Custom Account/Login Theme manual OTP issue - totp.policy.getAlgorithmKey()
by Adrien DESBIAUX
Hi everyone,
I am facing an issue with custom Account and login theme.
I am not sure I am doing something wrong or if there is an actual "bug".
The issue is about the OTP manual setting. When running in a custom theme (copy paste of Base Account or Login themes), as stated in the documentation: https://www.keycloak.org/docs/3.4/server_development/index.html#creating-...
it sounds like `totp.policy.getAlgorithmKey()` for example is not found.
Same in the Login theme that reuse the OTP setup.
An example of error trace:
keycloak_1 | 11:13:24,178 ERROR [freemarker.runtime] (default task-20) Error executing FreeMarker template: freemarker.core.InvalidReferenceException: The following has evaluated to null or missing:
keycloak_1 | ==> totp.policy.getAlgorithmKey [in template "login-config-totp.ftl" at line 37, column 74]
keycloak_1 |
keycloak_1 | ----
keycloak_1 | Tip: It's the step after the last dot that caused this error, not those before it.
keycloak_1 | ----
keycloak_1 | Tip: If the failing expression is known to be legally refer to something that's sometimes null or missing, either specify a default value like myOptionalVar!myDefault, or use <#if myOptionalVar??>when-present<#else>when-missing</#if>. (These only cover the last step of the expression; to cover the whole expression, use parenthesis: (myOptionalVar.foo)!myDefault, (myOptionalVar.foo)??
keycloak_1 | ----
keycloak_1 |
keycloak_1 | ----
keycloak_1 | FTL stack trace ("~" means nesting-related):
keycloak_1 | - Failed at: ${totp.policy.getAlgorithmKey()} [in template "login-config-totp.ftl" at line 37, column 72]
keycloak_1 | ~ Reached through: #nested "form" [in template "template.ftl" in macro "registrationLayout" at line 60, column 17]
keycloak_1 | ~ Reached through: @layout.registrationLayout displayInf... [in template "login-config-totp.ftl" at line 2, column 1]
The issue is easly reproducible by:
- Copy paste theme/base/login or theme/base/account to the custom theme folder
- Force OTP for users
- On OTP setup page choose "manual mode"
- The server will throw a 500 error
What can be done to overcome that issue? I don't have any ideas at the moment on how to workaround it.
Cheers,
5 years, 7 months
redirect based authentication flow in secured by keycloak node.js app behind application gateway
by Roman O
I'm getting access denied errors in secured node.js app which is an official
keycloak example app
<https://github.com/keycloak/keycloak-nodejs-connect/tree/master/example>
Secured app was dockerized and put behind application gateway which is
itself dockerized.
The application gateway is node.js express application which uses
http/https packages and routes incoming traffic to node.js secured app.
So, to access app url mapped urls were added to the gateway:
mappings:
- /:/
- /login:/login
- /logout:/logout
- /protected/resource:/protected/resource
Gateway does ssl offloading. Keycloak was dockerized too and its
*/auth* endpoint
was mapped inside the gateway.
The app code is below:
var Keycloak = require('keycloak-nodejs-connect');var hogan =
require('hogan-express');var express = require('express');var session
= require('express-session');
var app = express();
var server = app.listen(3005, function () {
var host = server.address().address;
var port = server.address().port;
console.log('Example app listening at http://%s:%s', host, port);});
app.set('view engine', 'html');
app.set('views', require('path').join(__dirname, '/view'));
app.engine('html', hogan);
app.enable('trust proxy')var memoryStore = new session.MemoryStore();
app.use(session({
secret: 'mySecret',
resave: false,
saveUninitialized: true,
store: memoryStore}));
app.get('/', function (req, res) {
res.render('index');});
var memoryStore = new session.MemoryStore();
app.use(session({
secret: 'mySecret',
resave: false,
saveUninitialized: true,
store: memoryStore}));
// Additional configuration is read from keycloak.json file//
installed from the Keycloak web console.
