multiple reset credentials flows
by Arnault BESNARD
Hi,
We're currently developing our own SPI authenticator. In case of authentication failure, we'd like allowing users to reset their credential following a specific scenario.
Unfortunately, there is only one reset credentials flow per realm. So 'forgot password' and our SPI reset credential have to share the same scenario, which is not fit in our case.
What is the best way to solve our issue?
Thanks in advance,
Arnault
6 years, 8 months
Lookup user by federated identity email?
by Jeffrey Sambells
I have a Keycloak instance set up with users who can login via Google, Twitter, etc. I have another separate service (not Keycloak) that also allows login via Google. I’m trying to associate the users from one service to the others. From this other service I can get the email associated with the Google account. Is it possible to locate search for the Keycloak user that has the identical email address in their federated Google identity? I don’t want to look up using the Keycloak specific email as it may be different from the email associated with the federated identity.
Ideally I’m looking to do this via the REST api but didn’t see an appropriate endpoint.
Thanks,
Jeffrey
6 years, 8 months
Keycloak quickstart not working
by Alfonso Vidal García
I used this example from Keycloak Quickstarts to do a little test from my Keycloak server and see if works.
https://github.com/keycloak/keycloak-quickstarts/tree/latest/app-authz-sp...
For me it's not working, where each time than I try to connect it through the browser returns an Error 404.
I have this configuration in the application.properties:
server.port = 38080
keycloak.realm=FocusocKeycloak
keycloak.auth-server-url=http://localhost:8080/auth
keycloak.ssl-required=external
keycloak.resource=login-provider-web
keycloak.public-client=false
keycloak.credentials.secret=secret
keycloak.securityConstraints[0].authRoles[0] = user
keycloak.securityConstraints[0].securityCollections[0].name = protected
keycloak.securityConstraints[0].securityCollections[0].patterns[0] = /*
# Turn off the logs
logging.level.root=OFF
logging.level.org.springframework.boot=OFF
spring.main.banner-mode=OFF
And in the keycloak.json is this,
{
"realm": "FocusocKeycloak",
"auth-server-url": "http://127.0.0.1:8080/auth",
"ssl-required": "external",
"resource": "login-app",
"verify-token-audience": true,
"credentials": {
"secret": "145ca6f7-19c8-4478-b092-ba685a52d985"
},
"use-resource-role-mappings": true,
"confidential-port": 0
}
Am I wrong with anything? Or am I missing anything? I didn't change any further configuration in the project downloaded from github.
P Please consider the environment before printing this e-mail.
6 years, 8 months
New user forum
by Stian Thorgersen
We appreciate that not everyone loves mailing lists, so we decide to start
a new forum where you can ask for help.
Check it out at https://keycloak.discourse.group/
A big benefit of the forum compared to the mailing list is that we can
hopefully over time build up a great resources with already asked questions.
6 years, 8 months
Docker container, why use a passworded source image?
by Max Allan
Hi,
I'm building my own keycloak container with theme etc. built in (because to
run in AWS ECS attaching volumes with the theme is not really possible and
I will need some other code mods later).
I notice the source OS has recently changed from a jboss image to RHEL's
ubi8-minimal.
Which is fine, except that it pulls the image from a repo that requires
authentication, which is a bit annoying.
Not only do you need auth, but your account needs a "subscription".
Anyone got an idea of the rationale behind using the "
registry.redhat.io/ubi8-minimal" instead of "
registry.access.redhat.com/ubi8-minimal" which doesn't need any
authentication?
It seems like an extra speed bump in the way for absolutely no reason to me!
6 years, 8 months
Does Keycloak support access control for SAML clients?
by Pavel Zinchenko
I configured a client that uses a SAML protocol. I have a lot of users
imported from LDAP.
Now I was faced with the need to control access to the SAML client,
but did not find out how to configure it.
Does Keycloak support access control for SAML clients? If does, then
could someone help me find the documentation for the settings?
6 years, 8 months
keycloak-quickstart not working
by Alfonso Vidal García
Hello everyone!
I am trying to deploy a keycloak-quickstart, the app-authz-spring-security one, modified with my parameters but I can't access to the app through the browser, it always give me the 404 error NOT FOUND.
I have the application.properties like this:
server.port = 38080
keycloak.realm=FocusocKeycloak
keycloak.auth-server-url=http://localhost:8080/auth
keycloak.ssl-required=external
keycloak.resource=login-provider-web
keycloak.public-client=false
keycloak.credentials.secret=secret
keycloak.securityConstraints[0].authRoles[0] = user
keycloak.securityConstraints[0].securityCollections[0].name = protected
keycloak.securityConstraints[0].securityCollections[0].patterns[0] = /*
# Turn off the logs
logging.level.root=OFF
logging.level.org.springframework.boot=OFF
spring.main.banner-mode=OFF
And the keycloak.json
{
"realm": "FocusocKeycloak",
"auth-server-url": "http://127.0.0.1:8080/auth",
"ssl-required": "external",
"resource": "login-app",
"verify-token-audience": true,
"credentials": {
"secret": "145ca6f7-19c8-4478-b092-ba685a52d985"
},
"use-resource-role-mappings": true,
"confidential-port": 0
}
It is the only thing that I modified. Any suggestion? Thanks in advance!
P Please consider the environment before printing this e-mail.
6 years, 8 months
Database problems running a clustered multi-site keycloak on MariaDB
by Doswald Alistair
Hello,
We're running into some important errors when running a keycloak on a multi-site cluster with MariaDB as our multi-master database. We have a setup similar to https://www.keycloak.org/docs/latest/server_installation/index.html#cross..., with keycloak 7.0.0 and MariaDB 10.1.37. Each site will write to its own database cluster, and we thought that MariaDB would handle the replication and transactions correctly.
It works well, until we get the following types of errors on the database, and then everything crashes:
2019-10-03 14:09:46 140205469263616 [ERROR] Slave SQL: Could not execute Delete_rows_v1 event on table cloudtrust-int-keycloak.EVENT_ENTITY; Can't find record in 'EVENT_ENTITY', Error_code: 1032; handler error HA_ERR_KEY_NOT_FOUND; the event's master log FIRST, end_log_pos 883, Internal MariaDB error code: 1032
2019-10-03 14:09:46 140205469263616 [Warning] WSREP: RBR event 2 Delete_rows_v1 apply warning: 120, 591931
2019-10-03 14:09:46 140205469263616 [Warning] WSREP: Failed to apply app buffer: seqno: 591931, status: 1
at galera/src/trx_handle.cpp:apply():351
Retrying 4th time
2019-10-03 14:09:46 140205469263616 [ERROR] Slave SQL: Could not execute Delete_rows_v1 event on table cloudtrust-int-keycloak.EVENT_ENTITY; Can't find record in 'EVENT_ENTITY', Error_code: 1032; handler error HA_ERR_KEY_NOT_FOUND; the event's master log FIRST, end_log_pos 883, Internal MariaDB error code: 1032
2019-10-03 14:09:46 140205469263616 [Warning] WSREP: RBR event 2 Delete_rows_v1 apply warning: 120, 591931
2019-10-03 14:09:46 140205469263616 [ERROR] WSREP: Failed to apply trx: source: 4f98589f-e5bd-11e9-9eb9-12b92fd5aeef version: 3 local: 0 state: APPLYING flags: 1 conn_id: 395 trx_id: 991166 seqnos (l: 18625, g: 591931, s: 591930, d: 584704, ts: 31567167461519)
2019-10-03 14:09:46 140205469263616 [ERROR] WSREP: Failed to apply trx 591931 4 times
2019-10-03 14:09:46 140205469263616 [ERROR] WSREP: Node consistency compromized, aborting...
