Hi Yegui,
I kept curl running in cycle for ~15mins, but couldn't reproduce the issue. What
version of Keycloak are you using? Could you try latest stable?
Cheers,
Dmitry Telegin
CTO, Acutus s.r.o.
Keycloak Consulting and Training
Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
+42 (022) 888-30-71
E-mail: info(a)acutus.pro
On Thu, 2018-08-16 at 15:00 -0400, Yegui Cai wrote:
Hi all.
I am using the admin REST api to obtain an access token using curl:
curl --insecure -i --request POST
https://127.0.0.1:8666/auth/realms/master/protocol/openid-connect/token
--header 'Accept: application/json' --header 'Content-Type:
application/x-www-form-urlencoded' --data
'grant_type=password&username=admin&password=admin&client_id=admin-cli'
The problem is after my standalone Keycloak running for a while (in between
I keep curling access token), I can not get token anymore. The out put of
curl is:
{"error":"invalid_grant","error_description":"Invalid
user credentials"}%
> From TRACE level log, I read the following:
2018-08-16 14:42:23,438 DEBUG
[org.keycloak.transaction.JtaTransactionWrapper] (default task-3) new
JtaTransactionWrapper
2018-08-16 14:42:23,439 DEBUG
[org.keycloak.transaction.JtaTransactionWrapper] (default task-3) was
existing? false
2018-08-16 14:42:23,454 TRACE
[org.keycloak.connections.jpa.DefaultJpaConnectionProviderFactory] (default
task-3) Create JpaConnectionProvider
2018-08-16 14:42:23,457 TRACE
[org.keycloak.models.cache.infinispan.RealmCacheSession] (default task-3)
by id cache hit: master
2018-08-16 14:42:23,495 DEBUG
[org.keycloak.authentication.AuthenticationProcessor] (default task-3)
AUTHENTICATE CLIENT
2018-08-16 14:42:23,497 TRACE
[org.keycloak.authentication.ClientAuthenticationFlow] (default task-3)
Using executions for client authentication:
[33858fd1-64d3-42ae-8713-7a98e7e83700,
63bca01e-0342-4150-9b9c-7e7ceaeda8c6, 9b46d8e9-0331-4554-8d84-0ad8d5944b3e]
2018-08-16 14:42:23,497 DEBUG
[org.keycloak.authentication.ClientAuthenticationFlow] (default task-3)
client authenticator: client-secret
2018-08-16 14:42:23,510 TRACE
[org.keycloak.models.cache.infinispan.RealmCacheSession] (default task-3)
adding client by name cache miss: admin-cli
2018-08-16 14:42:23,515 TRACE
[org.keycloak.models.cache.infinispan.RealmCacheSession] (default task-3)
client by id cache hit: admin-cli
2018-08-16 14:42:23,516 DEBUG
[org.keycloak.authentication.ClientAuthenticationFlow] (default task-3)
client authenticator SUCCESS: client-secret
2018-08-16 14:42:23,517 DEBUG
[org.keycloak.authentication.ClientAuthenticationFlow] (default task-3)
Client admin-cli authenticated by client-secret
2018-08-16 14:42:23,519 DEBUG
[org.keycloak.models.sessions.infinispan.InfinispanAuthenticationSessionProviderFactory]
(default task-3) [null] Registered cluster listeners
2018-08-16 14:42:23,523 TRACE
[org.keycloak.models.sessions.infinispan.InfinispanKeycloakTransaction]
(default task-3) Adding cache operation: ADD on
d43ccba6-2640-48a6-9c21-0f777b2fd972
2018-08-16 14:42:23,527 TRACE
[org.keycloak.models.sessions.infinispan.InfinispanKeycloakTransaction]
(default task-3) Adding cache operation: REPLACE on
d43ccba6-2640-48a6-9c21-0f777b2fd972
2018-08-16 14:42:23,528 TRACE
[org.keycloak.models.sessions.infinispan.InfinispanKeycloakTransaction]
(default task-3) Adding cache operation: REPLACE on
d43ccba6-2640-48a6-9c21-0f777b2fd972
2018-08-16 14:42:23,528 TRACE
[org.keycloak.models.sessions.infinispan.InfinispanKeycloakTransaction]
(default task-3) Adding cache operation: REPLACE on
d43ccba6-2640-48a6-9c21-0f777b2fd972
2018-08-16 14:42:23,529 TRACE
[org.keycloak.models.sessions.infinispan.InfinispanKeycloakTransaction]
(default task-3) Adding cache operation: REPLACE on
d43ccba6-2640-48a6-9c21-0f777b2fd972
2018-08-16 14:42:23,529 TRACE
[org.keycloak.models.sessions.infinispan.InfinispanKeycloakTransaction]
(default task-3) Adding cache operation: REPLACE on
d43ccba6-2640-48a6-9c21-0f777b2fd972
