8:29 a.m.
Hi all,
I'm trying to configure KC with LDAP, but some errors are occurring.
First, I configured my LDAP to write in the LDAP server, but for some
reasons I got this error when I try to register an user:
2017-03-08 11:05:28,862 WARN [org.keycloak.services] (default task-6)
KC-SERVICES0013: Failed authentication:
org.keycloak.models.ModelException:
Could not modify attribute for DN [uid=11111111111,dc=zz,dc=dd,dc=aa]
at org.keycloak.federation.ldap.idm.store.ldap.LDAPOperationManager.
modifyAttributes(LDAPOperationManager.java:410)
at org.keycloak.federation.ldap.idm.store.ldap.LDAPOperationManager.
modifyAttributes(LDAPOperationManager.java:104)
at org.keycloak.federation.ldap.idm.store.ldap.
LDAPIdentityStore.update(LDAPIdentityStore.java:105)
at org.keycloak.federation.ldap.mappers.msad.
MSADUserAccountControlMapper$MSADUserModelDelegate.addRequiredAction(
MSADUserAccountControlMapper.java:235)
at org.keycloak.federation.ldap.mappers.msad.
MSADUserAccountControlMapper$MSADUserModelDelegate.addRequiredAction(
MSADUserAccountControlMapper.java:220)
at org.keycloak.models.utils.UserModelDelegate.addRequiredAction(
UserModelDelegate.java:112)
at org.keycloak.authentication.forms.RegistrationPassword.
success(RegistrationPassword.java:101)
at org.keycloak.authentication.FormAuthenticationFlow.processAction(
FormAuthenticationFlow.java:234)
at org.keycloak.authentication.DefaultAuthenticationFlow.
processAction(DefaultAuthenticationFlow.java:76)
at org.keycloak.authentication.AuthenticationProcessor.
authenticationAction(AuthenticationProcessor.java:759)
at org.keycloak.services.resources.LoginActionsService.processFlow(
LoginActionsService.java:356)
at org.keycloak.services.resources.LoginActionsService.
processRegistration(LoginActionsService.java:477)
at org.keycloak.services.resources.LoginActionsService.
processRegister(LoginActionsService.java:535)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(
NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(
DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.jboss.resteasy.core.MethodInjectorImpl.invoke(
MethodInjectorImpl.java:139)
at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(
ResourceMethodInvoker.java:295)
at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(
ResourceMethodInvoker.java:249)
at org.jboss.resteasy.core.ResourceLocatorInvoker.
invokeOnTargetObject(ResourceLocatorInvoker.java:138)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(
ResourceLocatorInvoker.java:101)
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(
SynchronousDispatcher.java:395)
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(
SynchronousDispatcher.java:202)
at org.jboss.resteasy.plugins.server.servlet.
ServletContainerDispatcher.service(ServletContainerDispatcher.java:221)
at org.jboss.resteasy.plugins.server.servlet.
HttpServletDispatcher.service(HttpServletDispatcher.java:56)
at org.jboss.resteasy.plugins.server.servlet.
HttpServletDispatcher.service(HttpServletDispatcher.java:51)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
at io.undertow.servlet.handlers.ServletHandler.handleRequest(
ServletHandler.java:85)
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.
doFilter(FilterHandler.java:129)
at org.keycloak.services.filters.KeycloakSessionServletFilter.
doFilter(KeycloakSessionServletFilter.java:90)
at io.undertow.servlet.core.ManagedFilter.doFilter(
ManagedFilter.java:60)
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.
doFilter(FilterHandler.java:131)
at io.undertow.servlet.handlers.FilterHandler.handleRequest(
FilterHandler.java:84)
at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.
handleRequest(ServletSecurityRoleHandler.java:62)
at io.undertow.servlet.handlers.ServletDispatchingHandler.
handleRequest(ServletDispatchingHandler.java:36)
at org.wildfly.extension.undertow.security.
SecurityContextAssociationHandler.handleRequest(
SecurityContextAssociationHandler.java:78)
at io.undertow.server.handlers.PredicateHandler.handleRequest(
PredicateHandler.java:43)
at io.undertow.servlet.handlers.security.
SSLInformationAssociationHandler.handleRequest(
SSLInformationAssociationHandler.java:131)
at io.undertow.servlet.handlers.security.
ServletAuthenticationCallHandler.handleRequest(
ServletAuthenticationCallHandler.java:57)
at io.undertow.server.handlers.PredicateHandler.handleRequest(
PredicateHandler.java:43)
at io.undertow.security.handlers.AbstractConfidentialityHandler
.handleRequest(AbstractConfidentialityHandler.java:46)
at io.undertow.servlet.handlers.security.
ServletConfidentialityConstraintHandler.handleRequest(
ServletConfidentialityConstraintHandler.java:64)
at io.undertow.security.handlers.AuthenticationMechanismsHandle
r.handleRequest(AuthenticationMechanismsHandler.java:60)
at io.undertow.servlet.handlers.security.
CachedAuthenticatedSessionHandler.handleRequest(
CachedAuthenticatedSessionHandler.java:77)
at io.undertow.security.handlers.NotificationReceiverHandler.
handleRequest(NotificationReceiverHandler.java:50)
at io.undertow.security.handlers.AbstractSecurityContextAssocia
tionHandler.handleRequest(AbstractSecurityContextAssocia
tionHandler.java:43)
at io.undertow.server.handlers.PredicateHandler.handleRequest(
PredicateHandler.java:43)
at org.wildfly.extension.undertow.security.jacc.
JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
at io.undertow.server.handlers.PredicateHandler.handleRequest(
PredicateHandler.java:43)
at io.undertow.server.handlers.PredicateHandler.handleRequest(
PredicateHandler.java:43)
at io.undertow.servlet.handlers.ServletInitialHandler.
handleFirstRequest(ServletInitialHandler.java:284)
at io.undertow.servlet.handlers.ServletInitialHandler.
dispatchRequest(ServletInitialHandler.java:263)
at io.undertow.servlet.handlers.ServletInitialHandler.access$
000(ServletInitialHandler.java:81)
at io.undertow.servlet.handlers.ServletInitialHandler$1.
handleRequest(ServletInitialHandler.java:174)
at io.undertow.server.Connectors.executeRootHandler(Connectors.
java:202)
at io.undertow.server.HttpServerExchange$1.run(
HttpServerExchange.java:793)
at java.util.concurrent.ThreadPoolExecutor.runWorker(
ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(
ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by: javax.naming.directory.InvalidAttributeIdentifierException:
[LDAP: error code 17 - pwdLastSet: attribute type undefined];
remaining
name 'uid=11111111111,dc=zz,dc=dd,dc=aa'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3205)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3082)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2888)
at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1475)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(
ComponentDirContext.java:277)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.
modifyAttributes(PartialCompositeDirContext.java:192)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.
modifyAttributes(PartialCompositeDirContext.java:181)
at javax.naming.directory.InitialDirContext.modifyAttributes(
InitialDirContext.java:167)
at javax.naming.directory.InitialDirContext.modifyAttributes(
InitialDirContext.java:167)
at org.keycloak.federation.ldap.idm.store.ldap.