var keycloak = new Keycloak({
store: memoryStore});
app.use(keycloak.middleware({
logout: '/logout',
admin: '/',
protected: '/protected/resource'}));
app.get('/login', keycloak.protect(), function (req, res) {
res.render('index', {
result: JSON.stringify(JSON.parse(req.session['keycloak-token']), null, 4),
event: '1. Authentication\n2. Login'
});});
app.get('/protected/resource', keycloak.enforcer(['resource:view',
'resource:write'], {
resource_server_id: 'nodejs-apiserver'}), function (req, res) {
res.render('index', {
result: JSON.stringify(JSON.parse(req.session['keycloak-token']), null, 4),
event: '1. Access granted to Default Resource\n'
});});
*keycloak.json* is:
{
"realm" : "nodejs-example",
"realm-public-key" : "[public_key]",
"auth-server-url" : "https://[https://[gateway_url]]/auth",
"ssl-required" : "none",
"resource" : "nodejs-connect",
"public-client" : true}
When *https://[gateway_url]/ <https://[gateway_url]/>* is accessed in the
browser, KeyCloak redirects to login ui, user/password is entered in the
login ui and after that access denied error is seen in the browser.
Below error is popped in the app logs:
Could not obtain grant code error: { Error: self signed certificate in
certificate chain
So basically the app fails to exchange authorization code for access token.
*What i tried:*
1) Accessing Keycloak token endpoint with curl as follows succeeds
(Access/Refresh token is returned):
curl -k --key [keypath] --cert [certpath:passphrase] -d
"grant_type=authorization_code&client_id=nodejs-connect&redirect_uri=https://[gw_url]/login?auth_callback=1&client_session_state=[client_state]&code=[authz_code]
2) changing "*auth-server-url*" to "*https**://[gateway_url]:8080/auth*" in
*keycloak.json* helped too. Access token is returned. 8080 is published
port of Keycloak docker container.
So, i guess the issue is that node.js adapter in the app doesn't present
ssl ceritificate to gateway when it wants to replace the authz code with
access token. So i tried to change auth-server-url to relative /auth.
However
Could not obtain grant code error: { Error: connect ECONNREFUSED
127.0.0.1:80
is popped inside the logs of the app.
How to configure keycloak node.js adapter correctly to secure services
behind the application gateway?
5 years, 7 months
redirect based authentication flow in secured by keycloak node.js app behind application gateway
by Roman O
I'm getting access denied errors in secured node.js app which is an official
keycloak example app
<https://github.com/keycloak/keycloak-nodejs-connect/tree/master/example>
Secured app was dockerized and put behind application gateway which is
itself dockerized.
The application gateway is node.js express application which uses
http/https packages and routes incoming traffic to node.js secured app.
So, to access app url mapped urls were added to the gateway:
mappings:
- /:/
- /login:/login
- /logout:/logout
- /protected/resource:/protected/resource
Gateway does ssl offloading. Keycloak was dockerized too and its
*/auth* endpoint
was mapped inside the gateway.
The app code is below:
var Keycloak = require('keycloak-nodejs-connect');var hogan =
require('hogan-express');var express = require('express');var session
= require('express-session');
var app = express();
var server = app.listen(3005, function () {
var host = server.address().address;
var port = server.address().port;
console.log('Example app listening at http://%s:%s', host, port);});
app.set('view engine', 'html');
app.set('views', require('path').join(__dirname, '/view'));
app.engine('html', hogan);
app.enable('trust proxy')var memoryStore = new session.MemoryStore();
app.use(session({
secret: 'mySecret',
resave: false,
saveUninitialized: true,
store: memoryStore}));
app.get('/', function (req, res) {
res.render('index');});
var memoryStore = new session.MemoryStore();
app.use(session({
secret: 'mySecret',
resave: false,
saveUninitialized: true,
store: memoryStore}));
// Additional configuration is read from keycloak.json file//
installed from the Keycloak web console.
var keycloak = new Keycloak({
store: memoryStore});
app.use(keycloak.middleware({
logout: '/logout',
admin: '/',
protected: '/protected/resource'}));
app.get('/login', keycloak.protect(), function (req, res) {
res.render('index', {
result: JSON.stringify(JSON.parse(req.session['keycloak-token']), null, 4),
event: '1. Authentication\n2. Login'
});});
app.get('/protected/resource', keycloak.enforcer(['resource:view',
'resource:write'], {
resource_server_id: 'nodejs-apiserver'}), function (req, res) {
res.render('index', {
result: JSON.stringify(JSON.parse(req.session['keycloak-token']), null, 4),
event: '1. Access granted to Default Resource\n'
});});
*keycloak.json* is:
{
"realm" : "nodejs-example",
"realm-public-key" : "[public_key]",
"auth-server-url" : "https://[https://[gateway_url]]/auth",
"ssl-required" : "none",
"resource" : "nodejs-connect",
"public-client" : true}
When *https://[gateway_url]/ <https://[gateway_url]/>* is accessed in the
browser, KeyCloak redirects to login ui, user/password is entered in the
login ui and after that access denied error is seen in the browser.
