Using Keycloak with Nextcloud
by Rapp Loïc
Hey,
Someone are already do that?
I’m not able to use Nextcloud with Keycloak (SAML), but, I’ve try with LemonLDAP:NG, and it’s working well.
Thanks!
Rapp Loïc
Service Technique
Technicien Réseau
Ligne directe : +33 (0)3 69 22 67 18
--
Économisons le papier.
N'imprimez ce mail que si nécessaire.
6 years, 7 months
Set-Cookie is missing 'Secure' and 'HttpOnly' flags
by Rudresh Shashikant
Hi
I would like to discuss 2 items when Keycloak responds with "Set-Cookie"
headers:
1. "HttpOnly" flag
2. "Secure" flag
1. "HttpOnly" flag:
I can see that affected cookie is:
* KEYCLOAK_SESSION
My understanding is (please correct me where inaccurate/wrong) that the
"HttpOnly" flag is not included on purpose because the iframe in the
browser that maintains the session with keycloak needs Javascript to modify
the cookie and hence the "HttpOnly" flag will disallow this ability,
breaking the feature as a result.
Reference: The OIDC spec (
http://openid.net/specs/openid-connect-session-1_0.html) states that :
*"If a cookie is used to maintain the OP browser state, the HttpOnly flag
likely can't be set for this cookie because it needs to be accessed from
JavaScript. Therefore, information that can be used for identifying the
user should not be put into the cookie, as it could be read by unrelated
JavaScript."*
2. "Secure" flag:
I can see that affected cookies are:
* AUTH_SESSION_ID
* KC_RESTART
* KEYCLOAK_IDENTITY
* KEYCLOAK_SESSION
I fail to understand why the "Secure" flag is not being set on all these
cookies. As I understand it, "Secure" flag should be set to ensure that
only the "HTTPS" version of the site can access the cookie else a "HTTP"
version will also be able to access the cookie on the same domain.
The NGINX proxy will have a 301 redirect for all HTTP requests so it is not
a major concern but it still does not answer the question as to why the
server did not set this flag on all cookies.
Can it be set using NGINX ? If it is set will any keycloak feature break?
Thanks.
Regards,
Rudy.
6 years, 7 months
How to get UserSessionModel from RequiredActionContext
by Knurr, Michael
I just migrated an implementation for a RequiredActionProvider from 1.9 to 3.2. The processAction method in RequiredActionProvider has only one parameter of type RequiredActionContext. In the past (up to Release 2.4) it was possible to identify the users current session by calling
@Override
public void processAction(RequiredActionContext ctx) {
// user session current login
UserSessionModel currentUserSession = ctx.getUserSession();
...
}
Unfortunately it seems that with Release 2.5 this method has been dropped. Instead, the RequiredActionContext now provides an AuthenticationSessionModel. The AuthenticationSessionModel interface again has a method getUserSession() which is exactly what I need but it is commented out.
How can I identify the UserSessionModel for the current login action? One way would be to iterate over all user sessions, but there has to be an easier solution:
List<UserSessionModel> userSessions = ctx.getSession().sessions().getUserSessions(ctx.getRealm(), ctx.getUser());
I cannot find an easier solution. Can someone please help me out?
Brgds
Mike
6 years, 7 months
notification about user/group events
by Farkas Levente
hi,
is there any way to get notification about user/group add,delete,modify
event on a given keycloak server?
one of our java microservice would like to receive all kind of changes
about users. what would be the easiest, prefered way to get this kind of
changes?
thanks in advance.
regards.
--
Levente "Si vis pacem para bellum!"
6 years, 7 months
Re: [keycloak-user] Enabling High Availability for Keycloak 3.1.0 on AWS ECS Instance
by Jyoti Kumar Singh
Hi,
I have tried the JDBC_PING option which Tonnis has mentioned :-
https://github.com/devsu/docker-keycloak/tree/master/server-ha-mysql
After that I could see node discovery is happening but JOIN operation is
getting timed out which eventually not forming clustering between two ECS
instances. Is there any configuration am I missing here ?
#Logs:-
2017-09-19 10:59:52,907 WARN [org.jgroups.protocols.UDP] (MSC service
thread 1-1) [f0be09280f90] KEYCLOAK 3.1.0.Final-MySQL JGRP000015: the
receive buffer of socket ManagedMulticastSocketBinding was set to 25MB, but
the OS only allocated 212.99KB. This might lead to performance problems.
