Hello
I have created a security question Authenticator according Keycloak
documentation by implementing org.keycloak.authentication.Authenticator
interface,
with 2 configurable attributes.
After adding the Authenticator execution into Authentication flow, I can set
initial configuration values for the attributes in admin console (as realm
admin user).
For a first time it's everything OK and the values are set and used during
authentication.
But next time, when I try to change the attributes values, I get an
ForbiddenException:
14:49:48,783 ERROR [org.jboss.resteasy.resteasy_jaxrs.i18n] (default
task-12) RESTEASY002005: Failed executing GET
/admin/realms/master/authentication
/config-description/security-question-authenticator:
org.keycloak.services.ForbiddenException
at
org.keycloak.services.resources.admin.RealmAuth.requireView(RealmAuth.java:7
0)
at
org.keycloak.services.resources.admin.AuthenticationManagementResource.getAu
thenticatorConfigDescription(AuthenticationManagementResource.j
ava:853)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62
)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl
.java:43)
at java.lang.reflect.Method.invoke(Method.java:497)
at
org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:13
9)
at
org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodI
nvoker.java:295)
at
org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.j
ava:249)
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(Resource
LocatorInvoker.java:138)
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker
.java:107)
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(Resource
LocatorInvoker.java:133)
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker
.java:107)
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(Resource
LocatorInvoker.java:133)
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker
.java:101)
at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.j
ava:395)
at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.j
ava:202)
at
org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service
(ServletContainerDispatcher.java:221)
at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(Http
ServletDispatcher.java:56)
at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(Http
ServletDispatcher.java:51)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
at
io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.jav
a:85)
at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHa
ndler.java:129)
at
org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(Keycloak
SessionServletFilter.java:78)
at
io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)
at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHa
ndler.java:131)
at
io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:
84)
at
io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleReque
st(ServletSecurityRoleHandler.java:62)
at
io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(Servlet
DispatchingHandler.java:36)
at
org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.ha
ndleRequest(SecurityContextAssociationHandler.java:78)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.
java:43)
at
io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handl
eRequest(SSLInformationAssociationHandler.java:131)
at
io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handl
eRequest(ServletAuthenticationCallHandler.java:57)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.
java:43)
at
io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(A
bstractConfidentialityHandler.java:46)
at
io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandle
r.handleRequest(ServletConfidentialityConstraintHandler.java:64
)
at
io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(
AuthenticationMechanismsHandler.java:60)
at
io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.hand
leRequest(CachedAuthenticatedSessionHandler.java:77)
at
io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(Noti
ficationReceiverHandler.java:50)
at
io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.hand
leRequest(AbstractSecurityContextAssociationHandler.java:43)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.
java:43)
at
org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequ
est(JACCContextIdHandler.java:61)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.
java:43)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.
java:43)
at
io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(Servle
tInitialHandler.java:284)
at
io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletIn
itialHandler.java:263)
at
io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitial
Handler.java:81)
at
io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletIn
itialHandler.java:174)
at
io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
at
io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:793)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:11
42)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:6
17)
at java.lang.Thread.run(Thread.java:745)
Only chance to update attribute values is to remove authenticator execution
from the flow, then add it back and set configuration again "for a first
time".
Any idea why the Authenticator configuration setting works for a first time,
but next update rise an exception?
Brano.
Show replies by date