Below error is popped in the app logs:
Could not obtain grant code error: { Error: self signed certificate in
certificate chain
So basically the app fails to exchange authorization code for access token.
*What i tried:*
1) Accessing Keycloak token endpoint with curl as follows succeeds
(Access/Refresh token is returned):
curl -k --key [keypath] --cert [certpath:passphrase] -d
"grant_type=authorization_code&client_id=nodejs-connect&redirect_uri=https://[gw_url]/login?auth_callback=1&client_session_state=[client_state]&code=[authz_code]
2) changing "*auth-server-url*" to "*https**://[gateway_url]:8080/auth*" in
*keycloak.json* helped too. Access token is returned. 8080 is published
port of Keycloak docker container.
So, i guess the issue is that node.js adapter in the app doesn't present
ssl ceritificate to gateway when it wants to replace the authz code with
access token. So i tried to change auth-server-url to relative /auth.
However
Could not obtain grant code error: { Error: connect ECONNREFUSED
127.0.0.1:80
is popped inside the logs of the app.
How to configure keycloak node.js adapter correctly to secure services
behind the application gateway?
5 years, 7 months
Moving from Keycloak higher version to RHSSo(lower version of Keycloak)
by Upananda Singha
Hi All
We are planning to deploy Keycloak community version (4.0.0. Final) in
production and later on if we want to go for support (RHSSO)
and want to deploy the Supported version of the same which might be
actually an earlier version of Keycloak, will there be any problem
with Keycloak version downgrade.
I can see RHSSO always integrates a lower version of Keycloak what's
available in the Community version.
e.g. Current Community Keycloak version is 4.5.0.Final but Keycloak
integrated into RHSSO 7.2.x seems to Keycloak version 3.4.3.Final.
Thanks & Regds,
*Upananda Singha*
5 years, 7 months
Keycloak ACL data access
by Luca Luca
Hello,
Is there a way to manage fine grained authorizations with Keycloak like
in the following scenario?
There are Users and Reports.
If i'm logged in as "user1", I can only view my reports
So there is REST endpoint on Resource Server:
GET /reports/ - Return set of reports that belong to logged user
How can i use Keycloak to filter data records by user?
Thank you for your help
5 years, 7 months
Keycloak standalone-ha cluster replication Timeout issue
by Upananda Singha
Hi All,
I have been running Keycloak (4.0.0 Final) in standalone-ha mode with 2
instances in a cluster.
I have been running the cluster of 2 nodes for more 3/4 months now. But
suddenly
I am facing a strange issue now with cache replication between the 2 nodes
in the same cluster itself.
Anybody faced this kind of issue or anyone can guide me why this is
happening and how to resolve the issue.