.....................
>From our analysis, it seems that a transaction was not able to be replayed, which caused the database to shutdown to protect consistency. This can seem to happen with race conditions from multiple writes. Looking into it we found in the following document https://galeracluster.com/library/kb/trouble/multi-master-conflicts.html this passage "When two transactions are conflicting, the later of the two is rolled back by the cluster. The client application registers this rollback as a deadlock error. Ideally, the client application should retry the deadlocked transaction. However, not all client applications have this logic built in."
Does anyone else have a similar setup? If yes, have you encountered this problem? Is there a known resolution?
Best regards,
Alistair Doswald
6 years, 8 months
X-509 Client certificate thumbprint authentication
by Amol Bagul
Hi,
I have millions of devices connected to keycloak server to acquire access
token.
I don't have all devices added as user in Keycloak.
Can I have X-509 Client certificate authentication based on Client cert
Thumbprint.
How I can support this ?
-Amol
6 years, 8 months
SameSite and Secure
by Matthew Broadhead
keycloak-7.0.0
sorry if this has been asked before, i did search around.
just yesterday i started getting this message in javascript console:
A cookie associated with a cross-site resource at
https://secure.domain.tld/ was set without the `SameSite` attribute. A
future release of Chrome will only deliver cookies with cross-site
requests if they are set with `SameSite=None` and `Secure`. You can
review cookies in developer tools under Application>Storage>Cookies and
see more details at
https://www.chromestatus.com/feature/5088147346030592 and
https://www.chromestatus.com/feature/5633521622188032.
is this because i am not passing certain headers through httpd proxy or
is this something that needs implementing in keycloak?
6 years, 8 months
Why is session authentication strategy bean needed?
by Leonid Rozenblyum
Hello.
Documentation for Keycloak Spring Security adapter (
https://www.keycloak.org/docs/6.0/securing_apps/index.html#_spring_securi...
) has a paragraph:
"You must provide a session authentication strategy bean which should be of
type RegisterSessionAuthenticationStrategy for public or confidential
applications and NullAuthenticatedSessionStrategy for bearer-only
applications."
I wonder why is it a requirement for public applications?
It looks like KeycloakAuthenticationProcessingFilter is not using the
session registry itself (it just sets up sessionAuthenticationStrategy into
HttpSecurity and KeycloakAuthenticationProcessingFilter) but my question
is: why is it 'must have' for public/confidential applications?
(this feature may be useful when concurrent sessions filter is enabled but
what if it's not in use?)
Thanks for clarifying!
6 years, 8 months
Change 403 Message
by Florian Fußeder
Hello,
is there a way to change the message displayed on the 403 json response?
If i try to to access a resource that i don't have the permissions for, i
get the following json response:
{
"timestamp": "2019-10-07T13:31:47.274+0000",
"status": 403,
"error": "Forbidden",
"message": "Access to the requested resource has been denied",
"path": "/api/"
}
but what i want is:
{
"timestamp": "2019-10-07T13:31:47.274+0000",
"status": 403,
"error": "Forbidden",
"message": "To access these resources mail to ....",
"path": "/v1/"
}
I know i could do a redirect via policy-enforcer, but i have to avoid a
redirect.
Greetings,
Florian
6 years, 8 months
Keycloak null pointer exception on launch with a custom postgres setup
by Sankar P
Hi
I am getting the following NullPointerException when Keycloak is getting
launched.
A few points about the setup. I have installed keycloak, say k1, in one
machine with postgres, say pg1 as the config store. Then I created a custom
realm, some users, client scope in that setup. Then I took a dump of the
postgres setup via:
```
kubectl exec nordic-mole-postgresql-0 -- bash -c "PGPASSWORD=pguser pg_dump
-U pguser -d pgdb " > db.sql
```
Now I used the postgres dump thus obtained to build another postgres docker
image, say `pg2`
```
FROM library/postgres:11.3
ENV POSTGRES_USER pguser
ENV POSTGRES_PASSWORD pguser
ENV POSTGRES_DB pgdb
COPY db.sql /docker-entrypoint-initdb.d/
```
Now I brought up a fresh version of keycloak, say k2, which talks to this
new pg2 postgres instance via the following command.
```
helm install codecentric/keycloak -f values.yaml
```
The values.yaml contains connection details for the 2nd database:
```
keycloak:
persistence:
deployPostgres: false
dbVendor: postgres
dbName: pgdb
dbHost: postgres # Resolved through k8s service
dbPort: 5432
dbUser: pguser
dbPassword: "pguser"
```
Now I have two questions:
1) Should I report the following crash in a bug system of some kind ?
2) Is there a simpler, cleaner way of creating a new realm, new user via
the `values.yaml` instead of taking dump of postgres ? Are there any good
tutorials, github projects etc. that explain this ?
Thanks.
The Stacktrace of the actual crash below:
13:34:03,343 ERROR [org.jboss.as.controller.management-operation]
(Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address:
([("subsystem" => "microprofile-metrics-smallrye")]):
java.lang.NullPointerException
at
org.wildfly.extension.microprofile.metrics.MicroProfileMetricsSubsystemAdd$2.execute(MicroProfileMetricsSubsystemAdd.java:86)
at
org.jboss.as.controller.AbstractOperationContext.executeStep(AbstractOperationContext.java:999)
at
org.jboss.as.controller.AbstractOperationContext.processStages(AbstractOperationContext.java:743)
at
org.jboss.as.controller.AbstractOperationContext.executeOperation(AbstractOperationContext.java:467)
at
org.jboss.as.controller.OperationContextImpl.executeOperation(OperationContextImpl.java:1412)
at
org.jboss.as.controller.ModelControllerImpl.boot(ModelControllerImpl.java:521)
at
org.jboss.as.controller.AbstractControllerService.boot(AbstractControllerService.java:472)
at
org.jboss.as.controller.AbstractControllerService.boot(AbstractControllerService.java:434)
at org.jboss.as.server.ServerService.boot(ServerService.java:435)
at org.jboss.as.server.ServerService.boot(ServerService.java:394)
at
org.jboss.as.controller.AbstractControllerService$1.run(AbstractControllerService.java:374)
at java.lang.Thread.run(Thread.java:748)
--
Sankar P
http://psankar.blogspot.com
6 years, 8 months
Web project
by Alfonso Vidal García
Hi everyone!
I am trying to do a web app and having the logging through keycloak. And this point I have a server with Keycloak, and I now I want to deploy a web app to test the login service, and I am trying to make the login, but It always returns error 404.
Anyone have an example to test it?
Thanks in advance!
P Please consider the environment before printing this e-mail.