LDAPOperationManager$6.execute(LDAPOperationManager.java:405)
at org.keycloak.federation.ldap.idm.store.ldap.
LDAPOperationManager$6.execute(LDAPOperationManager.java:402)
at org.keycloak.federation.ldap.idm.store.ldap.
LDAPOperationManager.execute(LDAPOperationManager.java:535)
at org.keycloak.federation.ldap.idm.store.ldap.LDAPOperationManager.
modifyAttributes(LDAPOperationManager.java:402)
... 59 more
2017-03-08 11:05:28,865 WARN [org.keycloak.events] (default task-6)
type=LOGIN_ERROR, realmId=myrealm, clientId=teste-portal,
userId=null,
ipAddress=xxx.xxx.xxx.xxx, error=invalid_user_credentials,
auth_method=openid-connect, auth_type=code, redirect_uri=http://127.0.0.1:
8080/teste-portal/
and then, I got this result in my ldap:
dn: uid=11111111111,dc=zz,dc=dd,dc=aa
givenName:: IA==
uid: 11111111111
objectClass: top
objectClass: inetOrgPerson
objectClass: person
objectClass: organizationalPerson
objectClass: phpgwAccount
objectClass: shadowAccount
sn:: IA==
cn:: IA==
structuralObjectClass: inetOrgPerson
entryUUID: 07f0e7caxxxxxxxxxxx
creatorsName: cn=admin,dc=zz,dc=dd,dc=aa
createTimestamp: 20170308140529Z
entryCSN: 20170308140529.527857Z#000000#000#000000
modifiersName: cn=admin,dc=zz,dc=dd,dc=aa
modifyTimestamp: 20170308140529Z
So, I wrote the uid as 11111111111, but I didn't set the sn, cn and
givenName as 'IA=='. It looks like some problem occurs in my configuration.
please, need help!!
Best Regards,
--
---
*Celso Agra*
2:46 a.m.
Hi,
The error may indicate that you configured "pwdLastSet" attribute mapper
in Keycloak to write into the LDAP, but it looks that writing this
attribute is unsupported. Maybe switch this mapper to read-only will help?
Marek
On 08/03/17 15:29, Celso Agra wrote:
Hi all,
I'm trying to configure KC with LDAP, but some errors are occurring.
First, I configured my LDAP to write in the LDAP server, but for some
reasons I got this error when I try to register an user:
2017-03-08 11:05:28,862 WARN [org.keycloak.services] (default task-6)
> KC-SERVICES0013: Failed authentication: org.keycloak.models.ModelException:
> Could not modify attribute for DN [uid=11111111111,dc=zz,dc=dd,dc=aa]
at org.keycloak.federation.ldap.idm.store.ldap.LDAPOperationManager.
> modifyAttributes(LDAPOperationManager.java:410)
at org.keycloak.federation.ldap.idm.store.ldap.LDAPOperationManager.
> modifyAttributes(LDAPOperationManager.java:104)
at org.keycloak.federation.ldap.idm.store.ldap.
> LDAPIdentityStore.update(LDAPIdentityStore.java:105)
at org.keycloak.federation.ldap.mappers.msad.
> MSADUserAccountControlMapper$MSADUserModelDelegate.addRequiredAction(
> MSADUserAccountControlMapper.java:235)
at org.keycloak.federation.ldap.mappers.msad.
> MSADUserAccountControlMapper$MSADUserModelDelegate.addRequiredAction(
> MSADUserAccountControlMapper.java:220)
at org.keycloak.models.utils.UserModelDelegate.addRequiredAction(
> UserModelDelegate.java:112)
at org.keycloak.authentication.forms.RegistrationPassword.
> success(RegistrationPassword.java:101)
at org.keycloak.authentication.FormAuthenticationFlow.processAction(
> FormAuthenticationFlow.java:234)
at org.keycloak.authentication.DefaultAuthenticationFlow.
> processAction(DefaultAuthenticationFlow.java:76)
at org.keycloak.authentication.AuthenticationProcessor.
> authenticationAction(AuthenticationProcessor.java:759)
at org.keycloak.services.resources.LoginActionsService.processFlow(
> LoginActionsService.java:356)
at org.keycloak.services.resources.LoginActionsService.
> processRegistration(LoginActionsService.java:477)
at org.keycloak.services.resources.LoginActionsService.
> processRegister(LoginActionsService.java:535)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(
> NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(
> DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.jboss.resteasy.core.MethodInjectorImpl.invoke(
> MethodInjectorImpl.java:139)
at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(
> ResourceMethodInvoker.java:295)
at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(
> ResourceMethodInvoker.java:249)
at org.jboss.resteasy.core.ResourceLocatorInvoker.
> invokeOnTargetObject(ResourceLocatorInvoker.java:138)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(
> ResourceLocatorInvoker.java:101)
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(
> SynchronousDispatcher.java:395)
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(
> SynchronousDispatcher.java:202)
at org.jboss.resteasy.plugins.server.servlet.
> ServletContainerDispatcher.service(ServletContainerDispatcher.java:221)
at org.jboss.resteasy.plugins.server.servlet.
> HttpServletDispatcher.service(HttpServletDispatcher.java:56)
at org.jboss.resteasy.plugins.server.servlet.
> HttpServletDispatcher.service(HttpServletDispatcher.java:51)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
at io.undertow.servlet.handlers.ServletHandler.handleRequest(
> ServletHandler.java:85)
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.
> doFilter(FilterHandler.java:129)
at org.keycloak.services.filters.KeycloakSessionServletFilter.
> doFilter(KeycloakSessionServletFilter.java:90)
at io.undertow.servlet.core.ManagedFilter.doFilter(
> ManagedFilter.java:60)
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.