2018-10-04 17:51:52.793 INFO [org.jboss.as.server] (ServerService Thread
Pool -- 49) WFLYSRV0010: Deployed "keycloak-server.war" (runtime-name :
"keycloak-server.war")
2018-10-04 17:51:52.932 INFO [org.jboss.as.server] (Controller Boot
Thread) WFLYSRV0212: Resuming server
2018-10-04 17:51:52.934 INFO [org.jboss.as] (Controller Boot Thread)
WFLYSRV0060: Http management interface listening on
http://192.168.190.77:10110/management
2018-10-04 17:51:52.935 INFO [org.jboss.as] (Controller Boot Thread)
WFLYSRV0051: Admin console listening on http://192.168.190.77:10110
2018-10-04 17:51:52.935 INFO [org.jboss.as] (Controller Boot Thread)
WFLYSRV0025: Keycloak 4.0.0.Final (WildFly Core 3.0.8.Final) started in
21492ms - Started 645 of 996 services (707 services are lazy, passive or
on-demand)
2018-10-04 18:07:02.670 ERROR
[org.infinispan.interceptors.InvocationContextInterceptor] (Timer-2)
ISPN000136: Error executing command PutKeyValueCommand, writing keys
[task::ClearExpiredEvents]:
org.infinispan.util.concurrent.TimeoutException: Replication timeout for
keycloak-216
at
org.infinispan.remoting.transport.jgroups.JGroupsTransport.checkRsp(JGroupsTransport.java:827)
[infinispan-core-8.2.8.Final.jar:8.2.8.Final]
at
org.infinispan.remoting.transport.jgroups.JGroupsTransport.lambda$invokeRemotelyAsync$0(JGroupsTransport.java:628)
[infinispan-core-8.2.8.Final.jar:8.2.8.Final]
at
java.util.concurrent.CompletableFuture.uniApply(CompletableFuture.java:602)
[rt.jar:1.8.0_162]
at
java.util.concurrent.CompletableFuture$UniApply.tryFire(CompletableFuture.java:577)
[rt.jar:1.8.0_162]
at
java.util.concurrent.CompletableFuture.postComplete(CompletableFuture.java:474)
[rt.jar:1.8.0_162]
at
java.util.concurrent.CompletableFuture.complete(CompletableFuture.java:1962)
[rt.jar:1.8.0_162]
at
org.infinispan.remoting.transport.jgroups.SingleResponseFuture.call(SingleResponseFuture.java:46)
[infinispan-core-8.2.8.Final.jar:8.2.8.Final]
at
org.infinispan.remoting.transport.jgroups.SingleResponseFuture.call(SingleResponseFuture.java:17)
[infinispan-core-8.2.8.Final.jar:8.2.8.Final]
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
[rt.jar:1.8.0_162]
at
java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180)
[rt.jar:1.8.0_162]
at
java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293)
[rt.jar:1.8.0_162]
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
[rt.jar:1.8.0_162]
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
[rt.jar:1.8.0_162]
at java.lang.Thread.run(Thread.java:748) [rt.jar:1.8.0_162]
2018-10-04 18:07:12.694 ERROR
[org.infinispan.interceptors.InvocationContextInterceptor] (Timer-2)
ISPN000136: Error executing command PutKeyValueCommand, writing keys
[task::ClearExpiredEvents]:
org.infinispan.util.concurrent.TimeoutException: Replication timeout for
keycloak-216
at
org.infinispan.remoting.transport.jgroups.JGroupsTransport.checkRsp(JGroupsTransport.java:827)
[infinispan-core-8.2.8.Final.jar:8.2.8.Final]
at
org.infinispan.remoting.transport.jgroups.JGroupsTransport.lambda$invokeRemotelyAsync$0(JGroupsTransport.java:628)
[infinispan-core-8.2.8.Final.jar:8.2.8.Final]
at
java.util.concurrent.CompletableFuture.uniApply(CompletableFuture.java:602)
[rt.jar:1.8.0_162]
at
java.util.concurrent.CompletableFuture$UniApply.tryFire(CompletableFuture.java:577)
[rt.jar:1.8.0_162]
at
java.util.concurrent.CompletableFuture.postComplete(CompletableFuture.java:474)
[rt.jar:1.8.0_162]
at
java.util.concurrent.CompletableFuture.complete(CompletableFuture.java:1962)
[rt.jar:1.8.0_162]
at
org.infinispan.remoting.transport.jgroups.SingleResponseFuture.call(SingleResponseFuture.java:46)
[infinispan-core-8.2.8.Final.jar:8.2.8.Final]
at
org.infinispan.remoting.transport.jgroups.SingleResponseFuture.call(SingleResponseFuture.java:17)
[infinispan-core-8.2.8.Final.jar:8.2.8.Final]
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
[rt.jar:1.8.0_162]
at
java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180)
[rt.jar:1.8.0_162]
at
java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293)
[rt.jar:1.8.0_162]
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
[rt.jar:1.8.0_162]
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
[rt.jar:1.8.0_162]
at java.lang.Thread.run(Thread.java:748) [rt.jar:1.8.0_162]
2018-10-04 18:07:22.712 ERROR
[org.infinispan.interceptors.InvocationContextInterceptor] (Timer-2)
ISPN000136: Error executing command PutKeyValueCommand, writing keys
[task::ClearExpiredEvents]:
org.infinispan.util.concurrent.TimeoutException: Replication timeout for
keycloak-216
at
org.infinispan.remoting.transport.jgroups.JGroupsTransport.checkRsp(JGroupsTransport.java:827)
[infinispan-core-8.2.8.Final.jar:8.2.8.Final]
at
