refresh token expiration time
by Pavel Maslov
Hi,
Am I right in presuming that the refresh token expiration time is
controlled by the SSO Session Idle property in the web UI?
Thanks.
Regards,
Pavel Maslov, MS
7 years
- 1
- 0
Adding new security-realm using CLI
by Kunal Kumar
I intend to use SSL for my Keycloak Server. So I am following the
documentation from Keycloak for it. At one point they mentioned have to add
a new security-realm using the CLI.
But I have no idea how to use the CLI to input this
/core-service=management/security-realm=UndertowRealm:add()
It keeps saying it is not a recognized command. Any ideas?
Regards,
Kunal
7 years
- 1
- 0
Re : Setting authentication execution requirement via kcadm.sh?
by triton oidc
Hi Craig,
i'm not an expert, but here is what i did to set my execution value to
REQUIRED :
create a json with
{"id":[ID_OF_YOUR_EXECUTION],"requirement":"REQUIRED"}
put it in a file my_file.json
you can have the id of you execution using this command
./kcadm.sh get authentication/flows/[your_flow]/executions --format csv -r
$keycloak_new_realm --fields id | tr -d '\n'
and you can import the file using this command :
./kcadm.sh update authentication/flows/[your_flow]/executions -r
$keycloak_new_realm -f my_file.json
There is probably a better way but i didn't found it
hope it helps
Amaury
On Mon, Oct 15, 2018 at 1:07 PM <keycloak-user-request(a)lists.jboss.org>
wrote:
> Send keycloak-user mailing list submissions to
> keycloak-user(a)lists.jboss.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://lists.jboss.org/mailman/listinfo/keycloak-user
> or, via email, send a message with subject or body 'help' to
> keycloak-user-request(a)lists.jboss.org
>
> You can reach the person managing the list at
> keycloak-user-owner(a)lists.jboss.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of keycloak-user digest..."
>
>
> Today's Topics:
>
> 1. Setting authentication execution requirement via kcadm.sh?
> (Craig Setera)
> 2. org.keycloak.broker.oidc.mappers.ClaimToRoleMapper does not
> update user roles (Philippe Gauthier)
> 3. Re: Unrecognized field "authenticationFlowBindingOverrides"
> (Fabio Ebner)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Mon, 15 Oct 2018 07:21:30 -0500
> From: Craig Setera <craig(a)baseventure.com>
> Subject: [keycloak-user] Setting authentication execution requirement
> via kcadm.sh?
> To: keycloak-user(a)lists.jboss.org
> Message-ID:
> <
> CAPVdwjq1oyjCom4_A0TBJ8m3KBCgit5nOqMCGqKP4t2RU6zb5Q(a)mail.gmail.com>
> Content-Type: text/plain; charset="UTF-8"
>
> I'm trying to figure out if it is possible to set the "requirement" level
> of an execution that is created for an authentication flow via the kcadm
> tool. I have a shell script that I'm using to set up the Keycloak
> configuration that looks like the following:
>
>
> *echo "Creating new authentication flow..."AUTO_LINK_FLOW_ID=`${KCADM}
> create authentication/flows --id -r ${REALM_NAME} -s
> alias="FirstBrokerLoginAutoLink" -s providerId="basic-flow" -s
> topLevel=true`*
>
>
>
> *echo "Adding unique authenticator..."${KCADM} create
> authentication/flows/FirstBrokerLoginAutoLink/executions/execution --id -r
> ${REALM_NAME} \ -s provider=idp-create-user-if-unique -s
> requirement=ALTERNATIVE -s priority=10*
>
>
>
>
> *echo "Adding auto link authenticator..."${KCADM} create
> authentication/flows/FirstBrokerLoginAutoLink/executions/execution -r
> ${REALM_NAME} \ -s provider=idp-auto-link -s requirement=ALTERNATIVE -s
> priority=20*
> With this script, I'm seeing the flow and executions created, but the
> requirement seems to be ignored. In this case, the executions are always
> set to DISABLED. I've tried to follow that up with an update call that
> looks like this:
>
>
>
>
>
>
> *echo "Adding unique authenticator..."EXECUTION_ID=`${KCADM} create
> authentication/flows/FirstBrokerLoginAutoLink/executions/execution --id -r
> ${REALM_NAME} \ -s provider=idp-create-user-if-unique -s
> requirement=ALTERNATIVE -s priority=10`${KCADM} update
> authentication/flows/FirstBrokerLoginAutoLink/executions -r ${REALM_NAME}
> \ -s id=${EXECUTION_ID} -s requirement=ALTERNATIVE*
>
> However, that is failing with the following error:
>
>
>
> *HTTP request error: Can not deserialize instance of
> com.fasterxml.jackson.databind.node.ObjectNode out of START_ARRAY tokenat
> [Source: [B@527ee8a7; line: 1, column: 1]*
> Can anyone offer any suggestions on how to get this authentication flow
> properly configured so that the executions are set to ALTERNATIVE?
>
> Thanks!
> Craig
>
> =================================
> *Craig Setera*
>
> *Chief Technology Officer*
>
>
> ------------------------------
>
> Message: 2
> Date: Mon, 15 Oct 2018 12:45:04 +0000
> From: Philippe Gauthier <philippe.gauthier(a)inspq.qc.ca>
> Subject: [keycloak-user]
> org.keycloak.broker.oidc.mappers.ClaimToRoleMapper does not update
> user roles
> To: "keycloak-user(a)lists.jboss.org" <keycloak-user(a)lists.jboss.org>
> Cc: ?tienne Sadio <etienne.sadio(a)inspq.qc.ca>
> Message-ID:
> <
> YTOPR0101MB141798E50DFEF73BB8C32857B1FD0(a)YTOPR0101MB1417.CANPRD01.PROD.OUTLOOK.COM
> >
>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Hi
>
>
> I saw a 2017 post from Simon Payne about ClaimToRoleMapper and I cannot
> find any answers for his question.
>
> http://lists.jboss.org/pipermail/keycloak-user/2017-October/012129.html
>
>
> This post was about ClaimToRoleMapper class of the OIDC broker component.
> This class search for a claim, check for its value and grant a role if the
> value is equals to the value specified in the configuration.
>
>
> If the user from the IdP is not known by Keycloak, it will be created by
> the First Broker Login Flow and the role will be granted.
>
>
> If the user is already known by Keycloak, he have the role specified by
> the mapper and he don't have the claim anymore, the role will be revocated.
>
>
> But. If the user is known by Keycloak, he don't have the role specified by
> the mapper and he have the claim, Keycloak does not grant him the role.
>
>
> It is clear why it does this in the code but it is not clear why this have
> been done that way:
>
>
> Here is the code.
>
> @Override
> public void importNewUser(KeycloakSession session, RealmModel realm,
> UserModel user, IdentityProviderMapperModel mapperModel,
> BrokeredIdentityContext context) {
> String roleName = mapperModel.getConfig().get(ConfigConstants.ROLE);
> if (hasClaimValue(mapperModel, context)) {
> RoleModel role = KeycloakModelUtils.getRoleFromString(realm,
> roleName);
> if (role == null) throw new IdentityBrokerException("Unable to
> find role: " + roleName);
> user.grantRole(role);
> }
> }
>
> @Override
> public void updateBrokeredUser(KeycloakSession session, RealmModel
> realm, UserModel user, IdentityProviderMapperModel mapperModel,
> BrokeredIdentityContext context) {
> String roleName = mapperModel.getConfig().get(ConfigConstants.ROLE);
> if (!hasClaimValue(mapperModel, context)) {
> RoleModel role = KeycloakModelUtils.getRoleFromString(realm,
> roleName);
> if (role == null) throw new IdentityBrokerException("Unable to
> find role: " + roleName);
> user.deleteRoleMapping(role);
> }
> /* Maybe we should add an else here that does what the importNewUser
> does.
> }
> Thankyou
>
> Philippe Gauthier.
>
>
>
> ------------------------------
>
> Message: 3
> Date: Mon, 15 Oct 2018 09:53:48 -0300
> From: Fabio Ebner <fabio.ebner(a)lumera.com.br>
> Subject: Re: [keycloak-user] Unrecognized field
> "authenticationFlowBindingOverrides"
> To: Marek Posolda <mposolda(a)redhat.com>
> Cc: keycloak-user(a)lists.jboss.org
> Message-ID:
> <
> CAFxMZba+qwDnfkrggWXn6U+iY_hZYpMJ0CzMYvrtYgMmL3rQ9g(a)mail.gmail.com>
> Content-Type: text/plain; charset="UTF-8"
>
> Marek tks I was using a old version in my pom. but after I put the correct
> 4.5.0.Final when I try to start my project throw an exception:
>
> Caused by: java.lang.NoClassDefFoundError:
> org/springframework/boot/web/server/WebServerFactoryCustomizer
>
> Look in the google say that class are only in springboot > 2 so I update my
> project to Springboot 2.0.5.Final, now my project start but when I try to
> access any url I got the error:
>
> in a loop:
>
>
>
> at
>
> org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45)
> ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final]
> at
>
> org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45)
> ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final]
> at
>
> org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45)
> ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final]
> at
>
> org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45)
> ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final]
>
> 2018-10-15 09:50:12.363 ERROR 20936 --- [nio-8081-exec-2]
> o.a.c.c.C.[Tomcat].[localhost] : Exception Processing
> /favicon.ico
>
> java.lang.StackOverflowError: null
> at
>
> org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45)
> ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final]
> at
>
> org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45)
> ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final]
> at or
>
> .....
> at
>
> org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45)
> ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final]
> at
>
> org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45)
> ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final]
> at
>
> org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45)
> ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final]
>
> 2018-10-15 09:50:12.387 ERROR 20936 --- [nio-8081-exec-2]
> o.a.c.c.C.[.[.[/].[dispatcherServlet] : Servlet.service() for servlet
> [dispatcherServlet] threw exception
>
> java.lang.StackOverflowError: null
> at
>
> org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45)
> ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final]
> at
>
> org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45)
> ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final]
> at
>
> org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45)
> ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final]
> at
>
> org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45)
> ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final]
> at
>
> org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45)
> ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final]
> at
>
> org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45)
> ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final]
> ......
