December 2018 - keycloak-user - Jboss List Archives

by Pavel Maslov

Hi, Am I right in presuming that the refresh token expiration time is controlled by the SSO Session Idle property in the web UI? Thanks. Regards, Pavel Maslov, MS

5 years, 11 months

1
0
0 / 0

Adding new security-realm using CLI

by Kunal Kumar

I intend to use SSL for my Keycloak Server. So I am following the documentation from Keycloak for it. At one point they mentioned have to add a new security-realm using the CLI. But I have no idea how to use the CLI to input this /core-service=management/security-realm=UndertowRealm:add() It keeps saying it is not a recognized command. Any ideas? Regards, Kunal

5 years, 11 months

1
0
0 / 0

Re : Setting authentication execution requirement via kcadm.sh?

by triton oidc

Hi Craig, i'm not an expert, but here is what i did to set my execution value to REQUIRED : create a json with {"id":[ID_OF_YOUR_EXECUTION],"requirement":"REQUIRED"} put it in a file my_file.json you can have the id of you execution using this command ./kcadm.sh get authentication/flows/[your_flow]/executions --format csv -r $keycloak_new_realm --fields id | tr -d '\n' and you can import the file using this command : ./kcadm.sh update authentication/flows/[your_flow]/executions -r $keycloak_new_realm -f my_file.json There is probably a better way but i didn't found it hope it helps Amaury On Mon, Oct 15, 2018 at 1:07 PM <keycloak-user-request(a)lists.jboss.org> wrote: > Send keycloak-user mailing list submissions to > keycloak-user(a)lists.jboss.org > > To subscribe or unsubscribe via the World Wide Web, visit > https://lists.jboss.org/mailman/listinfo/keycloak-user > or, via email, send a message with subject or body 'help' to > keycloak-user-request(a)lists.jboss.org > > You can reach the person managing the list at > keycloak-user-owner(a)lists.jboss.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of keycloak-user digest..." > > > Today's Topics: > > 1. Setting authentication execution requirement via kcadm.sh? > (Craig Setera) > 2. org.keycloak.broker.oidc.mappers.ClaimToRoleMapper does not > update user roles (Philippe Gauthier) > 3. Re: Unrecognized field "authenticationFlowBindingOverrides" > (Fabio Ebner) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Mon, 15 Oct 2018 07:21:30 -0500 > From: Craig Setera <craig(a)baseventure.com> > Subject: [keycloak-user] Setting authentication execution requirement > via kcadm.sh? > To: keycloak-user(a)lists.jboss.org > Message-ID: > < > CAPVdwjq1oyjCom4_A0TBJ8m3KBCgit5nOqMCGqKP4t2RU6zb5Q(a)mail.gmail.com> > Content-Type: text/plain; charset="UTF-8" > > I'm trying to figure out if it is possible to set the "requirement" level > of an execution that is created for an authentication flow via the kcadm > tool. I have a shell script that I'm using to set up the Keycloak > configuration that looks like the following: > > > *echo "Creating new authentication flow..."AUTO_LINK_FLOW_ID=`${KCADM} > create authentication/flows --id -r ${REALM_NAME} -s > alias="FirstBrokerLoginAutoLink" -s providerId="basic-flow" -s > topLevel=true`* > > > > *echo "Adding unique authenticator..."${KCADM} create > authentication/flows/FirstBrokerLoginAutoLink/executions/execution --id -r > ${REALM_NAME} \ -s provider=idp-create-user-if-unique -s > requirement=ALTERNATIVE -s priority=10* > > > > > *echo "Adding auto link authenticator..."${KCADM} create > authentication/flows/FirstBrokerLoginAutoLink/executions/execution -r > ${REALM_NAME} \ -s provider=idp-auto-link -s requirement=ALTERNATIVE -s > priority=20* > With this script, I'm seeing the flow and executions created, but the > requirement seems to be ignored. In this case, the executions are always > set to DISABLED. I've tried to follow that up with an update call that > looks like this: > > > > > > > *echo "Adding unique authenticator..."EXECUTION_ID=`${KCADM} create > authentication/flows/FirstBrokerLoginAutoLink/executions/execution --id -r > ${REALM_NAME} \ -s provider=idp-create-user-if-unique -s > requirement=ALTERNATIVE -s priority=10`${KCADM} update > authentication/flows/FirstBrokerLoginAutoLink/executions -r ${REALM_NAME} > \ -s id=${EXECUTION_ID} -s requirement=ALTERNATIVE* > > However, that is failing with the following error: > > > > *HTTP request error: Can not deserialize instance of > com.fasterxml.jackson.databind.node.ObjectNode out of START_ARRAY tokenat > [Source: [B@527ee8a7; line: 1, column: 1]* > Can anyone offer any suggestions on how to get this authentication flow > properly configured so that the executions are set to ALTERNATIVE? > > Thanks! > Craig > > ================================= > *Craig Setera* > > *Chief Technology Officer* > > > ------------------------------ > > Message: 2 > Date: Mon, 15 Oct 2018 12:45:04 +0000 > From: Philippe Gauthier <philippe.gauthier(a)inspq.qc.ca> > Subject: [keycloak-user] > org.keycloak.broker.oidc.mappers.ClaimToRoleMapper does not update > user roles > To: "keycloak-user(a)lists.jboss.org" <keycloak-user(a)lists.jboss.org> > Cc: ?tienne Sadio <etienne.sadio(a)inspq.qc.ca> > Message-ID: > < > YTOPR0101MB141798E50DFEF73BB8C32857B1FD0(a)YTOPR0101MB1417.CANPRD01.PROD.OUTLOOK.COM > > > > Content-Type: text/plain; charset="iso-8859-1" > > Hi > > > I saw a 2017 post from Simon Payne about ClaimToRoleMapper and I cannot > find any answers for his question. > > http://lists.jboss.org/pipermail/keycloak-user/2017-October/012129.html > > > This post was about ClaimToRoleMapper class of the OIDC broker component. > This class search for a claim, check for its value and grant a role if the > value is equals to the value specified in the configuration. > > > If the user from the IdP is not known by Keycloak, it will be created by > the First Broker Login Flow and the role will be granted. > > > If the user is already known by Keycloak, he have the role specified by > the mapper and he don't have the claim anymore, the role will be revocated. > > > But. If the user is known by Keycloak, he don't have the role specified by > the mapper and he have the claim, Keycloak does not grant him the role. > > > It is clear why it does this in the code but it is not clear why this have > been done that way: > > > Here is the code. > > @Override > public void importNewUser(KeycloakSession session, RealmModel realm, > UserModel user, IdentityProviderMapperModel mapperModel, > BrokeredIdentityContext context) { > String roleName = mapperModel.getConfig().get(ConfigConstants.ROLE); > if (hasClaimValue(mapperModel, context)) { > RoleModel role = KeycloakModelUtils.getRoleFromString(realm, > roleName); > if (role == null) throw new IdentityBrokerException("Unable to > find role: " + roleName); > user.grantRole(role); > } > } > > @Override > public void updateBrokeredUser(KeycloakSession session, RealmModel > realm, UserModel user, IdentityProviderMapperModel mapperModel, > BrokeredIdentityContext context) { > String roleName = mapperModel.getConfig().get(ConfigConstants.ROLE); > if (!hasClaimValue(mapperModel, context)) { > RoleModel role = KeycloakModelUtils.getRoleFromString(realm, > roleName); > if (role == null) throw new IdentityBrokerException("Unable to > find role: " + roleName); > user.deleteRoleMapping(role); > } > /* Maybe we should add an else here that does what the importNewUser > does. > } > Thankyou > > Philippe Gauthier. > > > > ------------------------------ > > Message: 3 > Date: Mon, 15 Oct 2018 09:53:48 -0300 > From: Fabio Ebner <fabio.ebner(a)lumera.com.br> > Subject: Re: [keycloak-user] Unrecognized field > "authenticationFlowBindingOverrides" > To: Marek Posolda <mposolda(a)redhat.com> > Cc: keycloak-user(a)lists.jboss.org > Message-ID: > < > CAFxMZba+qwDnfkrggWXn6U+iY_hZYpMJ0CzMYvrtYgMmL3rQ9g(a)mail.gmail.com> > Content-Type: text/plain; charset="UTF-8" > > Marek tks I was using a old version in my pom. but after I put the correct > 4.5.0.Final when I try to start my project throw an exception: > > Caused by: java.lang.NoClassDefFoundError: > org/springframework/boot/web/server/WebServerFactoryCustomizer > > Look in the google say that class are only in springboot > 2 so I update my > project to Springboot 2.0.5.Final, now my project start but when I try to > access any url I got the error: > > in a loop: > > > > at > > org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45) > ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final] > at > > org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45) > ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final] > at > > org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45) > ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final] > at > > org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45) > ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final] > > 2018-10-15 09:50:12.363 ERROR 20936 --- [nio-8081-exec-2] > o.a.c.c.C.[Tomcat].[localhost] : Exception Processing > /favicon.ico > > java.lang.StackOverflowError: null > at > > org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45) > ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final] > at > > org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45) > ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final] > at or > > ..... > at > > org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45) > ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final] > at > > org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45) > ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final] > at > > org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45) > ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final] > > 2018-10-15 09:50:12.387 ERROR 20936 --- [nio-8081-exec-2] > o.a.c.c.C.[.[.[/].[dispatcherServlet] : Servlet.service() for servlet > [dispatcherServlet] threw exception > > java.lang.StackOverflowError: null > at > > org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45) > ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final] > at > > org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45) > ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final] > at > > org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45) > ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final] > at > > org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45) > ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final] > at > > org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45) > ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final] > at > > org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45) > ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final] > ...... > > at > > org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45) > ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final] > at > > org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45) > ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final] > at > > org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45) > ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final] > > 2018-10-15 09:50:12.399 ERROR 20936 --- [nio-8081-exec-2] > o.a.c.c.C.[Tomcat].