October 2019 - keycloak-user - Jboss List Archives

by Lilian BENOIT

Okay... and which version of Keycloak do you use ? A+, Lilian. Le 15/10/2019 15:00, Christophe Lehingue a écrit : > Hello, > > I use the latest version of keycloak-js (with silent SSo) : > > https://github.com/keycloak/keycloak/blob/master/adapters/oidc/js/src/mai... > > Le mar. 15 oct. 2019 à 14:47, Lilian BENOIT > <lilian.benoit(a)lbenoit.fr> a écrit : > >> Hi Christophe, >> >> I think a old issue. Which version do you use ? >> >> A+, >> Lilian. >> >> Le 15/10/2019 14:04, Christophe Lehingue a écrit : >>> Hello, >>> >>> When I register via the keycloak new user creation interface, I >>> generate an email to verify the user email: OK. >>> When I'm on the browser in which I realized all phases of >> connection >>> => everything is ok. >>> By cons, when I copy the email verification link in another >> browser >>> (in which no phase of co-connection was made) => I fall on the >>> following screen "return to the application" and when I come back >> to >>> the application I am no longer authenticated. >>> Can you tell me how? >>> >>> === EN FRANCAIS ==== >>> >>> Bonjour, >>> >>> Quand je m'inscris via l'interface de création de nouvel >> utilisateur >>> de keycloak, je génére un mail pour verifier l'email >> utilisateur: OK. >>> Quand je suis sur le navigateur dans lequel j'ai réalisé toute >> les >>> phases de connexion => tout est ok. >>> Par contre, quand je copie le lien de vérification d'email dans >> un >>> autre navigateur (dans lequel aucune phase de coonnexion n'a été >>> réalisé) >>> => je tombe sur l'écran suivant "revenir à l'application " et >> quand je >>> reviens à l'application je ne suis plus authentifié. >>> Pouvez-vous me dire comment faire ? >>> >>> >>> Thanks. >>> _______________________________________________ >>> keycloak-user mailing list >>> keycloak-user(a)lists.jboss.org >>> https://lists.jboss.org/mailman/listinfo/keycloak-user

6 years, 6 months

1
0
0 / 0

Question

by Christophe Lehingue

Hello, When I register via the keycloak new user creation interface, I generate an email to verify the user email: OK. When I'm on the browser in which I realized all phases of connection => everything is ok. By cons, when I copy the email verification link in another browser (in which no phase of co-connection was made) => I fall on the following screen "return to the application" and when I come back to the application I am no longer authenticated. Can you tell me how? === EN FRANCAIS ==== Bonjour, Quand je m'inscris via l'interface de création de nouvel utilisateur de keycloak, je génére un mail pour verifier l'email utilisateur: OK. Quand je suis sur le navigateur dans lequel j'ai réalisé toute les phases de connexion => tout est ok. Par contre, quand je copie le lien de vérification d'email dans un autre navigateur (dans lequel aucune phase de coonnexion n'a été réalisé) => je tombe sur l'écran suivant "revenir à l'application " et quand je reviens à l'application je ne suis plus authentifié. Pouvez-vous me dire comment faire ? Thanks.