>
> at
>
> org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45)
> ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final]
> at
>
> org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45)
> ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final]
> at
>
> org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45)
> ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final]
>
> 2018-10-15 09:50:12.399 ERROR 20936 --- [nio-8081-exec-2]
> o.a.c.c.C.[Tomcat].[localhost] : Exception Processing
> ErrorPage[errorCode=0, location=/error]
>
> javax.servlet.ServletException: Filter execution threw an exception
> at
>
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:200)
> ~[tomcat-embed-core-8.5.34.jar:8.5.34]
> at
>
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
> ~[tomcat-embed-core-8.5.34.jar:8.5.34]
> at
>
> org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:728)
> ~[tomcat-embed-core-8.5.34.jar:8.5.34]
> at
>
> org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:472)
> ~[tomcat-embed-core-8.5.34.jar:8.5.34]
> at
>
> org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:395)
> ~[tomcat-embed-core-8.5.34.jar:8.5.34]
> at
>
> org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:316)
> ~[tomcat-embed-core-8.5.34.jar:8.5.34]
> at
>
> org.apache.catalina.core.StandardHostValve.custom(StandardHostValve.java:395)
> [tomcat-embed-core-8.5.34.jar:8.5.34]
> at
>
> org.apache.catalina.core.StandardHostValve.status(StandardHostValve.java:254)
> [tomcat-embed-core-8.5.34.jar:8.5.34]
> at
>
> org.apache.catalina.core.StandardHostValve.throwable(StandardHostValve.java:349)
> [tomcat-embed-core-8.5.34.jar:8.5.34]
> at
>
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155)
> [tomcat-embed-core-8.5.34.jar:8.5.34]
> at
>
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
> [tomcat-embed-core-8.5.34.jar:8.5.34]
> at
>
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
> [tomcat-embed-core-8.5.34.jar:8.5.34]
> at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
> [tomcat-embed-core-8.5.34.jar:8.5.34]
> at
> org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:800)
> [tomcat-embed-core-8.5.34.jar:8.5.34]
> at
>
> org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
> [tomcat-embed-core-8.5.34.jar:8.5.34]
> at
>
> org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:806)
> [tomcat-embed-core-8.5.34.jar:8.5.34]
> at
> org.apache.tomcat.util.net
> .NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1498)
> [tomcat-embed-core-8.5.34.jar:8.5.34]
> at
> org.apache.tomcat.util.net
> .SocketProcessorBase.run(SocketProcessorBase.java:49)
> [tomcat-embed-core-8.5.34.jar:8.5.34]
> at
>
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
> [na:1.8.0_162]
> at
>
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
> [na:1.8.0_162]
> at
>
> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
> [tomcat-embed-core-8.5.34.jar:8.5.34]
> at java.lang.Thread.run(Thread.java:748) [na:1.8.0_162]
> Caused by: java.lang.StackOverflowError: null
> at
>
> org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45)
> ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final]
> at
>
> org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45)
> ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final]
> at
>
> org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45)
> ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final]
> at
>
> org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45)
> ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final]
> at
>
> org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45)
> ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final]
> at
>
> org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45)
> ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final]
> at
>
> org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45)
> ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final]
> at
>
> org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45)
> ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final]
> at
>
> org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45)
> ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final]
> at
>
> org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45)
> ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final]
> at
>
> org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45)
> ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final]
> at
>
> org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45)
> ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final]
> at
>
> org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45)
> ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final]
> at
>
> org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45)
> ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final]
> at
>
> org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45)
> ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final]
> at
>
> org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45)
> ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final]
> at
>
> org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45)
> ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final]
> at
>
> org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45)
> ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final]
> at
>
> org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45)
> ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final]
> at
>
> org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45)
> ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final]
> at
>
> org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45)
> ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final]
> at
>
> org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45)
> ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final]
> at
>
> org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45)
> ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final]
> at
>
> org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45)
> ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final]
> at
>
> org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45)
> ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final]
> at
>
> org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45)
> ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final]
> at
>
> org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45)
> ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final]
> at
>
> org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45)
> ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final]
> at
>
> org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45)
> ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final]
> at
>
> org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45)
> ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final]
> at
>
> org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45)
> ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final]
> ....
> at
>
> org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45)
> ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final]
> at
>
> org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45)
> ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final]
> at
>
> org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45)
> ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final]
>
> 2018-10-15 09:50:12.425 ERROR 20936 --- [nio-8081-exec-2]
> o.a.c.c.C.[.[.[/].[dispatcherServlet] : Servlet.service() for servlet
> [dispatcherServlet] threw exception
>
> java.lang.StackOverflowError: null
> at
>
> org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45)
> ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final]
> at
>
> org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45)
> ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final]
> at
>
> org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45)
> ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final]
> at org.keycloak.ada
> ....
> at
>
> org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45)
> ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final]
>
> 2018-10-15 09:50:12.437 ERROR 20936 --- [nio-8081-exec-2]
> o.a.c.c.C.[Tomcat].[localhost] : Exception Processing
> ErrorPage[errorCode=0, location=/error]
>
> javax.servlet.ServletException: Filter execution threw an exception
> at
>
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:200)
> ~[tomcat-embed-core-8.5.34.jar:8.5.34]
> at
>
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
> ~[tomcat-embed-core-8.5.34.jar:8.5.34]
> at
>
> org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:728)
> ~[tomcat-embed-core-8.5.34.jar:8.5.34]
> at
>
> org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:472)
> ~[tomcat-embed-core-8.5.34.jar:8.5.34]
> at
>
> org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:395)
> ~[tomcat-embed-core-8.5.34.jar:8.5.34]
> at
>
> org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:316)
> ~[tomcat-embed-core-8.5.34.jar:8.5.34]
> at
>
> org.apache.catalina.core.StandardHostValve.custom(StandardHostValve.java:395)
> [tomcat-embed-core-8.5.34.jar:8.5.34]
> at
>
> org.apache.catalina.core.StandardHostValve.status(StandardHostValve.java:254)
> [tomcat-embed-core-8.5.34.jar:8.5.34]
> at
>
> org.apache.catalina.core.StandardHostValve.throwable(StandardHostValve.java:349)
> [tomcat-embed-core-8.5.34.jar:8.5.34]
> at
>
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:175)
> [tomcat-embed-core-8.5.34.jar:8.5.34]
> at
>
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
> [tomcat-embed-core-8.5.34.jar:8.5.34]
> at
>
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
> [tomcat-embed-core-8.5.34.jar:8.5.34]
> at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
> [tomcat-embed-core-8.5.34.jar:8.5.34]
> at
> org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:800)
> [tomcat-embed-core-8.5.34.jar:8.5.34]
> at
>
> org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
> [tomcat-embed-core-8.5.34.jar:8.5.34]
> at
>
> org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:806)
> [tomcat-embed-core-8.5.34.jar:8.5.34]
> at
> org.apache.tomcat.util.net
> .NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1498)
> [tomcat-embed-core-8.5.34.jar:8.5.34]
> at
> org.apache.tomcat.util.net
> .SocketProcessorBase.run(SocketProcessorBase.java:49)
> [tomcat-embed-core-8.5.34.jar:8.5.34]
> at
>
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
> [na:1.8.0_162]
> at
>
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
> [na:1.8.0_162]
> at
>
> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
> [tomcat-embed-core-8.5.34.jar:8.5.34]
> at java.lang.Thread.run(Thread.java:748) [na:1.8.0_162]
> Caused by: java.lang.StackOverflowError: null
> at
>
> org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45)
> ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final]
> at
>
> org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45)
> ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final]
> at
>
> org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45)
> ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final]
> at
>
> org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver.resolve(KeycloakSpringBootConfigResolver.java:45)
> ~[keycloak-spring-boot-adapter-core-4.5.0.Final.jar:4.5.0.Final]
> at org.key
>
>
>
> Em seg, 15 de out de 2018 ?s 04:19, Marek Posolda <mposolda(a)redhat.com>
> escreveu:
>
> > I think the field "authenticationFlowBindingOverrides" was added in some
> > Keycloak 4.X version. I suggest to update Keycloak dependencies versions
> > in your pom from 3.4.3.Final to same version, which your Keycloak server
> > is.
> >
> > Marek
> >
> > On 13/10/18 04:18, Fabio Ebner wrote:
> > > When I try to get my client wit this code:
> > >
> > > ClientRepresentation app1Client =
> > > realmResource.clients().findByClientId("central-api").get(0);
> > >
> > >
> > > that error return:
> > >
> > > javax.ws.rs.client.ResponseProcessingException:
> > > javax.ws.rs.ProcessingException:
> > > com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException:
> > > Unrecognized field "authenticationFlowBindingOverrides" (class
> > > org.keycloak.representations.idm.ClientRepresentation), not marked as
> > > ignorable (38 known properties: "enabled", "clientAuthenticatorType",
> > > "redirectUris", "clientId", "authorizationServicesEnabled", "name",
> > > "implicitFlowEnabled", "registeredNodes", "nodeReRegistrationTimeout",
> > > "publicClient", "attributes", "protocol", "webOrigins",
> > "protocolMappers",
> > > "id", "baseUrl", "surrogateAuthRequired", "adminUrl",
> "fullScopeAllowed",
> > > "frontchannelLogout", "clientTemplate", "directGrantsOnly", "rootUrl",
> > > "secret", "useTemplateMappers", "notBefore", "useTemplateScope",
> > > "standardFlowEnabled", "description", "directAccessGrantsEnabled",
> > > "useTemplateConfig", "serviceAccountsEnabled", "consentRequired",
> > "access",
> > > "bearerOnly", "registrationAccessToken", "defaultRoles",
> > > "authorizationSettings"])
> > >
> > >
> > >
> > > this is my pom.