Please set your max receive buffer in the OS correctly (e.g.
net.core.rmem_max on Linux)
2017-09-19 10:59:59,475 WARN [org.jgroups.protocols.pbcast.GMS] (MSC
service thread 1-1) [f0be09280f90] KEYCLOAK 3.1.0.Final-MySQL f0be09280f90:
JOIN(f0be09280f90) sent to 16c566cfa08e timed out (after 3000 ms), on try 1
2017-09-19 11:00:02,490 WARN [org.jgroups.protocols.pbcast.GMS] (MSC
service thread 1-1) [f0be09280f90] KEYCLOAK 3.1.0.Final-MySQL f0be09280f90:
JOIN(f0be09280f90) sent to 16c566cfa08e timed out (after 3000 ms), on try 2
2017-09-19 11:00:05,508 WARN [org.jgroups.protocols.pbcast.GMS] (MSC
service thread 1-1) [f0be09280f90] KEYCLOAK 3.1.0.Final-MySQL f0be09280f90:
JOIN(f0be09280f90) sent to 16c566cfa08e timed out (after 3000 ms), on try 3
2017-09-19 11:00:08,527 WARN [org.jgroups.protocols.pbcast.GMS] (MSC
service thread 1-1) [f0be09280f90] KEYCLOAK 3.1.0.Final-MySQL f0be09280f90:
JOIN(f0be09280f90) sent to 16c566cfa08e timed out (after 3000 ms), on try 4
2017-09-19 11:00:11,542 WARN [org.jgroups.protocols.pbcast.GMS] (MSC
service thread 1-1) [f0be09280f90] KEYCLOAK 3.1.0.Final-MySQL f0be09280f90:
JOIN(f0be09280f90) sent to 16c566cfa08e timed out (after 3000 ms), on try 5
2017-09-19 11:00:14,558 WARN [org.jgroups.protocols.pbcast.GMS] (MSC
service thread 1-1) [f0be09280f90] KEYCLOAK 3.1.0.Final-MySQL f0be09280f90:
JOIN(f0be09280f90) sent to 16c566cfa08e timed out (after 3000 ms), on try 6
2017-09-19 11:00:17,579 WARN [org.jgroups.protocols.pbcast.GMS] (MSC
service thread 1-1) [f0be09280f90] KEYCLOAK 3.1.0.Final-MySQL f0be09280f90:
JOIN(f0be09280f90) sent to 16c566cfa08e timed out (after 3000 ms), on try 7
2017-09-19 11:00:20,596 WARN [org.jgroups.protocols.pbcast.GMS] (MSC
service thread 1-1) [f0be09280f90] KEYCLOAK 3.1.0.Final-MySQL f0be09280f90:
JOIN(f0be09280f90) sent to 16c566cfa08e timed out (after 3000 ms), on try 8
2017-09-19 11:00:23,611 WARN [org.jgroups.protocols.pbcast.GMS] (MSC
service thread 1-1) [f0be09280f90] KEYCLOAK 3.1.0.Final-MySQL f0be09280f90:
JOIN(f0be09280f90) sent to 16c566cfa08e timed out (after 3000 ms), on try 9
2017-09-19 11:00:26,627 WARN [org.jgroups.protocols.pbcast.GMS] (MSC
service thread 1-1) [f0be09280f90] KEYCLOAK 3.1.0.Final-MySQL f0be09280f90:
JOIN(f0be09280f90) sent to 16c566cfa08e timed out (after 3000 ms), on try 10
2017-09-19 11:00:26,627 WARN [org.jgroups.protocols.pbcast.GMS] (MSC
service thread 1-1) [f0be09280f90] KEYCLOAK 3.1.0.Final-MySQL f0be09280f90:
too many JOIN attempts (10): becoming singleton
On Thu, Sep 14, 2017 at 10:48 PM, Jyoti Kumar Singh <jyoti.tech90(a)gmail.com>
wrote:
> Hi Tonnis,
>
> Thank you very much for sharing the valuable information. I am checking on
> this, hopefully I will also be able to achieve the HA.
>
> Thanks Again !
>
> On Sep 14, 2017 10:00 PM, "Tonnis Wildeboer" <tonnis(a)autonomic.ai> wrote:
>
>> Jyoti,
>>
>> I have been working on similar goal and was finally successful yesterday.