6 years, 8 months
Export the access token using mod_auth_openidc
by Nicolas Lagiewski
Hello,
The problem is as follows. I have a web application running on an apache
server that makes a CURL call to a REST service. In order to secure my
service, I need to specify the access token in the headers of my CURL call,
but I don't understand how to export session information using
mod_auth_openidc. Can you help me, or explain if it's possible to do this
operation using this module?
Thanks.
6 years, 8 months
Admin log with a company's email, authenticated by Google
by Piotr Jander
Hi all,
My team would like to disable an admin account with a password for the
admin realm, and instead grant administrative rights to anybody who logs in
with our company's email domain (@luna-lang.org). (We are a small company,
so we believe it's okay at this stage)
Our email is hosted at Google, so we'd like to delegate login to
Google/Gmail (when logging to the admin console with an @luna-lang.org
email).
Is this possible and does it sound like a good practice?
Thanks,
Piotr Jander
6 years, 8 months
keycloak api access
by Sankar P
Hi,
I installed a new keycloak setup using kubernetes, helm charts
helm install codecentric/keycloak
Now when I try to login through the web interface, I am able to login to
the keycloak setup using a `keycloak` user and an auto-generated password
(say `TsIeWcqrig2YIs`). However, when I repeat the same authenticate
request using curl, I get the a HTTP 400 with the following error message
in the keycloak logs:
The curl command that I use is:
```
curl -X POST -k -v -d "username=keycloak&password=TsIeWcqrig2YIs"
https://example.com/auth/realms/master/login-actions/authenticate\?sessio...
```
I have tried logging in without the url parameters too and get the same
error. I got these url params from the web client when it logged in via the
front end. Is there something I am doing wrong ?
The reason why I want to do the API based login, is because, I want to add
an user and set the password for that user, after my keycloak pod is
installed. I could not find a reliable way to do this. Any pointers on how
to do this ?
Thanks.
--
Sankar P
http://psankar.blogspot.com
6 years, 8 months
Themes doesnt deploy
by Pavel
Hello
I follow the documentation how to deploy themes on keycloak.
I've used those attached files (mytheme.jar), then, I copied them into
deployment directory. The server logs shows as follow:
*11:13:11,857 INFO [org.jboss.as.server.deployment] (MSC service thread
1-1) WFLYSRV0027: Starting deployment of "mytheme.war" (runtime-name:
"mytheme.war")**
**11:13:12,020 INFO [org.wildfly.extension.undertow] (ServerService
Thread Pool -- 71) WFLYUT0021: Registered web context: '/mytheme' for
server 'default-server'**
**11:13:12,091 INFO [org.jboss.as.server] (DeploymentScanner-threads -
1) WFLYSRV0010: Deployed "mytheme.war" (runtime-name : "mytheme.war")*
[pavel@pavel-pc deployments]$ ls -tlr
total 20
-rw-r--r-- 1 pavel pavel 8888 ago 24 13:14 README.txt
-rw-r--r-- 1 pavel pavel 11 sep 30 11:13 *mytheme.war.deployed*
-rw-r--r-- 1 pavel pavel 3315 sep 30 11:13 mytheme.war*
*
So, everything supposed to work properly, but when I go to
realm-settings and look for the theme, *nothing is there*.
I'm using Manjaro.
*[pavel@pavel-pc ~]$ java -version*
openjdk version "1.8.0_222"
OpenJDK Runtime Environment (build 1.8.0_222-b05)
OpenJDK 64-Bit Server VM (build 25.222-b05, mixed mode)
*[pavel@pavel-pc keycloak]$ ls -l*
total 230444
drwxr-xr-x 10 pavel pavel *4096 ago 24 13:14 keycloak-7.0.0*
I use the next command on linux.
jar cf mytheme.jar META-INF/* mytheme/*
it produces *mytheme.jar* file.
*What Am I doing wrong?*
Thanks so much
Best Regards
Pavel
6 years, 8 months
Different Authenticator Behavior for Registering via 'protocol/openid-connect' vs '/login-actions'
by Harness, Josh
Hello -
Given a client and an authentication flow override specified for that client, when you register using the following default registration URL, the override seems to be skipped and the login succeeds without using the override:
/auth/realms/{realm}/login-actions/registration?client_id={client}
However, when you register using the following openid-connect URL, the authentication flow override executes successfully:
/auth/realms/{realm}/protocol/openid-connect/registrations?client_id={client}
Is this a bug or is it by design? Out of curiosity, what is the intended difference between the login-actions vs the openid-connect registration URL?
Thanks!
______________________________________
Josh Harness
Principal Software Architect | JTV
9600 Parkside Drive | Knoxville, TN 37922
Email: Josh.Harness(a)jtv.com | www.jtv.com<https://www.jtv.com/>
Knoxville-Bangkok-Jaipur-Mumbai-Hong Kong
6 years, 8 months
Validating User Password Prior to Allowing Account Updates
by Harness, Josh
Hello -
To enforce a higher level of security, we're wanting to require the user to supply their password whenever they update their profile in the account application of keycloak (e.g. email, first name, last name). Ideally, we'd want the password submitted along with the profile changes. If the password validates, then the profile is allowed to be updated (similar to how the update password screen works currently).
How would I accomplish this? The AccountFormService seems to be the class handling this but there appears to be no SPI for extending it. I did find the following JIRA but am unsure if the proposed profile SPI would accomplish what we need:
https://issues.jboss.org/browse/KEYCLOAK-2966
Any tips or pointers would be most appreciated.
Thanks!
______________________________________
Josh Harness
Principal Software Architect | JTV
9600 Parkside Drive | Knoxville, TN 37922
Email: Josh.Harness(a)jtv.com | www.jtv.com<https://www.jtv.com/>
Knoxville-Bangkok-Jaipur-Mumbai-Hong Kong
6 years, 8 months
User Session Reset
by Мартынов Илья
Hello,
I am trying to implement the following scenario with KC. We have two
applications, SP1 and SP2, that use KC. KC has identity broker pointing to
external IDP. Desired scenario:
1. User agent goes to SP1, he's being redirected to KC and then to extIDP
2. User authenticated in extIDP, and being redirected to KC and then to SP1
with some attributes from extIDP
3. SP1 creates user entity in SP2 basing on attributes from extIDP and
attributes collected by SP1
4. User entity in SP2 is synced to user federation store used by KC.
5. User should be able to SSO to SP2. Session in SP2 should obtain
attributes set by SP1.
The problem is 2 different user entities (instances of UserModel) created
at KC at step #2 and #4. I plan to drop 1st entity, and set identity
federation with extIDP for 2nd entity. But we also need to change user
session in KC, it should contain 2nd user entity data. Otherwise SSO to SP2
won't work.
Surprisingly, I've found a
method org.keycloak.models.UserSessionModel#restartSession that looks like
does the job. I plan to add custom Authenticator and call session reset
from there.
How do you think, will it work?
Thank you
6 years, 8 months
SQL User Storage SPI provider
by Isaac Carroll
Has anyone written a generic User Store SPI provider that accesses an SQL
database such as PostgreSQL? I know it's possible to write my own, but if
one already exists it would be very helpful.
Thank you.
