NPE in SegmentKeyTracker.track method
by Nicolas Ocquidant
Hi
Still trying to start KC with millions of sessions in my JDBC store (remote
cache):
http://lists.jboss.org/pipermail/keycloak-user/2018-November/016393.html
So now, and after the patch made by William Burns, no more OOM, see
https://issues.jboss.org/browse/ISPN-9752
But then, I got the following exception during startup, see below. Note,
there is a TODO in the code:
public boolean track(byte[] key, short status, ClassWhiteList whitelist) {
int segment = HotRodConstants.hasCompatibility(status) ?
segmentConsistentHash.getSegment(dataFormat.keyToObj(key,
status, whitelist)) :
segmentConsistentHash.getSegment(key);
Set<WrappedByteArray> keys = keysPerSegment.get(segment);
// TODO: this assertion may fail due to ISPN
assert keys != null : "Segment " + segment + " not initialized,
tracking key " + Util.toStr(key);
boolean result = keys.add(new WrappedByteArray(key));
if (trace)
log.trackingSegmentKey(Util.printArray(key), segment, !result);
return result;
}
Do I have a workaround?
Thanks
--nick
22:35:55,749 WARN
[org.infinispan.client.hotrod.impl.iteration.RemoteCloseableIterator]
(pool-16-thread-3) Error reaching the server during iteration:
org.infinispan.client.hotrod.exceptions.TransportException::
java.lang.NullPointerException
at org.infinispan.client.hotrod.impl.Util.rewrap(Util.java:54)
at org.infinispan.client.hotrod.impl.Util.await(Util.java:27)
at
org.infinispan.client.hotrod.impl.iteration.RemoteCloseableIterator.fetch(RemoteCloseableIterator.java:117)
at
org.infinispan.client.hotrod.impl.iteration.RemoteCloseableIterator.fetch(RemoteCloseableIterator.java:131)
at
org.infinispan.client.hotrod.impl.iteration.RemoteCloseableIterator.fetch(RemoteCloseableIterator.java:131)
at
org.infinispan.client.hotrod.impl.iteration.RemoteCloseableIterator.fetch(RemoteCloseableIterator.java:131)
at
org.infinispan.client.hotrod.impl.iteration.RemoteCloseableIterator.fetch(RemoteCloseableIterator.java:131)
at
org.infinispan.client.hotrod.impl.iteration.RemoteCloseableIterator.hasNext(RemoteCloseableIterator.java:99)
at
org.keycloak.models.sessions.infinispan.remotestore.RemoteCacheSessionsLoader.loadSessions(RemoteCacheSessionsLoader.java:108)
at
org.keycloak.models.sessions.infinispan.remotestore.RemoteCacheSessionsLoader.loadSessions(RemoteCacheSessionsLoader.java:45)
at
org.keycloak.models.sessions.infinispan.initializer.SessionInitializerWorker$1.run(SessionInitializerWorker.java:71)
at
org.keycloak.models.utils.KeycloakModelUtils.runJobInTransaction(KeycloakModelUtils.java:228)
at
org.keycloak.models.sessions.infinispan.initializer.SessionInitializerWorker.call(SessionInitializerWorker.java:67)
at
org.keycloak.models.sessions.infinispan.initializer.SessionInitializerWorker.call(SessionInitializerWorker.java:34)
at
org.infinispan.commands.read.DistributedExecuteCommand.invokeAsync(DistributedExecuteCommand.java:99)
at
org.infinispan.distexec.DefaultExecutorService$LocalDistributedTaskPart.lambda$execute$1(DefaultExecutorService.java:1060)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
Caused by: java.lang.NullPointerException
at
org.infinispan.client.hotrod.impl.iteration.SegmentKeyTracker.track(SegmentKeyTracker.java:50)
at
org.infinispan.client.hotrod.impl.operations.IterationNextOperation.acceptResponse(IterationNextOperation.java:111)
at
org.infinispan.client.hotrod.impl.transport.netty.HeaderDecoder.decode(HeaderDecoder.java:144)
at
org.infinispan.client.hotrod.impl.transport.netty.HintedReplayingDecoder.callDecode(HintedReplayingDecoder.java:98)
at
io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:265)
at
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362)
at
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348)
at
io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340)
at
io.netty.handler.timeout.IdleStateHandler.channelRead(IdleStateHandler.java:286)
at
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362)
at
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348)
at
io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340)
at
io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1434)
at
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362)
at
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348)
at
io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:965)
at
io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:163)
at
io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:647)
at
io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:582)
at
io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:499)
at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:461)
at
io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:884)
... 3 more
5 years, 5 months
Prefill Custom Attribute for User
by Louie, Betty
Hi All,
I’m trying to pass along a value to be set as a custom attribute on the user when they register for a keycloak account. I was trying to implement something along the lines of this http://lists.jboss.org/pipermail/keycloak-user/2018-May/013874.html where the value gets passed along as a query param and I grab the value from the query string and set it as a user attribute in a script. This isn’t reliable because if the registration form doesn’t pass the necessary validation, the page is refreshed and the query parameters are removed from the url.