6 years, 6 months

2
1
0 / 0

Kerberos login and multinode clustered mode

by Daniel Fernández Rodríguez

Hello everyone, I followed the steps described in the docs (https://www.keycloak.org/docs/latest/server_admin/index.html#_kerberos) to configure Kerberos login (Active Directory as LDAP Federation Provider) with Keycloak 7.0.0. All good til here Recently we enabled clustered mode for Keycloak, so now we have some haproxy servers loadbalancing all traffic to our Keycloak servers (configured with proxy-address-forwarding="true"). All Keycloak servers share the same MySQL database. If we only have ONE Keycloak server (even if it is configured as clustered), Kerberos **works** fine. If we add more servers under the haproxy, Kerberos starts failing with a generic: "Failed to make identity provider oauth callback: org.keycloak.broker.provider.IdentityBrokerException: No access_token from server." This is is the actual trace of why I am getting [*] So it seems that the actual SPNEGO flow works fine but then Keycloak does not know how to proceed. Any ideas/suggestions will be much appreciated! Thanks! Daniel. [*] standalone.sh[3887]: 09:39:59,704 INFO [stdout] (default task-2) principal is keycloakbind(a)PLACEHOLDER.COM standalone.sh[3887]: 09:39:59,704 INFO [stdout] (default task-2) Will use keytab standalone.sh[3887]: 09:39:59,705 INFO [stdout] (default task-2) Commit Succeeded standalone.sh[3887]: 09:39:59,705 INFO [stdout] (default task-2) standalone.sh[3887]: 09:39:59,721 INFO [stdout] (default task-2) Found KeyTab /var/keycloak/keycloakbind.keytab for keycloakbind(a)PLACEHOLDER.COM standalone.sh[3887]: 09:39:59,721 INFO [stdout] (default task-2) Found KeyTab /var/keycloak/keycloakbind.keytab for keycloakbind(a)PLACEHOLDER.COM standalone.sh[3887]: 09:39:59,724 INFO [stdout] (default task-2) Found KeyTab /var/keycloak/keycloakbind.keytab for keycloakbind(a)PLACEHOLDER.COM standalone.sh[3887]: 09:39:59,724 INFO [stdout] (default task-2) Found KeyTab /var/keycloak/keycloakbind.keytab for keycloakbind(a)PLACEHOLDER.COM standalone.sh[3887]: 09:39:59,728 INFO [stdout] (default task-2) Entered SpNegoContext.acceptSecContext with state=STATE_NEW standalone.sh[3887]: 09:39:59,734 INFO [stdout] (default task-2) SpNegoContext.acceptSecContext: receiving token = a0 82 0d 20 30 82 0d 1c a0 0d 30 0b 06 09 2a 86 48 86 f7 12 01 02 02 a2 89 .......... (truncated) standalone.sh[3887]: 09:39:59,735 INFO [stdout] (default task-2) SpNegoToken NegTokenInit: reading Mechanism Oid = 1.2.840.113554.1.2.2 standalone.sh[3887]: 09:39:59,735 INFO [stdout] (default task-2) SpNegoToken NegTokenInit: reading Mech Token standalone.sh[3887]: 09:39:59,735 INFO [stdout] (default task-2) SpNegoContext.acceptSecContext: received token of type = SPNEGO NegTokenInit standalone.sh[3887]: 09:39:59,736 INFO [stdout] (default task-2) SpNegoContext: negotiated mechanism = 1.2.840.113554.1.2.2 standalone.sh[3887]: 09:39:59,737 INFO [stdout] (default task-2) Entered Krb5Context.acceptSecContext with state=STATE_NEW standalone.sh[3887]: 09:39:59,751 INFO [stdout] (default task-2) Java config name: null standalone.sh[3887]: 09:39:59,751 INFO [stdout] (default task-2) Native config name: /etc/krb5.conf standalone.sh[3887]: 09:39:59,753 INFO [stdout] (default task-2) Loaded from native config standalone.sh[3887]: 09:39:59,756 INFO [stdout] (default task-2) >>> KeyTabInputStream, readName(): PLACEHOLDER.COM standalone.sh[3887]: 09:39:59,757 INFO [stdout] (default task-2) >>> KeyTabInputStream, readName(): keycloakbind standalone.sh[3887]: 09:39:59,757 INFO [stdout] (default task-2) >>> KeyTab: load() entry length: 58; type: 23 standalone.sh[3887]: 09:39:59,758 INFO [stdout] (default task-2) >>> KeyTabInputStream, readName(): PLACEHOLDER.COM standalone.sh[3887]: 09:39:59,758 INFO [stdout] (default task-2) >>> KeyTabInputStream, readName(): keycloakbind standalone.sh[3887]: 09:39:59,758 INFO [stdout] (default task-2) >>> KeyTab: load() entry length: 74; type: 18 standalone.sh[3887]: 09:39:59,758 INFO [stdout] (default task-2) Looking for keys for: keycloakbind(a)PLACEHOLDER.COM standalone.sh[3887]: 09:39:59,760 INFO [stdout] (default task-2) Added key: 18version: 1 standalone.sh[3887]: 09:39:59,760 INFO [stdout] (default task-2) Added key: 23version: 1 standalone.sh[3887]: 09:39:59,761 INFO [stdout] (default task-2) >>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType standalone.sh[3887]: 09:39:59,771 INFO [stdout] (default task-2) Using builtin default etypes for permitted_enctypes standalone.sh[3887]: 09:39:59,772 INFO [stdout] (default task-2) default etypes for permitted_enctypes: 18 17 16 23. standalone.sh[3887]: 09:39:59,772 INFO [stdout] (default task-2) >>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType standalone.sh[3887]: 09:39:59,775 INFO [stdout] (default task-2) MemoryCache: add 1571125199/647271/3627E91725D84CEF5E2AEDF8FE669315/danielfr(a)PLACEHOLDER.COM to danielfr@PLACEHOLDER.COM|HTTP/kc-loadbalancer-XX.placeholder.com(a)PLACEHOLDER.COM standalone.sh[3887]: 09:39:59,776 INFO [stdout] (default task-2) >>> KrbApReq: authenticate succeed. standalone.sh[3887]: 09:39:59,778 INFO [stdout] (default task-2) Krb5Context setting peerSeqNumber to: 193114067 standalone.sh[3887]: 09:39:59,779 INFO [stdout] (default task-2) Krb5Context setting mySeqNumber to: 193114067 standalone.sh[3887]: 09:39:59,783 INFO [stdout] (default task-2) >>> Constrained deleg from GSSCaller{UNKNOWN} standalone.sh[3887]: 09:39:59,785 INFO [stdout] (default task-2) SPNEGO Negotiated Mechanism = 1.2.840.113554.1.2.2 Kerberos V5 standalone.sh[3887]: 09:39:59,785 INFO [stdout] (default task-2) SpNegoContext.acceptSecContext: mechanism wanted = 1.2.840.113554.1.2.2 standalone.sh[3887]: 09:39:59,785 INFO [stdout] (default task-2) SpNegoContext.acceptSecContext: negotiated result = ACCEPT_COMPLETE standalone.sh[3887]: 09:39:59,786 INFO [stdout] (default task-2) SpNegoContext.acceptSecContext: sending token of type = SPNEGO NegTokenTarg standalone.sh[3887]: 09:39:59,786 INFO [stdout] (default task-2) SpNegoContext.acceptSecContext: sending token = a1 14 30 12 a0 03 0a 01 00 a1 0b 06 09 2a 86 48 86 f7 12 01 02 02 standalone.sh[3887]: 09:39:59,787 INFO [stdout] (default task-2) [Krb5LoginModule]: Entering logout standalone.sh[3887]: 09:39:59,788 INFO [stdout] (default task-2) [Krb5LoginModule]: logged out Subject standalone.sh[3887]: 09:39:59,970 WARN [org.keycloak.connections.httpclient.DefaultHttpClientFactory] (default task-2) Truststore is disabled standalone.sh[3887]: 09:40:00,286 ERROR [org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider] (default