6 years, 8 months
Version
by Corentin Dupont
Hi guys,
just a quick (fun) question: what's happening with Keycloak versions??
They seem to fly these days... Versions 3 and 4 stayed around 1 year each,
but in a couple of months we got versions 5, 6 and 7...
Cheers
6 years, 8 months
Regression in import of Authentication Required Action in version 7.0.0
by Wisniewski Mariusz
It seems that there is a regression in the import of "Required Actions".
I have made the following test :
I import a new realm (json file) with required actions that each have a "priority" value.
The order is respected in version 6.0.1, but it isn't in version 7.0.0
Can anyone reproduce this problem and confirm there is indeed a regression ?
Greetings.
Mariusz Wisniewski
6 years, 8 months
How can I import client with scope?
by Axel
Hello.
I'm searching a way to import clients. But I need to limit their scope.
Nor partial import nor cli knows about scope...
In admin console this json will import only client without scope:
{
"scopeMappings": [
{
"client": "testClient",
"roles": [
"testRole"
]
}
],
"clients": [
{
"clientId": "testClient"
}
]
}
In cli:
kcadm get scopeMappings -r TestRPT
Resource not found
I can insert directly to DB
INSERT INTO SCOPE_MAPPING (......
but it make no sense, cause it needs then to reboot KC.
So, is it a way to import client with scope or to add roles to scope of
existing client on the fly?
And one more big question - why comboboxes in admin console are not
resizable? only 5 visible elements - it is very little.
Thanks in advance.
Alexey Makarevich.
6 years, 8 months
Spring boot 2.1.8 and keycloak 7 fails to start (HttpSessionManager.class] conflict)
by nino martinez wael
I've tried to create a jira issue but, there are some troubles with my
redhat / keycloak jira account. I could not find an existing issue.
Quickstart:
https://github.com/nmwael/blog/tree/master/keycloak_7_spring_boot_2
Failure message, which seems to have been a problem before:
. ____ _ __ _ _
/\\ / ___'_ __ _ _(_)_ __ __ _ \ \ \ \
( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \
\\/ ___)| |_)| | | | | || (_| | ) ) ) )
' |____| .__|_| |_|_| |_\__, | / / / /
=========|_|==============|___/=/_/_/_/
:: Spring Boot :: (v2.1.8.RELEASE)
***************************
APPLICATION FAILED TO START
***************************
Description:
The bean 'httpSessionManager', defined in class path resource
[com/johannesinnerbichler/personapp/SecurityConfig.class], could not be
registered. A bean with that name has already been defined in URL
[jar:file:/C:/Users/m24669/.m2/repository/org/keycloak/keycloak-spring-security-adapter/7.0.0/keycloak-spring-security-adapter-7.0.0.jar!/org/keycloak/adapters/springsecurity/management/HttpSessionManager.class]
and overriding is disabled.
Action:
Consider renaming one of the beans or enabling overriding by setting
spring.main.allow-bean-definition-overriding=true
Process finished with exit code 1
--
Best regards / Med venlig hilsen
Nino Martinez
6 years, 8 months
Error after adding the custom provider for email
by CMK
Hi ,
I'm facing the error after adding the custom provider to send email.
Issue i'm facing is when sending the verification email , please find my
below error
14:29:20,584 ERROR [org.keycloak.services.error.KeycloakErrorHandler]
(default task-6) Uncaught server error: java.lang.NullPointerException
at
org.keycloak.authentication.requiredactions.VerifyEmail.sendVerifyEmail(VerifyEmail.java:155)
at
org.keycloak.authentication.requiredactions.VerifyEmail.requiredActionChallenge(VerifyEmail.java:79)
at
org.keycloak.services.managers.AuthenticationManager.executionActions(AuthenticationManager.java:1076)
at
org.keycloak.services.managers.AuthenticationManager.actionRequired(AuthenticationManager.java:960)
at
org.keycloak.services.managers.AuthenticationManager.nextActionAfterAuthentication(AuthenticationManager.java:817)
at
org.keycloak.services.resources.LoginActionsService.processRequireAction(LoginActionsService.java:964)
at
org.keycloak.services.resources.LoginActionsService.requiredActionGET(LoginActionsService.java:949)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at
org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:138)
at
org.jboss.resteasy.core.ResourceMethodInvoker.internalInvokeOnTarget(ResourceMethodInvoker.java:517)
at
org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTargetAfterFilter(ResourceMethodInvoker.java:406)
at
org.jboss.resteasy.core.ResourceMethodInvoker.lambda$invokeOnTarget$0(ResourceMethodInvoker.java:370)
at
org.jboss.resteasy.core.interception.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:355)
at
org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:372)
at
org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:344)
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:137)
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:100)
at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:440)
at
org.jboss.resteasy.core.SynchronousDispatcher.lambda$invoke$4(SynchronousDispatcher.java:229)
at
org.jboss.resteasy.core.SynchronousDispatcher.lambda$preprocess$0(SynchronousDispatcher.java:135)
at
org.jboss.resteasy.core.interception.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:355)
at
org.jboss.resteasy.core.SynchronousDispatcher.preprocess(SynchronousDispatcher.java:138)
at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:215)
at
org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:227)
at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:791)
at
io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74)
at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
at
org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:90)
at
io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
at
io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
at
io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
at
io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
at
io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
at
org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:132)
at
io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
at
io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
at
io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
at
io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
at
io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
at
io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
at
io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
at
io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
at
io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
at
io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
at
io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
at
org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)
at
org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502)
at
org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502)
at
org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502)
at
org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502)
at
io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)
at
io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
at
io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104)
at
io.undertow.server.Connectors.executeRootHandler(Connectors.java:364)
at
io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:830)
at
org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
at
org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982)
at
org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
at
org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
at java.lang.Thread.run(Thread.java:745)
The methods overridden in my provider are
-- EmailTemplateProvider
-- EmailSenderProvider
I have provided the factory class mention in META-INF/services and also as
per keycloak documentation in standalone.xml also as below
<spi name="email">
<provider name="emailSender" enabled="true"/>
</spi>
<spi name="template">
<provider name="emailTemplateCreate" enabled="true"/>
</spi> CustomEmailSenderProvider.java
<http://keycloak-user.88327.x6.nabble.com/file/t666/CustomEmailSenderProvi...>
CustomEmailSenderProviderFactory.java
<http://keycloak-user.88327.x6.nabble.com/file/t666/CustomEmailSenderProvi...>
CustomEmailTemplateProvider.java
<http://keycloak-user.88327.x6.nabble.com/file/t666/CustomEmailTemplatePro...>
CustomEmailTemplateProviderFactory.java
<http://keycloak-user.88327.x6.nabble.com/file/t666/CustomEmailTemplatePro...>
--
Sent from: http://keycloak-user.88327.x6.nabble.com/
6 years, 8 months
Error after adding the custom provider for email
by Karthik C M
Hi ,
I'm facing the error after adding the custom provider to send email.