org.infinispan.remoting.transport.jgroups.JGroupsTransport.lambda$invokeRemotelyAsync$0(JGroupsTransport.java:628)
[infinispan-core-8.2.8.Final.jar:8.2.8.Final]
at
java.util.concurrent.CompletableFuture.uniApply(CompletableFuture.java:602)
[rt.jar:1.8.0_162]
at
java.util.concurrent.CompletableFuture$UniApply.tryFire(CompletableFuture.java:577)
[rt.jar:1.8.0_162]
at
java.util.concurrent.CompletableFuture.postComplete(CompletableFuture.java:474)
[rt.jar:1.8.0_162]
at
java.util.concurrent.CompletableFuture.complete(CompletableFuture.java:1962)
[rt.jar:1.8.0_162]
at
org.infinispan.remoting.transport.jgroups.SingleResponseFuture.call(SingleResponseFuture.java:46)
[infinispan-core-8.2.8.Final.jar:8.2.8.Final]
at
org.infinispan.remoting.transport.jgroups.SingleResponseFuture.call(SingleResponseFuture.java:17)
[infinispan-core-8.2.8.Final.jar:8.2.8.Final]
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
[rt.jar:1.8.0_162]
at
java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180)
[rt.jar:1.8.0_162]
at
java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293)
[rt.jar:1.8.0_162]
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
[rt.jar:1.8.0_162]
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
[rt.jar:1.8.0_162]
at java.lang.Thread.run(Thread.java:748) [rt.jar:1.8.0_162]
2018-10-04 18:07:32.723 ERROR
[org.infinispan.interceptors.InvocationContextInterceptor] (Timer-2)
ISPN000136: Error executing command PutKeyValueCommand, writing keys
[task::ClearExpiredEvents]:
org.infinispan.util.concurrent.TimeoutException: Replication timeout for
keycloak-216
at
org.infinispan.remoting.transport.jgroups.JGroupsTransport.checkRsp(JGroupsTransport.java:827)
[infinispan-core-8.2.8.Final.jar:8.2.8.Final]
My cache configurations looks like:
standalone-ha.xml
------------------------
<subsystem xmlns="urn:jboss:domain:infinispan:4.0">
<cache-container name="keycloak"
jndi-name="infinispan/Keycloak">
<transport lock-timeout="60000"/>
<local-cache name="realms">
<eviction max-entries="10000" strategy="LRU"/>
</local-cache>
<local-cache name="users">
<eviction max-entries="10000" strategy="LRU"/>
</local-cache>
<distributed-cache name="sessions" mode="SYNC" owners="2"/>
<distributed-cache name="authenticationSessions"
mode="SYNC" owners="2"/>
<distributed-cache name="offlineSessions" mode="SYNC"
owners="2">
<eviction max-entries="10000" strategy="LRU"/>
</distributed-cache>
<distributed-cache name="clientSessions" mode="SYNC"
owners="2">
<eviction max-entries="1000000" strategy="LRU"/>
</distributed-cache>
<distributed-cache name="offlineClientSessions" mode="SYNC"
owners="2">
<eviction max-entries="10000" strategy="LRU"/>
</distributed-cache>
<distributed-cache name="loginFailures" mode="SYNC"
owners="2">
<eviction max-entries="10000" strategy="LRU"/>
</distributed-cache>
<local-cache name="authorization">
<eviction max-entries="10000" strategy="LRU"/>
</local-cache>
<replicated-cache name="work" mode="SYNC"/>
<local-cache name="keys">
<eviction max-entries="1000" strategy="LRU"/>
<expiration max-idle="3600000"/>
</local-cache>
<distributed-cache name="actionTokens" mode="SYNC"
owners="2">
<eviction max-entries="-1" strategy="NONE"/>
<expiration max-idle="-1" interval="300000"/>
</distributed-cache>
</cache-container>
<cache-container name="server" aliases="singleton cluster"
default-cache="default" module="org.wildfly.clustering.server">
<transport lock-timeout="60000"/>
<replicated-cache name="default">
<transaction mode="BATCH"/>
</replicated-cache>
</cache-container>
<cache-container name="web" default-cache="dist"
module="org.wildfly.clustering.web.infinispan">
<transport lock-timeout="60000"/>
<distributed-cache name="dist">
<locking isolation="REPEATABLE_READ"/>
<transaction mode="BATCH"/>
<file-store/>
</distributed-cache>
</cache-container>
<cache-container name="ejb" aliases="sfsb" default-cache="dist"
module="org.wildfly.clustering.ejb.infinispan">
<transport lock-timeout="60000"/>
<distributed-cache name="dist">
<locking isolation="REPEATABLE_READ"/>
<transaction mode="BATCH"/>
<file-store/>
</distributed-cache>
</cache-container>
<cache-container name="hibernate" default-cache="local-query"
module="org.hibernate.infinispan">
<transport lock-timeout="60000"/>
<local-cache name="local-query">
<eviction strategy="LRU" max-entries="10000"/>
<expiration max-idle="100000"/>
</local-cache>
<invalidation-cache name="entity">
<transaction mode="NON_XA"/>
<eviction strategy="LRU" max-entries="10000"/>
<expiration max-idle="100000"/>
</invalidation-cache>
<replicated-cache name="timestamps" mode="ASYNC"/>
</cache-container>
</subsystem>
------------------------------------------
Thanks & Regds,
Upananda Singha
5 years, 7 months
Deadlock on KC 4.0 with Mysql 5.7
by Henning Waack
Dear all.