task-2) Failed to make identity provider oauth callback: org.keycloak.broker.provider.IdentityBrokerException: No access_token from server. standalone.sh[3887]: at org.keycloak.broker.oidc.OIDCIdentityProvider.verifyAccessToken(OIDCIdentityProvider.java:482) standalone.sh[3887]: at org.keycloak.broker.oidc.OIDCIdentityProvider.getFederatedIdentity(OIDCIdentityProvider.java:350) standalone.sh[3887]: at org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider$Endpoint.authResponse(AbstractOAuth2IdentityProvider.java:420) standalone.sh[3887]: at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) standalone.sh[3887]: at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) standalone.sh[3887]: at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) standalone.sh[3887]: at java.lang.reflect.Method.invoke(Method.java:498) standalone.sh[3887]: at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:138) standalone.sh[3887]: at org.jboss.resteasy.core.ResourceMethodInvoker.internalInvokeOnTarget(ResourceMethodInvoker.java:517) standalone.sh[3887]: at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTargetAfterFilter(ResourceMethodInvoker.java:406) standalone.sh[3887]: at org.jboss.resteasy.core.ResourceMethodInvoker.lambda$invokeOnTarget$0(ResourceMethodInvoker.java:370) standalone.sh[3887]: at org.jboss.resteasy.core.interception.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:355) standalone.sh[3887]: at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:372) standalone.sh[3887]: at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:344) standalone.sh[3887]: at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:137) standalone.sh[3887]: at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:106) standalone.sh[3887]: at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:132) standalone.sh[3887]: at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:100) standalone.sh[3887]: at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:440) standalone.sh[3887]: at org.jboss.resteasy.core.SynchronousDispatcher.lambda$invoke$4(SynchronousDispatcher.java:229) standalone.sh[3887]: at org.jboss.resteasy.core.SynchronousDispatcher.lambda$preprocess$0(SynchronousDispatcher.java:135) standalone.sh[3887]: at org.jboss.resteasy.core.interception.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:355) standalone.sh[3887]: at org.jboss.resteasy.core.SynchronousDispatcher.preprocess(SynchronousDispatcher.java:138) standalone.sh[3887]: at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:215) standalone.sh[3887]: at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:227) standalone.sh[3887]: at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56) standalone.sh[3887]: at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51) standalone.sh[3887]: at javax.servlet.http.HttpServlet.service(HttpServlet.java:791) standalone.sh[3887]: at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74) standalone.sh[3887]: at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129) standalone.sh[3887]: at org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:90) standalone.sh[3887]: at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) standalone.sh[3887]: at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) standalone.sh[3887]: at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84) standalone.sh[3887]: at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) standalone.sh[3887]: at io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68) standalone.sh[3887]: at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) standalone.sh[3887]: at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78) standalone.sh[3887]: at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) standalone.sh[3887]: at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:132) standalone.sh[3887]: at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57) standalone.sh[3887]: at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) standalone.sh[3887]: at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46) standalone.sh[3887]: at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64) standalone.sh[3887]: at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60) standalone.sh[3887]: at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77) standalone.sh[3887]: at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50) standalone.sh[3887]: at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43) standalone.sh[3887]: at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) standalone.sh[3887]: at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61) standalone.sh[3887]: at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) standalone.sh[3887]: at org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68) standalone.sh[3887]: at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) standalone.sh[3887]: at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292) standalone.sh[3887]: at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81) standalone.sh[3887]: at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138) standalone.sh[3887]: at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135) standalone.sh[3887]: at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48) standalone.sh[3887]: at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43) standalone.sh[3887]: at org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105) standalone.sh[3887]: at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502) standalone.sh[3887]: at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502) standalone.sh[3887]: at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502) standalone.sh[3887]: at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502) standalone.sh[3887]: at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272) standalone.sh[3887]: at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81) standalone.sh[3887]: at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104) standalone.sh[3887]: at io.undertow.server.Connectors.executeRootHandler(Connectors.java:364) standalone.sh[3887]: at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:830) standalone.sh[3887]: at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35) standalone.sh[3887]: at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982) standalone.sh[3887]: at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486) standalone.sh[3887]: at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377) standalone.sh[3887]: at java.lang.Thread.run(Thread.java:748)

