Ah, I was looking directly at the cause at the bottom, and missed the
UndertowPreAuthActionsHandler at the beginning of stack trace.
No idea then. If it's an out-of-the-box proxy install, and it's supposed to
just work, then maybe it's a bug.
On Mon, Jul 25, 2016 at 4:41 PM, Manfred Duchrow <
manfred.duchrow(a)caprica.biz> wrote:
Hi,
thanks for your response.
The UndertowPreAuthActionsHandler actually is in the stacktrace. So I
don't quite understand what you mean.
The installation is out-of-the-box from the keycloak-proxy-2.0.0.Final.zip.
I was assuming that in UndertowPreAuthActionsHandler#handleRequest()
somthing like the following must happen,
in order to execute the logout action handling in a worker thread:
public void handleRequest(HttpServerExchange exchange) throws
Exception {
UndertowHttpFacade facade = createFacade(exchange);
SessionManagementBridge bridge = new
SessionManagementBridge(userSessionManagement, sessionManager);
final PreAuthActionsHandler handler = new
PreAuthActionsHandler(bridge, deploymentContext, facade);
final AtomicBoolean requestHandled = new AtomicBoolean(false);
if (exchange.getRequestURI().endsWith(AdapterConstants.K_LOGOUT)) {
HttpHandler tmpHandler = new HttpHandler()
{
@Override
public void handleRequest(HttpServerExchange exchange) throws
Exception
{
requestHandled.set(handler.handleRequest());
}
};
exchange.dispatch(tmpHandler); // This starts the worker thread
that allows blocking I/O
}
else {
requestHandled.set(handler.handleRequest());
}
if(requestHandled.get()) return;
next.handleRequest(exchange);
}
Any feedback welcome.
Cheers,
Manfred
On 25.07.2016 15:35, Marko Strukelj wrote:
Giving a cursory look at KEYCLOAK-3311, and not really knowing this part
of the code so I hope I'm not giving you a wrong lead here, but it looks
like UndertowPreAuthActionsHandler should already be present in your
stacktrace, while currently it is not.
It sounds like Wildfly adapter was not installed correctly.
On Mon, Jul 25, 2016 at 9:26 AM, Manfred Duchrow <
manfred.duchrow(a)caprica.biz> wrote:
> Hi,
>
> a few days ago I created the Jira issue KEYCLOAK-3311.
>
> Its about the following exception when "k_logout" request from the
> keycloak server is coming in:
>
> IllegalStateException: UT000126: Attempted to do blocking IO from the IO
> thread. This is prohibited as it may result in deadlocks
>
> Has anybody experienced the same? Is there a workaround?
>
> Currently this error prevents the logout from the secure proxy and
> therefore the protected
> application can still be reached (for a while) even if the user's session
> on the keycloak server
> has been terminated.
>
> Cheers,
> Manfred
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>