> doFilter(FilterHandler.java:131)
at io.undertow.servlet.handlers.FilterHandler.handleRequest(
> FilterHandler.java:84)
at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.
> handleRequest(ServletSecurityRoleHandler.java:62)
at io.undertow.servlet.handlers.ServletDispatchingHandler.
> handleRequest(ServletDispatchingHandler.java:36)
at org.wildfly.extension.undertow.security.
> SecurityContextAssociationHandler.handleRequest(
> SecurityContextAssociationHandler.java:78)
at io.undertow.server.handlers.PredicateHandler.handleRequest(
> PredicateHandler.java:43)
at io.undertow.servlet.handlers.security.
> SSLInformationAssociationHandler.handleRequest(
> SSLInformationAssociationHandler.java:131)
at io.undertow.servlet.handlers.security.
> ServletAuthenticationCallHandler.handleRequest(
> ServletAuthenticationCallHandler.java:57)
at io.undertow.server.handlers.PredicateHandler.handleRequest(
> PredicateHandler.java:43)
at io.undertow.security.handlers.AbstractConfidentialityHandler
> .handleRequest(AbstractConfidentialityHandler.java:46)
at io.undertow.servlet.handlers.security.
> ServletConfidentialityConstraintHandler.handleRequest(
> ServletConfidentialityConstraintHandler.java:64)
at io.undertow.security.handlers.AuthenticationMechanismsHandle
> r.handleRequest(AuthenticationMechanismsHandler.java:60)
at io.undertow.servlet.handlers.security.
> CachedAuthenticatedSessionHandler.handleRequest(
> CachedAuthenticatedSessionHandler.java:77)
at io.undertow.security.handlers.NotificationReceiverHandler.
> handleRequest(NotificationReceiverHandler.java:50)
at io.undertow.security.handlers.AbstractSecurityContextAssocia
> tionHandler.handleRequest(AbstractSecurityContextAssocia
> tionHandler.java:43)
at io.undertow.server.handlers.PredicateHandler.handleRequest(
> PredicateHandler.java:43)
at org.wildfly.extension.undertow.security.jacc.
> JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
at io.undertow.server.handlers.PredicateHandler.handleRequest(
> PredicateHandler.java:43)
at io.undertow.server.handlers.PredicateHandler.handleRequest(
> PredicateHandler.java:43)
at io.undertow.servlet.handlers.ServletInitialHandler.
> handleFirstRequest(ServletInitialHandler.java:284)
at io.undertow.servlet.handlers.ServletInitialHandler.
> dispatchRequest(ServletInitialHandler.java:263)
at io.undertow.servlet.handlers.ServletInitialHandler.access$
> 000(ServletInitialHandler.java:81)
at io.undertow.servlet.handlers.ServletInitialHandler$1.
> handleRequest(ServletInitialHandler.java:174)
at io.undertow.server.Connectors.executeRootHandler(Connectors.
> java:202)
at io.undertow.server.HttpServerExchange$1.run(
> HttpServerExchange.java:793)
at java.util.concurrent.ThreadPoolExecutor.runWorker(
> ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(
> ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by: javax.naming.directory.InvalidAttributeIdentifierException:
> [LDAP: error code 17 - pwdLastSet: attribute type undefined]; remaining
> name 'uid=11111111111,dc=zz,dc=dd,dc=aa'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3205)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3082)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2888)
at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1475)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(
> ComponentDirContext.java:277)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.
> modifyAttributes(PartialCompositeDirContext.java:192)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.
> modifyAttributes(PartialCompositeDirContext.java:181)
at javax.naming.directory.InitialDirContext.modifyAttributes(
> InitialDirContext.java:167)
at javax.naming.directory.InitialDirContext.modifyAttributes(
> InitialDirContext.java:167)
at org.keycloak.federation.ldap.idm.store.ldap.
> LDAPOperationManager$6.execute(LDAPOperationManager.java:405)
at org.keycloak.federation.ldap.idm.store.ldap.
> LDAPOperationManager$6.execute(LDAPOperationManager.java:402)
at org.keycloak.federation.ldap.idm.store.ldap.
> LDAPOperationManager.execute(LDAPOperationManager.java:535)
at org.keycloak.federation.ldap.idm.store.ldap.LDAPOperationManager.
> modifyAttributes(LDAPOperationManager.java:402)
... 59 more
2017-03-08 11:05:28,865 WARN [org.keycloak.events] (default task-6)
> type=LOGIN_ERROR, realmId=myrealm, clientId=teste-portal, userId=null,
> ipAddress=xxx.xxx.xxx.xxx, error=invalid_user_credentials,
> auth_method=openid-connect, auth_type=code, redirect_uri=http://127.0.0.1:
> 8080/teste-portal/
and then, I got this result in my ldap:
dn: uid=11111111111,dc=zz,dc=dd,dc=aa
givenName:: IA==
uid: 11111111111
objectClass: top
objectClass: inetOrgPerson
objectClass: person
objectClass: organizationalPerson
objectClass: phpgwAccount
objectClass: shadowAccount
sn:: IA==
cn:: IA==
structuralObjectClass: inetOrgPerson
entryUUID: 07f0e7caxxxxxxxxxxx
creatorsName: cn=admin,dc=zz,dc=dd,dc=aa
createTimestamp: 20170308140529Z
entryCSN: 20170308140529.527857Z#000000#000#000000
modifiersName: cn=admin,dc=zz,dc=dd,dc=aa
modifyTimestamp: 20170308140529Z
So, I wrote the uid as 11111111111, but I didn't set the sn, cn and
givenName as 'IA=='. It looks like some problem occurs in my configuration.
please, need help!!
Best Regards,
6:47 a.m.
Got it!
But I haven't seen the pwdLastSet here in my LDAP`mappers. I'm using the
"Edit Mode" as WRITABLE, but I'm not setting this attribute.
Here is my attributes:
cn
MSAD account controls
cpf
creation date
email
first name
last name
modify date
phpgwAccountStatus
username
Thanks!!
Best Regards,
Celso Agra
2017-03-09 5:46 GMT-03:00 Marek Posolda <mposolda(a)redhat.com>:
Hi,
The error may indicate that you configured "pwdLastSet" attribute mapper
in Keycloak to write into the LDAP, but it looks that writing this
attribute is unsupported. Maybe switch this mapper to read-only will help?
Marek
On 08/03/17 15:29, Celso Agra wrote:
> Hi all,
>
> I'm trying to configure KC with LDAP, but some errors are occurring.