I was wondering if anyone else has needed to pass along a value to be prefilled on the registration form and how you were able to get around it or if there is another way to keep hold of some value before and after the user registers for an account.
Thanks,
Betty
5 years, 5 months
docker images 4.6.0.Final
by Pierre Nowak
Hello,
When I login to the admin console and do any operation I get an error, the
logs are :
16:35:35,883 ERROR [org.keycloak.services.error.KeycloakErrorHandler]
(default task-2) Uncaught server error: java.lang.NullPointerException
at org.keycloak.services.resources.Cors.build(Cors.java:193)
at
org.keycloak.services.resources.admin.AdminRoot.getRealmsAdmin(AdminRoot.java:211)
at sun.reflect.GeneratedMethodAccessor444.invoke(Unknown Source)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at
org.jboss.resteasy.core.ResourceLocatorInvoker.createResource(ResourceLocatorInvoker.java:69)
at
org.jboss.resteasy.core.ResourceLocatorInvoker.createResource(ResourceLocatorInvoker.java:48)
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:99)
at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:443)
at
org.jboss.resteasy.core.SynchronousDispatcher.lambda$invoke$4(SynchronousDispatcher.java:233)
at
org.jboss.resteasy.core.SynchronousDispatcher.lambda$preprocess$0(SynchronousDispatcher.java:139)
at
org.jboss.resteasy.core.interception.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:358)
at
org.jboss.resteasy.core.SynchronousDispatcher.preprocess(SynchronousDispatcher.java:142)
at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:219)
at
org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:227)
at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:791)
at
io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74)
at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
at
org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:90)
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
at
io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
at
io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
at
io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
at
io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
at
org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:132)
at
io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
at
io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
at
io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
at
io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
at
io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
at
io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
at
io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
at
io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
at
io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
at
io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
at
io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
at
org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)
at
org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502)
at
org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502)
at
org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502)
at
org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502)
at
io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)
at
io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
at
io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104)
at io.undertow.server.Connectors.executeRootHandler(Connectors.java:360)
at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:830)
at
org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
at
org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985)
at
org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487)
at
org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1378)
at java.lang.Thread.run(Thread.java:748)
with the 4.3.0.Final tag it works but with 4.6 (& 4.5) it's broken, any
idea ?
btw I run keycloak with the following comand:
docker run -d --name keycloak \
-p 8080:8080 \
--restart always \
--net keycloak \
-e "DB_VENDOR=MYSQL" \
-e "KEYCLOAK_USER=${KEYCLOAK_USER}" \
-e "KEYCLOAK_PASSWORD=${KEYCLOAK_PASSWORD}" \
-e "KEYCLOAK_LOGLEVEL=DEBUG" \
-e "PROXY_ADDRESS_FORWARDING=true" \
-e "DB_ADDR=mysql" \
-e "DB_DATABASE=keycloak" \
-e "DB_USER=${MYSQL_USER}" \
-e "DB_PASSWORD=${MYSQL_PASSWORD}" \
jboss/keycloak:4.6.0.Final
5 years, 5 months
running 2 different keycloak clusters sharing the same database ( 1 cluster to create new realms, and another for all other access)
by Madhu
Hi,
Have a weird question, I want to run 2 different keycloak clusters, one for creating realms and another for accessing realms/login and all other activity.
Is this kind of setup possible, have any body tried it before?
The 1st cluster just takes requests for provisioning new realms and any one time setup (like creating the admin user in realm, giving him specific access only etc)
After that, all interactions login, token creating, provisioning further user etc will take place through the other cluster..