Using KC 4.0 with Mysql 5.7 (both not clustered) I get the following
Deadlock exception in Wildfly when running a minor load test (in which I
create new KC users concurrently):
22:01:24,843 ERROR [org.keycloak.services.error.KeycloakErrorHandler]
(default task-87) Uncaught server error:
javax.persistence.PersistenceException:
org.hibernate.exception.LockAcquisitionException: could not execute
statement
at
org.hibernate.jpa.spi.AbstractEntityManagerImpl.convert(AbstractEntityManagerImpl.java:1692)
at
org.hibernate.jpa.spi.AbstractEntityManagerImpl.convert(AbstractEntityManagerImpl.java:1602)
at
org.hibernate.jpa.spi.AbstractEntityManagerImpl.throwPersistenceException(AbstractEntityManagerImpl.java:1700)
at
org.hibernate.jpa.spi.AbstractQueryImpl.executeUpdate(AbstractQueryImpl.java:70)
at org.keycloak.models.jpa.UserAdapter.removeAttribute(UserAdapter.java:162)
at org.keycloak.models.jpa.UserAdapter.setAttribute(UserAdapter.java:138)
at
org.keycloak.services.resources.admin.UserResource.updateUserFromRep(UserResource.java:224)
at
org.keycloak.services.resources.admin.UsersResource.createUser(UsersResource.java:121)
at sun.reflect.GeneratedMethodAccessor735.invoke(Unknown Source)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at
org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:140)
at
org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:295)
at
org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:249)
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:138)
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:107)
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:133)
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:107)
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:133)
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:101)
at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:406)
at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:213)
at
org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:228)
at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
at
io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
at
org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:90)
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
at
io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
at
io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
at
io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
at
org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
at
io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
at
io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
at
io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
at
io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
at
io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
at
io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
at
io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
at
io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
at
io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
at
io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
at
io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
at
org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)
at
org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508)
at
org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508)
at
org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508)
at
org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508)
at
io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)
at
io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
at
io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104)
at io.undertow.server.Connectors.executeRootHandler(Connectors.java:326)
at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:812)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
Caused by: org.hibernate.exception.LockAcquisitionException: could not
execute statement
at org.hibernate.dialect.MySQLDialect$3.convert(MySQLDialect.java:511)
at
org.hibernate.exception.internal.StandardSQLExceptionConverter.convert(StandardSQLExceptionConverter.java:42)
at