> First, I configured my LDAP to write in the LDAP server, but for some
> reasons I got this error when I try to register an user:
>
> 2017-03-08 11:05:28,862 WARN [org.keycloak.services] (default task-6)
>
>> KC-SERVICES0013: Failed authentication: org.keycloak.models.ModelExcep
>> tion:
>> Could not modify attribute for DN [uid=11111111111,dc=zz,dc=dd,dc=aa]
>>
> at org.keycloak.federation.ldap.idm.store.ldap.LDAPOperationMan
> ager.
>
>> modifyAttributes(LDAPOperationManager.java:410)
>>
> at org.keycloak.federation.ldap.idm.store.ldap.LDAPOperationMan
> ager.
>
>> modifyAttributes(LDAPOperationManager.java:104)
>>
> at org.keycloak.federation.ldap.idm.store.ldap.
>
>> LDAPIdentityStore.update(LDAPIdentityStore.java:105)
>>
> at org.keycloak.federation.ldap.mappers.msad.
>
>> MSADUserAccountControlMapper$MSADUserModelDelegate.addRequiredAction(
>> MSADUserAccountControlMapper.java:235)
>>
> at org.keycloak.federation.ldap.mappers.msad.
>
>> MSADUserAccountControlMapper$MSADUserModelDelegate.addRequiredAction(
>> MSADUserAccountControlMapper.java:220)
>>
> at org.keycloak.models.utils.UserModelDelegate.addRequiredActio
> n(
>
>> UserModelDelegate.java:112)
>>
> at org.keycloak.authentication.forms.RegistrationPassword.
>
>> success(RegistrationPassword.java:101)
>>
> at org.keycloak.authentication.FormAuthenticationFlow.processAc
> tion(
>
>> FormAuthenticationFlow.java:234)
>>
> at org.keycloak.authentication.DefaultAuthenticationFlow.
>
>> processAction(DefaultAuthenticationFlow.java:76)
>>
> at org.keycloak.authentication.AuthenticationProcessor.
>
>> authenticationAction(AuthenticationProcessor.java:759)
>>
> at org.keycloak.services.resources.LoginActionsService.processF
> low(
>
>> LoginActionsService.java:356)
>>
> at org.keycloak.services.resources.LoginActionsService.
>
>> processRegistration(LoginActionsService.java:477)
>>
> at org.keycloak.services.resources.LoginActionsService.
>
>> processRegister(LoginActionsService.java:535)
>>
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>
> at sun.reflect.NativeMethodAccessorImpl.invoke(
>
>> NativeMethodAccessorImpl.java:62)
>>
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(
>
>> DelegatingMethodAccessorImpl.java:43)
>>
> at java.lang.reflect.Method.invoke(Method.java:498)
>
> at org.jboss.resteasy.core.MethodInjectorImpl.invoke(
>
>> MethodInjectorImpl.java:139)
>>
> at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(
>
>> ResourceMethodInvoker.java:295)
>>
> at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(
>
>> ResourceMethodInvoker.java:249)
>>
> at org.jboss.resteasy.core.ResourceLocatorInvoker.
>
>> invokeOnTargetObject(ResourceLocatorInvoker.java:138)
>>
> at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(
>
>> ResourceLocatorInvoker.java:101)
>>
> at org.jboss.resteasy.core.SynchronousDispatcher.invoke(
>
>> SynchronousDispatcher.java:395)
>>
> at org.jboss.resteasy.core.SynchronousDispatcher.invoke(
>
>> SynchronousDispatcher.java:202)
>>
> at org.jboss.resteasy.plugins.server.servlet.
>
>> ServletContainerDispatcher.service(ServletContainerDispatcher.java:221)
>>
> at org.jboss.resteasy.plugins.server.servlet.
>
>> HttpServletDispatcher.service(HttpServletDispatcher.java:56)
>>
> at org.jboss.resteasy.plugins.server.servlet.
>
>> HttpServletDispatcher.service(HttpServletDispatcher.java:51)
>>
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
>
> at io.undertow.servlet.handlers.ServletHandler.handleRequest(
>
>> ServletHandler.java:85)
>>
> at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.
>
>> doFilter(FilterHandler.java:129)
>>
> at org.keycloak.services.filters.KeycloakSessionServletFilter.
>
>> doFilter(KeycloakSessionServletFilter.java:90)
>>
> at io.undertow.servlet.core.ManagedFilter.doFilter(
>
>> ManagedFilter.java:60)
>>
> at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.
>
>> doFilter(FilterHandler.java:131)
>>
> at io.undertow.servlet.handlers.FilterHandler.handleRequest(
>
>> FilterHandler.java:84)
>>
> at io.undertow.servlet.handlers.security.ServletSecurityRoleHan
> dler.
>
>> handleRequest(ServletSecurityRoleHandler.java:62)
>>
> at io.undertow.servlet.handlers.ServletDispatchingHandler.
>
>> handleRequest(ServletDispatchingHandler.java:36)
>>
> at org.wildfly.extension.undertow.security.
>
>> SecurityContextAssociationHandler.handleRequest(
>> SecurityContextAssociationHandler.java:78)
>>
> at io.undertow.server.handlers.PredicateHandler.handleRequest(
>
>> PredicateHandler.java:43)
>>
> at io.undertow.servlet.handlers.security.
>
>> SSLInformationAssociationHandler.handleRequest(
>> SSLInformationAssociationHandler.java:131)
>>
> at io.undertow.servlet.handlers.security.
>
>> ServletAuthenticationCallHandler.handleRequest(
>> ServletAuthenticationCallHandler.java:57)
>>
> at io.undertow.server.handlers.PredicateHandler.handleRequest(
>
>> PredicateHandler.java:43)
>>
> at io.undertow.security.handlers.AbstractConfidentialityHandler
>
>> .handleRequest(AbstractConfidentialityHandler.java:46)
>>
> at io.undertow.servlet.handlers.security.
>
>> ServletConfidentialityConstraintHandler.handleRequest(
>> ServletConfidentialityConstraintHandler.java:64)
>>
> at io.undertow.security.handlers.AuthenticationMechanismsHandle
>
>> r.handleRequest(AuthenticationMechanismsHandler.java:60)
>>
> at io.undertow.servlet.handlers.security.
>
>> CachedAuthenticatedSessionHandler.handleRequest(
>> CachedAuthenticatedSessionHandler.java:77)
>>
> at io.undertow.security.handlers.NotificationReceiverHandler.
