@Andrej, try to use the following instructions to set up Keycloak in domain mode. These instructions work for me, so if you follow them precisely they should also work for you.This setup approach assumes that you may want to deploy your secured applications into the same server(s) running Keycloak server.Download keycloak-demo-1.6.1.Final.zip from http://keycloak.jboss.org/keycloak/downloads.unzip ~/Downloads/keycloak-demo-1.6.1.Final.zipcd keycloak-demo-1.6.1.Final/keycloakOpen for edit: domain/configuration/domain.xmlAdd to <extensions> section:<extension module="org.keycloak.keycloak-server-subsystem"/><extension module="org.keycloak.keycloak-adapter-subsystem"/>The second one is for securing your deployed .wars with Keycloak server.Scroll down to <profile name="full-ha">Add to <subsystem xmlns="urn:jboss:domain:datasources:3.0"> section:
<datasource jndi-name="java:jboss/datasources/KeycloakDS" pool-name="KeycloakDS" enabled="true" use-java-context="true">
<connection-url>jdbc:h2:${jboss.server.data.dir}/keycloak;AUTO_SERVER=TRUE</connection-url>
<driver>h2</driver>
<security>
<user-name>sa</user-name>
<password>sa</password>
</security>
</datasource>Add to <subsystem xmlns="urn:jboss:domain:infinispan:3.0"> section:<cache-container name="keycloak" jndi-name="infinispan/Keycloak">
<transport lock-timeout="60000"/>
<invalidation-cache name="realms" mode="SYNC"/>
<invalidation-cache name="users" mode="SYNC"/>
<distributed-cache name="sessions" mode="SYNC" owners="1"/>
<distributed-cache name="loginFailures" mode="SYNC" owners="1"/>
</cache-container>Before the ending </profile> add:
<subsystem xmlns="urn:jboss:domain:keycloak-server:1.1">
<web-context>auth</web-context>
</subsystem><subsystem xmlns="urn:jboss:domain:keycloak:1.1"/>The second one is for securing your deployed .wars with Keycloak server.Make sure that you really add all these sections to 'full-ha'. If you use search or any kind of shortcuts to jump through the edited file, it very easy to end up in a different section. So doublecheck.Now scroll further down to <server-groups> section, and change 'main-server-group' to use 'full-ha' profile:<server-group name="main-server-group" profile="full-ha">
<jvm name="default">
<heap size="64m" max-size="512m"/>
</jvm>
<socket-binding-group ref="full-ha-sockets"/>
</server-group>Save the file.Now start Keycloak in domain mode:bin/domain.sh
Observing the log, you should see many entries for 'server-one', and 'server-two'.
You should also see two big stacktraces, as the server will try to start up, and fail due to not being able to find the keycloak-server.json file. (The stacktrace should be more descriptive - current error reporting NullPointerException is a bug)
But that's good, it means that keycloak-server subsystem was picked up, and started to get initialized.
Running this results in two additional directories created:
domain/servers/server-one
and
domain/servers/server-two
Now just copy the configuration from standalone to these two directories:mkdir domain/servers/server-one/configurationcp standalone/configuration/keycloak-server.json domain/servers/server-one/configuration/cp -r standalone/configuration/themes domain/servers/server-one/configuration/cp -r standalone/configuration/providers domain/servers/server-one/configuration/mkdir domain/servers/server-two/configurationcp standalone/configuration/keycloak-server.json domain/servers/server-two/configuration/cp -r standalone/configuration/themes domain/servers/server-two/configuration/cp -r standalone/configuration/providers domain/servers/server-two/configuration/
And start the server again:bin/domain.shYou should now see the server start up without any errors. You can now open Keycloak admin on server-one:And on server-two:This procedure has always worked for me. If it fails for you then provide your domain.xml, and stdout from console with any stack traces.On Thu, Nov 5, 2015 at 9:02 PM, Stian Thorgersen <sthorger@redhat.com> wrote:On 4 November 2015 at 16:35, Marko Strukelj <mstrukel@redhat.com> wrote:_______________________________________________On Wed, Nov 4, 2015 at 4:10 PM, Andrej P <ado.boj.83@gmail.com> wrote:On Wed, Nov 4, 2015 at 3:48 PM, Marko Strukelj <mstrukel@redhat.com> wrote:Can you confirm that you see the following lines in your host-controller.log:
[Server:authentication-server-demosetup] 15:58:23,220 INFO [org.wildfly.extension.undertow] (ServerService Thread Pool -- 72) WFLYUT0021: Registered web context: /auth
[Server:authentication-server-demosetup] 15:58:23,267 INFO [org.jboss.as.server] (ServerService Thread Pool -- 36) WFLYSRV0010: Deployed "keycloak-server.war" (runtime-name : "keycloak-server.war")No, this lines are missing in log.That's the root of your problem then. Keycloak server subsystem doesn't seem to be initialized at all.From your config files it follows that your 'authentication-server-demosetup' server is using 'group-authentication' group, and 'group-authentication' group is using 'idbt-ha' profile, and 'idbt-ha' profile contains keycloak-server subsystem declaration ...I see no reason for Keycloak server to not get initialized.I'm sorry to say, but I'm out of ideas. If I were you I would try from scratch with an OOTB domain.xml, and host.xml, and setup up Keycloak server without any additional applications deployed, following the instructions I described previously - just get server-one, and server-two using the same group tied to full-ha profile. That way you should get Keycloak up and running. Then I would slowly evolve the configuration towards what you have now. Somewhere during that process there must be a step, that breaks things, and it's not obvious what that step is.
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user