[localhost] : Exception Processing > ErrorPage[errorCode=0, location=/error] > > javax.servlet.ServletException: Filter execution threw an exception > at > > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:200) > ~[tomcat-embed-core-8.5.34.jar:8.5.34] > at > > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) > ~[tomcat-embed-core-8.5.34.jar:8.5.34] > at > > org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:728) > ~[tomcat-embed-core-8.5.34.jar:8.5.34] > at > > org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:472) > ~[tomcat-embed-core-8.5.34.jar:8.5.34] > at > > org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:395) > ~[tomcat-embed-core-8.5.34.jar:8.5.34] > at > > org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:316) > ~[tomcat-embed-core-8.5.34.jar:8.5.34] > at > > org.apache.catalina.core.StandardHostValve.custom(StandardHostValve.java:395) > [tomcat-embed-core-8.5.34.jar:8.5.34] > at > > org.apache.catalina.core.StandardHostValve.status(StandardHostValve.java:254) > [tomcat-embed-core-8.5.34.jar:8.5.34] > at > > org.apache.catalina.core.StandardHostValve.throwable(StandardHostValve.java:349) > [tomcat-embed-core-8.5.34.jar:8.5.34] > at > > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155) > [tomcat-embed-core-8.5.34.jar:8.5.34] > at > > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81) > [tomcat-embed-core-8.5.34.jar:8.5.34] > at > > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87) > [tomcat-embed-core-8.5.34.jar:8.5.34] > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342) > [tomcat-embed-core-8.5.34.jar:8.5.34] > at > org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:800) > [tomcat-embed-core-8.5.34.jar:8.5.34] > at > > org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) > [tomcat-embed-core-8.5.34.jar:8.5.34] > at > > org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:806) > [tomcat-embed-core-8.5.34.jar:8.5.34] > at > org.apache.tomcat.util.net > .NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1498) > [tomcat-embed-core-8.5.34.jar:8.5.34] > at > org.apache.tomcat.util.net > .SocketProcessorBase.run(SocketProcessorBase.java:49) > [tomcat-embed-core-8.5.34.jar:8.5.34] > at > > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) > [na:1.8.0_162] > at > > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) > [na:1.8.0_162] > at > > org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) > [tomcat-embed-core-8.5.34.jar:8.5.34] > at java.lang.Thread.run(Thread.java:748) [na:1.8.0_162] > Caused by: java.lang.StackOverflowError: null > at > > org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45) > ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final] > at > > org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45) > ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final] > at > > org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45) > ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final] > at > > org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45) > ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final] > at > > org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45) > ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final] > at > > org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45) > ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final] > at > > org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45) > ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final] > at > > org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45) > ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final] > at > > org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45) > ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final] > at > > org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45) > ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final] > at > > org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45) > ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final] > at > > org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45) > ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final] > at > > org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45) > ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final] > at > > org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45) > ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final] > at > > org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45) > ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final] > at > > org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45) > ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final] > at > > org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45) > ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final] > at > > org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45) > ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final] > at > > org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45) > ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final] > at > > org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45) > ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final] > at > > org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45) > ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final] > at > > org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45) > ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final] > at > > org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45) > ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final] > at > > org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45) > ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final] > at > > org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45) > ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final] > at > > org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45) > ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final] > at > > org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45) > ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final] > at > > org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45) > ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final] > at > > org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45) > ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final] > at > > org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45) > ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final] > at > > org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45) > ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final] > .... > at > > org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45) > ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final] > at > > org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45) > ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final] > at > > org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45) > ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final] > > 2018-10-15 09:50:12.425 ERROR 20936 --- [nio-8081-exec-2] > o.a.c.c.C.[.[.[/].[dispatcherServlet] : Servlet.service() for servlet > [dispatcherServlet] threw exception > > java.lang.StackOverflowError: null > at > > org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45) > ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final] > at > > org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45) > ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final] > at > > org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45) > ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final] > at org.keycloak.ada > .... > at > > org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45) > ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final] > > 2018-10-15 09:50:12.437 ERROR 20936 --- [nio-8081-exec-2] > o.a.c.c.C.[Tomcat].[localhost] : Exception Processing > ErrorPage[errorCode=0, location=/error] > > javax.servlet.ServletException: Filter execution threw an exception > at > > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:200) > ~[tomcat-embed-core-8.5.34.jar:8.5.34] > at > > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) > ~[tomcat-embed-core-8.5.34.jar:8.5.34] > at > > org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:728) > ~[tomcat-embed-core-8.5.34.jar:8.5.34] > at > > org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:472) > ~[tomcat-embed-core-8.5.34.jar:8.5.34] > at > > org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:395) > ~[tomcat-embed-core-8.5.34.jar:8.5.34] > at > > org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:316) > ~[tomcat-embed-core-8.5.34.jar:8.5.34] > at > > org.apache.catalina.core.StandardHostValve.custom(StandardHostValve.java:395) > [tomcat-embed-core-8.5.34.jar:8.5.34] > at > > org.apache.catalina.core.StandardHostValve.status(StandardHostValve.java:254) > [tomcat-embed-core-8.5.34.jar:8.5.34] > at > > org.apache.catalina.core.StandardHostValve.throwable(StandardHostValve.java:349) > [tomcat-embed-core-8.5.34.jar:8.5.34] > at > > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:175) > [tomcat-embed-core-8.5.34.jar:8.5.34] > at > > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81) > [tomcat-embed-core-8.5.34.jar:8.5.34] > at > > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87) > [tomcat-embed-core-8.5.34.jar:8.5.34] > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342) > [tomcat-embed-core-8.5.34.jar:8.5.34] > at > org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:800) > [tomcat-embed-core-8.5.34.jar:8.5.34] > at > > org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) > [tomcat-embed-core-8.5.34.jar:8.5.34] > at > > org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:806) > [tomcat-embed-core-8.5.34.jar:8.5.34] > at > org.apache.tomcat.util.net > .NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1498) > [tomcat-embed-core-8.5.34.jar:8.5.34] > at > org.apache.tomcat.util.net > .SocketProcessorBase.run(SocketProcessorBase.java:49) > [tomcat-embed-core-8.5.34.jar:8.5.34] > at > > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) > [na:1.8.0_162] > at > > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) > [na:1.8.0_162] > at > > org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) > [tomcat-embed-core-8.5.34.jar:8.5.34] > at java.lang.Thread.run(Thread.java:748) [na:1.8.0_162] > Caused by: java.lang.StackOverflowError: null > at > > org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45) > ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final] > at > > org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45) > ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final] > at > > org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45) > ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final] > at > > org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45) > ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final] > at org.key > > > > Em seg, 15 de out de 2018 ?s 04:19, Marek Posolda <mposolda(a)redhat.com> > escreveu: > > > I think the field "authenticationFlowBindingOverrides" was added in some > > Keycloak 4.X version. I suggest to update Keycloak dependencies versions > > in your pom from 3.4.3.Final to same version, which your Keycloak server > > is. > > > > Marek > > > > On 13/10/18 04:18, Fabio Ebner wrote: > > > When I try to get my client wit this code: > > > > > > ClientRepresentation app1Client = > > > realmResource.clients().findByClientId("central-api").get(0); > > > > > > > > > that error return: > > > > > > javax.ws.rs.client.ResponseProcessingException: > > > javax.ws.rs.ProcessingException: > > > com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException: > > > Unrecognized field "authenticationFlowBindingOverrides" (class > > > org.keycloak.representations.idm.ClientRepresentation), not marked as > > > ignorable (38 known properties: "enabled", "clientAuthenticatorType", > > > "redirectUris", "clientId", "authorizationServicesEnabled", "name", > > > "implicitFlowEnabled", "registeredNodes", "nodeReRegistrationTimeout", > > > "publicClient", "attributes", "protocol", "webOrigins", > > "protocolMappers", > > > "id", "baseUrl", "surrogateAuthRequired", "adminUrl", > "fullScopeAllowed", > > > "frontchannelLogout", "clientTemplate", "directGrantsOnly", "rootUrl", > > > "secret", "useTemplateMappers", "notBefore", "useTemplateScope", > > > "standardFlowEnabled", "description", "directAccessGrantsEnabled", > > > "useTemplateConfig", "serviceAccountsEnabled", "consentRequired", > > "access", > > > "bearerOnly", "registrationAccessToken", "defaultRoles", > > > "authorizationSettings"]) > > > > > > > > > > > > this is my pom. > > > > > >  > > > <dependency> > > > <groupId>org.keycloak</groupId> > > > <artifactId>keycloak-spring-security-adapter</artifactId> > > > <version>3.4.3.Final</version> > > > </dependency> > > > <dependency> > > > <groupId>org.keycloak</groupId> > > > <artifactId>keycloak-spring-boot-starter</artifactId> > > > <version>3.4.3.Final</version> > > > </dependency> > > > <dependency> > > > <groupId>org.keycloak</groupId> > > > <artifactId>keycloak-admin-client</artifactId> > > > <version>3.4.3.Final</version> > > > </dependency> > > > <dependency> > > > <groupId>javax.ws.rs</groupId> > > > <artifactId>javax.ws.rs-api</artifactId> > > > <version>2.1</version> > > > </dependency> > > >  > > > <dependency> > > > <groupId>org.jboss.resteasy</groupId> > > > <artifactId>resteasy-client</artifactId> > > > <version>3.1.3.Final</version> > > > </dependency> > > > <dependency> > > > <groupId>org.jboss.resteasy</groupId> > > > <artifactId>resteasy-jackson2-provider</artifactId> > > > <version>3.1.3.Final</version> > > > </dependency> > > > _______________________________________________ > > > keycloak-user mailing list > > > keycloak-user(a)lists.jboss.org > > > https://lists.jboss.org/mailman/listinfo/keycloak-user > > > > > > > > > ------------------------------ > > _______________________________________________ > keycloak-user mailing list > keycloak-user(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user > > End of keycloak-user Digest, Vol 58, Issue 37 > ********************************************* >