> > >
> > > <!--keycloak-->
> > > <dependency>
> > > <groupId>org.keycloak</groupId>
> > > <artifactId>keycloak-spring-security-adapter</artifactId>
> > > <version>3.4.3.Final</version>
> > > </dependency>
> > > <dependency>
> > > <groupId>org.keycloak</groupId>
> > > <artifactId>keycloak-spring-boot-starter</artifactId>
> > > <version>3.4.3.Final</version>
> > > </dependency>
> > > <dependency>
> > > <groupId>org.keycloak</groupId>
> > > <artifactId>keycloak-admin-client</artifactId>
> > > <version>3.4.3.Final</version>
> > > </dependency>
> > > <dependency>
> > > <groupId>javax.ws.rs</groupId>
> > > <artifactId>javax.ws.rs-api</artifactId>
> > > <version>2.1</version>
> > > </dependency>
> > > <!--resteasy-->
> > > <dependency>
> > > <groupId>org.jboss.resteasy</groupId>
> > > <artifactId>resteasy-client</artifactId>
> > > <version>3.1.3.Final</version>
> > > </dependency>
> > > <dependency>
> > > <groupId>org.jboss.resteasy</groupId>
> > > <artifactId>resteasy-jackson2-provider</artifactId>
> > > <version>3.1.3.Final</version>
> > > </dependency>
> > > _______________________________________________
> > > keycloak-user mailing list
> > > keycloak-user(a)lists.jboss.org
> > > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
> >
> >
>
>
> ------------------------------
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
> End of keycloak-user Digest, Vol 58, Issue 37
> *********************************************
>
7 years
- 2
- 1
first broker login for existing users only
by Jernej Porenta
Hey,
Is there a way to achieve IdP account linking through “First broker login” flow for existing users only?
I am trying to disable user registration through identity provider without success.
The idea is:
- pre-create users in keycloak
- allow user login only for pre-created users
- allow users to link the account to identity provider through login page (not account portal)
If default First Login flow in IdP config is set to “First broker login”, users are still created. If I modify the “First broker login”, i can only get the ‘invalid_user_credentials’.
Thank you in advance.
br, Jernej
7 years
- 2
- 1
Imported users disapear from a realm
by Thomas
I've setup Keycloak to import users from an Openldap server. As a test run,
I went with the docker container that uses Postgres to see if I could get
it running. It connects and authenticates correctly. Once I hit synchronize
all users, it reports back Success x imported users, 0 changed users. After
going into Manage=>Users and clicking on View all Users, it doesn't show
any users.
Upon import, I can see the users in the keycloak database in the
user_entity table. Once I go to the Manage user page and click view users,
the users disappear from the database.
I turned the log level up to debug and I keep getting the below db messages
which include deletions. I'm not sure if this is suspect. Is there some
other area I should be looking at?
00:40:16,155 DEBUG [org.hibernate.loader.Loader] (default task-5) Result
set contains (possibly empty) collection:
[org.keycloak.models.jpa.entities.UserEntity.requiredActions#f39de748-ffae-4cef-acb4-16430b0242f8]
00:40:16,155 DEBUG
[org.hibernate.engine.loading.internal.CollectionLoadContext] (default
task-5) 1 collections were found in result set for role:
org.keycloak.models.jpa.entities.UserEntity.requiredActions
00:40:16,155 DEBUG
[org.hibernate.engine.loading.internal.CollectionLoadContext] (default
task-5) Collection fully initialized:
[org.keycloak.models.jpa.entities.UserEntity.requiredActions#f39de748-ffae-4cef-acb4-16430b0242f8]
00:40:16,155 DEBUG
[org.hibernate.engine.loading.internal.CollectionLoadContext] (default
task-5) 1 collections initialized for role:
org.keycloak.models.jpa.entities.UserEntity.requiredActions
00:40:16,155 DEBUG
[org.hibernate.resource.jdbc.internal.LogicalConnectionManagedImpl]
(default task-5) Initiating JDBC connection release from samterStatement
00:40:16,155 DEBUG [org.hibernate.loader.Loader] (default task-5) Done
loading collection
00:40:16,155 DEBUG
[org.hibernate.event.internal.AbstractFlushingEventListener] (default
task-5) Processing flush-time cascades
00:40:16,155 DEBUG
[org.hibernate.event.internal.AbstractFlushingEventListener] (default
task-5) Dirty checking collections
00:40:16,155 DEBUG [org.hibernate.engine.internal.Collections] (default
task-5) Collection dereferenced:
[org.keycloak.models.jpa.entities.UserEntity.attributes#f39de748-ffae-4cef-acb4-16430b0242f8]
00:40:16,155 DEBUG [org.hibernate.engine.internal.Collections] (default
task-5) Collection dereferenced:
[org.keycloak.models.jpa.entities.UserEntity.credentials#f39de748-ffae-4cef-acb4-16430b0242f8]
00:40:16,155 DEBUG [org.hibernate.engine.internal.Collections] (default
task-5) Collection dereferenced:
[org.keycloak.models.jpa.entities.UserEntity.requiredActions#f39de748-ffae-4cef-acb4-16430b0242f8]
00:40:16,155 DEBUG
[org.hibernate.event.internal.AbstractFlushingEventListener] (default
task-5) Flushed: 0 insertions, 0 updates, 6 deletions to 6 objects
00:40:16,155 DEBUG
[org.hibernate.event.internal.AbstractFlushingEventListener] (default
task-5) Flushed: 0 (re)creations, 0 updates, 3 removals to 3 collections
00:40:16,155 DEBUG [org.hibernate.internal.util.EntityPrinter] (default
task-5) Listing entities:
00:40:16,155 DEBUG [org.hibernate.internal.util.EntityPrinter] (default
task-5)
org.keycloak.models.jpa.entities.UserAttributeEntity{name=createTimestamp,
id=66998c7b-4415-441f-bc12-27c6c6316367,
user=org.keycloak.models.jpa.entities.UserEntity#f39de748-ffae-4cef-acb4-16430b0242f8,
value=20181219164526Z}
00:40:16,155 DEBUG [org.hibernate.internal.util.EntityPrinter] (default
task-5) org.keycloak.models.jpa.entities.UserAttributeEntity{name=LDAP_ID,
id=e2f78054-39b6-46f4-ba54-0681e12470b8,
user=org.keycloak.models.jpa.entities.UserEntity#f39de748-ffae-4cef-acb4-16430b0242f8,
value=Jim.doe(a)smon.gumu}
00:40:16,155 DEBUG [org.hibernate.internal.util.EntityPrinter] (default
task-5)
org.keycloak.models.jpa.entities.UserAttributeEntity{name=LDAP_ENTRY_DN,
id=de2ff539-7065-4617-a0b6-25cc7fddc253,
user=org.keycloak.models.jpa.entities.UserEntity#f39de748-ffae-4cef-acb4-16430b0242f8,
value=mail=Jim.doe(a)smon.gumu,ou=SMON Users,dc=smon,dc=gumu}
00:40:16,155 DEBUG [org.hibernate.internal.util.EntityPrinter] (default
task-5) org.keycloak.models.jpa.entities.UserEntity{lastName=Jim doe,
realmId=smon, credentials=[], createdTimestamp=1545956741828,
serviceAccountClientLink=null, enabled=true, notBefore=0,
emailConstraint=Jim.doe(a)smon.gumu, emailVerified=false, firstName=Jim doe,
requiredActions=[], federationLink=889b8dbf-e7f2-4a70-87bf-8084eb025811,
attributes=[org.keycloak.models.jpa.entities.UserAttributeEntity#66998c7b-4415-441f-bc12-27c6c6316367,
org.keycloak.models.jpa.entities.UserAttributeEntity#b9291898-4f07-4d50-b46d-abf18ab5c906,
org.keycloak.models.jpa.entities.UserAttributeEntity#db6e9e7b-58sam-403d-b434-187f0b996ff2,
org.keycloak.models.jpa.entities.UserAttributeEntity#e2f78054-39b6-46f4-ba54-0681e12470b8,
org.keycloak.models.jpa.entities.UserAttributeEntity#de2ff539-7065-4617-a0b6-25cc7fddc253],
id=f39de748-ffae-4cef-acb4-16430b0242f8, email=Jim.doe(a)smon.gumu,
username=Jim doe}
00:40:16,155 DEBUG [org.hibernate.internal.util.EntityPrinter] (default
task-5)
org.keycloak.models.jpa.entities.UserAttributeEntity{name=destination,
id=b9291898-4f07-4d50-b46d-abf18ab5c906,
user=org.keycloak.models.jpa.entities.UserEntity#f39de748-ffae-4cef-acb4-16430b0242f8,
value=Jim.doe}
00:40:16,155 DEBUG [org.hibernate.internal.util.EntityPrinter] (default
task-5)
org.keycloak.models.jpa.entities.UserAttributeEntity{name=modifyTimestamp,
id=db6e9e7b-58sam-403d-b434-187f0b996ff2,
user=org.keycloak.models.jpa.entities.UserEntity#f39de748-ffae-4cef-acb4-16430b0242f8,
value=20181219164526Z}
00:40:16,155 DEBUG [org.hibernate.SQL] (default task-5)
delete
from
USER_ATTRIBUTE
where
ID=?
00:40:16,155 DEBUG [org.hibernate.engine.jdbc.internal.JdbcCoordinatorImpl]
(default task-5) Skipping aggressive release due to manual disabling
00:40:16,155 DEBUG [org.hibernate.SQL] (default task-5)
delete
from
USER_ATTRIBUTE
where
ID=?