>> We are using postgres and kubernetes.
>>
>> Here are the key sources of information that enabled me to succeed:
>>
>> The big key is here:
>> https://github.com/devsu/docker-keycloak/tree/master/server-ha-mysql
>> Use the .xsl templates here to transform on the standalone-ha.xml and you
>> can see what is being done.
>>
>> I suggest that you simply use JDBC_PING, since you already have a shared
>> database.
>> I think it is instructive to understand what JDBC_PING (and JGroups in
>> general) are doing:
>> http://jgroups.org/manual4/index.html
>> https://developer.jboss.org/wiki/JDBCPING
>>
>> You may benefit from this also, specifically, the need to bind
>> jgroups-tcp and jgroups-tcp-fd to the proper interface. Not sure about your
>> situation.
>>
>> --Tonnis
>>
>> ____________________
>> Tonnis Wildeboer
>> Autonomic.ai Engineering
>>
>> On 09/14/2017 03:32 AM, Jyoti Kumar Singh wrote:
>>
>>> Hi Team,
>>>
>>> I am trying to enable high availability for Keycloak 3.1.0 on AWS ECS
>>> instances.
>>>
>>> I am running two ECS instances in a cluster setup and also I have
>>> setup Keycloak
>>> in a clustered mode. To achieve this, I am using "
>>> */standalone/configuration/standalone-ha.xml *" file while building the
>>> docker image. Shared MySQL DB and Load Balancer setup are also in place.
>>>
>>> But when I checked Keycloak logs I am not seeing clustered nodes related
>>> information in logs. I am seeing nodes are not able to see each other.
>>> But
>>> same settings are working fine in DCOS Marathon platform.
>>>
>>> Interestingly if I run two Keycloak instances in one AWS ECS instance on
>>> different ports, I could see clustering related logs in Keycloak.
>>>
>>> Is there any standard guidelines which I can follow to achieve HA in AWS
>>> ECS instance ?? I followed the below discussion thread but it didn't
>>> help
>>> me to fix the issue.
>>>
>>> #Link:
>>> http://lists.jboss.org/pipermail/keycloak-user/2016-February/004940.html
>>>
>>>
>>
--
*With Regards, Jyoti Kumar Singh*
6 years, 7 months
nodejs kc adapter: Grant validation failed. Reason: invalid token (expired)
by Mehdi Sheikhalishahi
Hi
I have implemened an specific authorization policy by nodejs kc adapter to
control access to a service.
I get 302 http status code (that gets redirected to keycloak for security
check), but it fails due to keycloak authorization/authentication check
with keycloak. I have extended the lifespan of tokens, but no success.
Here is browser console.
XMLHttpRequest cannot load
http://aam.testest.io/auth/realms/watersense/protocol/openid-connect/auth....
Response to preflight request doesn't pass access control check: No
'Access-Control-Allow-Origin' header is present on the requested resource.
Origin 'http://localhost:3000' is therefore not allowed access.
login-status-iframe.html:53 XHR finished loading: GET "
http://aam.testest.io/auth/realms/watersense/protocol/openid-connect/login-s
…-iframe.html/init?client_id=dashboard&origin=http%3A%2F%2Flocalhost%3A3000".
------Nodejs console------------
Validate grant failed
Grant validation failed. Reason: invalid token (expired)
-----------Code-------------
const keycloak = new Keycloak("../keycloak.json");
function servicePathProtection(accessLevel, getServicePath) {
return keycloak.protect((token, req) => {
const permissions = extractPermissions(req);
const servicePath = getServicePath(req).toUpperCase();
6 years, 7 months
Receive "NoClassDefFoundError" during *deployment* not at _runtime_ with/by java class derivation (Here: the unpacked attachment)
by Christian Kayssner
Hallo,
> 4. and the unpacked attachment.