5 years, 11 months

2
1
0 / 0

first broker login for existing users only

by Jernej Porenta

Hey, Is there a way to achieve IdP account linking through “First broker login” flow for existing users only? I am trying to disable user registration through identity provider without success. The idea is: - pre-create users in keycloak - allow user login only for pre-created users - allow users to link the account to identity provider through login page (not account portal) If default First Login flow in IdP config is set to “First broker login”, users are still created. If I modify the “First broker login”, i can only get the ‘invalid_user_credentials’. Thank you in advance. br, Jernej

5 years, 12 months

2
1
0 / 0

Imported users disapear from a realm

by Thomas

I've setup Keycloak to import users from an Openldap server. As a test run, I went with the docker container that uses Postgres to see if I could get it running. It connects and authenticates correctly. Once I hit synchronize all users, it reports back Success x imported users, 0 changed users. After going into Manage=>Users and clicking on View all Users, it doesn't show any users. Upon import, I can see the users in the keycloak database in the user_entity table. Once I go to the Manage user page and click view users, the users disappear from the database. I turned the log level up to debug and I keep getting the below db messages which include deletions. I'm not sure if this is suspect. Is there some other area I should be looking at? 00:40:16,155 DEBUG [org.hibernate.loader.Loader] (default task-5) Result set contains (possibly empty) collection: [org.keycloak.models.jpa.entities.UserEntity.requiredActions#f39de748-ffae-4cef-acb4-16430b0242f8] 00:40:16,155 DEBUG [org.hibernate.engine.loading.internal.CollectionLoadContext] (default task-5) 1 collections were found in result set for role: org.keycloak.models.jpa.entities.UserEntity.requiredActions 00:40:16,155 DEBUG [org.hibernate.engine.loading.internal.CollectionLoadContext] (default task-5) Collection fully initialized: [org.keycloak.models.jpa.entities.UserEntity.requiredActions#f39de748-ffae-4cef-acb4-16430b0242f8] 00:40:16,155 DEBUG [org.hibernate.engine.loading.internal.CollectionLoadContext] (default task-5) 1 collections initialized for role: org.keycloak.models.jpa.entities.UserEntity.requiredActions 00:40:16,155 DEBUG [org.hibernate.resource.jdbc.internal.LogicalConnectionManagedImpl] (default task-5) Initiating JDBC connection release from samterStatement 00:40:16,155 DEBUG [org.hibernate.loader.Loader] (default task-5) Done loading collection 00:40:16,155 DEBUG [org.hibernate.event.internal.AbstractFlushingEventListener] (default task-5) Processing flush-time cascades 00:40:16,155 DEBUG [org.hibernate.event.internal.AbstractFlushingEventListener] (default task-5) Dirty checking collections 00:40:16,155 DEBUG [org.hibernate.engine.internal.Collections] (default task-5) Collection dereferenced: [org.keycloak.models.jpa.entities.UserEntity.attributes#f39de748-ffae-4cef-acb4-16430b0242f8] 00:40:16,155 DEBUG [org.hibernate.engine.internal.Collections] (default task-5) Collection dereferenced: [org.keycloak.models.jpa.entities.UserEntity.credentials#f39de748-ffae-4cef-acb4-16430b0242f8] 00:40:16,155 DEBUG [org.hibernate.engine.internal.Collections] (default task-5) Collection dereferenced: [org.keycloak.models.jpa.entities.UserEntity.requiredActions#f39de748-ffae-4cef-acb4-16430b0242f8] 00:40:16,155 DEBUG [org.hibernate.event.internal.AbstractFlushingEventListener] (default task-5) Flushed: 0 insertions, 0 updates, 6 deletions to 6 objects 00:40:16,155 DEBUG [org.hibernate.event.internal.AbstractFlushingEventListener] (default task-5) Flushed: 0 (re)creations, 0 updates, 3 removals to 3 collections 00:40:16,155 DEBUG [org.hibernate.internal.util.EntityPrinter] (default task-5) Listing entities: 00:40:16,155 DEBUG [org.hibernate.internal.util.EntityPrinter] (default task-5) org.keycloak.models.jpa.entities.UserAttributeEntity{name=createTimestamp, id=66998c7b-4415-441f-bc12-27c6c6316367, user=org.keycloak.models.jpa.entities.UserEntity#f39de748-ffae-4cef-acb4-16430b0242f8, value=20181219164526Z} 00:40:16,155 DEBUG [org.hibernate.internal.util.EntityPrinter] (default task-5) org.keycloak.models.jpa.entities.UserAttributeEntity{name=LDAP_ID, id=e2f78054-39b6-46f4-ba54-0681e12470b8, user=org.keycloak.models.jpa.entities.UserEntity#f39de748-ffae-4cef-acb4-16430b0242f8, value=Jim.doe(a)smon.gumu} 00:40:16,155 DEBUG [org.hibernate.internal.util.EntityPrinter] (default task-5) org.keycloak.models.jpa.entities.UserAttributeEntity{name=LDAP_ENTRY_DN, id=de2ff539-7065-4617-a0b6-25cc7fddc253, user=org.keycloak.models.jpa.entities.UserEntity#f39de748-ffae-4cef-acb4-16430b0242f8, value=mail=Jim.doe(a)smon.gumu,ou=SMON Users,dc=smon,dc=gumu} 00:40:16,155 DEBUG [org.hibernate.internal.util.EntityPrinter] (default task-5) org.keycloak.models.jpa.entities.UserEntity{lastName=Jim doe, realmId=smon, credentials=[], createdTimestamp=1545956741828, serviceAccountClientLink=null, enabled=true, notBefore=0, emailConstraint=Jim.doe(a)smon.gumu, emailVerified=false, firstName=Jim doe, requiredActions=[], federationLink=889b8dbf-e7f2-4a70-87bf-8084eb025811, attributes=[org.keycloak.models.jpa.entities.UserAttributeEntity#66998c7b-4415-441f-bc12-27c6c6316367, org.keycloak.models.jpa.entities.UserAttributeEntity#b9291898-4f07-4d50-b46d-abf18ab5c906, org.keycloak.models.jpa.entities.UserAttributeEntity#db6e9e7b-58sam-403d-b434-187f0b996ff2, org.keycloak.models.jpa.entities.UserAttributeEntity#e2f78054-39b6-46f4-ba54-0681e12470b8, org.keycloak.models.jpa.entities.UserAttributeEntity#de2ff539-7065-4617-a0b6-25cc7fddc253], id=f39de748-ffae-4cef-acb4-16430b0242f8, email=Jim.doe(a)smon.gumu, username=Jim doe} 00:40:16,155 DEBUG [org.hibernate.internal.util.EntityPrinter] (default task-5) org.keycloak.models.jpa.entities.UserAttributeEntity{name=destination, id=b9291898-4f07-4d50-b46d-abf18ab5c906, user=org.keycloak.models.jpa.entities.UserEntity#f39de748-ffae-4cef-acb4-16430b0242f8, value=Jim.doe} 00:40:16,155 DEBUG [org.hibernate.internal.util.EntityPrinter] (default task-5) org.keycloak.models.jpa.entities.UserAttributeEntity{name=modifyTimestamp, id=db6e9e7b-58sam-403d-b434-187f0b996ff2, user=org.keycloak.models.jpa.entities.UserEntity#f39de748-ffae-4cef-acb4-16430b0242f8, value=20181219164526Z} 00:40:16,155 DEBUG [org.hibernate.SQL] (default task-5) delete from USER_ATTRIBUTE where ID=? 00:40:16,155 DEBUG [org.hibernate.engine.jdbc.internal.JdbcCoordinatorImpl] (default task-5) Skipping aggressive release due to manual disabling 00:40:16,155 DEBUG [org.hibernate.SQL] (default task-5) delete from USER_ATTRIBUTE where ID=? 00:40:16,156 DEBUG [org.hibernate.engine.jdbc.internal.JdbcCoordinatorImpl] (default task-5) Skipping aggressive release due to manual disabling 00:40:16,156 DEBUG [org.hibernate.SQL] (default task-5) delete from USER_ATTRIBUTE where ID=? 00:40:16,156 DEBUG [org.hibernate.engine.jdbc.internal.JdbcCoordinatorImpl] (default task-5) Skipping aggressive release due to manual disabling 00:40:16,156 DEBUG [org.hibernate.SQL] (default task-5) delete from USER_ATTRIBUTE where ID=? 00:40:16,156 DEBUG [org.hibernate.engine.jdbc.internal.JdbcCoordinatorImpl] (default task-5) Skipping aggressive release due to manual disabling 00:40:16,156 DEBUG [org.hibernate.SQL] (default task-5) delete from USER_ATTRIBUTE where ID=? 00:40:16,156 DEBUG [org.hibernate.engine.jdbc.internal.JdbcCoordinatorImpl] (default task-5) Skipping aggressive release due to manual disabling 00:40:16,156 DEBUG [org.hibernate.SQL] (default task-5) delete from USER_ENTITY where ID=? 00:40:16,157 DEBUG [org.hibernate.engine.jdbc.internal.JdbcCoordinatorImpl] (default task-5) Skipping aggressive release due to manual disabling 00:40:16,157 DEBUG [org.hibernate.resource.jdbc.internal.LogicalConnectionManagedImpl] (default task-5) Initiating JDBC connection release from samterStatement 00:40:16,158 WARN [org.keycloak.models.sessions.infinispan.changes.InfinispanChangelogBasedTransaction] (default task-5) Not present cache item for key LoginFailureKey [ realmId=smon. userId=f39de748-ffae-4cef-acb4-16430b0242f8 ] 00:40:16,158 DEBUG [org.hibernate.SQL] (default task-5) delete from OFFLINE_CLIENT_SESSION where USER_SESSION_ID in ( select persistent1_.USER_SESSION_ID from OFFLINE_USER_SESSION persistent1_ where persistent1_.USER_ID=? ) 00:40:16,173 DEBUG [org.hibernate.resource.jdbc.internal.LogicalConnectionManagedImpl] (default task-5) Initiating JDBC connection release from samterStatement 00:40:16,173 DEBUG [org.hibernate.SQL] (default task-5) delete from OFFLINE_USER_SESSION where USER_ID=? 