2018-08-16 14:42:23,530 TRACE
[org.keycloak.models.cache.infinispan.RealmCacheSession] (default task-3)
client by id cache hit: admin-cli
2018-08-16 14:42:23,530 DEBUG
[org.keycloak.authentication.AuthenticationProcessor] (default task-3)
AUTHENTICATE ONLY
2018-08-16 14:42:23,532 TRACE
[org.keycloak.models.sessions.infinispan.InfinispanKeycloakTransaction]
(default task-3) Adding cache operation: REPLACE on
d43ccba6-2640-48a6-9c21-0f777b2fd972
2018-08-16 14:42:23,533 TRACE
[org.keycloak.models.cache.infinispan.RealmCacheSession] (default task-3)
client by id cache hit: admin-cli
2018-08-16 14:42:23,534 DEBUG
[org.keycloak.authentication.DefaultAuthenticationFlow] (default task-3)
processFlow
2018-08-16 14:42:23,534 DEBUG
[org.keycloak.authentication.DefaultAuthenticationFlow] (default task-3)
check execution: direct-grant-validate-username requirement: REQUIRED
2018-08-16 14:42:23,534 DEBUG
[org.keycloak.authentication.DefaultAuthenticationFlow] (default task-3)
authenticator: direct-grant-validate-username
2018-08-16 14:42:23,534 DEBUG
[org.keycloak.authentication.DefaultAuthenticationFlow] (default task-3)
invoke authenticator.authenticate: direct-grant-validate-username
2018-08-16 14:42:23,535 TRACE
[org.keycloak.models.sessions.infinispan.InfinispanKeycloakTransaction]
(default task-3) Adding cache operation: REPLACE on
d43ccba6-2640-48a6-9c21-0f777b2fd972
2018-08-16 14:42:23,535 TRACE
[org.keycloak.models.cache.infinispan.UserCacheSession] (default task-3)
getUserByUsername: admin
2018-08-16 14:42:23,535 TRACE
[org.keycloak.models.cache.infinispan.UserCacheSession] (default task-3)
query null
2018-08-16 14:42:23,583 TRACE
[org.keycloak.models.sessions.infinispan.InfinispanKeycloakTransaction]
(default task-3) Adding cache operation: REPLACE on
d43ccba6-2640-48a6-9c21-0f777b2fd972
2018-08-16 14:42:23,583 DEBUG
[org.keycloak.authentication.DefaultAuthenticationFlow] (default task-3)
authenticator SUCCESS: direct-grant-validate-username
2018-08-16 14:42:23,584 TRACE
[org.keycloak.models.sessions.infinispan.InfinispanKeycloakTransaction]
(default task-3) Adding cache operation: REPLACE on
d43ccba6-2640-48a6-9c21-0f777b2fd972
2018-08-16 14:42:23,584 DEBUG
[org.keycloak.authentication.DefaultAuthenticationFlow] (default task-3)
check execution: direct-grant-validate-password requirement: REQUIRED
2018-08-16 14:42:23,584 DEBUG
[org.keycloak.authentication.DefaultAuthenticationFlow] (default task-3)
authenticator: direct-grant-validate-password
2018-08-16 14:42:23,584 TRACE
[org.keycloak.models.cache.infinispan.UserCacheSession] (default task-3)
getuserById b0942806-9744-4571-9216-d9fb57bd9d2f
2018-08-16 14:42:23,584 TRACE
[org.keycloak.models.cache.infinispan.UserCacheSession] (default task-3)
return managedusers
2018-08-16 14:42:23,584 DEBUG
[org.keycloak.authentication.DefaultAuthenticationFlow] (default task-3)
invoke authenticator.authenticate: direct-grant-validate-password
2018-08-16 14:42:23,584 TRACE
[org.keycloak.models.cache.infinispan.UserCacheSession] (default task-3)
getuserById b0942806-9744-4571-9216-d9fb57bd9d2f
2018-08-16 14:42:23,584 TRACE
[org.keycloak.models.cache.infinispan.UserCacheSession] (default task-3)
return managedusers
2018-08-16 14:42:24,010 DEBUG
[org.keycloak.authentication.DefaultAuthenticationFlow] (default task-3)
authenticator SUCCESS: direct-grant-validate-password
2018-08-16 14:42:24,010 TRACE
[org.keycloak.models.sessions.infinispan.InfinispanKeycloakTransaction]
(default task-3) Adding cache operation: REPLACE on
d43ccba6-2640-48a6-9c21-0f777b2fd972
2018-08-16 14:42:24,010 DEBUG
[org.keycloak.authentication.DefaultAuthenticationFlow] (default task-3)
check execution: direct-grant-validate-otp requirement: OPTIONAL
2018-08-16 14:42:24,010 DEBUG
[org.keycloak.authentication.DefaultAuthenticationFlow] (default task-3)
authenticator: direct-grant-validate-otp
2018-08-16 14:42:24,010 TRACE
[org.keycloak.models.cache.infinispan.UserCacheSession] (default task-3)