ok, here no attachments. Therefore inline (with an stripped log-file) in the sequence of using/generating:
<01.patch.it>
#!/bin/bash
# Object of the patch
name="keycloak-demo-3.2.1.Final"
# Remove the (last) ruins
rm -fR "${name}"
# Provide the original
tar -xzf "${name}.tar.gz"
# Patch the base
patch -p 0 < "${name}.patch"
# and run
"${name}/keycloak/bin/standalone.sh" | tee "${name}.log"
</01.patch.it>
<keycloak-demo-3.2.1.Final.patch>
diff -Naur keycloak-demo-3.2.1.Final/examples/providers/authenticator/src/main/java/org/example/derivations/MyUsernamePasswordFormFactory.java keycloak-demo-3.2.1.Final-modified/examples/providers/authenticator/src/main/java/org/example/derivations/MyUsernamePasswordFormFactory.java
--- keycloak-demo-3.2.1.Final/examples/providers/authenticator/src/main/java/org/example/derivations/MyUsernamePasswordFormFactory.java 1970-01-01 00:00:00.000000000 +0000
+++ keycloak-demo-3.2.1.Final-modified/examples/providers/authenticator/src/main/java/org/example/derivations/MyUsernamePasswordFormFactory.java 2017-09-20 11:37:09.425674263 +0000
@@ -0,0 +1,54 @@
+/*
+ * Copyright 2016 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.example.derivations;
+
+import org.keycloak.authentication.authenticators.browser.UsernamePasswordFormFactory;
+
+/**
+ */
+public//
+class MyUsernamePasswordFormFactory//
+ extends UsernamePasswordFormFactory//
+{
+ public//
+ static//
+ final//
+ String PROVIDER_ID = "my-auth-username-password-form";
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public//
+ String getId()//
+ {
+ return MyUsernamePasswordFormFactory.PROVIDER_ID;
+ }
+
+ /**
+ * {@inheritDoc}
+ *
+ * @return The heading for the (browser) page to explain the necessary inputs.
+ */
+ @Override
+ public//
+ String getDisplayType()//
+ {
+ return "My Username Password Form";
+ }
+}
diff -Naur keycloak-demo-3.2.1.Final/examples/providers/authenticator/src/main/resources/META-INF/services/org.keycloak.authentication.AuthenticatorFactory keycloak-demo-3.2.1.Final-modified/examples/providers/authenticator/src/main/resources/META-INF/services/org.keycloak.authentication.AuthenticatorFactory
--- keycloak-demo-3.2.1.Final/examples/providers/authenticator/src/main/resources/META-INF/services/org.keycloak.authentication.AuthenticatorFactory 2017-07-21 11:31:26.000000000 +0000
+++ keycloak-demo-3.2.1.Final-modified/examples/providers/authenticator/src/main/resources/META-INF/services/org.keycloak.authentication.AuthenticatorFactory 2017-09-20 11:43:31.354018042 +0000
@@ -15,4 +15,5 @@
# limitations under the License.
#
-org.keycloak.examples.authenticator.SecretQuestionAuthenticatorFactory
\ No newline at end of file
+org.keycloak.examples.authenticator.SecretQuestionAuthenticatorFactory
+org.example.derivations.MyUsernamePasswordFormFactory
\ No newline at end of file
diff -Naur keycloak-demo-3.2.1.Final/keycloak/modules/layers.conf keycloak-demo-3.2.1.Final-modified/keycloak/modules/layers.conf
--- keycloak-demo-3.2.1.Final/keycloak/modules/layers.conf 1970-01-01 00:00:00.000000000 +0000
+++ keycloak-demo-3.2.1.Final-modified/keycloak/modules/layers.conf 2017-07-21 09:11:58.000000000 +0000
@@ -0,0 +1 @@
+layers=keycloak
\ No newline at end of file
</keycloak-demo-3.2.1.Final.patch>
<02.deploy.it>
#!/bin/bash
# Choose the patched example
cd keycloak-demo-3.2.1.Final/examples/providers/authenticator
# And generate the error
mvn clean \
install \
wildfly:deploy
<02.deploy.it>
<keycloak-demo-3.2.1.Final.log>
[0m [0m17:38:42,392 INFO [org.jboss.as] (Controller Boot Thread) WFLYSRV0025: WildFly Full 10.0.0.Final (WildFly Core 2.0.10.Final) started in 17194ms - Started 459 of 836 services (561 services are lazy, passive or on-demand)
[0m [0m17:39:08,074 INFO [org.jboss.as.repository] (management-handler-thread - 4) WFLYDR0001: Content added at location /path/to/your/own/playground/keycloak-demo-3.2.1.Final/keycloak/standalone/data/content/e4/95f32235bb131df52f479a09827186a3265788/content