00:40:16,173 DEBUG [org.hibernate.resource.jdbc.internal.LogicalConnectionManagedImpl] (default task-5) Initiating JDBC connection release from samterStatement 00:40:16,174 DEBUG [org.hibernate.query.criteria.internal.CriteriaQueryImpl] (default task-5) Rendered criteria query -> select generatedAlias0.id from PolicyEntity as generatedAlias0 inner join generatedAlias0.config as generatedAlias1 inner join generatedAlias0.config as generatedAlias2 where ( lower(generatedAlias0.type) like :param0 ) and ( key(generatedAlias1) in (:param1) ) and ( generatedAlias2 like :param2 ) and ( generatedAlias0.owner is null ) order by generatedAlias0.name asc 00:40:16,174 DEBUG [org.hibernate.SQL] (default task-5) select policyenti0_.ID as col_0_0_ from RESOURCE_SERVER_POLICY policyenti0_ inner join POLICY_CONFIG config1_ on policyenti0_.ID=config1_.POLICY_ID inner join POLICY_CONFIG config2_ on policyenti0_.ID=config2_.POLICY_ID where ( lower(policyenti0_.TYPE) like ? ) and ( config1_.NAME in ( ? ) ) and ( config2_.VALUE like ? ) and ( policyenti0_.OWNER is null ) order by policyenti0_.NAME asc 00:40:16,174 DEBUG [org.hibernate.resource.jdbc.internal.LogicalConnectionManagedImpl] (default task-5) Initiating JDBC connection release from samterStatement 00:40:16,174 DEBUG [org.keycloak.storage.UserStorageManager] (default task-5) Removed invalid user 'john doe' 00:40:16,174 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (default task-5) JtaTransactionWrapper commit 00:40:16,175 DEBUG [org.hibernate.resource.jdbc.internal.LogicalConnectionManagedImpl] (default task-5) Initiating JDBC connection release from samterTransaction 00:40:16,175 DEBUG [org.jboss.jca.core.connectionmanager.pool.strategy.OnePool] (default task-5) KeycloakDS: returnConnection(37fd7111, false) [0/20] 00:40:16,175 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (default task-5) JtaTransactionWrapper end 00:40:16,175 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (default task-5) JtaTransactionWrapper resuming suspended 00:40:16,175 DEBUG [org.hibernate.engine.jdbc.internal.JdbcCoordinatorImpl] (default task-5) HHH000420: Closing un-released batch 00:40:16,176 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (default task-5) JtaTransactionWrapper commit 00:40:16,176 DEBUG [org.hibernate.event.internal.AbstractFlushingEventListener] (default task-5) Processing flush-time cascades 00:40:16,176 DEBUG [org.hibernate.event.internal.AbstractFlushingEventListener] (default task-5) Dirty checking collections 00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default task-5) Collection found: [org.keycloak.models.jpa.entities.UserEntity.attributes#d8beb059-6ba9-4614-8da7-30f6f39762e4], was: [org.keycloak.models.jpa.entities.UserEntity.attributes#d8beb059-6ba9-4614-8da7-30f6f39762e4] (uninitialized) 00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default task-5) Collection found: [org.keycloak.models.jpa.entities.UserEntity.credentials#d8beb059-6ba9-4614-8da7-30f6f39762e4], was: [org.keycloak.models.jpa.entities.UserEntity.credentials#d8beb059-6ba9-4614-8da7-30f6f39762e4] (uninitialized) 00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default task-5) Collection found: [org.keycloak.models.jpa.entities.UserEntity.requiredActions#d8beb059-6ba9-4614-8da7-30f6f39762e4], was: [org.keycloak.models.jpa.entities.UserEntity.requiredActions#d8beb059-6ba9-4614-8da7-30f6f39762e4] (uninitialized) 00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default task-5) Collection found: [org.keycloak.models.jpa.entities.UserEntity.attributes#2f5f5f07-4582-4c3d-969b-b360b8409df4], was: [org.keycloak.models.jpa.entities.UserEntity.attributes#2f5f5f07-4582-4c3d-969b-b360b8409df4] (uninitialized) 00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default task-5) Collection found: [org.keycloak.models.jpa.entities.UserEntity.credentials#2f5f5f07-4582-4c3d-969b-b360b8409df4], was: [org.keycloak.models.jpa.entities.UserEntity.credentials#2f5f5f07-4582-4c3d-969b-b360b8409df4] (uninitialized) 00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default task-5) Collection found: [org.keycloak.models.jpa.entities.UserEntity.requiredActions#2f5f5f07-4582-4c3d-969b-b360b8409df4], was: [org.keycloak.models.jpa.entities.UserEntity.requiredActions#2f5f5f07-4582-4c3d-969b-b360b8409df4] (uninitialized) 00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default task-5) Collection found: [org.keycloak.models.jpa.entities.UserEntity.attributes#32ca6509-77bd-446c-9072-2bc2827b8ab9], was: [org.keycloak.models.jpa.entities.UserEntity.attributes#32ca6509-77bd-446c-9072-2bc2827b8ab9] (uninitialized) 00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default task-5) Collection found: [org.keycloak.models.jpa.entities.UserEntity.credentials#32ca6509-77bd-446c-9072-2bc2827b8ab9], was: [org.keycloak.models.jpa.entities.UserEntity.credentials#32ca6509-77bd-446c-9072-2bc2827b8ab9] (uninitialized) 00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default task-5) Collection found: [org.keycloak.models.jpa.entities.UserEntity.requiredActions#32ca6509-77bd-446c-9072-2bc2827b8ab9], was: [org.keycloak.models.jpa.entities.UserEntity.requiredActions#32ca6509-77bd-446c-9072-2bc2827b8ab9] (uninitialized) 00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default task-5) Collection found: [org.keycloak.models.jpa.entities.UserEntity.attributes#1663aa5f-05ac-46cb-9a04-b6f7125883aa], was: [org.keycloak.models.jpa.entities.UserEntity.attributes#1663aa5f-05ac-46cb-9a04-b6f7125883aa] (uninitialized) 00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default task-5) Collection found: [org.keycloak.models.jpa.entities.UserEntity.credentials#1663aa5f-05ac-46cb-9a04-b6f7125883aa], was: [org.keycloak.models.jpa.entities.UserEntity.credentials#1663aa5f-05ac-46cb-9a04-b6f7125883aa] (uninitialized) 00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default task-5) Collection found: [org.keycloak.models.jpa.entities.UserEntity.requiredActions#1663aa5f-05ac-46cb-9a04-b6f7125883aa], was: [org.keycloak.models.jpa.entities.UserEntity.requiredActions#1663aa5f-05ac-46cb-9a04-b6f7125883aa] (uninitialized) 00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default task-5) Collection found: [org.keycloak.models.jpa.entities.UserEntity.attributes#79ee8cb3-0242-42d2-94b9-dc88be59c9ee], was: [org.keycloak.models.jpa.entities.UserEntity.attributes#79ee8cb3-0242-42d2-94b9-dc88be59c9ee] (uninitialized) 00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default task-5) Collection found: [org.keycloak.models.jpa.entities.UserEntity.credentials#79ee8cb3-0242-42d2-94b9-dc88be59c9ee], was: [org.keycloak.models.jpa.entities.UserEntity.credentials#79ee8cb3-0242-42d2-94b9-dc88be59c9ee] (uninitialized) 00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default task-5) Collection found: [org.keycloak.models.jpa.entities.UserEntity.requiredActions#79ee8cb3-0242-42d2-94b9-dc88be59c9ee], was: [org.keycloak.models.jpa.entities.UserEntity.requiredActions#79ee8cb3-0242-42d2-94b9-dc88be59c9ee] (uninitialized) 00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default task-5) Collection found: [org.keycloak.models.jpa.entities.UserEntity.attributes#a3dedabc-0bb7-42ca-8f6d-d4e9fdb51a1b], was: [org.keycloak.models.jpa.entities.UserEntity.attributes#a3dedabc-0bb7-42ca-8f6d-d4e9fdb51a1b] (uninitialized) 00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default task-5) Collection found: [org.keycloak.models.jpa.entities.UserEntity.credentials#a3dedabc-0bb7-42ca-8f6d-d4e9fdb51a1b], was: [org.keycloak.models.jpa.entities.UserEntity.credentials#a3dedabc-0bb7-42ca-8f6d-d4e9fdb51a1b] (uninitialized) 00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default task-5) Collection found: [org.keycloak.models.jpa.entities.UserEntity.requiredActions#a3dedabc-0bb7-42ca-8f6d-d4e9fdb51a1b], was: [org.keycloak.models.jpa.entities.UserEntity.requiredActions#a3dedabc-0bb7-42ca-8f6d-d4e9fdb51a1b] (uninitialized) 