6 years, 6 months

1
0
0 / 0

Can I use Keycloak as a key store like Hashicorp Vault for an example?

by Malik Zakarneh

Hello I have four questions: 1) Can I use Keycloak as a key store like Hashicorp Vault for an example? Keycloak has realm keys, can I use this feature as a secure key store and use it to encrypt and hash data in my web application? 2) Is there an API that I can use to read those keys to use them in my web application? 3) Are those keys stored securely on disk? 4) If Keycloak is not built for that purpose, what should I use in combination with it? Can I integrate Keycloak with some other key vault? Thanks

6 years, 6 months

1
0
0 / 0

NPE problem with admin-cli Java client

by Tero Ahonen

Hi, I have Java code running on Wildfly 16 that uses Keycloak admin-cli java library to interact with Keycloak. Code works fine from command line, it works fine when use thru REST interface. But it doesn’t work when used from @Scheduled EJB …. Code is really simple Keycloak kc = KeycloakBuilder.builder() .serverUrl(“foo") .realm(“bar") .grantType(OAuth2Constants.PASSWORD) .clientId(“foo") .username(“bar") .password(“foo") .build(); List<UserRepresentation> users = kc.realm(“realm").users().search(email, 0, 1); This fails to code https://github.com/keycloak/keycloak/blob/e6a274ea0e31c6572e795f3372f006c... <https://github.com/keycloak/keycloak/blob/e6a274ea0e31c6572e795f3372f006c...> It seems that that token string is empty kc.getTokenManager() is not null kc.getTokenManager().getAccessToken() is not null kc.getTokenManager().getAccessTokenString() IS NULL Br, Tero

6 years, 6 months

1
0
0 / 0

Can a user modify his own attributes?

