user-feder... Sent from the keycloak-user mailing list archive at Nabble.com.

7 years, 7 months

2
1
0 / 0

Problem with npm run build for keycloak-admin-client

by Mehdi Sheikhalishahi

Hi i am facing this problem when ran `npm run build` static/js/main.5fbd0ab6.js from UglifyJs SyntaxError: Unexpected token: operator (>) [./~/keycloak-admin-client/lib/auth.js:15,0]

7 years, 7 months

2
1
0 / 0

patch for mod_auth_openidc apache module for keycloak oauth

by c p

Dear All, Just for sharing, have made the apache mod_auth_openidc module works with keycloak token introspection, just apply the below patch to src/oauth.c then set the OIDCOAuthIntrospectionEndpointParams token_type_hint=refresh_token. --- mod_auth_openidc/src/oauth.c 2017-05-15 16:20:48.698526596 +0800 +++ mod_auth_openidc_keycloak/src/oauth.c 2017-05-15 16:17:06.022631865 +0800 @@ -83,12 +83,19 @@ apr_table_addn(params, OIDC_PROTO_CLIENT_ID, c->oauth.client_id); apr_table_addn(params, OIDC_PROTO_CLIENT_SECRET, c->oauth.client_secret); + } else { basic_auth = apr_psprintf(r->pool, "%s:%s", c->oauth.client_id, c->oauth.client_secret); } + }else{ + if ((c->provider.client_id != NULL) && (c->provider.client_secret!=NULL)){ + basic_auth = apr_psprintf(r->pool, "%s:%s", c->provider.client_id, + c->provider.client_secret); } +} + /* call the endpoint with the constructed parameter set and return the resulting response */ return apr_strnatcmp(c->oauth.introspection_endpoint_method, OIDC_INTROSPECTION_METHOD_GET) == 0 ? Regards, Steven

7 years, 7 months

2
2
0 / 0

SAML Assertion signature validation and 3.2.0 release date

by Anders KK

Hey guys, Just wanna let you know that we really need validation of the SAML Assertion signature (rather than the signature of the entire SAML Response). Fortunately, this is taken care of in KEYCLOAK-3056 and will, apparently, be released in version 3.2.0 of keycloak. When do you expect *3.2.0.Final* to be released? Cheers, Anders -- View this message in context: http://keycloak-user.88327.x6.nabble.com/SAML-Assertion-signature-validat... Sent from the keycloak-user mailing list archive at Nabble.com.