00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default task-5) Collection found: [org.keycloak.models.jpa.entities.UserEntity.attributes#6d4d83c1-374b-496c-8f11-a0a658cbd03a], was: [org.keycloak.models.jpa.entities.UserEntity.attributes#6d4d83c1-374b-496c-8f11-a0a658cbd03a] (uninitialized) 00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default task-5) Collection found: [org.keycloak.models.jpa.entities.UserEntity.credentials#6d4d83c1-374b-496c-8f11-a0a658cbd03a], was: [org.keycloak.models.jpa.entities.UserEntity.credentials#6d4d83c1-374b-496c-8f11-a0a658cbd03a] (uninitialized) 00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default task-5) Collection found: [org.keycloak.models.jpa.entities.UserEntity.requiredActions#6d4d83c1-374b-496c-8f11-a0a658cbd03a], was: [org.keycloak.models.jpa.entities.UserEntity.requiredActions#6d4d83c1-374b-496c-8f11-a0a658cbd03a] (uninitialized) 00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default task-5) Collection found: [org.keycloak.models.jpa.entities.UserEntity.attributes#639abed4-9b33-428f-b35f-f2a021ae58b8], was: [org.keycloak.models.jpa.entities.UserEntity.attributes#639abed4-9b33-428f-b35f-f2a021ae58b8] (uninitialized) 00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default task-5) Collection found: [org.keycloak.models.jpa.entities.UserEntity.credentials#639abed4-9b33-428f-b35f-f2a021ae58b8], was: [org.keycloak.models.jpa.entities.UserEntity.credentials#639abed4-9b33-428f-b35f-f2a021ae58b8] (uninitialized) 00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default task-5) Collection found: [org.keycloak.models.jpa.entities.UserEntity.requiredActions#639abed4-9b33-428f-b35f-f2a021ae58b8], was: [org.keycloak.models.jpa.entities.UserEntity.requiredActions#639abed4-9b33-428f-b35f-f2a021ae58b8] (uninitialized) 00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default task-5) Collection found: [org.keycloak.models.jpa.entities.UserEntity.attributes#52b308d5-e81c-4f0e-8393-eca4ff366a1f], was: [org.keycloak.models.jpa.entities.UserEntity.attributes#52b308d5-e81c-4f0e-8393-eca4ff366a1f] (uninitialized) 00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default task-5) Collection found: [org.keycloak.models.jpa.entities.UserEntity.credentials#52b308d5-e81c-4f0e-8393-eca4ff366a1f], was: [org.keycloak.models.jpa.entities.UserEntity.credentials#52b308d5-e81c-4f0e-8393-eca4ff366a1f] (uninitialized) 00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default task-5) Collection found: [org.keycloak.models.jpa.entities.UserEntity.requiredActions#52b308d5-e81c-4f0e-8393-eca4ff366a1f], was: [org.keycloak.models.jpa.entities.UserEntity.requiredActions#52b308d5-e81c-4f0e-8393-eca4ff366a1f] (uninitialized) 00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default task-5) Collection found: [org.keycloak.models.jpa.entities.UserEntity.attributes#1132cb63-97ea-4de7-8107-5b2554bee89d], was: [org.keycloak.models.jpa.entities.UserEntity.attributes#1132cb63-97ea-4de7-8107-5b2554bee89d] (uninitialized) 00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default task-5) Collection found: [org.keycloak.models.jpa.entities.UserEntity.credentials#1132cb63-97ea-4de7-8107-5b2554bee89d], was: [org.keycloak.models.jpa.entities.UserEntity.credentials#1132cb63-97ea-4de7-8107-5b2554bee89d] (uninitialized) 00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default task-5) Collection found: [org.keycloak.models.jpa.entities.UserEntity.requiredActions#1132cb63-97ea-4de7-8107-5b2554bee89d], was: [org.keycloak.models.jpa.entities.UserEntity.requiredActions#1132cb63-97ea-4de7-8107-5b2554bee89d] (uninitialized) 00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default task-5) Collection found: [org.keycloak.models.jpa.entities.UserEntity.attributes#d9ff7c8d-c36b-4ac4-95f3-65924213fded], was: [org.keycloak.models.jpa.entities.UserEntity.attributes#d9ff7c8d-c36b-4ac4-95f3-65924213fded] (uninitialized) 00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default task-5) Collection found: [org.keycloak.models.jpa.entities.UserEntity.credentials#d9ff7c8d-c36b-4ac4-95f3-65924213fded], was: [org.keycloak.models.jpa.entities.UserEntity.credentials#d9ff7c8d-c36b-4ac4-95f3-65924213fded] (uninitialized) 00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default task-5) Collection found: [org.keycloak.models.jpa.entities.UserEntity.requiredActions#d9ff7c8d-c36b-4ac4-95f3-65924213fded], was: [org.keycloak.models.jpa.entities.UserEntity.requiredActions#d9ff7c8d-c36b-4ac4-95f3-65924213fded] (uninitialized) 00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default task-5) Collection found: [org.keycloak.models.jpa.entities.UserEntity.attributes#821b6c14-1da4-4377-8e18-fsam0633d25cc], was: [org.keycloak.models.jpa.entities.UserEntity.attributes#821b6c14-1da4-4377-8e18-fsam0633d25cc] (uninitialized) 00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default task-5) Collection found: [org.keycloak.models.jpa.entities.UserEntity.credentials#821b6c14-1da4-4377-8e18-fsam0633d25cc], was: [org.keycloak.models.jpa.entities.UserEntity.credentials#821b6c14-1da4-4377-8e18-fsam0633d25cc] (uninitialized) 00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default task-5) Collection found: [org.keycloak.models.jpa.entities.UserEntity.requiredActions#821b6c14-1da4-4377-8e18-fsam0633d25cc], was: [org.keycloak.models.jpa.entities.UserEntity.requiredActions#821b6c14-1da4-4377-8e18-fsam0633d25cc] (uninitialized) 00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default task-5) Collection found: [org.keycloak.models.jpa.entities.UserEntity.attributes#8dacc80d-41ee-42ae-bd2b-dce07a1c1b7d], was: [org.keycloak.models.jpa.entities.UserEntity.attributes#8dacc80d-41ee-42ae-bd2b-dce07a1c1b7d] (uninitialized) 00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default task-5) Collection found: [org.keycloak.models.jpa.entities.UserEntity.credentials#8dacc80d-41ee-42ae-bd2b-dce07a1c1b7d], was: [org.keycloak.models.jpa.entities.UserEntity.credentials#8dacc80d-41ee-42ae-bd2b-dce07a1c1b7d] (uninitialized) 00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default task-5) Collection found: [org.keycloak.models.jpa.entities.UserEntity.requiredActions#8dacc80d-41ee-42ae-bd2b-dce07a1c1b7d], was: [org.keycloak.models.jpa.entities.UserEntity.requiredActions#8dacc80d-41ee-42ae-bd2b-dce07a1c1b7d] (uninitialized) 00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default task-5) Collection found: [org.keycloak.models.jpa.entities.UserEntity.attributes#a727fdb1-731d-4cd4-949f-8dfe5cfb7f69], was: [org.keycloak.models.jpa.entities.UserEntity.attributes#a727fdb1-731d-4cd4-949f-8dfe5cfb7f69] (uninitialized) 00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default task-5) Collection found: [org.keycloak.models.jpa.entities.UserEntity.credentials#a727fdb1-731d-4cd4-949f-8dfe5cfb7f69], was: [org.keycloak.models.jpa.entities.UserEntity.credentials#a727fdb1-731d-4cd4-949f-8dfe5cfb7f69] (uninitialized) 00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default task-5) Collection found: [org.keycloak.models.jpa.entities.UserEntity.requiredActions#a727fdb1-731d-4cd4-949f-8dfe5cfb7f69], was: [org.keycloak.models.jpa.entities.UserEntity.requiredActions#a727fdb1-731d-4cd4-949f-8dfe5cfb7f69] (uninitialized) 00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default task-5) Collection found: [org.keycloak.models.jpa.entities.UserEntity.attributes#d5f88dba-9263-4508-8f78-982075c90ba8], was: [org.keycloak.models.jpa.entities.UserEntity.attributes#d5f88dba-9263-4508-8f78-982075c90ba8] (uninitialized) 00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default task-5) Collection found: [org.keycloak.models.jpa.entities.UserEntity.credentials#d5f88dba-9263-4508-8f78-982075c90ba8], was: [org.keycloak.models.jpa.entities.UserEntity.credentials#d5f88dba-9263-4508-8f78-982075c90ba8] (uninitialized) 00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default task-5) Collection found: [org.keycloak.models.jpa.entities.UserEntity.requiredActions#d5f88dba-9263-4508-8f78-982075c90ba8], was: [org.keycloak.models.jpa.entities.UserEntity.requiredActions#d5f88dba-9263-4508-8f78-982075c90ba8] (uninitialized) 00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default task-5) Collection found: [org.keycloak.models.jpa.entities.UserEntity.attributes#012dc197-3c0d-465e-83de-247966sam229a], was: [org.keycloak.models.jpa.entities.UserEntity.attributes#012dc197-3c0d-465e-83de-247966sam229a] (uninitialized) 00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default task-5) Collection found: [org.keycloak.models.jpa.entities.UserEntity.credentials#012dc197-3c0d-465e-83de-247966sam229a], was: [org.keycloak.models.jpa.entities.UserEntity.credentials#012dc197-3c0d-465e-83de-247966sam229a] (uninitialized) 00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default task-5) Collection found: [org.keycloak.models.jpa.entities.UserEntity.requiredActions#012dc197-3c0d-465e-83de-247966sam229a], was: [org.keycloak.models.jpa.entities.UserEntity.requiredActions#012dc197-3c0d-465e-83de-247966sam229a] (uninitialized) 00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default task-5) Collection found: [org.keycloak.models.jpa.entities.UserEntity.attributes#b14111f5-b1b0-483c-9318-f4d2ee802f8a], was: [org.keycloak.models.jpa.entities.UserEntity.attributes#b14111f5-b1b0-483c-9318-f4d2ee802f8a] (uninitialized) 00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default task-5) Collection found: [org.keycloak.models.jpa.entities.UserEntity.credentials#b14111f5-b1b0-483c-9318-f4d2ee802f8a], was: [org.keycloak.models.jpa.entities.UserEntity.credentials#b14111f5-b1b0-483c-9318-f4d2ee802f8a] (uninitialized) 00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default task-5) Collection found: [org.keycloak.models.jpa.entities.UserEntity.requiredActions#b14111f5-b1b0-483c-9318-f4d2ee802f8a], was: [org.keycloak.models.jpa.entities.UserEntity.requiredActions#b14111f5-b1b0-483c-9318-f4d2ee802f8a] (uninitialized) 00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default task-5) Collection found: [org.keycloak.models.jpa.entities.UserEntity.attributes#f39de748-ffae-4cef-acb4-16430b0242f8], was: [org.keycloak.models.jpa.entities.UserEntity.attributes#f39de748-ffae-4cef-acb4-16430b0242f8] (uninitialized) 00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default task-5) Collection found: [org.keycloak.models.jpa.entities.UserEntity.credentials#f39de748-ffae-4cef-acb4-16430b0242f8], was: [org.keycloak.models.jpa.entities.UserEntity.credentials#f39de748-ffae-4cef-acb4-16430b0242f8] (uninitialized) 00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default task-5) Collection found: [org.keycloak.models.jpa.entities.UserEntity.requiredActions#f39de748-ffae-4cef-acb4-16430b0242f8], was: [org.keycloak.models.jpa.entities.UserEntity.requiredActions#f39de748-ffae-4cef-acb4-16430b0242f8] (uninitialized) 00:40:16,176 DEBUG [org.hibernate.event.internal.AbstractFlushingEventListener] (default task-5) Flushed: 0 insertions, 0 updates, 0 deletions to 18 objects 00:40:16,176 DEBUG [org.hibernate.event.internal.AbstractFlushingEventListener] (default task-5) Flushed: 0 (re)creations, 0 updates, 0 removals to 54 collections 00:40:16,177 DEBUG [org.hibernate.internal.util.EntityPrinter] (default task-5) Listing entities: 00:40:16,177 DEBUG [org.hibernate.internal.util.EntityPrinter] (default task-5) org.keycloak.models.jpa.entities.UserEntity{lastName=SAM Gert, realmId=smon, credentials=<uninitialized>, createdTimestamp=1545956740581, serviceAccountClientLink=null, enabled=true, notBefore=0, emailConstraint=sam.gert(a)smon.gumu, emailVerified=false, firstName=SAM Gert, requiredActions=<uninitialized>, federationLink=889b8dbf-e7f2-4a70-87bf-8084eb025811, attributes=<uninitialized>, id=2f5f5f07-4582-4c3d-969b-b360b8409df4, email=sam.gert(a)smon.gumu, username=sam gert} 00:40:16,177 DEBUG [org.hibernate.internal.util.EntityPrinter] (default task-5) org.keycloak.models.jpa.entities.UserEntity{lastName=JEFF BLATT, realmId=smon, credentials=<uninitialized>, createdTimestamp=1545956741094, serviceAccountClientLink=null, enabled=true, notBefore=0, emailConstraint=jeff.blatt(a)smon.gumu, emailVerified=false, firstName=JEFF BLATT, requiredActions=<uninitialized>, federationLink=889b8dbf-e7f2-4a70-87bf-8084eb025811, attributes=<uninitialized>, id=6d4d83c1-374b-496c-8f11-a0a658cbd03a, email=jeff.blatt(a)smon.gumu, username=jeff blatt} 00:40:16,177 DEBUG [org.hibernate.internal.util.EntityPrinter] (default task-5) org.keycloak.models.jpa.entities.UserEntity{lastName=SAM Small, realmId=smon, credentials=<uninitialized>, createdTimestamp=1545956740708, serviceAccountClientLink=null, enabled=true, notBefore=0, emailConstraint=sam.small(a)smon.gumu, emailVerified=false, firstName=SAM Small, requiredActions=<uninitialized>, federationLink=889b8dbf-e7f2-4a70-87bf-8084eb025811, attributes=<uninitialized>, id=32ca6509-77bd-446c-9072-2bc2827b8ab9, email=sam.small(a)smon.gumu, username=sam small} 00:40:16,177 DEBUG [org.hibernate.internal.util.EntityPrinter] (default task-5) org.keycloak.models.jpa.entities.UserEntity{lastName=john Kerp, realmId=smon, credentials=<uninitialized>, createdTimestamp=1545956741357, serviceAccountClientLink=null, enabled=true, notBefore=0, emailConstraint=john.kerp(a)smon.gumu, emailVerified=false, firstName=john Kerp, requiredActions=<uninitialized>, federationLink=889b8dbf-e7f2-4a70-87bf-8084eb025811, attributes=<uninitialized>, id=1132cb63-97ea-4de7-8107-5b2554bee89d, email=john.kerp(a)smon.gumu, username=john kerp} 00:40:16,177 DEBUG [org.hibernate.internal.util.EntityPrinter] (default task-5) org.keycloak.models.jpa.entities.UserEntity{lastName=john Gert 3, realmId=smon, credentials=<uninitialized>, createdTimestamp=1545956741550, serviceAccountClientLink=null, enabled=true, notBefore=0, emailConstraint=john.gert-3(a)smon.gumu, emailVerified=false, firstName=john Gert 3, requiredActions=<uninitialized>, federationLink=889b8dbf-e7f2-4a70-87bf-8084eb025811, attributes=<uninitialized>, id=8dacc80d-41ee-42ae-bd2b-dce07a1c1b7d, email=john.gert-3(a)smon.gumu, username=john Gert 3} 00:40:16,177 DEBUG [org.hibernate.internal.util.EntityPrinter] (default task-5) org.keycloak.models.jpa.entities.UserEntity{lastName=john Gert, realmId=smon, credentials=<uninitialized>, createdTimestamp=1545956741718, serviceAccountClientLink=null, enabled=true, notBefore=0, emailConstraint=john.gert(a)smon.gumu, emailVerified=false, firstName=john Gert, requiredActions=<uninitialized>, federationLink=889b8dbf-e7f2-4a70-87bf-8084eb025811, attributes=<uninitialized>, id=d5f88dba-9263-4508-8f78-982075c90ba8, email=john.gert(a)smon.gumu, username=john gert} 00:40:16,177 DEBUG [org.hibernate.internal.util.EntityPrinter] (default task-5) org.keycloak.models.jpa.entities.UserEntity{lastName=john Small, realmId=smon, credentials=<uninitialized>, createdTimestamp=1545956741748, serviceAccountClientLink=null, enabled=true, notBefore=0, emailConstraint=john.small(a)smon.gumu, emailVerified=false, firstName=john Small, requiredActions=<uninitialized>, federationLink=889b8dbf-e7f2-4a70-87bf-8084eb025811, attributes=<uninitialized>, id=012dc197-3c0d-465e-83de-247966sam229a, email=john.small(a)smon.gumu, username=john small} 00:40:16,177 DEBUG [org.hibernate.internal.util.EntityPrinter] (default task-5) org.keycloak.models.jpa.entities.UserEntity{lastName=SAM Black, realmId=smon, credentials=<uninitialized>, createdTimestamp=1545956740785, serviceAccountClientLink=null, enabled=true, notBefore=0, emailConstraint=sam.black(a)smon.gumu, emailVerified=false, firstName=SAM Black, requiredActions=<uninitialized>, federationLink=889b8dbf-e7f2-4a70-87bf-8084eb025811, attributes=<uninitialized>, id=1663aa5f-05ac-46cb-9a04-b6f7125883aa, email=sam.black(a)smon.gumu, username=sam black} 00:40:16,177 DEBUG [org.hibernate.internal.util.EntityPrinter] (default task-5) org.keycloak.models.jpa.entities.UserEntity{lastName=john Gert 4, realmId=smon, credentials=<uninitialized>, createdTimestamp=1545956741622, serviceAccountClientLink=null, enabled=true, notBefore=0, emailConstraint=john.Gert-4(a)smon.gumu, emailVerified=false, firstName=john Gert 4, requiredActions=<uninitialized>, federationLink=889b8dbf-e7f2-4a70-87bf-8084eb025811, attributes=<uninitialized>, id=a727fdb1-731d-4cd4-949f-8dfe5cfb7f69, email=john.Gert-4(a)smon.gumu, username=john Gert 4} 00:40:16,177 DEBUG [org.hibernate.internal.util.EntityPrinter] (default task-5) org.keycloak.models.jpa.entities.UserEntity{lastName=SAM