00:40:16,156 DEBUG [org.hibernate.engine.jdbc.internal.JdbcCoordinatorImpl]
(default task-5) Skipping aggressive release due to manual disabling
00:40:16,156 DEBUG [org.hibernate.SQL] (default task-5)
delete
from
USER_ATTRIBUTE
where
ID=?
00:40:16,156 DEBUG [org.hibernate.engine.jdbc.internal.JdbcCoordinatorImpl]
(default task-5) Skipping aggressive release due to manual disabling
00:40:16,156 DEBUG [org.hibernate.SQL] (default task-5)
delete
from
USER_ATTRIBUTE
where
ID=?
00:40:16,156 DEBUG [org.hibernate.engine.jdbc.internal.JdbcCoordinatorImpl]
(default task-5) Skipping aggressive release due to manual disabling
00:40:16,156 DEBUG [org.hibernate.SQL] (default task-5)
delete
from
USER_ATTRIBUTE
where
ID=?
00:40:16,156 DEBUG [org.hibernate.engine.jdbc.internal.JdbcCoordinatorImpl]
(default task-5) Skipping aggressive release due to manual disabling
00:40:16,156 DEBUG [org.hibernate.SQL] (default task-5)
delete
from
USER_ENTITY
where
ID=?
00:40:16,157 DEBUG [org.hibernate.engine.jdbc.internal.JdbcCoordinatorImpl]
(default task-5) Skipping aggressive release due to manual disabling
00:40:16,157 DEBUG
[org.hibernate.resource.jdbc.internal.LogicalConnectionManagedImpl]
(default task-5) Initiating JDBC connection release from samterStatement
00:40:16,158 WARN
[org.keycloak.models.sessions.infinispan.changes.InfinispanChangelogBasedTransaction]
(default task-5) Not present cache item for key LoginFailureKey [
realmId=smon. userId=f39de748-ffae-4cef-acb4-16430b0242f8 ]
00:40:16,158 DEBUG [org.hibernate.SQL] (default task-5)
delete
from
OFFLINE_CLIENT_SESSION
where
USER_SESSION_ID in (
select
persistent1_.USER_SESSION_ID
from
OFFLINE_USER_SESSION persistent1_
where
persistent1_.USER_ID=?
)
00:40:16,173 DEBUG
[org.hibernate.resource.jdbc.internal.LogicalConnectionManagedImpl]
(default task-5) Initiating JDBC connection release from samterStatement
00:40:16,173 DEBUG [org.hibernate.SQL] (default task-5)
delete
from
OFFLINE_USER_SESSION
where
USER_ID=?
00:40:16,173 DEBUG
[org.hibernate.resource.jdbc.internal.LogicalConnectionManagedImpl]
(default task-5) Initiating JDBC connection release from samterStatement
00:40:16,174 DEBUG
[org.hibernate.query.criteria.internal.CriteriaQueryImpl] (default task-5)
Rendered criteria query -> select generatedAlias0.id from PolicyEntity as
generatedAlias0 inner join generatedAlias0.config as generatedAlias1 inner
join generatedAlias0.config as generatedAlias2 where (
lower(generatedAlias0.type) like :param0 ) and ( key(generatedAlias1) in
(:param1) ) and ( generatedAlias2 like :param2 ) and (
generatedAlias0.owner is null ) order by generatedAlias0.name asc
00:40:16,174 DEBUG [org.hibernate.SQL] (default task-5)
select
policyenti0_.ID as col_0_0_
from
RESOURCE_SERVER_POLICY policyenti0_
inner join
POLICY_CONFIG config1_
on policyenti0_.ID=config1_.POLICY_ID
inner join
POLICY_CONFIG config2_
on policyenti0_.ID=config2_.POLICY_ID
where
(
lower(policyenti0_.TYPE) like ?
)
and (
config1_.NAME in (
?
)
)
and (
config2_.VALUE like ?
)
and (
policyenti0_.OWNER is null
)
order by
policyenti0_.NAME asc
00:40:16,174 DEBUG
[org.hibernate.resource.jdbc.internal.LogicalConnectionManagedImpl]
(default task-5) Initiating JDBC connection release from samterStatement
00:40:16,174 DEBUG [org.keycloak.storage.UserStorageManager] (default
task-5) Removed invalid user 'john doe'
00:40:16,174 DEBUG [org.keycloak.transaction.JtaTransactionWrapper]
(default task-5) JtaTransactionWrapper commit
00:40:16,175 DEBUG
[org.hibernate.resource.jdbc.internal.LogicalConnectionManagedImpl]
(default task-5) Initiating JDBC connection release from samterTransaction
00:40:16,175 DEBUG
[org.jboss.jca.core.connectionmanager.pool.strategy.OnePool] (default
task-5) KeycloakDS: returnConnection(37fd7111, false) [0/20]
00:40:16,175 DEBUG [org.keycloak.transaction.JtaTransactionWrapper]
(default task-5) JtaTransactionWrapper end
00:40:16,175 DEBUG [org.keycloak.transaction.JtaTransactionWrapper]
(default task-5) JtaTransactionWrapper resuming suspended
00:40:16,175 DEBUG [org.hibernate.engine.jdbc.internal.JdbcCoordinatorImpl]
(default task-5) HHH000420: Closing un-released batch
00:40:16,176 DEBUG [org.keycloak.transaction.JtaTransactionWrapper]
(default task-5) JtaTransactionWrapper commit
00:40:16,176 DEBUG
[org.hibernate.event.internal.AbstractFlushingEventListener] (default
task-5) Processing flush-time cascades
00:40:16,176 DEBUG
[org.hibernate.event.internal.AbstractFlushingEventListener] (default
task-5) Dirty checking collections
00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default
task-5) Collection found:
[org.keycloak.models.jpa.entities.UserEntity.attributes#d8beb059-6ba9-4614-8da7-30f6f39762e4],
was:
[org.keycloak.models.jpa.entities.UserEntity.attributes#d8beb059-6ba9-4614-8da7-30f6f39762e4]
(uninitialized)
00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default
task-5) Collection found:
[org.keycloak.models.jpa.entities.UserEntity.credentials#d8beb059-6ba9-4614-8da7-30f6f39762e4],
was:
[org.keycloak.models.jpa.entities.UserEntity.credentials#d8beb059-6ba9-4614-8da7-30f6f39762e4]
(uninitialized)
00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default
task-5) Collection found:
[org.keycloak.models.jpa.entities.UserEntity.requiredActions#d8beb059-6ba9-4614-8da7-30f6f39762e4],
was:
[org.keycloak.models.jpa.entities.UserEntity.requiredActions#d8beb059-6ba9-4614-8da7-30f6f39762e4]
(uninitialized)
00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default
task-5) Collection found:
[org.keycloak.models.jpa.entities.UserEntity.attributes#2f5f5f07-4582-4c3d-969b-b360b8409df4],
was:
[org.keycloak.models.jpa.entities.UserEntity.attributes#2f5f5f07-4582-4c3d-969b-b360b8409df4]
(uninitialized)
00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default
task-5) Collection found:
[org.keycloak.models.jpa.entities.UserEntity.credentials#2f5f5f07-4582-4c3d-969b-b360b8409df4],
was:
[org.keycloak.models.jpa.entities.UserEntity.credentials#2f5f5f07-4582-4c3d-969b-b360b8409df4]
(uninitialized)
00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default
task-5) Collection found:
[org.keycloak.models.jpa.entities.UserEntity.requiredActions#2f5f5f07-4582-4c3d-969b-b360b8409df4],
was:
[org.keycloak.models.jpa.entities.UserEntity.requiredActions#2f5f5f07-4582-4c3d-969b-b360b8409df4]
(uninitialized)
00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default
task-5) Collection found:
[org.keycloak.models.jpa.entities.UserEntity.attributes#32ca6509-77bd-446c-9072-2bc2827b8ab9],
was:
[org.keycloak.models.jpa.entities.UserEntity.attributes#32ca6509-77bd-446c-9072-2bc2827b8ab9]
(uninitialized)
00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default
task-5) Collection found:
[org.keycloak.models.jpa.entities.UserEntity.credentials#32ca6509-77bd-446c-9072-2bc2827b8ab9],
was:
[org.keycloak.models.jpa.entities.UserEntity.credentials#32ca6509-77bd-446c-9072-2bc2827b8ab9]
(uninitialized)
00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default
task-5) Collection found:
[org.keycloak.models.jpa.entities.UserEntity.requiredActions#32ca6509-77bd-446c-9072-2bc2827b8ab9],
was:
[org.keycloak.models.jpa.entities.UserEntity.requiredActions#32ca6509-77bd-446c-9072-2bc2827b8ab9]
(uninitialized)
00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default
task-5) Collection found:
[org.keycloak.models.jpa.entities.UserEntity.attributes#1663aa5f-05ac-46cb-9a04-b6f7125883aa],
was:
[org.keycloak.models.jpa.entities.UserEntity.attributes#1663aa5f-05ac-46cb-9a04-b6f7125883aa]
(uninitialized)
00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default
task-5) Collection found:
[org.keycloak.models.jpa.entities.UserEntity.credentials#1663aa5f-05ac-46cb-9a04-b6f7125883aa],
was:
[org.keycloak.models.jpa.entities.UserEntity.credentials#1663aa5f-05ac-46cb-9a04-b6f7125883aa]
(uninitialized)
00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default
task-5) Collection found:
[org.keycloak.models.jpa.entities.UserEntity.requiredActions#1663aa5f-05ac-46cb-9a04-b6f7125883aa],
was:
[org.keycloak.models.jpa.entities.UserEntity.requiredActions#1663aa5f-05ac-46cb-9a04-b6f7125883aa]
(uninitialized)
00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default
task-5) Collection found:
[org.keycloak.models.jpa.entities.UserEntity.attributes#79ee8cb3-0242-42d2-94b9-dc88be59c9ee],
was:
[org.keycloak.models.jpa.entities.UserEntity.attributes#79ee8cb3-0242-42d2-94b9-dc88be59c9ee]
(uninitialized)
00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default
task-5) Collection found:
[org.keycloak.models.jpa.entities.UserEntity.credentials#79ee8cb3-0242-42d2-94b9-dc88be59c9ee],
was:
[org.keycloak.models.jpa.entities.UserEntity.credentials#79ee8cb3-0242-42d2-94b9-dc88be59c9ee]
(uninitialized)
00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default