>
>> handleRequest(NotificationReceiverHandler.java:50)
>>
> at io.undertow.security.handlers.AbstractSecurityContextAssocia
>
>> tionHandler.handleRequest(AbstractSecurityContextAssocia
>> tionHandler.java:43)
>>
> at io.undertow.server.handlers.PredicateHandler.handleRequest(
>
>> PredicateHandler.java:43)
>>
> at org.wildfly.extension.undertow.security.jacc.
>
>> JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
>>
> at io.undertow.server.handlers.PredicateHandler.handleRequest(
>
>> PredicateHandler.java:43)
>>
> at io.undertow.server.handlers.PredicateHandler.handleRequest(
>
>> PredicateHandler.java:43)
>>
> at io.undertow.servlet.handlers.ServletInitialHandler.
>
>> handleFirstRequest(ServletInitialHandler.java:284)
>>
> at io.undertow.servlet.handlers.ServletInitialHandler.
>
>> dispatchRequest(ServletInitialHandler.java:263)
>>
> at io.undertow.servlet.handlers.ServletInitialHandler.access$
>
>> 000(ServletInitialHandler.java:81)
>>
> at io.undertow.servlet.handlers.ServletInitialHandler$1.
>
>> handleRequest(ServletInitialHandler.java:174)
>>
> at io.undertow.server.Connectors.executeRootHandler(Connectors.
>
>> java:202)
>>
> at io.undertow.server.HttpServerExchange$1.run(
>
>> HttpServerExchange.java:793)
>>
> at java.util.concurrent.ThreadPoolExecutor.runWorker(
>
>> ThreadPoolExecutor.java:1142)
>>
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(
>
>> ThreadPoolExecutor.java:617)
>>
> at java.lang.Thread.run(Thread.java:745)
>
> Caused by: javax.naming.directory.InvalidAttributeIdentifierException:
>
>> [LDAP: error code 17 - pwdLastSet: attribute type undefined]; remaining
>> name 'uid=11111111111,dc=zz,dc=dd,dc=aa'
>>
> at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3205)
>
> at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:
> 3082)
>
> at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:
> 2888)
>
> at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:14
> 75)
>
> at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttribu
> tes(
>
>> ComponentDirContext.java:277)
>>
> at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.
>
>> modifyAttributes(PartialCompositeDirContext.java:192)
>>
> at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.
>
>> modifyAttributes(PartialCompositeDirContext.java:181)
>>
> at javax.naming.directory.InitialDirContext.modifyAttributes(
>
>> InitialDirContext.java:167)
>>
> at javax.naming.directory.InitialDirContext.modifyAttributes(
>
>> InitialDirContext.java:167)
>>
> at org.keycloak.federation.ldap.idm.store.ldap.
>
>> LDAPOperationManager$6.execute(LDAPOperationManager.java:405)
>>
> at org.keycloak.federation.ldap.idm.store.ldap.
>
>> LDAPOperationManager$6.execute(LDAPOperationManager.java:402)
>>
> at org.keycloak.federation.ldap.idm.store.ldap.
>
>> LDAPOperationManager.execute(LDAPOperationManager.java:535)
>>
> at org.keycloak.federation.ldap.idm.store.ldap.LDAPOperationMan
> ager.
>
>> modifyAttributes(LDAPOperationManager.java:402)
>>
> ... 59 more
>
> 2017-03-08 11:05:28,865 WARN [org.keycloak.events] (default task-6)
>
>> type=LOGIN_ERROR, realmId=myrealm, clientId=teste-portal, userId=null,
>> ipAddress=xxx.xxx.xxx.xxx, error=invalid_user_credentials,
>> auth_method=openid-connect, auth_type=code, redirect_uri=
>> http://127.0.0.1:
>> 8080/teste-portal/
>>
>
> and then, I got this result in my ldap:
>
> dn: uid=11111111111,dc=zz,dc=dd,dc=aa
>
> givenName:: IA==
>
> uid: 11111111111
>
> objectClass: top
>
> objectClass: inetOrgPerson
>
> objectClass: person
>
> objectClass: organizationalPerson
>
> objectClass: phpgwAccount
>
> objectClass: shadowAccount
>
> sn:: IA==
>
> cn:: IA==
>
> structuralObjectClass: inetOrgPerson
>
> entryUUID: 07f0e7caxxxxxxxxxxx
>
> creatorsName: cn=admin,dc=zz,dc=dd,dc=aa
>
> createTimestamp: 20170308140529Z
>
> entryCSN: 20170308140529.527857Z#000000#000#000000
>
> modifiersName: cn=admin,dc=zz,dc=dd,dc=aa
>
> modifyTimestamp: 20170308140529Z
>
>
> So, I wrote the uid as 11111111111, but I didn't set the sn, cn and
> givenName as 'IA=='. It looks like some problem occurs in my
> configuration.
>
> please, need help!!
>
>
> Best Regards,
>
>
--
---
*Celso Agra*
9:03 a.m.
Hi,
I solved this error, just removing the MSAD account controls, but now I'm
getting a new error, when I finished my registration:
here is the log:
2017-03-09 11:58:00,375 ERROR [io.undertow.request] (default task-1)
UT005023: Exception handling request to
/auth/realms/myrealm/login-actions/required-action:
org.jboss.resteasy.spi.UnhandledException: java.lang.NullPointerException
at
org.jboss.resteasy.core.ExceptionHandler.handleApplicationException(ExceptionHandler.java:76)
at
org.jboss.resteasy.core.ExceptionHandler.handleException(ExceptionHandler.java:212)
at
org.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:168)
at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:411)
at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:202)
at
org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:221)
at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
at
io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
at
org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:90)
at
io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)
at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
at
io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
at
io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
at
io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
at
org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
at
io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
at
io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
at
io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
at
io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
at
io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
at
io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:284)
at
io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:263)
at
io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
at
io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:174)
at
io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
at
io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:793)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.NullPointerException
at org.keycloak.events.EventBuilder.user(EventBuilder.java:103)
at
org.keycloak.services.resources.LoginActionsService.initEvent(LoginActionsService.java:815)
at
org.keycloak.services.resources.LoginActionsService.access$500(LoginActionsService.java:88)
at
org.keycloak.services.resources.LoginActionsService$Checks.verifyRequiredAction(LoginActionsService.java:297)
at
org.keycloak.services.resources.LoginActionsService.processRequireAction(LoginActionsService.java:853)
at
org.keycloak.services.resources.LoginActionsService.requiredActionGET(LoginActionsService.java:846)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at
org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:139)
at
org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:295)
at
org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:249)
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:138)
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:101)
at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:395)
... 37 more
2017-03-09 9:47 GMT-03:00 Celso Agra <celso.agra(a)gmail.com>:
Got it!