Issue i'm facing is when sending the verification email , please find my
below error
14:29:20,584 ERROR [org.keycloak.services.error.KeycloakErrorHandler]
(default task-6) Uncaught server error: java.lang.NullPointerException
at
org.keycloak.authentication.requiredactions.VerifyEmail.sendVerifyEmail(VerifyEmail.java:155)
at
org.keycloak.authentication.requiredactions.VerifyEmail.requiredActionChallenge(VerifyEmail.java:79)
at
org.keycloak.services.managers.AuthenticationManager.executionActions(AuthenticationManager.java:1076)
at
org.keycloak.services.managers.AuthenticationManager.actionRequired(AuthenticationManager.java:960)
at
org.keycloak.services.managers.AuthenticationManager.nextActionAfterAuthentication(AuthenticationManager.java:817)
at
org.keycloak.services.resources.LoginActionsService.processRequireAction(LoginActionsService.java:964)
at
org.keycloak.services.resources.LoginActionsService.requiredActionGET(LoginActionsService.java:949)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at
org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:138)
at
org.jboss.resteasy.core.ResourceMethodInvoker.internalInvokeOnTarget(ResourceMethodInvoker.java:517)
at
org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTargetAfterFilter(ResourceMethodInvoker.java:406)
at
org.jboss.resteasy.core.ResourceMethodInvoker.lambda$invokeOnTarget$0(ResourceMethodInvoker.java:370)
at
org.jboss.resteasy.core.interception.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:355)
at
org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:372)
at
org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:344)
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:137)
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:100)
at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:440)
at
org.jboss.resteasy.core.SynchronousDispatcher.lambda$invoke$4(SynchronousDispatcher.java:229)
at
org.jboss.resteasy.core.SynchronousDispatcher.lambda$preprocess$0(SynchronousDispatcher.java:135)
at
org.jboss.resteasy.core.interception.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:355)
at
org.jboss.resteasy.core.SynchronousDispatcher.preprocess(SynchronousDispatcher.java:138)
at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:215)
at
org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:227)
at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:791)
at
io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74)
at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
at
org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:90)
at
io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
at
io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
at
io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
at
io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
at
io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
at
org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:132)
at
io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
at
io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
at
io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
at
io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
at
io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
at
io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
at
io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
at
io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
at
io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
at
io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
at
io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
at
org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)
at
org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502)
at
org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502)
at
org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502)
at
org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502)
at
io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)
at
io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
at
io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104)
at
io.undertow.server.Connectors.executeRootHandler(Connectors.java:364)
at
io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:830)
at
org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
at
org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982)
at
org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
at
org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
at java.lang.Thread.run(Thread.java:745)
The methods overridden in my provider are
-- EmailTemplateProvider
-- EmailSenderProvider
I have provided the factory class mention in META-INF/services and also as
per keycloak documentation in standalone.xml also as below
<spi name="email">
<provider name="emailSender" enabled="true"/>
</spi>
<spi name="template">
<provider name="emailTemplateCreate" enabled="true"/>
</spi>
6 years, 8 months
Any examples for custom Identity Providers?
by James Mitchell
Are there any examples for customising an Identity Provider?
I want to make an extension to the OIDCIdentityProvider, so that I can
accept non-standard fields for the userinfo response. All part of trying to
get token exchange to work in our system...
I have made a light change to the OIDCIdentityProvider, and also compared
with the various social providers, and I have something that deploys.
But it throws an error at runtime trying to create the class.
This looks liek this when adding the provider in the website
UT005023: Exception handling request to
/auth/admin/realms/sbxtest/identity-provider/providers/xplan:
java.lang.NoClassDefFoundError: Failed to link
com/suitebox/keycloak/broker/xplan/XPLANIdentityProvider (Module
"deployment.sbxkeycloak.jar" from Service Module Loader):
org/keycloak/broker/oidc/AbstractOAuth2IdentityProvider
And looks like this when trying to perform token-exchange with the provider
Uncaught server error: java.lang.NoClassDefFoundError: Failed to link
com/suitebox/keycloak/broker/xplan/XPLANIdentityProvider (Module
"deployment.sbxkeycloak.jar" from Service Module Loader):
org/keycloak/broker/oidc/AbstractOAuth2IdentityProvider
----
*James Mitchell*
Developer
e: jamesm(a)suitebox.com
w: www.suitebox.com
*SuiteBox |* Level 4, 8 Mahuhu Crescent, Auckland 1010, NZ
6 years, 8 months
Generate Backup codes for OTP configured using Keycloak
by Shashi Deshetti
Hi Team,
We are using Keycloak v4.5.0.Final and configured OTP for all the users. Is
it possible to generate backup codes (like how google does for their dual
factor authentication) in case the user doesn't have the Google
Authenticator handy?
Any help would be appreciated.
Thanks,
Shashi
6 years, 8 months
Custom SPI does not appear in list
by Alfonso Vidal García
Hello everyone!
I make a custom SPI for my keycloak server and now I have to configure it on the Admin console.
I added the SPI as module, with manual installation, so I have it on modules/{package-name}/main, with the module.xml; also I put the on standalone.xml, and the also in the keycloak-server subsystem.
After all this configuration I go to the admin console to configure the custom user provider and it does not appear in the list.
What can I do?
Thanks in advance!
P Please consider the environment before printing this e-mail.
6 years, 8 months
Execution Order
by Stuart
Hi All,
I have a registration flow setup as a custom flow in admin console.
Its set to:
> Choose User
> SMS Auth
> Reset Password
> OTP Form
No matter which order I put the last two entries, the OTP form is called
first, then Reset Password.
I would like the reset password to be done before OTP setup.
Am I right to assume that the order in the flow is supposed to be the order
in which KC displays the authentications to the user?? Or is there
somewhere else I specify the order?
Thanks,
Stuart.
6 years, 8 months
The bean 'httpSessionManager', defined in class path resource
by nino martinez wael
Hi Keycloakers,
Im running on spring boot 2.1.8 and keycloak 7, and are getting
2019-10-02 10:17:58.523 INFO W7N15050 --- [ main]
ConditionEvaluationReportLoggingListener :
Error starting ApplicationContext. To display the conditions report re-run
your application with 'debug' enabled.
2019-10-02 10:17:58.524 ERROR W7N15050 --- [ main]
o.s.b.d.LoggingFailureAnalysisReporter :
***************************
APPLICATION FAILED TO START
***************************
Description:
The bean 'httpSessionManager', defined in class path resource
[dk/tdc/netdesign/aspt/asptorion/security/SecurityConfig.class], could not
be registered. A bean with that name has already been defined in URL
[jar:file:/C:/Users/m24669/.m2/repository/org/keycloak/keycloak-spring-security-adapter/7.0.0/keycloak-spring-security-adapter-7.0.0.jar!/org/keycloak/adapters/springsecurity/management/HttpSessionManager.class]
and overriding is disabled.