by Corentin Dupont

Hi guys, is it possible for a simple user to modify his own attributes using the API? I would like the user to get a Token with his login/password, and use this to change his own attributes. Of source he should not be able to change other peoples details. Is that possible? I found the role "manage_users" but no "manage_user_self". Thanks and cheers! Corentin

6 years, 6 months

1
0
0 / 0

warn about node-identifier

by pavel.kokush

Hello, I am running keycloak in cluster. I see following warn on start: WARN [org.jboss.as.txn] (ServerService Thread Pool -- 49) WFLYTX0013: The node-identifier attribute on the /subsystem=transactions is set to the default value. This is a danger for environments running multiple servers. Please make sure the attribute value is unique Should I care about it? I guess it is about distributed transaction? Keycloak does not use it?

6 years, 6 months

1
0
0 / 0

Password expiration warning

by Seth F

Is there any configuration (out-of-the-box) so that if a user's expiration is close to expiration, that some message displays when they login that informs them and gives them an opportunity to reset it preemptively?

6 years, 6 months

1
0
0 / 0

Keycloak does not found SPI User Storage provider

by Alfonso Vidal García

Good morning, I have configured a Spring Boot project with connection to Keycloak, and also I want to install a Custom SPI User Provider external to Keycloak. I did all the steps to do the Provider and ProviderFactory, and also the file in META-INF/services, and when I try to deploy on Wildfly to connect with Keycloak, fails, 12:52:26,079 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-1) MSC000001: Failed to start service jboss.deployment.unit."focusoc-0.0.1-SNAPSHOT.jar".POST_MODULE: org.jboss.msc.service.StartException in service jboss.deployment.unit."focusoc-0.0.1-SNAPSHOT.jar".POST_MODULE: WFLYSRV0153: Failed to process phase POST_MODULE of deployment "focusoc-0.0.1-SNAPSHOT.jar" at org.jboss.as.server@9.0.2.Final//org.jboss.as.server.deployment.DeploymentUnitPhaseService.start(DeploymentUnitPhaseService.java:183)<mailto:org.jboss.as.server@9.0.2.Final//org.jboss.as.server.deployment.DeploymentUnitPhaseService.start(DeploymentUnitPhaseService.java:183)> at org.jboss.msc@1.4.8.Final//org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1737)<mailto:org.jboss.msc@1.4.8.Final//org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1737)> at org.jboss.msc@1.4.8.Final//org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1699)<mailto:org.jboss.msc@1.4.8.Final//org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1699)> at org.jboss.msc@1.4.8.Final//org.jboss.msc.service.ServiceControllerImpl$ControllerTask.run(ServiceControllerImpl.java:1557)<mailto:org.jboss.msc@1.4.8.Final//org.jboss.msc.service.ServiceControllerImpl$ControllerTask.run(ServiceControllerImpl.java:1557)> at org.jboss.threads@2.3.3.Final//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)<mailto:org.jboss.threads@2.3.3.Final//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)> at org.jboss.threads@2.3.3.Final//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982)<mailto:org.jboss.threads@2.3.3.Final//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982)> at org.jboss.threads@2.3.3.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)<mailto:org.jboss.threads@2.3.3.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)> at org.jboss.threads@2.3.3.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)<mailto:org.jboss.threads@2.3.3.