7 years, 7 months

2
1
0 / 0

Rebalancing problem while adding a new node to a domain

by tina zarrin

hello please help me about this problem: We chخose to install domain mode keycloak in our company. We have a load balancer and three slave nodes. It's working properly with two active node but when we want to run the third node to connect to load balancer, load balancer don't rebalance with new node. It just say that node is regestered but it don't show these lines as we can see in other node connect process : [org.infinispan.CLUSTER] (remote-thread--p8-t45) ISPN000310: Starting cluster-wide rebalance for cache work, topology CacheTopology{id=3, rebalanceId=2, currentCH=ReplicatedConsistentHash{ns = 60, owners = (2)[master:server-one-master: 30, srvca61-site232:server-threeslave: 30]}, pendingCH=ReplicatedConsistentHash{ns = 60, owners = (3)[master:server-one-master: 20, srvca61- site232:server-threeslave: 20, srvca61-site231:server-twoslave: 20]}, unionCH=null, actualMembers=[master:server-one-master, srvca61-site232:server-threeslave, srvca61- site231:server-twoslave]} [org.infinispan.CLUSTER] (remote-thread--p8-t44) ISPN000310: Starting cluster-wide rebalance for cache loginFailures, topology CacheTopology{id=3, rebalanceId=2, currentCH=DefaultConsistentHash {ns=80, owners = (2)[master:server-one-master: 40+0, srvca61-site232:server-threeslave: 40+0]}, pendingCH=DefaultConsistentHash{ns=80, owners = (3)[master:server-one-master: 27+0, srvca61- site232:server-threeslave: 27+0, srvca61-site231:server-twoslave: 26+0]}, unionCH=null, actualMembers=[master:server-one-master, srvca61-site232:server-threeslave, srvca61- site231:server-twoslave]} [org.infinispan.CLUSTER] (remote-thread--p8-t42) ISPN000310: Starting cluster-wide rebalance for cache authorization, topology CacheTopology{id=3, rebalanceId=2, currentCH=DefaultConsistentHash {ns=80, owners = (2)[master:server-one-master: 40+0, srvca61-site232:server-threeslave: 40+0]}, pendingCH=DefaultConsistentHash{ns=80, owners = (3)[master:server-one-master: 27+0, srvca61- site232:server-threeslave: 27+0, srvca61-site231:server-twoslave: 26+0]}, unionCH=null, actualMembers=[master:server-one-master, srvca61-site232:server-threeslave, srvca61- site231:server-twoslave]} [org.infinispan.CLUSTER] (remote-thread--p8-t39) ISPN000310: Starting cluster-wide rebalance for cache sessions, topology CacheTopology{id=3, rebalanceId=2, currentCH=DefaultConsistentHash{ns=80, owners = (2)[master:server-one-master: 40+0, srvca61-site232:server-threeslave: 40+0]}, pendingCH=DefaultConsistentHash{ns=80, owners = (3)[master:server-one-master: 27+0, srvca61- site232:server-threeslave: 27+0, srvca61-site231:server-twoslave: 26+0]}, unionCH=null, actualMembers=[master:server-one-master, srvca61-site232:server-threeslave, srvca61- site231:server-twoslave]} [org.infinispan.CLUSTER] (remote-thread--p8-t43) ISPN000310: Starting cluster-wide rebalance for cache offlineSessions, topology CacheTopology{id=3, rebalanceId=2, currentCH=DefaultConsistentHash{ns=80, owners = (2)[master:server-one-master: 40+0, srvca61- site232:server-threeslave: 40+0]}, pendingCH=DefaultConsistentHash{ns=80, owners = (3) [master:server-one-master: 27+0, srvca61-site232:server-threeslave: 27+0, srvca61-site231:server- twoslave: 26+0]}, unionCH=null, actualMembers=[master:server-one-master, srvca61-site232:server- threeslave, srvca61-site231:server-twoslave]} [org.infinispan.CLUSTER] (remote-thread--p8-t42) ISPN000336: Finished cluster-wide rebalance for cache offlineSessions, topology id = 3 [org.infinispan.CLUSTER] (remote-thread--p8-t42) ISPN000336: Finished cluster-wide rebalance for cache authorization, topology id = 3 [org.infinispan.CLUSTER] (remote-thread--p8-t42) ISPN000336: Finished cluster-wide rebalance for cache loginFailures, topology id = 3 [org.infinispan.CLUSTER] (remote-thread--p8-t45) ISPN000336: Finished cluster-wide rebalance for cache work, topology id = 3 [org.infinispan.CLUSTER] (remote-thread--p8-t45) ISPN000336: Finished cluster-wide rebalance for cache sessions, topology id = 3

7 years, 7 months

1
0
0 / 0

Rebalancing problem while adding a new node to a domain

by Elnaz razmi

hello please help to me about this problem: We choose to install domain mode keycloak in our company. We have a load balancer and three slave nodes. It's working properly with two active node but when we want to run the third node to connect to load balancer, load balancer don't rebalance with new node. It just say that node is regestered but it don't show these lines as we can see in other node connect process : [org.infinispan.CLUSTER] (remote-thread--p8-t45) ISPN000310: Starting cluster-wide rebalance for cache work, topology CacheTopology{id=3, rebalanceId=2, currentCH=ReplicatedConsistentHash{ns = 60, owners = (2)[master:server-one-master: 30, srvca61-site232:server-threeslave: 30]}, pendingCH=ReplicatedConsistentHash{ns = 60, owners = (3)[master:server-one-master: 20, srvca61- site232:server-threeslave: 20, srvca61-site231:server-twoslave: 20]}, unionCH=null, actualMembers=[master:server-one-master, srvca61-site232:server-threeslave, srvca61- site231:server-twoslave]} [org.infinispan.CLUSTER] (remote-thread--p8-t44) ISPN000310: Starting cluster-wide rebalance for cache loginFailures, topology CacheTopology{id=3, rebalanceId=2, currentCH=DefaultConsistentHash {ns=80, owners = (2)[master:server-one-master: 40+0, srvca61-site232:server-threeslave: 40+0]}, pendingCH=DefaultConsistentHash{ns=80, owners = (3)[master:server-one-master: 27+0, srvca61- site232:server-threeslave: 27+0, srvca61-site231:server-twoslave: 26+0]}, unionCH=null, actualMembers=[master:server-one-master, srvca61-site232:server-threeslave, srvca61- site231:server-twoslave]} [org.infinispan.CLUSTER] (remote-thread--p8-t42) ISPN000310: Starting cluster-wide rebalance for cache authorization, topology CacheTopology{id=3, rebalanceId=2, currentCH=DefaultConsistentHash {ns=80, owners = (2)[master:server-one-master: 40+0, srvca61-site232:server-threeslave: 40+0]}, pendingCH=DefaultConsistentHash{ns=80, owners = (3)[master:server-one-master: 27+0, srvca61- site232:server-threeslave: 27+0, srvca61-site231:server-twoslave: 26+0]}, unionCH=null, actualMembers=[master:server-one-master, srvca61-site232:server-threeslave, srvca61- site231:server-twoslave]} [org.infinispan.CLUSTER] (remote-thread--p8-t39) ISPN000310: Starting cluster-wide rebalance for cache sessions, topology CacheTopology{id=3, rebalanceId=2, currentCH=DefaultConsistentHash{ns=80, owners = (2)[master:server-one-master: 40+0, srvca61-site232:server-threeslave: 40+0]}, pendingCH=DefaultConsistentHash{ns=80, owners = (3)[master:server-one-master: 27+0, srvca61- site232:server-threeslave: 27+0, srvca61-site231:server-twoslave: 26+0]}, unionCH=null, actualMembers=[master:server-one-master, srvca61-site232:server-threeslave, srvca61- site231:server-twoslave]} [org.infinispan.CLUSTER] (remote-thread--p8-t43) ISPN000310: Starting cluster-wide rebalance for cache offlineSessions, topology CacheTopology{id=3, rebalanceId=2, currentCH=DefaultConsistentHash{ns=80, owners = (2)[master:server-one-master: 40+0, srvca61- site232:server-threeslave: 40+0]}, pendingCH=DefaultConsistentHash{ns=80, owners = (3) [master:server-one-master: 27+0, srvca61-site232:server-threeslave: 27+0, srvca61-site231:server- twoslave: 26+0]}, unionCH=null, actualMembers=[master:server-one-master, srvca61-site232:server- threeslave, srvca61-site231:server-twoslave]} [org.infinispan.CLUSTER] (remote-thread--p8-t42) ISPN000336: Finished cluster-wide rebalance for cache offlineSessions, topology id = 3 [org.infinispan.CLUSTER] (remote-thread--p8-t42) ISPN000336: Finished cluster-wide rebalance for cache authorization, topology id = 3 [org.infinispan.CLUSTER] (remote-thread--p8-t42) ISPN000336: Finished cluster-wide rebalance for cache loginFailures, topology id = 3 [org.infinispan.CLUSTER] (remote-thread--p8-t45) ISPN000336: Finished cluster-wide rebalance for cache work, topology id = 3 [org.infinispan.CLUSTER] (remote-thread--p8-t45) ISPN000336: Finished cluster-wide rebalance for cache sessions, topology id = 3