Action:
Consider renaming one of the beans or enabling overriding by setting
spring.main.allow-bean-definition-overriding=true
I am using
@KeycloakConfiguration
class SecurityConfig extends KeycloakWebSecurityConfigurerAdapter {
class SecurityConfig extends KeycloakWebSecurityConfigurerAdapter {
// Submits the KeycloakAuthenticationProvider to the
AuthenticationManager
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws
Exception {
KeycloakAuthenticationProvider keycloakAuthenticationProvider =
keycloakAuthenticationProvider();
keycloakAuthenticationProvider.setGrantedAuthoritiesMapper(new
SimpleAuthorityMapper());
auth.authenticationProvider(keycloakAuthenticationProvider);
}
@Bean
public KeycloakSpringBootConfigResolver KeycloakConfigResolver() {
return new KeycloakSpringBootConfigResolver();
}
// Specifies the session authentication strategy
@Bean
@Override
protected SessionAuthenticationStrategy sessionAuthenticationStrategy()
{
return new RegisterSessionAuthenticationStrategy(new
SessionRegistryImpl());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
super.configure(http);
http.authorizeRequests()
.antMatchers("/**")
.hasRole("user")
.anyRequest()
.permitAll();
}
}
If I switch to KEYCLOAK-8725 solution
I get this instead:
2019-10-02 10:23:00.888 WARN W7N15050 --- [ main]
ConfigServletWebServerApplicationContext : Exception encountered during
context initialization - cancelling refresh attempt:
org.springframework.context.ApplicationContextException: Unable to start
web server; nested exception is
org.springframework.beans.factory.BeanCreationException: Error creating
bean with name 'tomcatServletWebServerFactory' defined in class path
resource
[org/springframework/boot/autoconfigure/web/servlet/ServletWebServerFactoryConfiguration$EmbeddedTomcat.class]:
Initialization of bean failed; nested exception is
org.springframework.beans.factory.UnsatisfiedDependencyException: Error
creating bean with name
'org.keycloak.adapters.springboot.KeycloakAutoConfiguration': Unsatisfied
dependency expressed through method 'setKeycloakSpringBootProperties'
parameter 1; nested exception is
org.springframework.beans.factory.UnsatisfiedDependencyException: Error
creating bean with name 'securityConfig': Unsatisfied dependency expressed
through field 'keycloakConfigResolver'; nested exception is
org.springframework.beans.factory.BeanCurrentlyInCreationException: Error
creating bean with name 'KeycloakConfigResolver': Requested bean is
currently in creation: Is there an unresolvable circular reference?
2019-10-02 10:23:00.907 INFO W7N15050 --- [ main]
ConditionEvaluationReportLoggingListener :
Error starting ApplicationContext. To display the conditions report re-run
your application with 'debug' enabled.
2019-10-02 10:23:00.913 ERROR W7N15050 --- [ main]
o.s.b.SpringApplication : Application run failed
org.springframework.context.ApplicationContextException: Unable to start
web server; nested exception is
org.springframework.beans.factory.BeanCreationException: Error creating
bean with name 'tomcatServletWebServerFactory' defined in class path
resource
[org/springframework/boot/autoconfigure/web/servlet/ServletWebServerFactoryConfiguration$EmbeddedTomcat.class]:
Initialization of bean failed; nested exception is
org.springframework.beans.factory.UnsatisfiedDependencyException: Error
creating bean with name
'org.keycloak.adapters.springboot.KeycloakAutoConfiguration': Unsatisfied
dependency expressed through method 'setKeycloakSpringBootProperties'
parameter 1; nested exception is
org.springframework.beans.factory.UnsatisfiedDependencyException: Error
creating bean with name 'securityConfig': Unsatisfied dependency expressed
through field 'keycloakConfigResolver'; nested exception is
org.springframework.beans.factory.BeanCurrentlyInCreationException: Error
creating bean with name 'KeycloakConfigResolver': Requested bean is
currently in creation: Is there an unresolvable circular reference?
at
org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.onRefresh(ServletWebServerApplicationContext.java:156)
at
org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:543)
at
org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.refresh(ServletWebServerApplicationContext.java:141)
at
org.springframework.boot.SpringApplication.refresh(SpringApplication.java:744)
at
org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:391)
at
org.springframework.boot.SpringApplication.run(SpringApplication.java:312)
at
org.springframework.boot.SpringApplication.run(SpringApplication.java:1215)
at
org.springframework.boot.SpringApplication.run(SpringApplication.java:1204)
at
dk.tdc.netdesign.aspt.asptorion.AsptSpringApplication.main(AsptSpringApplication.java:33)
Caused by: org.springframework.beans.factory.BeanCreationException: Error
creating bean with name 'tomcatServletWebServerFactory' defined in class
path resource
[org/springframework/boot/autoconfigure/web/servlet/ServletWebServerFactoryConfiguration$EmbeddedTomcat.class]:
Initialization of bean failed; nested exception is
org.springframework.beans.factory.UnsatisfiedDependencyException: Error
creating bean with name
'org.keycloak.adapters.springboot.KeycloakAutoConfiguration': Unsatisfied
dependency expressed through method 'setKeycloakSpringBootProperties'
parameter 1; nested exception is
org.springframework.beans.factory.UnsatisfiedDependencyException: Error
creating bean with name 'securityConfig': Unsatisfied dependency expressed
through field 'keycloakConfigResolver'; nested exception is
org.springframework.beans.factory.BeanCurrentlyInCreationException: Error
creating bean with name 'KeycloakConfigResolver': Requested bean is
currently in creation: Is there an unresolvable circular reference?
--
Best regards / Med venlig hilsen
Nino Martinez
6 years, 8 months
RV: Any examples for custom Identity Providers?
by Alfonso Vidal García
________________________________
De: Alfonso Vidal García
Enviado: miércoles, 2 de octubre de 2019 9:29
Para: stian(a)redhat.com
Asunto: Re: [keycloak-user] Any examples for custom Identity Providers?
Here is the full trace, from the deploy to the error.
