6:44 a.m.
Actually that’s because it’s been running for one year and just now it started with the
issues. Just trying to figure out what was the cause.
Could this keys / providers missing has something to do with the direct grant
authentication flow issue?
On 5 Dec 2017, at 06:16, Stian Thorgersen <sthorger(a)redhat.com>
wrote:
Are you actually using 2.4.0.CR1? That's old and unsupported, maybe you actually
wanted to use 3.4.0.CR1? "hmac-generated" was added in 2.5.5.
On 4 December 2017 at 18:40, Marcelo Miura <marcelo.miura(a)gdcommunity.co.uk
<mailto:marcelo.miura@gdcommunity.co.uk>> wrote:
Thanks for your answers.
http://localhost:8080/auth/admin/master/console/#/server-info/providers
<http://localhost:8080/auth/admin/master/console/#/server-info/providers>
On keys I see the following:
rsa
java-keystore
rsa-generated
On the COMPONENT table of the keycloak db, I could see 2 records related to
hmac-generated. I removed both in attempt to fix the problem (it’s happening on my dev
server). On production I do not see those records and it's currently working fine.
Then, I tried to created the provider rsa again, so the old provider appeared back. Then
I deleted the providers that I created and the error related to the keys is not showing
anymore.
But I’m still facing the authentication issue by Direct Grant.
On my local server I do not have this issue.
Version used: 2.4.0.CR1
> On 4 Dec 2017, at 14:34, Marek Posolda <mposolda(a)redhat.com
<mailto:mposolda@redhat.com>> wrote:
>
> Does this happen when you start latest Keycloak from clean state? Or did you migrate
from some previous version?
>
> Marek
>
> On 04/12/17 14:57, Marcelo Miura wrote:
>> Hi,
>>
>> I’m using Direct Grant to authenticate with an admin user to be able to create
new users into Keycloak and be able to reset user passwords.
>>
>> But for some reason, the authentication is not working anymore. It’s returning
that the user credentials are invalid, as follows:
>> {
>> "error": "invalid_grant",
>> "error_description": "Invalid user credentials"
>> }
>>
>> But when logging in into the Admin Console, the credentials are working fine.
>>
>> Keycloak log:
>>
>> 2017-11-30 20:22:31,631 WARN [org.keycloak.events] (default task-29)
type=LOGIN_ERROR, realmId=master, clientId=admin, userId=null, ipAddress=xxx.xx.xx.xx
error=invalid_user_credentials, auth_method=openid-connect, grant_type=password,
client_auth_method=client-secret, username=admin
>> 2017-11-30 20:22:31,631 WARN [org.keycloak.services] (Brute Force Protector)
KC-SERVICES0053: login failure for user <userid> from xxx.xx.xx.xx
>>
>> *replaced some values as required by the client
>>
>> Not sure if it’s related but on the last days when accessing the realm settings -
keys, it was displaying an error: "Error! An unexpected server error has occurred”
and the tabs Active and Providers didn’t show any keys.