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)> at java.base/java.lang.Thread.run(Thread.java:834) Caused by: org.jboss.as.server.deployment.DeploymentUnitProcessingException: java.lang.ClassNotFoundException: gcs.fds.focusoc.keycloak.spi.LoginStorageProvider from [Module "deployment.focusoc-0.0.1-SNAPSHOT.jar" from Service Module Loader] at org.jboss.as.ejb3@17.0.1.Final//org.jboss.as.ejb3.deployment.processors.BusinessViewAnnotationProcessor.getEjbClass(BusinessViewAnnotationProcessor.java:240)<mailto:org.jboss.as.ejb3@17.0.1.Final//org.jboss.as.ejb3.deployment.processors.BusinessViewAnnotationProcessor.getEjbClass(BusinessViewAnnotationProcessor.java:240)> at org.jboss.as.ejb3@17.0.1.Final//org.jboss.as.ejb3.deployment.processors.BusinessViewAnnotationProcessor.deploy(BusinessViewAnnotationProcessor.java:89)<mailto:org.jboss.as.ejb3@17.0.1.Final//org.jboss.as.ejb3.deployment.processors.BusinessViewAnnotationProcessor.deploy(BusinessViewAnnotationProcessor.java:89)> at org.jboss.as.server@9.0.2.Final//org.jboss.as.server.deployment.DeploymentUnitPhaseService.start(DeploymentUnitPhaseService.java:176)<mailto:org.jboss.as.server@9.0.2.Final//org.jboss.as.server.deployment.DeploymentUnitPhaseService.start(DeploymentUnitPhaseService.java:176)> ... 8 more Caused by: java.lang.ClassNotFoundException: gcs.fds.focusoc.keycloak.spi.LoginStorageProvider from [Module "deployment.focusoc-0.0.1-SNAPSHOT.jar" from Service Module Loader] at org.jboss.modules.ModuleClassLoader.findClass(ModuleClassLoader.java:255) at org.jboss.modules.ConcurrentClassLoader.performLoadClassUnchecked(ConcurrentClassLoader.java:410) at org.jboss.modules.ConcurrentClassLoader.performLoadClass(ConcurrentClassLoader.java:398) at org.jboss.modules.ConcurrentClassLoader.loadClass(ConcurrentClassLoader.java:116) at org.jboss.as.ejb3@17.0.1.Final//org.jboss.as.ejb3.deployment.processors.BusinessViewAnnotationProcessor.getEjbClass(BusinessViewAnnotationProcessor.java:238)<mailto:org.jboss.as.ejb3@17.0.1.Final//org.jboss.as.ejb3.deployment.processors.BusinessViewAnnotationProcessor.getEjbClass(BusinessViewAnnotationProcessor.java:238)> ... 10 more 12:52:26,081 ERROR [org.jboss.as.controller.management-operation] (management-handler-thread - 8) WFLYCTL0013: Operation ("add") failed - address: ([("deployment" => "focusoc-0.0.1-SNAPSHOT.jar")]) - failure description: {"WFLYCTL0080: Failed services" => {"jboss.deployment.unit.\"focusoc-0.0.1-SNAPSHOT.jar\".POST_MODULE" => "WFLYSRV0153: Failed to process phase POST_MODULE of deployment \"focusoc-0.0.1-SNAPSHOT.jar\" Caused by: org.jboss.as.server.deployment.DeploymentUnitProcessingException: java.lang.ClassNotFoundException: gcs.fds.focusoc.keycloak.spi.LoginStorageProvider from [Module \"deployment.focusoc-0.0.1-SNAPSHOT.jar\" from Service Module Loader] Caused by: java.lang.ClassNotFoundException: gcs.fds.focusoc.keycloak.spi.LoginStorageProvider from [Module \"deployment.focusoc-0.0.1-SNAPSHOT.jar\" from Service Module Loader]"}} 12:52:26,082 ERROR [org.jboss.as.server] (management-handler-thread - 8) WFLYSRV0021: Deploy of deployment "focusoc-0.0.1-SNAPSHOT.jar" was rolled back with the following failure message: {"WFLYCTL0080: Failed services" => {"jboss.deployment.unit.\"focusoc-0.0.1-SNAPSHOT.jar\".POST_MODULE" => "WFLYSRV0153: Failed to process phase POST_MODULE of deployment \"focusoc-0.0.1-SNAPSHOT.jar\" Caused by: org.jboss.as.server.deployment.DeploymentUnitProcessingException: java.lang.ClassNotFoundException: gcs.fds.focusoc.keycloak.spi.LoginStorageProvider from [Module \"deployment.focusoc-0.0.1-SNAPSHOT.jar\" from Service Module Loader] Caused by: java.lang.ClassNotFoundException: gcs.fds.focusoc.keycloak.spi.LoginStorageProvider from [Module \"deployment.focusoc-0.0.1-SNAPSHOT.jar\" from Service Module Loader]"}} I try to search in all internet about solutions about that, and I am blocked, so If you could tell if anything is missing. Thank you. Alfonso Vidal. P Please consider the environment before printing this e-mail.