But I haven't seen the pwdLastSet here in my LDAP`mappers. I'm using the
"Edit Mode" as WRITABLE, but I'm not setting this attribute.
Here is my attributes:
> cn
> MSAD account controls
> cpf
> creation date
> email
> first name
> last name
> modify date
> phpgwAccountStatus
> username
Thanks!!
Best Regards,
Celso Agra
2017-03-09 5:46 GMT-03:00 Marek Posolda <mposolda(a)redhat.com>:
> Hi,
>
> The error may indicate that you configured "pwdLastSet" attribute mapper
> in Keycloak to write into the LDAP, but it looks that writing this
> attribute is unsupported. Maybe switch this mapper to read-only will help?
>
> Marek
>
>
> On 08/03/17 15:29, Celso Agra wrote:
>
>> Hi all,
>>
>> I'm trying to configure KC with LDAP, but some errors are occurring.
>> First, I configured my LDAP to write in the LDAP server, but for some
>> reasons I got this error when I try to register an user:
>>
>> 2017-03-08 11:05:28,862 WARN [org.keycloak.services] (default task-6)
>>
>>> KC-SERVICES0013: Failed authentication: org.keycloak.models.ModelExcep
>>> tion:
>>> Could not modify attribute for DN [uid=11111111111,dc=zz,dc=dd,dc=aa]
>>>
>> at org.keycloak.federation.ldap.idm.store.ldap.LDAPOperationMan
>> ager.
>>
>>> modifyAttributes(LDAPOperationManager.java:410)
>>>
>> at org.keycloak.federation.ldap.idm.store.ldap.LDAPOperationMan
>> ager.
>>
>>> modifyAttributes(LDAPOperationManager.java:104)
>>>
>> at org.keycloak.federation.ldap.idm.store.ldap.
>>
>>> LDAPIdentityStore.update(LDAPIdentityStore.java:105)
>>>
>> at org.keycloak.federation.ldap.mappers.msad.
>>
>>> MSADUserAccountControlMapper$MSADUserModelDelegate.addRequiredAction(
>>> MSADUserAccountControlMapper.java:235)
>>>
>> at org.keycloak.federation.ldap.mappers.msad.
>>
>>> MSADUserAccountControlMapper$MSADUserModelDelegate.addRequiredAction(
>>> MSADUserAccountControlMapper.java:220)
>>>
>> at org.keycloak.models.utils.UserModelDelegate.addRequiredActio
>> n(
>>
>>> UserModelDelegate.java:112)
>>>
>> at org.keycloak.authentication.forms.RegistrationPassword.
>>
>>> success(RegistrationPassword.java:101)
>>>
>> at org.keycloak.authentication.FormAuthenticationFlow.processAc
>> tion(
>>
>>> FormAuthenticationFlow.java:234)
>>>
>> at org.keycloak.authentication.DefaultAuthenticationFlow.
>>
>>> processAction(DefaultAuthenticationFlow.java:76)
>>>
>> at org.keycloak.authentication.AuthenticationProcessor.
>>
>>> authenticationAction(AuthenticationProcessor.java:759)
>>>
>> at org.keycloak.services.resources.LoginActionsService.processF
>> low(
>>
>>> LoginActionsService.java:356)
>>>
>> at org.keycloak.services.resources.LoginActionsService.
>>
>>> processRegistration(LoginActionsService.java:477)
>>>
>> at org.keycloak.services.resources.LoginActionsService.
>>
>>> processRegister(LoginActionsService.java:535)
>>>
>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>
>> at sun.reflect.NativeMethodAccessorImpl.invoke(
>>
>>> NativeMethodAccessorImpl.java:62)
>>>
>> at sun.reflect.DelegatingMethodAccessorImpl.invoke(
>>
>>> DelegatingMethodAccessorImpl.java:43)
>>>
>> at java.lang.reflect.Method.invoke(Method.java:498)
>>
>> at org.jboss.resteasy.core.MethodInjectorImpl.invoke(
>>
>>> MethodInjectorImpl.java:139)
>>>
>> at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget
>> (
>>
>>> ResourceMethodInvoker.java:295)
>>>
>> at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(
>>
>>> ResourceMethodInvoker.java:249)
>>>
>> at org.jboss.resteasy.core.ResourceLocatorInvoker.
>>
>>> invokeOnTargetObject(ResourceLocatorInvoker.java:138)
>>>
>> at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(
>>
>>> ResourceLocatorInvoker.java:101)
>>>
>> at org.jboss.resteasy.core.SynchronousDispatcher.invoke(
>>
>>> SynchronousDispatcher.java:395)
>>>
>> at org.jboss.resteasy.core.SynchronousDispatcher.invoke(
>>
>>> SynchronousDispatcher.java:202)
>>>
>> at org.jboss.resteasy.plugins.server.servlet.
>>
>>> ServletContainerDispatcher.service(ServletContainerDispatcher.java:221)
>>>
>> at org.jboss.resteasy.plugins.server.servlet.
>>
>>> HttpServletDispatcher.service(HttpServletDispatcher.java:56)
>>>
>> at org.jboss.resteasy.plugins.server.servlet.
>>
>>> HttpServletDispatcher.service(HttpServletDispatcher.java:51)
>>>
>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
>>
>> at io.undertow.servlet.handlers.ServletHandler.handleRequest(
>>
>>> ServletHandler.java:85)
>>>
>> at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.
>>
>>> doFilter(FilterHandler.java:129)
>>>
>> at org.keycloak.services.filters.KeycloakSessionServletFilter.
>>
>>> doFilter(KeycloakSessionServletFilter.java:90)
>>>
>> at io.undertow.servlet.core.ManagedFilter.doFilter(
>>
>>> ManagedFilter.java:60)
>>>
>> at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.
>>
>>> doFilter(FilterHandler.java:131)
>>>
>> at io.undertow.servlet.handlers.FilterHandler.handleRequest(
>>
>>> FilterHandler.java:84)
>>>
>> at io.undertow.servlet.handlers.security.ServletSecurityRoleHan
>> dler.
>>
>>> handleRequest(ServletSecurityRoleHandler.java:62)
>>>
>> at io.undertow.servlet.handlers.ServletDispatchingHandler.