[0m [0m17:39:08,082 INFO [org.jboss.as.server.deployment] (MSC service thread 1-2) WFLYSRV0027: Starting deployment of "authenticator-required-action-example.jar" (runtime-name: "authenticator-required-action-example.jar")
[0m [0m17:39:08,322 INFO [org.keycloak.subsystem.server.extension.KeycloakProviderDeploymentProcessor] (MSC service thread 1-1) Deploying Keycloak provider: authenticator-required-action-example.jar
[0m [33m17:39:08,335 WARN [org.jboss.modules] (MSC service thread 1-1) Failed to define class org.example.derivations.MyUsernamePasswordFormFactory in Module "deployment.authenticator-required-action-example.jar:main" from Service Module Loader: java.lang.NoClassDefFoundError: Failed to link org/example/derivations/MyUsernamePasswordFormFactory (Module "deployment.authenticator-required-action-example.jar:main" from Service Module Loader): org/keycloak/authentication/authenticators/browser/UsernamePasswordFormFactory
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
at org.jboss.modules.ModuleClassLoader.defineClass(ModuleClassLoader.java:446)
at org.jboss.modules.ModuleClassLoader.loadClassLocal(ModuleClassLoader.java:274)
at org.jboss.modules.ModuleClassLoader$1.loadClassLocal(ModuleClassLoader.java:78)
at org.jboss.modules.Module.loadModuleClass(Module.java:605)
at org.jboss.modules.ModuleClassLoader.findClass(ModuleClassLoader.java:190)
at org.jboss.modules.ConcurrentClassLoader.performLoadClassUnchecked(ConcurrentClassLoader.java:363)
at org.jboss.modules.ConcurrentClassLoader.performLoadClass(ConcurrentClassLoader.java:351)
at org.jboss.modules.ConcurrentClassLoader.loadClass(ConcurrentClassLoader.java:93)
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:348)
at java.util.ServiceLoader$LazyIterator.nextService(ServiceLoader.java:370)
at java.util.ServiceLoader$LazyIterator.next(ServiceLoader.java:404)
at java.util.ServiceLoader$1.next(ServiceLoader.java:480)
at org.keycloak.provider.DefaultProviderLoader.load(DefaultProviderLoader.java:47)
at org.keycloak.provider.ProviderManager.load(ProviderManager.java:93)
at org.keycloak.services.DefaultKeycloakSessionFactory.loadFactories(DefaultKeycloakSessionFactory.java:208)
at org.keycloak.services.DefaultKeycloakSessionFactory.deploy(DefaultKeycloakSessionFactory.java:114)
at org.keycloak.provider.ProviderManagerRegistry.deploy(ProviderManagerRegistry.java:42)
at org.keycloak.subsystem.server.extension.KeycloakProviderDeploymentProcessor.deploy(KeycloakProviderDeploymentProcessor.java:54)
at org.jboss.as.server.deployment.DeploymentUnitPhaseService.start(DeploymentUnitPhaseService.java:147)
at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1948)
at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1881)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
[0m [31m17:39:08,336 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-1) MSC000001: Failed to start service jboss.deployment.unit."authenticator-required-action-example.jar".POST_MODULE: org.jboss.msc.service.StartException in service jboss.deployment.unit."authenticator-required-action-example.jar".POST_MODULE: WFLYSRV0153: Failed to process phase POST_MODULE of deployment "authenticator-required-action-example.jar"
at org.jboss.as.server.deployment.DeploymentUnitPhaseService.start(DeploymentUnitPhaseService.java:154)
at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1948)
at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1881)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
Caused by: java.lang.NoClassDefFoundError: Failed to link org/example/derivations/MyUsernamePasswordFormFactory (Module "deployment.authenticator-required-action-example.jar:main" from Service Module Loader): org/keycloak/authentication/authenticators/browser/UsernamePasswordFormFactory
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
at org.jboss.modules.ModuleClassLoader.defineClass(ModuleClassLoader.java:446)
at org.jboss.modules.ModuleClassLoader.loadClassLocal(ModuleClassLoader.java:274)
at org.jboss.modules.ModuleClassLoader$1.loadClassLocal(ModuleClassLoader.java:78)