Blue, realmId=smon, credentials=<uninitialized>, createdTimestamp=1545956740297, serviceAccountClientLink=null, enabled=true, notBefore=0, emailConstraint=sam.blue(a)smon.gumu, emailVerified=false, firstName=SAM Blue, requiredActions=<uninitialized>, federationLink=889b8dbf-e7f2-4a70-87bf-8084eb025811, attributes=<uninitialized>, id=d8beb059-6ba9-4614-8da7-30f6f39762e4, email=sam.blue(a)smon.gumu, username=sam blue} 00:40:16,177 DEBUG [org.hibernate.internal.util.EntityPrinter] (default task-5) org.keycloak.models.jpa.entities.UserEntity{lastName=john Black, realmId=smon, credentials=<uninitialized>, createdTimestamp=1545956741777, serviceAccountClientLink=null, enabled=true, notBefore=0, emailConstraint=john.black(a)smon.gumu, emailVerified=false, firstName=john Black, requiredActions=<uninitialized>, federationLink=889b8dbf-e7f2-4a70-87bf-8084eb025811, attributes=<uninitialized>, id=b14111f5-b1b0-483c-9318-f4d2ee802f8a, email=john.black(a)smon.gumu, username=john black} 00:40:16,177 DEBUG [org.hibernate.internal.util.EntityPrinter] (default task-5) org.keycloak.models.jpa.entities.UserEntity{lastName=Amy Black, realmId=smon, credentials=<uninitialized>, createdTimestamp=1545956740919, serviceAccountClientLink=null, enabled=true, notBefore=0, emailConstraint=amy.black(a)smon.gumu, emailVerified=false, firstName=Amy Black, requiredActions=<uninitialized>, federationLink=889b8dbf-e7f2-4a70-87bf-8084eb025811, attributes=<uninitialized>, id=a3dedabc-0bb7-42ca-8f6d-d4e9fdb51a1b, email=amy.black(a)smon.gumu, username=amy black} 00:40:16,177 DEBUG [org.hibernate.internal.util.EntityPrinter] (default task-5) org.keycloak.models.jpa.entities.UserEntity{lastName=john Gert 1, realmId=smon, credentials=<uninitialized>, createdTimestamp=1545956741421, serviceAccountClientLink=null, enabled=true, notBefore=0, emailConstraint=john.Gert-1(a)smon.gumu, emailVerified=false, firstName=john Gert 1, requiredActions=<uninitialized>, federationLink=889b8dbf-e7f2-4a70-87bf-8084eb025811, attributes=<uninitialized>, id=d9ff7c8d-c36b-4ac4-95f3-65924213fded, email=john.Gert-1(a)smon.gumu, username=john Gert 1} 00:40:16,177 DEBUG [org.hibernate.internal.util.EntityPrinter] (default task-5) org.keycloak.models.jpa.entities.UserEntity{lastName=JEFF Hue, realmId=smon, credentials=<uninitialized>, createdTimestamp=1545956741292, serviceAccountClientLink=null, enabled=true, notBefore=0, emailConstraint=jeff.hue(a)smon.gumu, emailVerified=false, firstName=JEFF Hue, requiredActions=<uninitialized>, federationLink=889b8dbf-e7f2-4a70-87bf-8084eb025811, attributes=<uninitialized>, id=52b308d5-e81c-4f0e-8393-eca4ff366a1f, email=jeff.hue(a)smon.gumu, username=jeff hue} 00:40:16,177 DEBUG [org.hibernate.internal.util.EntityPrinter] (default task-5) org.keycloak.models.jpa.entities.UserEntity{lastName=Jeff Black, realmId=smon, credentials=<uninitialized>, createdTimestamp=1545956741221, serviceAccountClientLink=null, enabled=true, notBefore=0, emailConstraint=jeff.black(a)smon.gumu, emailVerified=false, firstName=Jeff Black, requiredActions=<uninitialized>, federationLink=889b8dbf-e7f2-4a70-87bf-8084eb025811, attributes=<uninitialized>, id=639abed4-9b33-428f-b35f-f2a021ae58b8, email=jeff.black(a)smon.gumu, username=jeff black} 00:40:16,177 DEBUG [org.hibernate.internal.util.EntityPrinter] (default task-5) org.keycloak.models.jpa.entities.UserEntity{lastName=john Gert 2, realmId=smon, credentials=<uninitialized>, createdTimestamp=1545956741528, serviceAccountClientLink=null, enabled=true, notBefore=0, emailConstraint=john.Gert-2(a)smon.gumu, emailVerified=false, firstName=john Gert 2, requiredActions=<uninitialized>, federationLink=889b8dbf-e7f2-4a70-87bf-8084eb025811, attributes=<uninitialized>, id=821b6c14-1da4-4377-8e18-fsam0633d25cc, email=john.Gert-2(a)smon.gumu, username=john Gert 2} 00:40:16,177 DEBUG [org.hibernate.internal.util.EntityPrinter] (default task-5) org.keycloak.models.jpa.entities.UserEntity{lastName=SAM Mick, realmId=smon, credentials=<uninitialized>, createdTimestamp=1545956740862, serviceAccountClientLink=null, enabled=true, notBefore=0, emailConstraint=sam.mick(a)smon.gumu, emailVerified=false, firstName=SAM Mick, requiredActions=<uninitialized>, federationLink=889b8dbf-e7f2-4a70-87bf-8084eb025811, attributes=<uninitialized>, id=79ee8cb3-0242-42d2-94b9-dc88be59c9ee, email=sam.mick(a)smon.gumu, username=sam mick} 00:40:16,177 DEBUG [org.hibernate.internal.util.EntityPrinter] (default task-5) org.keycloak.models.jpa.entities.UserEntity{lastName=john Mice, realmId=smon, credentials=<uninitialized>, createdTimestamp=1545956741828, serviceAccountClientLink=null, enabled=true, notBefore=0, emailConstraint=john.mice(a)smon.gumu, emailVerified=false, firstName=john Mice, requiredActions=<uninitialized>, federationLink=889b8dbf-e7f2-4a70-87bf-8084eb025811, attributes=<uninitialized>, id=f39de748-ffae-4cef-acb4-16430b0242f8, email=john.mice(a)smon.gumu, username=john mice} 00:40:16,177 DEBUG [org.hibernate.resource.jdbc.internal.LogicalConnectionManagedImpl] (default task-5) Initiating JDBC connection release from samterStatement 00:40:16,186 DEBUG [org.hibernate.resource.jdbc.internal.LogicalConnectionManagedImpl] (default task-5) Initiating JDBC connection release from samterTransaction 00:40:16,186 DEBUG [org.jboss.jca.core.connectionmanager.pool.strategy.OnePool] (default task-5) KeycloakDS: returnConnection(32eef326, false) [0/20] 00:40:16,186 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (default task-5) JtaTransactionWrapper end 00:40:16,210 DEBUG [org.jboss.resteasy.resteasy_jaxrs.i18n] (default task-5) MessageBodyWriter: org.jboss.resteasy.spi.ResteasyProviderFactory$SortedKey 00:40:16,210 DEBUG [org.jboss.resteasy.resteasy_jaxrs.i18n] (default task-5) MessageBodyWriter: org.jboss.resteasy.plugins.providers.jackson.ResteasyJackson2Provider 00:40:16,210 DEBUG [org.jboss.resteasy.resteasy_jaxrs.i18n] (default task-5) MessageBodyWriter: org.jboss.resteasy.plugins.providers.jackson.ResteasyJackson2Provider 00:40:16,210 DEBUG [org.jboss.resteasy.resteasy_jaxrs.i18n] (default task-5) Interceptor Context: org.jboss.resteasy.core.interception.ServerWriterInterceptorContext, Method : proceed 00:40:16,210 DEBUG [org.jboss.resteasy.resteasy_jaxrs.i18n] (default task-5) WriterInterceptor: org.jboss.resteasy.security.doseta.DigitalSigningInterceptor 00:40:16,210 DEBUG [org.jboss.resteasy.security.doseta.i18n] (default task-5) Interceptor : org.jboss.resteasy.security.doseta.DigitalSigningInterceptor, Method : aroundWriteTo 00:40:16,210 DEBUG [org.jboss.resteasy.resteasy_jaxrs.i18n] (default task-5) Interceptor Context: org.jboss.resteasy.core.interception.ServerWriterInterceptorContext, Method : proceed 00:40:16,210 DEBUG [org.jboss.resteasy.resteasy_jaxrs.i18n] (default task-5) MessageBodyWriter: org.jboss.resteasy.spi.ResteasyProviderFactory$SortedKey 00:40:16,210 DEBUG [org.jboss.resteasy.resteasy_jaxrs.i18n] (default task-5) MessageBodyWriter: org.jboss.resteasy.plugins.providers.jackson.ResteasyJackson2Provider 00:40:16,210 DEBUG [org.jboss.resteasy.resteasy_jaxrs.i18n] (default task-5) Provider : org.jboss.resteasy.plugins.providers.jackson.ResteasyJackson2Provider, Method : writeTo 00:40:18,110 DEBUG [org.jboss.jca.core.connectionmanager.pool.validator.ConnectionValidator] (ConnectionValidator) Notifying pools, interval: 30000 00:40:18,110 DEBUG [org.jboss.jca.core.connectionmanager.pool.strategy.OnePool] (ConnectionValidator) Checking for connection within frequency 00:40:18,111 DEBUG [org.jboss.jca.core.connectionmanager.pool.strategy.OnePool] (ConnectionValidator) Returning for connection within frequency 00:40:18,112 DEBUG [org.jboss.jca.core.connectionmanager.pool.strategy.OnePool] (ConnectionValidator) Checking for connection within frequency 00:40:18,252 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (Timer-2) new JtaTransactionWrapper 00:40:18,252 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (Timer-2) was existing? false 00:40:18,252 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (Timer-2) JtaTransactionWrapper commit 00:40:18,252 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (Timer-2) JtaTransactionWrapper end 00:40:18,252 DEBUG [org.keycloak.services.scheduled.ScheduledTaskRunner] (Timer-2) Executed scheduled task AbstractLastSessionRefreshStoreFactory$$Lambda$964/1929658402