task-5) Collection found:
[org.keycloak.models.jpa.entities.UserEntity.requiredActions#79ee8cb3-0242-42d2-94b9-dc88be59c9ee],
was:
[org.keycloak.models.jpa.entities.UserEntity.requiredActions#79ee8cb3-0242-42d2-94b9-dc88be59c9ee]
(uninitialized)
00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default
task-5) Collection found:
[org.keycloak.models.jpa.entities.UserEntity.attributes#a3dedabc-0bb7-42ca-8f6d-d4e9fdb51a1b],
was:
[org.keycloak.models.jpa.entities.UserEntity.attributes#a3dedabc-0bb7-42ca-8f6d-d4e9fdb51a1b]
(uninitialized)
00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default
task-5) Collection found:
[org.keycloak.models.jpa.entities.UserEntity.credentials#a3dedabc-0bb7-42ca-8f6d-d4e9fdb51a1b],
was:
[org.keycloak.models.jpa.entities.UserEntity.credentials#a3dedabc-0bb7-42ca-8f6d-d4e9fdb51a1b]
(uninitialized)
00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default
task-5) Collection found:
[org.keycloak.models.jpa.entities.UserEntity.requiredActions#a3dedabc-0bb7-42ca-8f6d-d4e9fdb51a1b],
was:
[org.keycloak.models.jpa.entities.UserEntity.requiredActions#a3dedabc-0bb7-42ca-8f6d-d4e9fdb51a1b]
(uninitialized)
00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default
task-5) Collection found:
[org.keycloak.models.jpa.entities.UserEntity.attributes#6d4d83c1-374b-496c-8f11-a0a658cbd03a],
was:
[org.keycloak.models.jpa.entities.UserEntity.attributes#6d4d83c1-374b-496c-8f11-a0a658cbd03a]
(uninitialized)
00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default
task-5) Collection found:
[org.keycloak.models.jpa.entities.UserEntity.credentials#6d4d83c1-374b-496c-8f11-a0a658cbd03a],
was:
[org.keycloak.models.jpa.entities.UserEntity.credentials#6d4d83c1-374b-496c-8f11-a0a658cbd03a]
(uninitialized)
00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default
task-5) Collection found:
[org.keycloak.models.jpa.entities.UserEntity.requiredActions#6d4d83c1-374b-496c-8f11-a0a658cbd03a],
was:
[org.keycloak.models.jpa.entities.UserEntity.requiredActions#6d4d83c1-374b-496c-8f11-a0a658cbd03a]
(uninitialized)
00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default
task-5) Collection found:
[org.keycloak.models.jpa.entities.UserEntity.attributes#639abed4-9b33-428f-b35f-f2a021ae58b8],
was:
[org.keycloak.models.jpa.entities.UserEntity.attributes#639abed4-9b33-428f-b35f-f2a021ae58b8]
(uninitialized)
00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default
task-5) Collection found:
[org.keycloak.models.jpa.entities.UserEntity.credentials#639abed4-9b33-428f-b35f-f2a021ae58b8],
was:
[org.keycloak.models.jpa.entities.UserEntity.credentials#639abed4-9b33-428f-b35f-f2a021ae58b8]
(uninitialized)
00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default
task-5) Collection found:
[org.keycloak.models.jpa.entities.UserEntity.requiredActions#639abed4-9b33-428f-b35f-f2a021ae58b8],
was:
[org.keycloak.models.jpa.entities.UserEntity.requiredActions#639abed4-9b33-428f-b35f-f2a021ae58b8]
(uninitialized)
00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default
task-5) Collection found:
[org.keycloak.models.jpa.entities.UserEntity.attributes#52b308d5-e81c-4f0e-8393-eca4ff366a1f],
was:
[org.keycloak.models.jpa.entities.UserEntity.attributes#52b308d5-e81c-4f0e-8393-eca4ff366a1f]
(uninitialized)
00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default
task-5) Collection found:
[org.keycloak.models.jpa.entities.UserEntity.credentials#52b308d5-e81c-4f0e-8393-eca4ff366a1f],
was:
[org.keycloak.models.jpa.entities.UserEntity.credentials#52b308d5-e81c-4f0e-8393-eca4ff366a1f]
(uninitialized)
00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default
task-5) Collection found:
[org.keycloak.models.jpa.entities.UserEntity.requiredActions#52b308d5-e81c-4f0e-8393-eca4ff366a1f],
was:
[org.keycloak.models.jpa.entities.UserEntity.requiredActions#52b308d5-e81c-4f0e-8393-eca4ff366a1f]
(uninitialized)
00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default
task-5) Collection found:
[org.keycloak.models.jpa.entities.UserEntity.attributes#1132cb63-97ea-4de7-8107-5b2554bee89d],
was:
[org.keycloak.models.jpa.entities.UserEntity.attributes#1132cb63-97ea-4de7-8107-5b2554bee89d]
(uninitialized)
00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default
task-5) Collection found:
[org.keycloak.models.jpa.entities.UserEntity.credentials#1132cb63-97ea-4de7-8107-5b2554bee89d],
was:
[org.keycloak.models.jpa.entities.UserEntity.credentials#1132cb63-97ea-4de7-8107-5b2554bee89d]
(uninitialized)
00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default
task-5) Collection found:
[org.keycloak.models.jpa.entities.UserEntity.requiredActions#1132cb63-97ea-4de7-8107-5b2554bee89d],
was:
[org.keycloak.models.jpa.entities.UserEntity.requiredActions#1132cb63-97ea-4de7-8107-5b2554bee89d]
(uninitialized)
00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default
task-5) Collection found:
[org.keycloak.models.jpa.entities.UserEntity.attributes#d9ff7c8d-c36b-4ac4-95f3-65924213fded],
was:
[org.keycloak.models.jpa.entities.UserEntity.attributes#d9ff7c8d-c36b-4ac4-95f3-65924213fded]
(uninitialized)
00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default
task-5) Collection found:
[org.keycloak.models.jpa.entities.UserEntity.credentials#d9ff7c8d-c36b-4ac4-95f3-65924213fded],
was:
[org.keycloak.models.jpa.entities.UserEntity.credentials#d9ff7c8d-c36b-4ac4-95f3-65924213fded]
(uninitialized)
00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default
task-5) Collection found:
[org.keycloak.models.jpa.entities.UserEntity.requiredActions#d9ff7c8d-c36b-4ac4-95f3-65924213fded],
was:
[org.keycloak.models.jpa.entities.UserEntity.requiredActions#d9ff7c8d-c36b-4ac4-95f3-65924213fded]
(uninitialized)
00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default
task-5) Collection found:
[org.keycloak.models.jpa.entities.UserEntity.attributes#821b6c14-1da4-4377-8e18-fsam0633d25cc],
was:
[org.keycloak.models.jpa.entities.UserEntity.attributes#821b6c14-1da4-4377-8e18-fsam0633d25cc]
(uninitialized)
00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default
task-5) Collection found:
[org.keycloak.models.jpa.entities.UserEntity.credentials#821b6c14-1da4-4377-8e18-fsam0633d25cc],
was:
[org.keycloak.models.jpa.entities.UserEntity.credentials#821b6c14-1da4-4377-8e18-fsam0633d25cc]
(uninitialized)
00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default
task-5) Collection found:
[org.keycloak.models.jpa.entities.UserEntity.requiredActions#821b6c14-1da4-4377-8e18-fsam0633d25cc],
was:
[org.keycloak.models.jpa.entities.UserEntity.requiredActions#821b6c14-1da4-4377-8e18-fsam0633d25cc]
(uninitialized)
00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default
task-5) Collection found:
[org.keycloak.models.jpa.entities.UserEntity.attributes#8dacc80d-41ee-42ae-bd2b-dce07a1c1b7d],
was:
[org.keycloak.models.jpa.entities.UserEntity.attributes#8dacc80d-41ee-42ae-bd2b-dce07a1c1b7d]
(uninitialized)
00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default
task-5) Collection found:
[org.keycloak.models.jpa.entities.UserEntity.credentials#8dacc80d-41ee-42ae-bd2b-dce07a1c1b7d],
was:
[org.keycloak.models.jpa.entities.UserEntity.credentials#8dacc80d-41ee-42ae-bd2b-dce07a1c1b7d]
(uninitialized)
00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default
task-5) Collection found:
[org.keycloak.models.jpa.entities.UserEntity.requiredActions#8dacc80d-41ee-42ae-bd2b-dce07a1c1b7d],
was:
[org.keycloak.models.jpa.entities.UserEntity.requiredActions#8dacc80d-41ee-42ae-bd2b-dce07a1c1b7d]
(uninitialized)
00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default
task-5) Collection found:
[org.keycloak.models.jpa.entities.UserEntity.attributes#a727fdb1-731d-4cd4-949f-8dfe5cfb7f69],
was:
[org.keycloak.models.jpa.entities.UserEntity.attributes#a727fdb1-731d-4cd4-949f-8dfe5cfb7f69]
(uninitialized)
00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default
task-5) Collection found:
[org.keycloak.models.jpa.entities.UserEntity.credentials#a727fdb1-731d-4cd4-949f-8dfe5cfb7f69],
was:
[org.keycloak.models.jpa.entities.UserEntity.credentials#a727fdb1-731d-4cd4-949f-8dfe5cfb7f69]
(uninitialized)
00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default
task-5) Collection found:
[org.keycloak.models.jpa.entities.UserEntity.requiredActions#a727fdb1-731d-4cd4-949f-8dfe5cfb7f69],
was:
[org.keycloak.models.jpa.entities.UserEntity.requiredActions#a727fdb1-731d-4cd4-949f-8dfe5cfb7f69]
(uninitialized)
00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default
task-5) Collection found:
[org.keycloak.models.jpa.entities.UserEntity.attributes#d5f88dba-9263-4508-8f78-982075c90ba8],
was:
[org.keycloak.models.jpa.entities.UserEntity.attributes#d5f88dba-9263-4508-8f78-982075c90ba8]
(uninitialized)
00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default