6 years, 6 months

2
3
0 / 0

AuthorizationContext is returning null

by Alfonso Vidal García

Hi everyone! I am with the app-authz-spring-security example from Keycloak Quickstarts, and all works but when I login into the app this error appears: FreeMarker template error (DEBUG mode; use RETHROW in production!): Java method "gcs.fds.focusoc.keycloak.web.model.Identity.hasResourcePermission(String)" threw an exception when invoked on gcs.fds.focusoc.keycloak.web.model.Identity object "gcs.fds.focusoc.keycloak.web.model.Identity@49ac4771"; see cause exception in the Java stack trace. ---- FTL stack trace ("~" means nesting-related): - Failed at: #if identity.hasResourcePermission("A... [in template "home.ftl" at line 19, column 6] ---- Java stack trace (for programmers): ---- freemarker.core._TemplateModelException: [... Exception message was already printed; see it above ...] at freemarker.ext.beans._MethodUtil.newInvocationTemplateModelException(_MethodUtil.java:289) at freemarker.ext.beans._MethodUtil.newInvocationTemplateModelException(_MethodUtil.java:252) at freemarker.ext.beans.SimpleMethodModel.exec(SimpleMethodModel.java:77) at freemarker.core.MethodCall._eval(MethodCall.java:65) at freemarker.core.Expression.eval(Expression.java:83) at freemarker.core.Expression.evalToBoolean(Expression.java:161) at freemarker.core.Expression.evalToBoolean(Expression.java:147) at freemarker.core.ConditionalBlock.accept(ConditionalBlock.java:48) at freemarker.core.Environment.visit(Environment.java:330) at freemarker.core.Environment.visit(Environment.java:336) at freemarker.core.Environment.process(Environment.java:309) at freemarker.template.Template.process(Template.java:384) at org.springframework.web.servlet.view.freemarker.FreeMarkerView.processTemplate(FreeMarkerView.java:396) at org.springframework.web.servlet.view.freemarker.FreeMarkerView.doRender(FreeMarkerView.java:309) at org.springframework.web.servlet.view.freemarker.FreeMarkerView.renderMergedTemplateModel(FreeMarkerView.java:257) at org.springframework.web.servlet.view.AbstractTemplateView.renderMergedOutputModel(AbstractTemplateView.java:165) at org.springframework.web.servlet.view.AbstractView.render(AbstractView.java:314) at org.springframework.web.servlet.DispatcherServlet.render(DispatcherServlet.java:1325) at org.springframework.web.servlet.DispatcherServlet.processDispatchResult(DispatcherServlet.java:1069) at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1008) at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:925) at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:974) at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:866) at javax.servlet.http.HttpServlet.service(HttpServlet.java:635) at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:851) at javax.servlet.http.HttpServlet.service(HttpServlet.java:742) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.keycloak.adapters.springsecurity.filter.KeycloakAuthenticatedActionsFilter.doFilter(KeycloakAuthenticatedActionsFilter.java:57) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.keycloak.adapters.springsecurity.filter.KeycloakSecurityContextRequestFilter.doFilter(KeycloakSecurityContextRequestFilter.java:54) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.keycloak.adapters.springsecurity.filter.KeycloakPreAuthActionsFilter.doFilter(KeycloakPreAuthActionsFilter.java:86) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:200) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:320) at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:127) at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:91) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:119) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:137) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) at org.keycloak.adapters.springsecurity.filter.KeycloakAuthenticatedActionsFilter.doFilter(KeycloakAuthenticatedActionsFilter.java:74) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) at org.keycloak.adapters.springsecurity.filter.KeycloakSecurityContextRequestFilter.doFilter(KeycloakSecurityContextRequestFilter.java:77) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:170) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:200) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) at org.keycloak.adapters.springsecurity.filter.KeycloakPreAuthActionsFilter.doFilter(KeycloakPreAuthActionsFilter.java:86) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) at org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:100) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:66) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215) at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178) at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:357) at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:270) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:109) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:93) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:200) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:496) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342) at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:803) at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:790) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1468) at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:748) Caused by: java.lang.NullPointerException at gcs.fds.focusoc.keycloak.web.model.Identity.hasResourcePermission(Identity.java:51) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at freemarker.ext.beans.BeansWrapper.invokeMethod(BeansWrapper.java:1505) at freemarker.ext.beans.SimpleMethodModel.exec(SimpleMethodModel.java:72) ... 113 more I have the same configuration as the example. I researched a little bit and the NullPointer comes from the getAuthorizationContext in KeycloakSecurityContext that it is null. Anyone knows what it is happeing? Thanks in advance! P Please consider the environment before printing this e-mail.

6 years, 6 months

2
4
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

keycloak-user October 2019