I see that realm creation in my case ( realm has few user groups, client scopes, mappers (java script mapper), other custom mappers, about 10 clients, client specific roles etc) is a cpu intensive process and realm creation when we have about 80 to 100 relams(tenants) takes any where between 20 to 30 sec with cpu usage spiking to 100%.
So, wanted to test if having a separate instance/cluster for realm creation will help and ease the load on other cluster which servers typical login/logout and all other requests. Any insights here will be much appreciated.
- Would like to know if this could corrupt the keycloak schema?- I am ok if the new realms are not eagerly loaded in infispan cache (of the other cluster which handles regular request), but this should start loading the new realm the moment a login request comes ( i am ok for the first few logins to be slow).
RegardsMadhu
5 years, 5 months
Keycloak Admin Realm is not upgraded on Keycloak upgrade from v3.0 to v4.5
by Deepti Tyagi
Hi Team,
I am working on upgrading our in-house Keycloak Server from v3.0 to v4.5. Facing issue on trying to re-use old custom admin realm. Is there any way we can re-use the old admin realm or preserve at least users?
We have another Wildfly 10 application that use Keycloak v3.0 for authentication purpose using a custom admin realm (custom-realm.json) that have multiple clients, roles, users and protocol mappers.
While upgrading keycloak, I had run migration scripts to upgrade standalone, domain.xmls. Postgres DB also gets upgraded and able to login to Keycloak using the same admin user in v3.0.
Though, our Wildfly 10 application isn't able to authenticate with keycloak using that old custom-realm (with new jboss adapters even).
I had to re-create a new custom admin realm, created same clients, roles, users to make it work. And had to trash old realm that deleted all users also.
I also tried multiple workarounds like;
1. Created a new custom-realm on v4.5 and compared with v3.0 on keycloak UI, no visible difference.
2. Partially re-imported new custom realm having same clients and roles. No help.
3. Trashed old realm and imported new custom realm, then tried partially importing old custom realm users. Its not allowed. (KC-SERVICES0037: Error creating user: java.lang.RuntimeException: Unable to find client role mappings for client: ds-data)
With the 3rd attempt, I can see at least keycloak login page on our wildfly 10 application but can not login till I create admin user manually.
With 1st and 2nd attempt, I do not even see keycloak login page on our wildfly 10 application and below exception is thrown in keycloak server.log.
2018-11-20 23:56:30,691 WARN [org.keycloak.events] (default task-2) type=LOGIN_ERROR, realmId=DecisionSpace_Integration_Server, clientId=dsis-console, userId=null, ipAddress=127.0.0.1, error=invalid_user_credentials, auth_method=openid-connect, auth_type=code, response_type=code, redirect_uri=http://localhost:8080/dsdataserver-console/, code_id=a50ff093-64b8-43d2-a353-2a3ec1346297, response_mode=query
2018-11-20 23:56:30,692 ERROR [org.keycloak.services.error.KeycloakErrorHandler] (default task-2) Uncaught server error: java.lang.NullPointerException
at org.keycloak.theme.ExtendingThemeManager.loadTheme(ExtendingThemeManager.java:117)
at org.keycloak.theme.ExtendingThemeManager.getTheme(ExtendingThemeManager.java:95)
at org.keycloak.theme.DefaultThemeManager.getTheme(DefaultThemeManager.java:26)
at org.keycloak.theme.DefaultThemeManager.getTheme(DefaultThemeManager.java:21)
at org.keycloak.forms.login.freemarker.FreeMarkerLoginFormsProvider.getTheme(FreeMarkerLoginFormsProvider.java:267)
at org.keycloak.forms.login.freemarker.FreeMarkerLoginFormsProvider.createResponse(FreeMarkerLoginFormsProvider.java:160)
at org.keycloak.forms.login.freemarker.FreeMarkerLoginFormsProvider.createErrorPage(FreeMarkerLoginFormsProvider.java:506)
at org.keycloak.services.ErrorPage.error(ErrorPage.java:31)
at org.keycloak.authentication.AuthenticationProcessor.handleBrowserException(AuthenticationProcessor.java:728)
at org.keycloak.protocol.AuthorizationEndpointBase.handleBrowserAuthenticationRequest(AuthorizationEndpointBase.java:143)
at org.keycloak.protocol.oidc.endpoints.AuthorizationEndpoint.buildAuthorizationCodeAuthorizationResponse(AuthorizationEndpoint.java:409)
at org.keycloak.protocol.oidc.endpoints.AuthorizationEndpoint.process(AuthorizationEndpoint.java:152)
at org.keycloak.protocol.oidc.endpoints.AuthorizationEndpoint.buildGet(AuthorizationEndpoint.java:108)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:140)
at org.jboss.resteasy.core.ResourceMethodInvoker.internalInvokeOnTarget(ResourceMethodInvoker.java:510)
at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTargetAfterFilter(ResourceMethodInvoker.java:401)
at org.jboss.resteasy.core.ResourceMethodInvoker.lambda$invokeOnTarget$0(ResourceMethodInvoker.java:365)
at org.jboss.resteasy.core.interception.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:361)