>>
>>> handleRequest(ServletDispatchingHandler.java:36)
>>>
>> at org.wildfly.extension.undertow.security.
>>
>>> SecurityContextAssociationHandler.handleRequest(
>>> SecurityContextAssociationHandler.java:78)
>>>
>> at io.undertow.server.handlers.PredicateHandler.handleRequest(
>>
>>> PredicateHandler.java:43)
>>>
>> at io.undertow.servlet.handlers.security.
>>
>>> SSLInformationAssociationHandler.handleRequest(
>>> SSLInformationAssociationHandler.java:131)
>>>
>> at io.undertow.servlet.handlers.security.
>>
>>> ServletAuthenticationCallHandler.handleRequest(
>>> ServletAuthenticationCallHandler.java:57)
>>>
>> at io.undertow.server.handlers.PredicateHandler.handleRequest(
>>
>>> PredicateHandler.java:43)
>>>
>> at io.undertow.security.handlers.AbstractConfidentialityHandler
>>
>>> .handleRequest(AbstractConfidentialityHandler.java:46)
>>>
>> at io.undertow.servlet.handlers.security.
>>
>>> ServletConfidentialityConstraintHandler.handleRequest(
>>> ServletConfidentialityConstraintHandler.java:64)
>>>
>> at io.undertow.security.handlers.AuthenticationMechanismsHandle
>>
>>> r.handleRequest(AuthenticationMechanismsHandler.java:60)
>>>
>> at io.undertow.servlet.handlers.security.
>>
>>> CachedAuthenticatedSessionHandler.handleRequest(
>>> CachedAuthenticatedSessionHandler.java:77)
>>>
>> at io.undertow.security.handlers.NotificationReceiverHandler.
>>
>>> handleRequest(NotificationReceiverHandler.java:50)
>>>
>> at io.undertow.security.handlers.AbstractSecurityContextAssocia
>>
>>> tionHandler.handleRequest(AbstractSecurityContextAssocia
>>> tionHandler.java:43)
>>>
>> at io.undertow.server.handlers.PredicateHandler.handleRequest(
>>
>>> PredicateHandler.java:43)
>>>
>> at org.wildfly.extension.undertow.security.jacc.
>>
>>> JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
>>>
>> at io.undertow.server.handlers.PredicateHandler.handleRequest(
>>
>>> PredicateHandler.java:43)
>>>
>> at io.undertow.server.handlers.PredicateHandler.handleRequest(
>>
>>> PredicateHandler.java:43)
>>>
>> at io.undertow.servlet.handlers.ServletInitialHandler.
>>
>>> handleFirstRequest(ServletInitialHandler.java:284)
>>>
>> at io.undertow.servlet.handlers.ServletInitialHandler.
>>
>>> dispatchRequest(ServletInitialHandler.java:263)
>>>
>> at io.undertow.servlet.handlers.ServletInitialHandler.access$
>>
>>> 000(ServletInitialHandler.java:81)
>>>
>> at io.undertow.servlet.handlers.ServletInitialHandler$1.
>>
>>> handleRequest(ServletInitialHandler.java:174)
>>>
>> at io.undertow.server.Connectors.executeRootHandler(Connectors.
>>
>>> java:202)
>>>
>> at io.undertow.server.HttpServerExchange$1.run(
>>
>>> HttpServerExchange.java:793)
>>>
>> at java.util.concurrent.ThreadPoolExecutor.runWorker(
>>
>>> ThreadPoolExecutor.java:1142)
>>>
>> at java.util.concurrent.ThreadPoolExecutor$Worker.run(
>>
>>> ThreadPoolExecutor.java:617)
>>>
>> at java.lang.Thread.run(Thread.java:745)
>>
>> Caused by: javax.naming.directory.InvalidAttributeIdentifierException:
>>
>>> [LDAP: error code 17 - pwdLastSet: attribute type undefined]; remaining
>>> name 'uid=11111111111,dc=zz,dc=dd,dc=aa'
>>>
>> at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3205)
>>
>> at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:308
>> 2)
>>
>> at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:288
>> 8)
>>
>> at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:14
>> 75)
>>
>> at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttribu
>> tes(
>>
>>> ComponentDirContext.java:277)
>>>
>> at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.
>>
>>> modifyAttributes(PartialCompositeDirContext.java:192)
>>>
>> at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.
>>
>>> modifyAttributes(PartialCompositeDirContext.java:181)
>>>
>> at javax.naming.directory.InitialDirContext.modifyAttributes(
>>
>>> InitialDirContext.java:167)
>>>
>> at javax.naming.directory.InitialDirContext.modifyAttributes(
>>
>>> InitialDirContext.java:167)
>>>
>> at org.keycloak.federation.ldap.idm.store.ldap.
>>
>>> LDAPOperationManager$6.execute(LDAPOperationManager.java:405)
>>>
>> at org.keycloak.federation.ldap.idm.store.ldap.
>>
>>> LDAPOperationManager$6.execute(LDAPOperationManager.java:402)
>>>
>> at org.keycloak.federation.ldap.idm.store.ldap.
>>
>>> LDAPOperationManager.execute(LDAPOperationManager.java:535)
>>>
>> at org.keycloak.federation.ldap.idm.store.ldap.LDAPOperationMan
>> ager.
>>
>>> modifyAttributes(LDAPOperationManager.java:402)
>>>
>> ... 59 more
>>
>> 2017-03-08 11:05:28,865 WARN [org.keycloak.events] (default task-6)
>>
>>> type=LOGIN_ERROR, realmId=myrealm, clientId=teste-portal, userId=null,
>>> ipAddress=xxx.xxx.xxx.xxx, error=invalid_user_credentials,
>>> auth_method=openid-connect, auth_type=code, redirect_uri=
>>> http://127.0.0.1:
>>> 8080/teste-portal/
>>>
>>
>> and then, I got this result in my ldap:
>>
>> dn: uid=11111111111,dc=zz,dc=dd,dc=aa
>>
>> givenName:: IA==
>>
>> uid: 11111111111
>>
>> objectClass: top
>>
>> objectClass: inetOrgPerson
>>
>> objectClass: person
>>
>> objectClass: organizationalPerson
>>
>> objectClass: phpgwAccount
>>
>> objectClass: shadowAccount
>>
>> sn:: IA==
>>
>> cn:: IA==
>>
>> structuralObjectClass: inetOrgPerson
>>
>> entryUUID: 07f0e7caxxxxxxxxxxx
>>
>> creatorsName: cn=admin,dc=zz,dc=dd,dc=aa
>>
>> createTimestamp: 20170308140529Z
>>
>> entryCSN: 20170308140529.527857Z#000000#000#000000
>>
>> modifiersName: cn=admin,dc=zz,dc=dd,dc=aa
>>
>> modifyTimestamp: 20170308140529Z
>>
>>
>> So, I wrote the uid as 11111111111, but I didn't set the sn, cn and
>> givenName as 'IA=='. It looks like some problem occurs in my
>> configuration.