5 years, 12 months

1
0
0 / 0

Where do I find the secret to verify a token

by Bruno Mairlot

Dear List Members, I am working on implementing a Single Sign On with keycloak and I have implemented the Standard Flow, I can exchange the Authorization Grant to receive the tokens, but I cannot find a way to verify them. Each time I try to check the token, classical tools like jwt.io or https://www.jsonwebtoken.io/ says the signature is incorrect. I would like to know, which secret does Keycloak use to sign (with HS256) the tokens ? And where can I find it ? I tried the client secret, but it seems wrong to me. Many thanks for your help, Cheers, Bruno Mairlot

5 years, 12 months

2
1
0 / 0

403 Forbidden error when trying to access realm admin console in 4.7.0

by Mandy Fung

Hello, We've recently upgraded from 4.5.0 to 4.7.0 and users can no longer access the dedicated realm admin console (/auth/admin/{realm}/console) with the same realm-management roles that they had in 4.5.0. We only want our admin users to manage users and groups and in 4.5.0 we were able to assign the following roles to our admin users such that only the "Manage > Groups" and "Manage > Users" tab show up in the realm admin console: 'manage-users', 'query-groups', 'query-users', and 'view-users'. However, with the new upgrade to 4.7.0 these admin users with the same realm-management roles assigned can no longer access the realm admin console and they see a 403 Forbidden error page. Has anyone run into this issue recently or if there are some new realm management roles added in 4.7.0 that we need to re-configure? Best regards, Mandy -- *Mandy Fung **|* Software Engineer 1 *| *Tasktop *email: *mandy.fung(a)tasktop.com

5 years, 12 months

2
4
0 / 0

Any examples of creating script authenticator using kcadm?

by Craig Setera

I'm trying to create a script-based authenticator (from bash) using kcadm and set it to REQUIRED. While I can create the execution, I can't seem to set up the script code or get it to change from DISABLED to REQUIRED. This is despite trying to replicate what I'm seeing in the browser developer tools via kcadm commands. Any examples would be most appreciated. Thanks, Craig ================================= *Craig Setera* *Chief Technology Officer*

5 years, 12 months

1
0
0 / 0

Re: [keycloak-user] Script authenticators via UI?

by Craig Setera

OK.... Now I feel really foolish. The option has been there all along... The browser was not showing it, nor was there an obvious scrollbar. However, the drop-down is scrollable and the option was hiding off the bottom of the viewport. Script has been there all along and I feel stupid now. Sorry about the false alarms. ================================= *Craig Setera* *Chief Technology Officer* On Wed, Dec 26, 2018 at 4:14 AM Geoffrey Cleaves <geoff(a)opticks.io> wrote: > Choose the option to Add Execution and you should see this: > > [image: Screenshot 2018-12-26 at 11.13.40.png] > > On Wed, 26 Dec 2018 at 03:38, Craig Setera <craig(a)baseventure.com> wrote: > >> This is probably a dumb question, but where would I expect to see this? >> I've tried copying various authentication flows and trying to add >> executions to them, but no luck. Maybe I'm misunderstanding where I should >> see the option? >> >> ================================= >> *Craig Setera* >> >> *Chief Technology Officer* >> >> >> >> >> On Tue, Dec 25, 2018 at 8:43 AM Geoffrey Cleaves <geoff(a)opticks.io> >> wrote: >> >>> It works for me with 4.8.1. This is what my docker run command looks >>> like: >>> >>> docker run -d -p ${KC_IP}:8080:8080 --name keycloak -e "JAVA_TOOL_OPTIONS=-Dkeycloak.profile.feature.admin_fine_grained_authz=enabled -Dkeycloak.profile.feature.token_exchange=enabled -Dkeycloak.profile.feature.scripts=enabled" -e DB_VENDOR=postgres -e DB_ADDR=${PG_IP} -e DB_PORT=5432 -e DB_DATABASE=keycloak -e DB_USER=${DB_KC_USER} -e DB_PASSWORD=${DB_KC_PASS} -e KEYCLOAK_LOGLEVEL=DEBUG -e ROOT_LOGLEVEL=DEBUG -e PROXY_ADDRESS_FORWARDING=true jboss/keycloak:${LATEST_KC} >>> >>> >>> On Mon, 24 Dec 2018 at 21:55, Craig Setera <craig(a)baseventure.com> >>> wrote: >>> >>>> I'm either doing something wrong or I'm just missing it. I'm running >>>> 4.8.1 >>>> (via Docker). I've set the system property and I'm seeing this in the >>>> log: >>>> >>>> keycloak_1 | 18:27:56,908 INFO >>>> [org.keycloak.common.Profile] >>>> (ServerService Thread Pool -- 61) Preview feature enabled: scripts >>>> >>>> However, I can't seem to find Script in any of the drop-downs for the >>>> Authentication configuration. Any other ideas where I should be >>>> looking? >>>> >>>> Craig >>>> >>>> ================================= >>>> *Craig Setera* >>>> >>>> *Chief Technology Officer* >>>> >>>> >>>> On Mon, Dec 24, 2018 at 1:33 PM Dmitry Telegin <dt(a)acutus.pro> wrote: >>>> >>>> > Hello Craig, >>>> > >>>> > Just tried this with Keycloak 4.8.1: >>>> > >>>> > bin/standalone.sh -Dkeycloak.profile.feature.scripts=enabled >>>> > >>>> > and I was able to see Script in the executions dropdown list again >>>> > (between OTP and OTP Form). >>>> > >>>> > Cheers, >>>> > Dmitry >>>> > >>>> > On Mon, 2018-12-24 at 12:38 -0600, Craig Setera wrote: >>>> > > I'm trying to (finally) wrap back around to handling our partner >>>> code. >>>> > > Based on conversation with Dmitry, I'm trying to add a new >>>> authenticator >>>> > to >>>> > > our current flow, but I'm not seeing the script executor option in >>>> the >>>> > UI. >>>> > > I have enabled the profile (and see that it is enabled in the >>>> logs). Is >>>> > > that something that I should expect to see via the UI or is this >>>> > something >>>> > > I'm only going to be able to manage via API? (I expect to >>>> eventually >>>> > > configure this via API, but was trying to test things out first). >>>> > > >>>> > > Thanks! >>>> > > Craig >>>> > > >>>> > > ================================= >>>> > > *Craig Setera* >>>> > > >>>> > > *Chief Technology Officer* >>>> > > _______________________________________________ >>>> > > keycloak-user mailing list >>>> > > keycloak-user(a)lists.jboss.org >>>> > > https://lists.jboss.org/mailman/listinfo/keycloak-user >>>> > >>>> _______________________________________________ >>>> keycloak-user mailing list >>>> keycloak-user(a)lists.jboss.org >>>> https://lists.jboss.org/mailman/listinfo/keycloak-user >>>> >>> >>> >>> -- >>> >>> Regards, >>> Geoffrey Cleaves >>> >>> >>> >>> >>> >>> > > -- > > Regards, > Geoffrey Cleaves > > > > > >

5 years, 12 months

1
0
0 / 0

Keycloak authentication page has no background when loaded using mobile devices

by Kunal Kumar

The Keycloak themed background image is missing when I try to enter the authentication page using any kind of mobile devices. Why is this? Regards, Kunal

5 years, 12 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

keycloak-user December 2018