task-5) Collection found:
[org.keycloak.models.jpa.entities.UserEntity.credentials#d5f88dba-9263-4508-8f78-982075c90ba8],
was:
[org.keycloak.models.jpa.entities.UserEntity.credentials#d5f88dba-9263-4508-8f78-982075c90ba8]
(uninitialized)
00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default
task-5) Collection found:
[org.keycloak.models.jpa.entities.UserEntity.requiredActions#d5f88dba-9263-4508-8f78-982075c90ba8],
was:
[org.keycloak.models.jpa.entities.UserEntity.requiredActions#d5f88dba-9263-4508-8f78-982075c90ba8]
(uninitialized)
00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default
task-5) Collection found:
[org.keycloak.models.jpa.entities.UserEntity.attributes#012dc197-3c0d-465e-83de-247966sam229a],
was:
[org.keycloak.models.jpa.entities.UserEntity.attributes#012dc197-3c0d-465e-83de-247966sam229a]
(uninitialized)
00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default
task-5) Collection found:
[org.keycloak.models.jpa.entities.UserEntity.credentials#012dc197-3c0d-465e-83de-247966sam229a],
was:
[org.keycloak.models.jpa.entities.UserEntity.credentials#012dc197-3c0d-465e-83de-247966sam229a]
(uninitialized)
00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default
task-5) Collection found:
[org.keycloak.models.jpa.entities.UserEntity.requiredActions#012dc197-3c0d-465e-83de-247966sam229a],
was:
[org.keycloak.models.jpa.entities.UserEntity.requiredActions#012dc197-3c0d-465e-83de-247966sam229a]
(uninitialized)
00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default
task-5) Collection found:
[org.keycloak.models.jpa.entities.UserEntity.attributes#b14111f5-b1b0-483c-9318-f4d2ee802f8a],
was:
[org.keycloak.models.jpa.entities.UserEntity.attributes#b14111f5-b1b0-483c-9318-f4d2ee802f8a]
(uninitialized)
00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default
task-5) Collection found:
[org.keycloak.models.jpa.entities.UserEntity.credentials#b14111f5-b1b0-483c-9318-f4d2ee802f8a],
was:
[org.keycloak.models.jpa.entities.UserEntity.credentials#b14111f5-b1b0-483c-9318-f4d2ee802f8a]
(uninitialized)
00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default
task-5) Collection found:
[org.keycloak.models.jpa.entities.UserEntity.requiredActions#b14111f5-b1b0-483c-9318-f4d2ee802f8a],
was:
[org.keycloak.models.jpa.entities.UserEntity.requiredActions#b14111f5-b1b0-483c-9318-f4d2ee802f8a]
(uninitialized)
00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default
task-5) Collection found:
[org.keycloak.models.jpa.entities.UserEntity.attributes#f39de748-ffae-4cef-acb4-16430b0242f8],
was:
[org.keycloak.models.jpa.entities.UserEntity.attributes#f39de748-ffae-4cef-acb4-16430b0242f8]
(uninitialized)
00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default
task-5) Collection found:
[org.keycloak.models.jpa.entities.UserEntity.credentials#f39de748-ffae-4cef-acb4-16430b0242f8],
was:
[org.keycloak.models.jpa.entities.UserEntity.credentials#f39de748-ffae-4cef-acb4-16430b0242f8]
(uninitialized)
00:40:16,176 DEBUG [org.hibernate.engine.internal.Collections] (default
task-5) Collection found:
[org.keycloak.models.jpa.entities.UserEntity.requiredActions#f39de748-ffae-4cef-acb4-16430b0242f8],
was:
[org.keycloak.models.jpa.entities.UserEntity.requiredActions#f39de748-ffae-4cef-acb4-16430b0242f8]
(uninitialized)
00:40:16,176 DEBUG
[org.hibernate.event.internal.AbstractFlushingEventListener] (default
task-5) Flushed: 0 insertions, 0 updates, 0 deletions to 18 objects
00:40:16,176 DEBUG
[org.hibernate.event.internal.AbstractFlushingEventListener] (default
task-5) Flushed: 0 (re)creations, 0 updates, 0 removals to 54 collections
00:40:16,177 DEBUG [org.hibernate.internal.util.EntityPrinter] (default
task-5) Listing entities:
00:40:16,177 DEBUG [org.hibernate.internal.util.EntityPrinter] (default
task-5) org.keycloak.models.jpa.entities.UserEntity{lastName=SAM Gert,
realmId=smon, credentials=<uninitialized>, createdTimestamp=1545956740581,
serviceAccountClientLink=null, enabled=true, notBefore=0,
emailConstraint=sam.gert(a)smon.gumu, emailVerified=false, firstName=SAM
Gert, requiredActions=<uninitialized>,
federationLink=889b8dbf-e7f2-4a70-87bf-8084eb025811,
attributes=<uninitialized>, id=2f5f5f07-4582-4c3d-969b-b360b8409df4,
email=sam.gert(a)smon.gumu, username=sam gert}
00:40:16,177 DEBUG [org.hibernate.internal.util.EntityPrinter] (default
task-5) org.keycloak.models.jpa.entities.UserEntity{lastName=JEFF BLATT,
realmId=smon, credentials=<uninitialized>, createdTimestamp=1545956741094,
serviceAccountClientLink=null, enabled=true, notBefore=0,
emailConstraint=jeff.blatt(a)smon.gumu, emailVerified=false, firstName=JEFF
BLATT, requiredActions=<uninitialized>,
federationLink=889b8dbf-e7f2-4a70-87bf-8084eb025811,
attributes=<uninitialized>, id=6d4d83c1-374b-496c-8f11-a0a658cbd03a,
email=jeff.blatt(a)smon.gumu, username=jeff blatt}
00:40:16,177 DEBUG [org.hibernate.internal.util.EntityPrinter] (default
task-5) org.keycloak.models.jpa.entities.UserEntity{lastName=SAM Small,
realmId=smon, credentials=<uninitialized>, createdTimestamp=1545956740708,
serviceAccountClientLink=null, enabled=true, notBefore=0,
emailConstraint=sam.small(a)smon.gumu, emailVerified=false, firstName=SAM
Small, requiredActions=<uninitialized>,
federationLink=889b8dbf-e7f2-4a70-87bf-8084eb025811,
attributes=<uninitialized>, id=32ca6509-77bd-446c-9072-2bc2827b8ab9,
email=sam.small(a)smon.gumu, username=sam small}
00:40:16,177 DEBUG [org.hibernate.internal.util.EntityPrinter] (default
task-5) org.keycloak.models.jpa.entities.UserEntity{lastName=john Kerp,
realmId=smon, credentials=<uninitialized>, createdTimestamp=1545956741357,
serviceAccountClientLink=null, enabled=true, notBefore=0,
emailConstraint=john.kerp(a)smon.gumu, emailVerified=false, firstName=john
Kerp, requiredActions=<uninitialized>,
federationLink=889b8dbf-e7f2-4a70-87bf-8084eb025811,
attributes=<uninitialized>, id=1132cb63-97ea-4de7-8107-5b2554bee89d,
email=john.kerp(a)smon.gumu, username=john kerp}
00:40:16,177 DEBUG [org.hibernate.internal.util.EntityPrinter] (default
task-5) org.keycloak.models.jpa.entities.UserEntity{lastName=john Gert 3,
realmId=smon, credentials=<uninitialized>, createdTimestamp=1545956741550,
serviceAccountClientLink=null, enabled=true, notBefore=0,
emailConstraint=john.gert-3(a)smon.gumu, emailVerified=false, firstName=john
Gert 3, requiredActions=<uninitialized>,
federationLink=889b8dbf-e7f2-4a70-87bf-8084eb025811,
attributes=<uninitialized>, id=8dacc80d-41ee-42ae-bd2b-dce07a1c1b7d,
email=john.gert-3(a)smon.gumu, username=john Gert 3}
00:40:16,177 DEBUG [org.hibernate.internal.util.EntityPrinter] (default
task-5) org.keycloak.models.jpa.entities.UserEntity{lastName=john Gert,
realmId=smon, credentials=<uninitialized>, createdTimestamp=1545956741718,
serviceAccountClientLink=null, enabled=true, notBefore=0,
emailConstraint=john.gert(a)smon.gumu, emailVerified=false, firstName=john
Gert, requiredActions=<uninitialized>,
federationLink=889b8dbf-e7f2-4a70-87bf-8084eb025811,
attributes=<uninitialized>, id=d5f88dba-9263-4508-8f78-982075c90ba8,
email=john.gert(a)smon.gumu, username=john gert}
00:40:16,177 DEBUG [org.hibernate.internal.util.EntityPrinter] (default
task-5) org.keycloak.models.jpa.entities.UserEntity{lastName=john Small,
realmId=smon, credentials=<uninitialized>, createdTimestamp=1545956741748,
serviceAccountClientLink=null, enabled=true, notBefore=0,
emailConstraint=john.small(a)smon.gumu, emailVerified=false, firstName=john
Small, requiredActions=<uninitialized>,
federationLink=889b8dbf-e7f2-4a70-87bf-8084eb025811,
attributes=<uninitialized>, id=012dc197-3c0d-465e-83de-247966sam229a,
email=john.small(a)smon.gumu, username=john small}
00:40:16,177 DEBUG [org.hibernate.internal.util.EntityPrinter] (default
task-5) org.keycloak.models.jpa.entities.UserEntity{lastName=SAM Black,
realmId=smon, credentials=<uninitialized>, createdTimestamp=1545956740785,
serviceAccountClientLink=null, enabled=true, notBefore=0,
emailConstraint=sam.black(a)smon.gumu, emailVerified=false, firstName=SAM
Black, requiredActions=<uninitialized>,
federationLink=889b8dbf-e7f2-4a70-87bf-8084eb025811,
attributes=<uninitialized>, id=1663aa5f-05ac-46cb-9a04-b6f7125883aa,
email=sam.black(a)smon.gumu, username=sam black}
00:40:16,177 DEBUG [org.hibernate.internal.util.EntityPrinter] (default
task-5) org.keycloak.models.jpa.entities.UserEntity{lastName=john Gert 4,
realmId=smon, credentials=<uninitialized>, createdTimestamp=1545956741622,
serviceAccountClientLink=null, enabled=true, notBefore=0,
emailConstraint=john.Gert-4(a)smon.gumu, emailVerified=false, firstName=john
Gert 4, requiredActions=<uninitialized>,
federationLink=889b8dbf-e7f2-4a70-87bf-8084eb025811,
attributes=<uninitialized>, id=a727fdb1-731d-4cd4-949f-8dfe5cfb7f69,
email=john.Gert-4(a)smon.gumu, username=john Gert 4}