getuserById b0942806-9744-4571-9216-d9fb57bd9d2f
2018-08-16 14:42:24,010 TRACE
[org.keycloak.models.cache.infinispan.UserCacheSession] (default task-3)
return managedusers
2018-08-16 14:42:24,010 DEBUG
[org.keycloak.authentication.DefaultAuthenticationFlow] (default task-3)
invoke authenticator.authenticate: direct-grant-validate-otp
2018-08-16 14:42:24,010 TRACE
[org.keycloak.models.cache.infinispan.UserCacheSession] (default task-3)
getuserById b0942806-9744-4571-9216-d9fb57bd9d2f
2018-08-16 14:42:24,010 TRACE
[org.keycloak.models.cache.infinispan.UserCacheSession] (default task-3)
return managedusers
2018-08-16 14:42:24,010 DEBUG
[org.keycloak.authentication.DefaultAuthenticationFlow] (default task-3)
authenticator ATTEMPTED: direct-grant-validate-otp
2018-08-16 14:42:24,010 TRACE
[org.keycloak.models.sessions.infinispan.InfinispanKeycloakTransaction]
(default task-3) Adding cache operation: REPLACE on
d43ccba6-2640-48a6-9c21-0f777b2fd972
2018-08-16 14:42:24,010 TRACE
[org.keycloak.models.cache.infinispan.UserCacheSession] (default task-3)
getuserById b0942806-9744-4571-9216-d9fb57bd9d2f
2018-08-16 14:42:24,010 TRACE
[org.keycloak.models.cache.infinispan.UserCacheSession] (default task-3)
return managedusers
2018-08-16 14:42:24,010 TRACE
[org.keycloak.models.cache.infinispan.UserCacheSession] (default task-3)
getuserById b0942806-9744-4571-9216-d9fb57bd9d2f
2018-08-16 14:42:24,010 TRACE
[org.keycloak.models.cache.infinispan.UserCacheSession] (default task-3)
return managedusers
2018-08-16 14:42:24,014 DEBUG
[org.keycloak.authentication.requiredactions.VerifyEmail] (default task-3)
User is required to verify email
2018-08-16 14:42:24,014 TRACE
[org.keycloak.models.cache.infinispan.UserCacheSession] (default task-3)
getuserById b0942806-9744-4571-9216-d9fb57bd9d2f
2018-08-16 14:42:24,015 TRACE
[org.keycloak.models.cache.infinispan.UserCacheSession] (default task-3)
registered for invalidation return delegate
2018-08-16 14:42:24,017 TRACE [org.keycloak.events] (default task-3)
type=LOGIN_ERROR, realmId=master, clientId=admin-cli, userId=null,
ipAddress=127.0.0.1, error=resolve_required_actions,
auth_method=openid-connect, grant_type=password,
client_auth_method=client-secret, username=admin, requestUri=
https://127.0.0.1:8666/auth/realms/master/protocol/openid-connect/token,
cookies=[]
2018-08-16 14:42:24,027 TRACE [org.keycloak.services.resources.Cors]
(default task-3) No origin header ignoring
2018-08-16 14:42:24,028 TRACE [org.keycloak.services.resources.Cors]
(default task-3) No origin header ignoring
2018-08-16 14:42:24,028 TRACE [org.keycloak.services.resources.Cors]
(default task-3) No origin header ignoring
2018-08-16 14:42:24,030 DEBUG
[org.keycloak.transaction.JtaTransactionWrapper] (default task-3)
JtaTransactionWrapper commit
2018-08-16 14:42:24,032 DEBUG
[org.keycloak.transaction.JtaTransactionWrapper] (default task-3)
JtaTransactionWrapper end
2018-08-16 14:42:24,034 TRACE
[org.keycloak.models.cache.infinispan.UserCacheManager] (default task-3)
Removed key='master.username.admin',
value='UserListQuery{id='master.username.admin'realmName='master'}'
from
cache
2018-08-16 14:42:24,036 TRACE
[org.keycloak.models.cache.infinispan.UserCacheManager] (default task-3)
Removed key='b0942806-9744-4571-9216-d9fb57bd9d2f',
value='org.keycloak.models.cache.infinispan.entities.CachedUser@2ae0edf1'
from cache
2018-08-16 14:42:24,037 TRACE
[org.keycloak.cluster.infinispan.InfinispanNotificationsManager] (default
task-3) Sending event with key 5daeb51e-3aac-4c81-add1-4e24209e62b4:
UserUpdatedEvent [ userId=b0942806-9744-4571-9216-d9fb57bd9d2f,
username=admin, email=null ]
2018-08-16 14:42:24,065 TRACE
[org.keycloak.connections.jpa.DefaultJpaConnectionProvider] (default
task-3) DefaultJpaConnectionProvider close()
Could it be a potential bug? Or the way I use the admin rest api is not
right?
Thanks a lot!
Y.
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user