17:13:42,586 INFO [org.jboss.as.server.deployment] (MSC service thread 1-3) WFLYSRV0027: Starting deployment of "login-provider-focusoc.jar" (runtime-name: "login-provider-focusoc.jar")
17:13:42,644 WARN [org.jboss.modules.define] (MSC service thread 1-8) Failed to define class gcs.fds.focusoc.keycloak.spi.LoginStorageProvider in Module "deployment.login-provider-focusoc.jar" from Service Module Loader: java.lang.NoClassDefFoundError: Failed to link gcs/fds/focusoc/keycloak/spi/LoginStorageProvider (Module "deployment.login-provider-focusoc.jar" from Service Module Loader): org/keycloak/storage/UserStorageProvider
at java.base/java.lang.ClassLoader.defineClass1(Native Method)
at java.base/java.lang.ClassLoader.defineClass(ClassLoader.java:1016)
at java.base/java.lang.ClassLoader.defineClass(ClassLoader.java:1095)
at org.jboss.modules.ModuleClassLoader.doDefineOrLoadClass(ModuleClassLoader.java:424)
at org.jboss.modules.ModuleClassLoader.defineClass(ModuleClassLoader.java:555)
at org.jboss.modules.ModuleClassLoader.loadClassLocal(ModuleClassLoader.java:339)
at org.jboss.modules.ModuleClassLoader$1.loadClassLocal(ModuleClassLoader.java:126)
at org.jboss.modules.Module.loadModuleClass(Module.java:731)
at org.jboss.modules.ModuleClassLoader.findClass(ModuleClassLoader.java:247)
at org.jboss.modules.ConcurrentClassLoader.performLoadClassUnchecked(ConcurrentClassLoader.java:410)
at org.jboss.modules.ConcurrentClassLoader.performLoadClass(ConcurrentClassLoader.java:398)
at org.jboss.modules.ConcurrentClassLoader.loadClass(ConcurrentClassLoader.java:116)
at java.base/java.lang.Class.forName0(Native Method)
at java.base/java.lang.Class.forName(Class.java:398)
at org.jboss.as.ee@17.0.1.Final//org.jboss.as.ee.utils.ClassLoadingUtils.loadClass(ClassLoadingUtils.java:21)
at org.jboss.as.ee@17.0.1.Final//org.jboss.as.ee.utils.ClassLoadingUtils.loadClass(ClassLoadingUtils.java:14)
at org.jboss.as.ee@17.0.1.Final//org.jboss.as.ee.component.deployers.InterceptorAnnotationProcessor.processComponentConfig(InterceptorAnnotationProcessor.java:84)
at org.jboss.as.ee@17.0.1.Final//org.jboss.as.ee.component.deployers.InterceptorAnnotationProcessor.deploy(InterceptorAnnotationProcessor.java:76)
at org.jboss.as.server@9.0.2.Final//org.jboss.as.server.deployment.DeploymentUnitPhaseService.start(DeploymentUnitPhaseService.java:176)
at org.jboss.msc@1.4.8.Final//org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1737)
at org.jboss.msc@1.4.8.Final//org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1699)
at org.jboss.msc@1.4.8.Final//org.jboss.msc.service.ServiceControllerImpl$ControllerTask.run(ServiceControllerImpl.java:1557)
at org.jboss.threads@2.3.3.Final//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
at org.jboss.threads@2.3.3.Final//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982)
at org.jboss.threads@2.3.3.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
at org.jboss.threads@2.3.3.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
at java.base/java.lang.Thread.run(Thread.java:834)
17:13:42,645 WARN [org.jboss.modules.define] (MSC service thread 1-8) Failed to define class gcs.fds.focusoc.keycloak.spi.LoginStorageProvider in Module "deployment.login-provider-focusoc.jar" from Service Module Loader: java.lang.NoClassDefFoundError: Failed to link gcs/fds/focusoc/keycloak/spi/LoginStorageProvider (Module "deployment.login-provider-focusoc.jar" from Service Module Loader): org/keycloak/storage/UserStorageProvider
at java.base/java.lang.ClassLoader.defineClass1(Native Method)
at java.base/java.lang.ClassLoader.defineClass(ClassLoader.java:1016)
at java.base/java.lang.ClassLoader.defineClass(ClassLoader.java:1095)
at org.jboss.modules.ModuleClassLoader.doDefineOrLoadClass(ModuleClassLoader.java:424)
at org.jboss.modules.ModuleClassLoader.defineClass(ModuleClassLoader.java:555)
at org.jboss.modules.ModuleClassLoader.loadClassLocal(ModuleClassLoader.java:339)
at org.jboss.modules.ModuleClassLoader$1.loadClassLocal(ModuleClassLoader.java:126)
at org.jboss.modules.Module.loadModuleClass(Module.java:731)
at org.jboss.modules.ModuleClassLoader.findClass(ModuleClassLoader.java:247)
at org.jboss.modules.ConcurrentClassLoader.performLoadClassUnchecked(ConcurrentClassLoader.java:410)
at org.jboss.modules.ConcurrentClassLoader.performLoadClass(ConcurrentClassLoader.java:398)
at org.jboss.modules.ConcurrentClassLoader.loadClass(ConcurrentClassLoader.java:116)
at org.jboss.as.ejb3@17.0.1.Final//org.jboss.as.ejb3.deployment.processors.BusinessViewAnnotationProcessor.getEjbClass(BusinessViewAnnotationProcessor.java:238)
at org.jboss.as.ejb3@17.0.1.Final//org.jboss.as.ejb3.deployment.processors.BusinessViewAnnotationProcessor.deploy(BusinessViewAnnotationProcessor.java:89)
at org.jboss.as.server@9.0.2.Final//org.jboss.as.server.deployment.DeploymentUnitPhaseService.start(DeploymentUnitPhaseService.java:176)
at org.jboss.msc@1.4.8.Final//org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1737)
at org.jboss.msc@1.4.8.Final//org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1699)
at org.jboss.msc@1.4.8.Final//org.jboss.msc.service.ServiceControllerImpl$ControllerTask.run(ServiceControllerImpl.java:1557)
at org.jboss.threads@2.3.3.Final//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
at org.jboss.threads@2.3.3.Final//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982)
at org.jboss.threads@2.3.3.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
at org.jboss.threads@2.3.3.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
at java.base/java.lang.Thread.run(Thread.java:834)
17:13:42,645 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-8) MSC000001: Failed to start service jboss.deployment.unit."login-provider-focusoc.jar".POST_MODULE: org.jboss.msc.service.StartException in service jboss.deployment.unit."login-provider-focusoc.jar".POST_MODULE: WFLYSRV0153: Failed to process phase POST_MODULE of deployment "login-provider-focusoc.jar"
at org.jboss.as.server@9.0.2.Final//org.jboss.as.server.deployment.DeploymentUnitPhaseService.start(DeploymentUnitPhaseService.java:183)
at org.jboss.msc@1.4.8.Final//org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1737)
at org.jboss.msc@1.4.8.Final//org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1699)
at org.jboss.msc@1.4.8.Final//org.jboss.msc.service.ServiceControllerImpl$ControllerTask.run(ServiceControllerImpl.java:1557)
at org.jboss.threads@2.3.3.Final//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
at org.jboss.threads@2.3.3.Final//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982)
at org.jboss.threads@2.3.3.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
at org.jboss.threads@2.3.3.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
at java.base/java.lang.Thread.run(Thread.java:834)
Caused by: java.lang.NoClassDefFoundError: Failed to link gcs/fds/focusoc/keycloak/spi/LoginStorageProvider (Module "deployment.login-provider-focusoc.jar" from Service Module Loader): org/keycloak/storage/UserStorageProvider
at java.base/java.lang.ClassLoader.defineClass1(Native Method)
at java.base/java.lang.ClassLoader.defineClass(ClassLoader.java:1016)
at java.base/java.lang.ClassLoader.defineClass(ClassLoader.java:1095)
at org.jboss.modules.ModuleClassLoader.doDefineOrLoadClass(ModuleClassLoader.java:424)
at org.jboss.modules.ModuleClassLoader.defineClass(ModuleClassLoader.java:555)
at org.jboss.modules.ModuleClassLoader.loadClassLocal(ModuleClassLoader.java:339)