00:40:16,177 DEBUG [org.hibernate.internal.util.EntityPrinter] (default
task-5) org.keycloak.models.jpa.entities.UserEntity{lastName=SAM Blue,
realmId=smon, credentials=<uninitialized>, createdTimestamp=1545956740297,
serviceAccountClientLink=null, enabled=true, notBefore=0,
emailConstraint=sam.blue(a)smon.gumu, emailVerified=false, firstName=SAM
Blue, requiredActions=<uninitialized>,
federationLink=889b8dbf-e7f2-4a70-87bf-8084eb025811,
attributes=<uninitialized>, id=d8beb059-6ba9-4614-8da7-30f6f39762e4,
email=sam.blue(a)smon.gumu, username=sam blue}
00:40:16,177 DEBUG [org.hibernate.internal.util.EntityPrinter] (default
task-5) org.keycloak.models.jpa.entities.UserEntity{lastName=john Black,
realmId=smon, credentials=<uninitialized>, createdTimestamp=1545956741777,
serviceAccountClientLink=null, enabled=true, notBefore=0,
emailConstraint=john.black(a)smon.gumu, emailVerified=false, firstName=john
Black, requiredActions=<uninitialized>,
federationLink=889b8dbf-e7f2-4a70-87bf-8084eb025811,
attributes=<uninitialized>, id=b14111f5-b1b0-483c-9318-f4d2ee802f8a,
email=john.black(a)smon.gumu, username=john black}
00:40:16,177 DEBUG [org.hibernate.internal.util.EntityPrinter] (default
task-5) org.keycloak.models.jpa.entities.UserEntity{lastName=Amy Black,
realmId=smon, credentials=<uninitialized>, createdTimestamp=1545956740919,
serviceAccountClientLink=null, enabled=true, notBefore=0,
emailConstraint=amy.black(a)smon.gumu, emailVerified=false, firstName=Amy
Black, requiredActions=<uninitialized>,
federationLink=889b8dbf-e7f2-4a70-87bf-8084eb025811,
attributes=<uninitialized>, id=a3dedabc-0bb7-42ca-8f6d-d4e9fdb51a1b,
email=amy.black(a)smon.gumu, username=amy black}
00:40:16,177 DEBUG [org.hibernate.internal.util.EntityPrinter] (default
task-5) org.keycloak.models.jpa.entities.UserEntity{lastName=john Gert 1,
realmId=smon, credentials=<uninitialized>, createdTimestamp=1545956741421,
serviceAccountClientLink=null, enabled=true, notBefore=0,
emailConstraint=john.Gert-1(a)smon.gumu, emailVerified=false, firstName=john
Gert 1, requiredActions=<uninitialized>,
federationLink=889b8dbf-e7f2-4a70-87bf-8084eb025811,
attributes=<uninitialized>, id=d9ff7c8d-c36b-4ac4-95f3-65924213fded,
email=john.Gert-1(a)smon.gumu, username=john Gert 1}
00:40:16,177 DEBUG [org.hibernate.internal.util.EntityPrinter] (default
task-5) org.keycloak.models.jpa.entities.UserEntity{lastName=JEFF Hue,
realmId=smon, credentials=<uninitialized>, createdTimestamp=1545956741292,
serviceAccountClientLink=null, enabled=true, notBefore=0,
emailConstraint=jeff.hue(a)smon.gumu, emailVerified=false, firstName=JEFF
Hue, requiredActions=<uninitialized>,
federationLink=889b8dbf-e7f2-4a70-87bf-8084eb025811,
attributes=<uninitialized>, id=52b308d5-e81c-4f0e-8393-eca4ff366a1f,
email=jeff.hue(a)smon.gumu, username=jeff hue}
00:40:16,177 DEBUG [org.hibernate.internal.util.EntityPrinter] (default
task-5) org.keycloak.models.jpa.entities.UserEntity{lastName=Jeff Black,
realmId=smon, credentials=<uninitialized>, createdTimestamp=1545956741221,
serviceAccountClientLink=null, enabled=true, notBefore=0,
emailConstraint=jeff.black(a)smon.gumu, emailVerified=false, firstName=Jeff
Black, requiredActions=<uninitialized>,
federationLink=889b8dbf-e7f2-4a70-87bf-8084eb025811,
attributes=<uninitialized>, id=639abed4-9b33-428f-b35f-f2a021ae58b8,
email=jeff.black(a)smon.gumu, username=jeff black}
00:40:16,177 DEBUG [org.hibernate.internal.util.EntityPrinter] (default
task-5) org.keycloak.models.jpa.entities.UserEntity{lastName=john Gert 2,
realmId=smon, credentials=<uninitialized>, createdTimestamp=1545956741528,
serviceAccountClientLink=null, enabled=true, notBefore=0,
emailConstraint=john.Gert-2(a)smon.gumu, emailVerified=false, firstName=john
Gert 2, requiredActions=<uninitialized>,
federationLink=889b8dbf-e7f2-4a70-87bf-8084eb025811,
attributes=<uninitialized>, id=821b6c14-1da4-4377-8e18-fsam0633d25cc,
email=john.Gert-2(a)smon.gumu, username=john Gert 2}
00:40:16,177 DEBUG [org.hibernate.internal.util.EntityPrinter] (default
task-5) org.keycloak.models.jpa.entities.UserEntity{lastName=SAM Mick,
realmId=smon, credentials=<uninitialized>, createdTimestamp=1545956740862,
serviceAccountClientLink=null, enabled=true, notBefore=0,
emailConstraint=sam.mick(a)smon.gumu, emailVerified=false, firstName=SAM
Mick, requiredActions=<uninitialized>,
federationLink=889b8dbf-e7f2-4a70-87bf-8084eb025811,
attributes=<uninitialized>, id=79ee8cb3-0242-42d2-94b9-dc88be59c9ee,
email=sam.mick(a)smon.gumu, username=sam mick}
00:40:16,177 DEBUG [org.hibernate.internal.util.EntityPrinter] (default
task-5) org.keycloak.models.jpa.entities.UserEntity{lastName=john Mice,
realmId=smon, credentials=<uninitialized>, createdTimestamp=1545956741828,
serviceAccountClientLink=null, enabled=true, notBefore=0,
emailConstraint=john.mice(a)smon.gumu, emailVerified=false, firstName=john
Mice, requiredActions=<uninitialized>,
federationLink=889b8dbf-e7f2-4a70-87bf-8084eb025811,
attributes=<uninitialized>, id=f39de748-ffae-4cef-acb4-16430b0242f8,
email=john.mice(a)smon.gumu, username=john mice}
00:40:16,177 DEBUG
[org.hibernate.resource.jdbc.internal.LogicalConnectionManagedImpl]
(default task-5) Initiating JDBC connection release from samterStatement
00:40:16,186 DEBUG
[org.hibernate.resource.jdbc.internal.LogicalConnectionManagedImpl]
(default task-5) Initiating JDBC connection release from samterTransaction
00:40:16,186 DEBUG
[org.jboss.jca.core.connectionmanager.pool.strategy.OnePool] (default
task-5) KeycloakDS: returnConnection(32eef326, false) [0/20]
00:40:16,186 DEBUG [org.keycloak.transaction.JtaTransactionWrapper]
(default task-5) JtaTransactionWrapper end
00:40:16,210 DEBUG [org.jboss.resteasy.resteasy_jaxrs.i18n] (default
task-5) MessageBodyWriter:
org.jboss.resteasy.spi.ResteasyProviderFactory$SortedKey
00:40:16,210 DEBUG [org.jboss.resteasy.resteasy_jaxrs.i18n] (default
task-5) MessageBodyWriter:
org.jboss.resteasy.plugins.providers.jackson.ResteasyJackson2Provider
00:40:16,210 DEBUG [org.jboss.resteasy.resteasy_jaxrs.i18n] (default
task-5) MessageBodyWriter:
org.jboss.resteasy.plugins.providers.jackson.ResteasyJackson2Provider
00:40:16,210 DEBUG [org.jboss.resteasy.resteasy_jaxrs.i18n] (default
task-5) Interceptor Context:
org.jboss.resteasy.core.interception.ServerWriterInterceptorContext,
Method : proceed
00:40:16,210 DEBUG [org.jboss.resteasy.resteasy_jaxrs.i18n] (default
task-5) WriterInterceptor:
org.jboss.resteasy.security.doseta.DigitalSigningInterceptor
00:40:16,210 DEBUG [org.jboss.resteasy.security.doseta.i18n] (default
task-5) Interceptor :
org.jboss.resteasy.security.doseta.DigitalSigningInterceptor, Method :
aroundWriteTo
00:40:16,210 DEBUG [org.jboss.resteasy.resteasy_jaxrs.i18n] (default
task-5) Interceptor Context:
org.jboss.resteasy.core.interception.ServerWriterInterceptorContext,
Method : proceed
00:40:16,210 DEBUG [org.jboss.resteasy.resteasy_jaxrs.i18n] (default
task-5) MessageBodyWriter:
org.jboss.resteasy.spi.ResteasyProviderFactory$SortedKey
00:40:16,210 DEBUG [org.jboss.resteasy.resteasy_jaxrs.i18n] (default
task-5) MessageBodyWriter:
org.jboss.resteasy.plugins.providers.jackson.ResteasyJackson2Provider
00:40:16,210 DEBUG [org.jboss.resteasy.resteasy_jaxrs.i18n] (default
task-5) Provider :
org.jboss.resteasy.plugins.providers.jackson.ResteasyJackson2Provider,
Method : writeTo
00:40:18,110 DEBUG
[org.jboss.jca.core.connectionmanager.pool.validator.ConnectionValidator]
(ConnectionValidator) Notifying pools, interval: 30000
00:40:18,110 DEBUG
[org.jboss.jca.core.connectionmanager.pool.strategy.OnePool]
(ConnectionValidator) Checking for connection within frequency
00:40:18,111 DEBUG
[org.jboss.jca.core.connectionmanager.pool.strategy.OnePool]
(ConnectionValidator) Returning for connection within frequency
00:40:18,112 DEBUG
[org.jboss.jca.core.connectionmanager.pool.strategy.OnePool]
(ConnectionValidator) Checking for connection within frequency
00:40:18,252 DEBUG [org.keycloak.transaction.JtaTransactionWrapper]
(Timer-2) new JtaTransactionWrapper
00:40:18,252 DEBUG [org.keycloak.transaction.JtaTransactionWrapper]
(Timer-2) was existing? false
00:40:18,252 DEBUG [org.keycloak.transaction.JtaTransactionWrapper]
(Timer-2) JtaTransactionWrapper commit
00:40:18,252 DEBUG [org.keycloak.transaction.JtaTransactionWrapper]
(Timer-2) JtaTransactionWrapper end
00:40:18,252 DEBUG [org.keycloak.services.scheduled.ScheduledTaskRunner]
(Timer-2) Executed scheduled task
AbstractLastSessionRefreshStoreFactory$$Lambda$964/1929658402
7 years
- 1
- 0
Where do I find the secret to verify a token
by Bruno Mairlot
Dear List Members,
I am working on implementing a Single Sign On with keycloak and I have
implemented the Standard Flow, I can exchange the Authorization Grant to
receive the tokens, but I cannot find a way to verify them.