>> Keycloak log:
>>
>> 2017-11-30 20:20:52,033 ERROR [org.keycloak.keys.DefaultKeyManager] (default
task-24) Failed to load provider <provider id>: java.lang.NullPointerException
>> at org.keycloak.keys.DefaultKeyManager.getProviders(DefaultKeyManager.java:133)
>> at org.keycloak.keys.DefaultKeyManager.getPublicKey(DefaultKeyManager.java:70)
>> at
org.keycloak.services.managers.AuthenticationManager.verifyIdentityToken(AuthenticationManager.java:688)
>> at
org.keycloak.services.managers.AppAuthManager.authenticateBearerToken(AppAuthManager.java:64)
>> at
org.keycloak.services.resources.admin.AdminRoot.authenticateRealmAdminRequest(AdminRoot.java:175)
>> at
org.keycloak.services.resources.admin.AdminRoot.getRealmsAdmin(AdminRoot.java:209)
>> at sun.reflect.GeneratedMethodAccessor371.invoke(Unknown Source)
>> at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>> at java.lang.reflect.Method.invoke(Method.java:498)
>> at
org.jboss.resteasy.core.ResourceLocatorInvoker.createResource(ResourceLocatorInvoker.java:79)
>> at
org.jboss.resteasy.core.ResourceLocatorInvoker.createResource(ResourceLocatorInvoker.java:58)
>> at
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:100)
>> at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:395)
>> at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:202)
>> at
org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:221)
>> at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
>> at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
>> at
io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
>> at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
>> at
org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:90)
>> at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)
>> at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
>> at
io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
>> at
io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
>> at
io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
>> at
org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
>> at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>> at
io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
>> at
io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
>> at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>> at
io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
>> at
io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
>> at
io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
>> at
io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
>> at
io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
>> at
io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
>> at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>> at
org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
>> at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>> at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>> at
io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:284)
>> at
io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:263)
>> at
io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
>> at
io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:174)
>> at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
>> at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:793)
>> at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
>> at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
>> at java.lang.Thread.run(Thread.java:745)
>>
>> 2017-11-30 20:20:52,038 ERROR [io.undertow.request] (default task-24) UT005023:
Exception handling request to /auth/admin/realms/master/components:
org.jboss.resteasy.spi.UnhandledException: java.lang.RuntimeException:
java.lang.IllegalArgumentException: No such provider 'hmac-generated'
>> at
org.jboss.resteasy.core.ExceptionHandler.handleApplicationException(ExceptionHandler.java:76)
>> at
org.jboss.resteasy.core.ExceptionHandler.handleException(ExceptionHandler.java:212)
>> at
org.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:168)
>> at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:411)
>> at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:202)
>> at
org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:221)
>> at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
>> at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
>> at
io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
>> at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
>> at
org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:90)
>> at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)
>> at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
>> at
io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
>> at
io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
>> at
io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
>> at
org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
>> at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>> at
io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
>> at
io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
>> at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>> at
io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
>> at
io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
>> at
io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
>> at
io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
>> at
io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
>> at
io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
>> at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>> at
org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
>> at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>> at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>> at
io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:284)
>> at
io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:263)
>> at
io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
>> at
io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:174)
>> at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
>> at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:793)
>> at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
>> at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
>> at java.lang.Thread.run(Thread.java:745)
>> Caused by: java.lang.RuntimeException: java.lang.IllegalArgumentException: No
such provider 'hmac-generated'
>> at
org.keycloak.models.utils.ComponentUtil.getComponentConfigProperties(ComponentUtil.java:69)
>> at
org.keycloak.models.utils.ComponentUtil.getComponentConfigProperties(ComponentUtil.java:39)
>> at org.keycloak.models.utils.StripSecretsUtils.strip(StripSecretsUtils.java:39)
>> at
org.keycloak.models.utils.ModelToRepresentation.toRepresentation(ModelToRepresentation.java:815)
>> at
org.keycloak.services.resources.admin.ComponentResource.getComponents(ComponentResource.java:118)
>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>> at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>> at java.lang.reflect.Method.invoke(Method.java:498)
>> at
org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:139)
>> at
org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:295)
>> at
org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:249)
>> at
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:138)
>> at
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:107)
>> at
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:133)
>> at
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:107)
>> at
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:133)
>> at
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:101)
>> at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:395)
>> ... 37 more
>> Caused by: java.lang.IllegalArgumentException: No such provider
'hmac-generated'
>> at
org.keycloak.models.utils.ComponentUtil.getComponentFactory(ComponentUtil.java:81)
>> at
org.keycloak.models.utils.ComponentUtil.getComponentConfigProperties(ComponentUtil.java:56)
>> ... 55 more
>>
>>
>> But when I check the keycloak database, seems that the key and provider are
there.
>> Any thoughts?
>>
>>
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org>
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
<https://lists.jboss.org/mailman/listinfo/keycloak-user>
>
>