at org.jboss.modules.ModuleClassLoader$1.loadClassLocal(ModuleClassLoader.java:126)
at org.jboss.modules.Module.loadModuleClass(Module.java:731)
at org.jboss.modules.ModuleClassLoader.findClass(ModuleClassLoader.java:247)
at org.jboss.modules.ConcurrentClassLoader.performLoadClassUnchecked(ConcurrentClassLoader.java:410)
at org.jboss.modules.ConcurrentClassLoader.performLoadClass(ConcurrentClassLoader.java:398)
at org.jboss.modules.ConcurrentClassLoader.loadClass(ConcurrentClassLoader.java:116)
at org.jboss.as.ejb3@17.0.1.Final//org.jboss.as.ejb3.deployment.processors.BusinessViewAnnotationProcessor.getEjbClass(BusinessViewAnnotationProcessor.java:238)
at org.jboss.as.ejb3@17.0.1.Final//org.jboss.as.ejb3.deployment.processors.BusinessViewAnnotationProcessor.deploy(BusinessViewAnnotationProcessor.java:89)
at org.jboss.as.server@9.0.2.Final//org.jboss.as.server.deployment.DeploymentUnitPhaseService.start(DeploymentUnitPhaseService.java:176)
... 8 more
17:13:42,649 ERROR [org.jboss.as.controller.management-operation] (DeploymentScanner-threads - 2) WFLYCTL0013: Operation ("full-replace-deployment") failed - address: ([]) - failure description: {"WFLYCTL0080: Failed services" => {"jboss.deployment.unit.\"login-provider-focusoc.jar\".POST_MODULE" => "WFLYSRV0153: Failed to process phase POST_MODULE of deployment \"login-provider-focusoc.jar\"
Caused by: java.lang.NoClassDefFoundError: Failed to link gcs/fds/focusoc/keycloak/spi/LoginStorageProvider (Module \"deployment.login-provider-focusoc.jar\" from Service Module Loader): org/keycloak/storage/UserStorageProvider"}}
17:13:42,685 INFO [org.jboss.as.server] (DeploymentScanner-threads - 2) WFLYSRV0016: Replaced deployment "login-provider-focusoc.jar" with deployment "login-provider-focusoc.jar"
17:13:42,685 INFO [org.jboss.as.controller] (DeploymentScanner-threads - 2) WFLYCTL0183: Service status report
WFLYCTL0186: Services which failed to start: service jboss.deployment.unit."login-provider-focusoc.jar".POST_MODULE: WFLYSRV0153: Failed to process phase POST_MODULE of deployment "login-provider-focusoc.jar"
17:13:42,687 INFO [org.jboss.as.repository] (DeploymentScanner-threads - 2) WFLYDR0002: Content removed from location C:\Users\AFVG\Documents\keycloak-7.0.0\keycloak-7.0.0\standalone\data\content\d9\2a3d711fd6f640bd28b3b8c24b6c76f626a439\content
________________________________
De: Stian Thorgersen <sthorger(a)redhat.com>
Enviado: miércoles, 2 de octubre de 2019 9:25:51
Para: Alfonso Vidal García
Asunto: Re: [keycloak-user] Any examples for custom Identity Providers?
Do you have the full stack trace?
On Wed, 2 Oct 2019, 08:46 Alfonso Vidal García, <avidal(a)gmv.com<mailto:avidal@gmv.com>> wrote:
I have the same problem with the Provider and I added the dependecy on xml. So what it is happening?
________________________________
De: keycloak-user-bounces(a)lists.jboss.org<mailto:keycloak-user-bounces@lists.jboss.org> <keycloak-user-bounces(a)lists.jboss.org<mailto:keycloak-user-bounces@lists.jboss.org>> en nombre de Stian Thorgersen <sthorger(a)redhat.com<mailto:sthorger@redhat.com>>
Enviado: miércoles, 2 de octubre de 2019 8:18:38
Para: James Mitchell
Cc: keycloak-user
Asunto: Re: [keycloak-user] Any examples for custom Identity Providers?
Did you add a jboss-deployment-structure.xml with a dependency on
server-private-api (or whatever it is called) module?
On Wed, 2 Oct 2019, 05:39 James Mitchell, <jamesm(a)suitebox.com<mailto:jamesm@suitebox.com>> wrote:
> Are there any examples for customising an Identity Provider?
>
> I want to make an extension to the OIDCIdentityProvider, so that I can
> accept non-standard fields for the userinfo response. All part of trying to
> get token exchange to work in our system...
>
> I have made a light change to the OIDCIdentityProvider, and also compared
> with the various social providers, and I have something that deploys.
> But it throws an error at runtime trying to create the class.
>
> This looks liek this when adding the provider in the website
> UT005023: Exception handling request to
> /auth/admin/realms/sbxtest/identity-provider/providers/xplan:
> java.lang.NoClassDefFoundError: Failed to link
> com/suitebox/keycloak/broker/xplan/XPLANIdentityProvider (Module
> "deployment.sbxkeycloak.jar" from Service Module Loader):
> org/keycloak/broker/oidc/AbstractOAuth2IdentityProvider
>
> And looks like this when trying to perform token-exchange with the provider
> Uncaught server error: java.lang.NoClassDefFoundError: Failed to link
> com/suitebox/keycloak/broker/xplan/XPLANIdentityProvider (Module
> "deployment.sbxkeycloak.jar" from Service Module Loader):
> org/keycloak/broker/oidc/AbstractOAuth2IdentityProvider
>
>
> ----
>
> *James Mitchell*
>
> Developer
>
> e: jamesm(a)suitebox.com<mailto:jamesm@suitebox.com>
>
> w: www.suitebox.com<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.suitebox.com&d=Dw...>
>
>
> *SuiteBox |* Level 4, 8 Mahuhu Crescent, Auckland 1010, NZ
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org<mailto:keycloak-user@lists.jboss.org>
> https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.jboss.org_mail...
>
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org<mailto:keycloak-user@lists.jboss.org>
https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.jboss.org_mail...
P Please consider the environment before printing this e-mail.
P Please consider the environment before printing this e-mail.
6 years, 8 months
Add other claims to authorization response
by Tom Billiet
Hi,
When you have a successful oauth authorization, you'll get a json struct returned that contains some fields like "access_token" and "refresh_token".
I would like to add some extra properties to this json structure to pass some information to the client. Unfortunately I don't think it's possible at the moment is keycloak?
At the moment we're embedding this "metadata" inside the access_token field, but this requires the client to parse the access_token. We'd rather avoid this requirement.
Looking at the code, I would think the "org.keycloak.representations.AccessTokenResponse" allows for this (the "otherClaims" property), but I don't think there is any way to set this information from a custom plugin, or am I missing something?
Thanks,
Tom
[http://www.airties.com.tr/images/internal/IMZA_ALT_BANNER.jpg]
This message has been scanned for malware by Websense. www.websense.com
6 years, 8 months
Identifying a federated user
by Ajinkya Thakare
Hi all,
Can someone point me to the class where the logic to identify whether the current user is federated/external IdP user is written? I am trying to understand how an external LDAP user is fetched when the credentials are passed through the token endpoint. I started looking from TokenEndpoint.java and reached till StorageId.java where the external username in the format “f:{provider id}:{external id}“ is calculated and set, but somehow not getting to the logic where the external user is identified at the first place. Any help will be appreciated. Thanks!
Regards,
Ajinkya Thakare
6 years, 8 months
External Rest role provider?
by nino martinez wael
Hi All
We have an webservice that tells us if a user has one of two roles, this
are currently done over REST, are it possible somehow to integrate this
into Keycloak?
What options are there for external providers for user id's + user roles? I
checked the documentation but could only see something like ldap or
kerberos?
--
Best regards / Med venlig hilsen
Nino Martinez
6 years, 8 months