at org.jboss.modules.Module.loadModuleClass(Module.java:605)
at org.jboss.modules.ModuleClassLoader.findClass(ModuleClassLoader.java:190)
at org.jboss.modules.ConcurrentClassLoader.performLoadClassUnchecked(ConcurrentClassLoader.java:363)
at org.jboss.modules.ConcurrentClassLoader.performLoadClass(ConcurrentClassLoader.java:351)
at org.jboss.modules.ConcurrentClassLoader.loadClass(ConcurrentClassLoader.java:93)
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:348)
at java.util.ServiceLoader$LazyIterator.nextService(ServiceLoader.java:370)
at java.util.ServiceLoader$LazyIterator.next(ServiceLoader.java:404)
at java.util.ServiceLoader$1.next(ServiceLoader.java:480)
at org.keycloak.provider.DefaultProviderLoader.load(DefaultProviderLoader.java:47)
at org.keycloak.provider.ProviderManager.load(ProviderManager.java:93)
at org.keycloak.services.DefaultKeycloakSessionFactory.loadFactories(DefaultKeycloakSessionFactory.java:208)
at org.keycloak.services.DefaultKeycloakSessionFactory.deploy(DefaultKeycloakSessionFactory.java:114)
at org.keycloak.provider.ProviderManagerRegistry.deploy(ProviderManagerRegistry.java:42)
at org.keycloak.subsystem.server.extension.KeycloakProviderDeploymentProcessor.deploy(KeycloakProviderDeploymentProcessor.java:54)
at org.jboss.as.server.deployment.DeploymentUnitPhaseService.start(DeploymentUnitPhaseService.java:147)
... 5 more
[0m [31m17:39:08,339 ERROR [org.jboss.as.controller.management-operation] (management-handler-thread - 4) WFLYCTL0013: Operation ("add") failed - address: ([("deployment" => "authenticator-required-action-example.jar")]) - failure description: {"WFLYCTL0080: Failed services" => {"jboss.deployment.unit.\"authenticator-required-action-example.jar\".POST_MODULE" => "org.jboss.msc.service.StartException in service jboss.deployment.unit.\"authenticator-required-action-example.jar\".POST_MODULE: WFLYSRV0153: Failed to process phase POST_MODULE of deployment \"authenticator-required-action-example.jar\"
Caused by: java.lang.NoClassDefFoundError: Failed to link org/example/derivations/MyUsernamePasswordFormFactory (Module \"deployment.authenticator-required-action-example.jar:main\" from Service Module Loader): org/keycloak/authentication/authenticators/browser/UsernamePasswordFormFactory"}}
[0m [31m17:39:08,341 ERROR [org.jboss.as.server] (management-handler-thread - 4) WFLYSRV0021: Deploy of deployment "authenticator-required-action-example.jar" was rolled back with the following failure message:
{"WFLYCTL0080: Failed services" => {"jboss.deployment.unit.\"authenticator-required-action-example.jar\".POST_MODULE" => "org.jboss.msc.service.StartException in service jboss.deployment.unit.\"authenticator-required-action-example.jar\".POST_MODULE: WFLYSRV0153: Failed to process phase POST_MODULE of deployment \"authenticator-required-action-example.jar\"
Caused by: java.lang.NoClassDefFoundError: Failed to link org/example/derivations/MyUsernamePasswordFormFactory (Module \"deployment.authenticator-required-action-example.jar:main\" from Service Module Loader): org/keycloak/authentication/authenticators/browser/UsernamePasswordFormFactory"}}
[0m [0m17:39:08,356 INFO [org.jboss.as.server.deployment] (MSC service thread 1-5) WFLYSRV0028: Stopped deployment authenticator-required-action-example.jar (runtime-name: authenticator-required-action-example.jar) in 14ms
[0m [0m17:39:08,357 INFO [org.jboss.as.controller] (management-handler-thread - 4) WFLYCTL0183: Service status report
WFLYCTL0186: Services which failed to start: service jboss.deployment.unit."authenticator-required-action-example.jar".POST_MODULE
[0m
</keycloak-demo-3.2.1.Final.log>
Best regards.
Christian Kayssner
--
G. Muth Partners GmbH
Borsigstraße 32
D - 65205 Wiesbaden
HRB 10196 Amtsgericht Wiesbaden
Geschäftsführer: Klaus Gockel / Oliver Mächold
Tel. : +49(0)6122/5981-0
FAX. : +49(0)6122/5981-50
eMail: christian.kayssner(a)muthpartners.de
www : www.muthpartners.de
6 years, 7 months