at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:367)
at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:339)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:137)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:106)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:132)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:100)
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:441)
at org.jboss.resteasy.core.SynchronousDispatcher.lambda$invoke$4(SynchronousDispatcher.java:231)
at org.jboss.resteasy.core.SynchronousDispatcher.lambda$preprocess$0(SynchronousDispatcher.java:137)
at org.jboss.resteasy.core.interception.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:361)
at org.jboss.resteasy.core.SynchronousDispatcher.preprocess(SynchronousDispatcher.java:140)
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:217)
at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:227)
at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74)
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
at org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:90)
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
at io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:132)
at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
at org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1514)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1514)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1514)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1514)
at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)
at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104)
at io.undertow.server.Connectors.executeRootHandler(Connectors.java:360)
at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:830)
at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1378)
at java.lang.Thread.run(Thread.java:748)
Thanks,
Deepti
----------------------------------------------------------------------
This e-mail, including any attached files, may contain confidential and privileged information for the sole use of the intended recipient. Any review, use, distribution, or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorized to receive information for the intended recipient), please contact the sender by reply e-mail and delete all copies of this message.
5 years, 5 months
group mapper per client
by Ronald Demneri
Hello everyone,
Please forgive me if this was already asked previously. After creating the LDAP connection (read-only) and some LDAP mappers, I am trying to figure out a way how to allow login to clients for users in respective groups in AD, for example for client app1 allow login to users that are members of AD_group_app1; if account is not a member of the app1 group in AD, then he should not be allowed to login. Is it also possible to do it via role mappings? Please note that we'd like to avoid modification of AD at all costs.
Thanks in advance,
Ronald
5 years, 5 months
Limit re-send verification emails
by Viktor Chuchurski
Hello all,
I have a question regarding re-sending of verification emails.
Is it somehow possible to configure how often can the user request a
re-send?
As far as I looked, currently there is no check when the last re-send was
requested, which allows a third party to spam "click" the resend button and
cause problems on the mail server.
Thanks in advance,
Viktor
5 years, 5 months
Feature request: create UMA permission ticket by resource_type
by Geoffrey Cleaves
It occurs to me that it might be useful to create permission tickets by
resource_type and I don't think it's possible today.
If I am a resource server and somebody hits the GET endpoint /api/recipes
where recipe is a resource_type, then we would request a ticket that has
the permissions to all recipes. That way the resource server knows which
ones to list while easing the load a little bit on Keycloack by not asking
to evaluate all the resources, only recipes.
Makes sense to you, Pedro? If so, I can open a feature request in JIRA.
Geoff
5 years, 5 months
Re: [keycloak-user] Client Registration performance
by Andrea Pasqualini
As you can see here,
https://issues.jboss.org/browse/KEYCLOAK-8275
It seems that there are currently problems with a large number of clients.
This is becoming a big lack for keycloaks
Andrea Pasqualini
>Hello Keycloak Users!
>
>We are planning on using the Client Registration flow for setting up
>clients on login.
>This is mainly to more clearly identify each individual device a user
>has logged in with.
>
>Are there anyone using this feature in production with a large number
>of clients?
>With our current stats, we would probably end up with a few million
>clients by the end of the year.
>
>1. Will this scale well with the way Keycloak works?
>2. If a user loses their device, how should a full revoke & logout be performed?
>3. Is there an alternative approach to give each user more control
>over their device and session?
>
>Thanks,
>Eivind Larsen
5 years, 5 months