7 years, 7 months

1
0
0 / 0

Issue running Angular 2 JS example using Keycloak

by Kiran Kumar

Hi, The angular 2 example provided in keycload demo 3.1.0.Final works fine if it deployed angular app on Wildfly server. In this scenario both keycloak and angular 2 app are running on default port 8080. But the same doesn't work if angular 2 app is deployed on different for example port 4200 using 'ng serve' command. I have updated settings 'Valid Redirect URIs', 'Base URL' and 'Web Orgins' to use 4200 port in keycloak admin console for angular 2 app. The issue is first time on accessing the application the login page is presented. After entering the credentials it keeps redirecting in infinite loop. This issue appears both in Chrome and Firefox browser. I have raised this question on stack overflow. The link for this is https://stackoverflow.com/questions/44058886/issue-running-angular-2-js-e... Kind Regards, Kiran This email has been scanned by Symantec

7 years, 7 months

2
1
0 / 0

Any way to modify redirect_uri parameter when redirecting to login page?

by Andrius Karpavičius

Hi, I have a JSF application on Wildfly that uses Keycloak-wildfly adapter. If I try to go to page A and user is not authenticated, user is redirected to keycloak and after login I am taken back to page A. Problem is if page A happens to be an expired JSF conversation bound page (page url contains "cid" - conversation id parameter). So after login I see a "session expired page" instead of an index page, as user might expect. So question - is there any way in keycloak to modify "redirect_uri" value either with authentication flow or some SPI authenticator extension, action, etc?? A simple rule is "if redirect_uri contains 'cid' parameter, then use index page". Maybe something configurable in keyckloak-wildfly adapter? Thanks, Andrius Karpavicius

7 years, 7 months

1
0
0 / 0

Promoting Realm and Client changes from dev to prod

by Alex Berg

I found some older threads on the mailing list about this, but I'm not sure I parsed out the proper answer. What is the best way to promote changes to KC realms and clients from dev to prod? I'm using kubernetes for prod and staging, and docker-compose for local development. I found the export/import [0] functionality, but it can only migrate a changed realm by first deleting the realm in the target database then recreating it. This has the side-effect of deleting all users in that database. The users in the prod realm will always be different than the users in the dev-env realm, so I can't delete the realm. Does this mean I can't use the import/export functionality to promote realm changes? I also saw mention of some "partial import" functionality, but I can't find docs for it. Would that help here? I also saw mention of a "config manager", but I can't find any docs for it. Perhaps the best way to migrate changes is to simply perform them by hand in each KC instance, and not redeploy it.

7 years, 7 months

2
2
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

keycloak-user May 2017