Each time I try to check the token, classical tools like jwt.io or
https://www.jsonwebtoken.io/ says the signature is incorrect.
I would like to know, which secret does Keycloak use to sign (with
HS256) the tokens ? And where can I find it ?
I tried the client secret, but it seems wrong to me.
Many thanks for your help,
Cheers,
Bruno Mairlot
7 years
- 2
- 1
403 Forbidden error when trying to access realm admin console in 4.7.0
by Mandy Fung
Hello,
We've recently upgraded from 4.5.0 to 4.7.0 and users can no longer access
the dedicated realm admin console (/auth/admin/{realm}/console) with the
same realm-management roles that they had in 4.5.0.
We only want our admin users to manage users and groups and in 4.5.0 we
were able to assign the following roles to our admin users such that only
the "Manage > Groups" and "Manage > Users" tab show up in the realm admin
console: 'manage-users', 'query-groups', 'query-users', and 'view-users'.
However, with the new upgrade to 4.7.0 these admin users with the same
realm-management roles assigned can no longer access the realm admin
console and they see a 403 Forbidden error page.
Has anyone run into this issue recently or if there are some new realm
management roles added in 4.7.0 that we need to re-configure?
Best regards,
Mandy
--
*Mandy Fung **|* Software Engineer 1 *| *Tasktop
*email: *mandy.fung(a)tasktop.com
7 years
- 2
- 4
Any examples of creating script authenticator using kcadm?
by Craig Setera
I'm trying to create a script-based authenticator (from bash) using kcadm
and set it to REQUIRED. While I can create the execution, I can't seem to
set up the script code or get it to change from DISABLED to REQUIRED. This
is despite trying to replicate what I'm seeing in the browser developer
tools via kcadm commands. Any examples would be most appreciated.
Thanks,
Craig
=================================
*Craig Setera*
*Chief Technology Officer*
7 years
- 1
- 0
Re: [keycloak-user] Script authenticators via UI?
by Craig Setera
OK.... Now I feel really foolish. The option has been there all along...
The browser was not showing it, nor was there an obvious scrollbar.
However, the drop-down is scrollable and the option was hiding off the
bottom of the viewport. Script has been there all along and I feel stupid
now.
Sorry about the false alarms.
=================================
*Craig Setera*
*Chief Technology Officer*
On Wed, Dec 26, 2018 at 4:14 AM Geoffrey Cleaves <geoff(a)opticks.io> wrote:
> Choose the option to Add Execution and you should see this:
>
> [image: Screenshot 2018-12-26 at 11.13.40.png]
>
> On Wed, 26 Dec 2018 at 03:38, Craig Setera <craig(a)baseventure.com> wrote:
>
>> This is probably a dumb question, but where would I expect to see this?
>> I've tried copying various authentication flows and trying to add
>> executions to them, but no luck. Maybe I'm misunderstanding where I should
>> see the option?
>>
>> =================================
>> *Craig Setera*
>>
>> *Chief Technology Officer*
>>
>>
>>
>>
>> On Tue, Dec 25, 2018 at 8:43 AM Geoffrey Cleaves <geoff(a)opticks.io>
>> wrote:
>>
>>> It works for me with 4.8.1. This is what my docker run command looks
>>> like:
>>>
>>> docker run -d -p ${KC_IP}:8080:8080 --name keycloak -e "JAVA_TOOL_OPTIONS=-Dkeycloak.profile.feature.admin_fine_grained_authz=enabled -Dkeycloak.profile.feature.token_exchange=enabled -Dkeycloak.profile.feature.scripts=enabled" -e DB_VENDOR=postgres -e DB_ADDR=${PG_IP} -e DB_PORT=5432 -e DB_DATABASE=keycloak -e DB_USER=${DB_KC_USER} -e DB_PASSWORD=${DB_KC_PASS} -e KEYCLOAK_LOGLEVEL=DEBUG -e ROOT_LOGLEVEL=DEBUG -e PROXY_ADDRESS_FORWARDING=true jboss/keycloak:${LATEST_KC}
>>>
>>>
>>> On Mon, 24 Dec 2018 at 21:55, Craig Setera <craig(a)baseventure.com>
>>> wrote:
>>>
>>>> I'm either doing something wrong or I'm just missing it. I'm running
>>>> 4.8.1
>>>> (via Docker). I've set the system property and I'm seeing this in the
>>>> log:
>>>>
>>>> keycloak_1 | 18:27:56,908 INFO
>>>> [org.keycloak.common.Profile]
>>>> (ServerService Thread Pool -- 61) Preview feature enabled: scripts
>>>>
>>>> However, I can't seem to find Script in any of the drop-downs for the
>>>> Authentication configuration. Any other ideas where I should be
>>>> looking?
>>>>
>>>> Craig
>>>>
>>>> =================================
>>>> *Craig Setera*
>>>>
>>>> *Chief Technology Officer*
>>>>
>>>>
>>>> On Mon, Dec 24, 2018 at 1:33 PM Dmitry Telegin <dt(a)acutus.pro> wrote:
>>>>
>>>> > Hello Craig,
>>>> >
>>>> > Just tried this with Keycloak 4.8.1:
>>>> >
>>>> > bin/standalone.sh -Dkeycloak.profile.feature.scripts=enabled
>>>> >
>>>> > and I was able to see Script in the executions dropdown list again
>>>> > (between OTP and OTP Form).
>>>> >
>>>> > Cheers,
>>>> > Dmitry
>>>> >
>>>> > On Mon, 2018-12-24 at 12:38 -0600, Craig Setera wrote:
>>>> > > I'm trying to (finally) wrap back around to handling our partner
>>>> code.
>>>> > > Based on conversation with Dmitry, I'm trying to add a new
>>>> authenticator
>>>> > to
>>>> > > our current flow, but I'm not seeing the script executor option in
>>>> the
>>>> > UI.
>>>> > > I have enabled the profile (and see that it is enabled in the
>>>> logs). Is
>>>> > > that something that I should expect to see via the UI or is this
>>>> > something
>>>> > > I'm only going to be able to manage via API? (I expect to
>>>> eventually
>>>> > > configure this via API, but was trying to test things out first).
>>>> > >
>>>> > > Thanks!
>>>> > > Craig
>>>> > >
>>>> > > =================================
>>>> > > *Craig Setera*
>>>> > >
>>>> > > *Chief Technology Officer*
>>>> > > _______________________________________________
>>>> > > keycloak-user mailing list
>>>> > > keycloak-user(a)lists.jboss.org
>>>> > > https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>> >
>>>> _______________________________________________
>>>> keycloak-user mailing list
>>>> keycloak-user(a)lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>
>>>
>>>
>>> --
>>>
>>> Regards,
>>> Geoffrey Cleaves
>>>
>>>
>>>
>>>
>>>
>>>
>
> --
>
> Regards,
> Geoffrey Cleaves
>
>
>
>
>
>
7 years
- 1
- 0
Keycloak authentication page has no background when loaded using mobile devices
by Kunal Kumar
The Keycloak themed background image is missing when I try to enter the
authentication page using any kind of mobile devices. Why is this?
Regards,
Kunal
7 years
- 1
- 0