org.hibernate.engine.jdbc.spi.SqlExceptionHelper.convert(SqlExceptionHelper.java:111)
at
org.hibernate.engine.jdbc.spi.SqlExceptionHelper.convert(SqlExceptionHelper.java:97)
at
org.hibernate.engine.jdbc.internal.ResultSetReturnImpl.executeUpdate(ResultSetReturnImpl.java:207)
at
org.hibernate.engine.jdbc.batch.internal.NonBatchingBatch.addToBatch(NonBatchingBatch.java:45)
at
org.hibernate.persister.entity.AbstractEntityPersister.insert(AbstractEntityPersister.java:2999)
at
org.hibernate.persister.entity.AbstractEntityPersister.insert(AbstractEntityPersister.java:3499)
at
org.hibernate.action.internal.EntityInsertAction.execute(EntityInsertAction.java:89)
at org.hibernate.engine.spi.ActionQueue.executeActions(ActionQueue.java:589)
at org.hibernate.engine.spi.ActionQueue.executeActions(ActionQueue.java:463)
at
org.hibernate.event.internal.AbstractFlushingEventListener.performExecutions(AbstractFlushingEventListener.java:337)
at
org.hibernate.event.internal.DefaultAutoFlushEventListener.onAutoFlush(DefaultAutoFlushEventListener.java:50)
at
org.hibernate.internal.SessionImpl.autoFlushIfRequired(SessionImpl.java:1264)
at org.hibernate.internal.SessionImpl.executeUpdate(SessionImpl.java:1356)
at org.hibernate.internal.QueryImpl.executeUpdate(QueryImpl.java:102)
at
org.hibernate.jpa.internal.QueryImpl.internalExecuteUpdate(QueryImpl.java:405)
at
org.hibernate.jpa.spi.AbstractQueryImpl.executeUpdate(AbstractQueryImpl.java:61)
... 65 more
Caused by: java.sql.SQLTransactionRollbackException: (conn=1038) Deadlock
found when trying to get lock; try restarting transaction
at
org.mariadb.jdbc.internal.util.exceptions.ExceptionMapper.get(ExceptionMapper.java:179)
at
org.mariadb.jdbc.internal.util.exceptions.ExceptionMapper.getException(ExceptionMapper.java:110)
at
org.mariadb.jdbc.MariaDbStatement.executeExceptionEpilogue(MariaDbStatement.java:228)
at
org.mariadb.jdbc.MariaDbPreparedStatementClient.executeInternal(MariaDbPreparedStatementClient.java:216)
at
org.mariadb.jdbc.MariaDbPreparedStatementClient.execute(MariaDbPreparedStatementClient.java:150)
at
org.mariadb.jdbc.MariaDbPreparedStatementClient.executeUpdate(MariaDbPreparedStatementClient.java:183)
at
org.jboss.jca.adapters.jdbc.WrappedPreparedStatement.executeUpdate(WrappedPreparedStatement.java:537)
at
org.hibernate.engine.jdbc.internal.ResultSetReturnImpl.executeUpdate(ResultSetReturnImpl.java:204)
... 78 more
Caused by: java.sql.SQLException: Deadlock found when trying to get lock;
try restarting transaction
Query is: insert into USER_ATTRIBUTE (NAME, USER_ID, VALUE, ID) values (?,
?, ?, ?), parameters
['systemReferenceId','177a0641-8214-41a5-b919-678f636392cb','fqYtvpMXRs','4a84a120-648e-4003-bca6-4335ddc77c35']
at
org.mariadb.jdbc.internal.util.LogQueryTool.exceptionWithQuery(LogQueryTool.java:153)
at
org.mariadb.jdbc.internal.protocol.AbstractQueryProtocol.executeQuery(AbstractQueryProtocol.java:255)
at
org.mariadb.jdbc.MariaDbPreparedStatementClient.executeInternal(MariaDbPreparedStatementClient.java:209)
... 82 more
The respective codes (UserAdapter.java and UserAttributeEntity.java) have
not been touch for some time, so I wonder if I have configured
Wildfly/Mysql/Keycloak wrongly, or if this is an ill-advised combination
(KC 4.x with Mysql 5.7). Any ideas?
Thanks & greetings
Henning
5 years, 7 months
Problem with login using Keycloak + Spring Security Adapter in Multi Tenancy mode
by Mattia Bello
Hello,
i am using keycloak with the keycloak Spring Security adapter and a multi tenancy configuration.
I need to manage the following use case:
I want to use only a single login page where user must enter the realm, username and password.
I can't use the standard keycloak login page because keycloak needs to know the realm before showing the relative login page.
How can I do that?
Does exist a way to pass to keycloak these three fields in a single form ?
Thank's to all.
Mattia Bello
Developer
[Descrizione: cid:image001.jpg@01CEB308.188717E0]
Horsa S.p.A.
Via Cadorna, 67
Vimodrone (MI)
Mobile (+39) 347 37 64 875
www.horsa.it<http://www.horsa.it/>
5 years, 7 months