>>
>> please, need help!!
>>
>>
>> Best Regards,
>>
>>
>
--
---
*Celso Agra*
--
---
*Celso Agra*
4:41 a.m.
This looks like bad LDAP mapping for username and UUID. Which LDAP are
you using btv?
Marek
On 09/03/17 16:03, Celso Agra wrote:
Hi,
I solved this error, just removing the MSAD account controls, but now
I'm getting a new error, when I finished my registration:
here is the log:
2017-03-09 11:58:00,375 ERROR [io.undertow.request] (default
task-1) UT005023: Exception handling request to
/auth/realms/myrealm/login-actions/required-action:
org.jboss.resteasy.spi.UnhandledException:
java.lang.NullPointerException
at
org.jboss.resteasy.core.ExceptionHandler.handleApplicationException(ExceptionHandler.java:76)
at
org.jboss.resteasy.core.ExceptionHandler.handleException(ExceptionHandler.java:212)
at
org.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:168)
at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:411)
at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:202)
at
org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:221)
at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
at
javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
at
io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
at
org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:90)
at
io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)
at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
at
io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
at
io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
at
io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
at
org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
at
io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
at
io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
at
io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
at
io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
at
io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
at
io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:284)
at
io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:263)
at
io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
at
io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:174)
at
io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
at
io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:793)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.NullPointerException
at
org.keycloak.events.EventBuilder.user(EventBuilder.java:103)
at
org.keycloak.services.resources.LoginActionsService.initEvent(LoginActionsService.java:815)
at
org.keycloak.services.resources.LoginActionsService.access$500(LoginActionsService.java:88)
at
org.keycloak.services.resources.LoginActionsService$Checks.verifyRequiredAction(LoginActionsService.java:297)
at
org.keycloak.services.resources.LoginActionsService.processRequireAction(LoginActionsService.java:853)
at
org.keycloak.services.resources.LoginActionsService.requiredActionGET(LoginActionsService.java:846)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at
org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:139)
at
org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:295)
at
org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:249)
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:138)
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:101)
at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:395)
... 37 more
2017-03-09 9:47 GMT-03:00 Celso Agra <celso.agra(a)gmail.com
<mailto:celso.agra@gmail.com>>:
Got it!
But I haven't seen the pwdLastSet here in my LDAP`mappers. I'm
using the "Edit Mode" as WRITABLE, but I'm not setting this attribute.
Here is my attributes:
cn
MSAD account controls
cpf
creation date
email
first name
last name
modify date
phpgwAccountStatus
username
Thanks!!
Best Regards,
Celso Agra
2017-03-09 5:46 GMT-03:00 Marek Posolda <mposolda(a)redhat.com
<mailto:mposolda@redhat.com>>:
Hi,
The error may indicate that you configured "pwdLastSet"
attribute mapper in Keycloak to write into the LDAP, but it
looks that writing this attribute is unsupported. Maybe switch
this mapper to read-only will help?
Marek
On 08/03/17 15:29, Celso Agra wrote:
Hi all,
I'm trying to configure KC with LDAP, but some errors are
occurring.
First, I configured my LDAP to write in the LDAP server,
but for some
reasons I got this error when I try to register an user:
2017-03-08 11:05:28,862 WARN [org.keycloak.services]
(default task-6)
KC-SERVICES0013: Failed authentication:
org.keycloak.models.ModelException:
Could not modify attribute for DN
[uid=11111111111,dc=zz,dc=dd,dc=aa]
at
org.keycloak.federation.ldap.idm.store.ldap.LDAPOperationManager.
modifyAttributes(LDAPOperationManager.java:410)
at
org.keycloak.federation.ldap.idm.store.ldap.LDAPOperationManager.
modifyAttributes(LDAPOperationManager.java:104)
at org.keycloak.federation.ldap.idm.store.ldap.
LDAPIdentityStore.update(LDAPIdentityStore.java:105)
at org.keycloak.federation.ldap.mappers.msad.
MSADUserAccountControlMapper$MSADUserModelDelegate.addRequiredAction(
MSADUserAccountControlMapper.java:235)
at org.keycloak.federation.ldap.mappers.msad.
MSADUserAccountControlMapper$MSADUserModelDelegate.addRequiredAction(
MSADUserAccountControlMapper.java:220)
at
org.keycloak.models.utils.UserModelDelegate.addRequiredAction(
UserModelDelegate.java:112)
at org.keycloak.authentication.fo
<http://org.keycloak.authentication.fo>rms.RegistrationPassword.
success(RegistrationPassword.java:101)
at org.keycloak.authentication.Fo
<http://org.keycloak.authentication.Fo>rmAuthenticationFlow.processAction(
FormAuthenticationFlow.java:234)
at org.keycloak.authentication.De
<http://org.keycloak.authentication.De>faultAuthenticationFlow.
processAction(DefaultAuthenticationFlow.java:76)
at org.keycloak.authentication.Au
<http://org.keycloak.authentication.Au>thenticationProcessor.
authenticationAction(AuthenticationProcessor.java:759)
at
org.keycloak.services.resources.LoginActionsService.processFlow(
LoginActionsService.java:356)
at
org.keycloak.services.resources.LoginActionsService.
processRegistration(LoginActionsService.java:477)
at
org.keycloak.services.resources.LoginActionsService.
processRegister(LoginActionsService.java:535)
at
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(
NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(
DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.jboss.resteasy.core.MethodInjectorImpl.invoke(
MethodInjectorImpl.java:139)
at
org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(
ResourceMethodInvoker.java:295)
at
org.jboss.resteasy.core.ResourceMethodInvoker.invoke(
ResourceMethodInvoker.java:249)
at org.jboss.resteasy.core.ResourceLocatorInvoker.
invokeOnTargetObject(ResourceLocatorInvoker.java:138)
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(
ResourceLocatorInvoker.java:101)
at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(
SynchronousDispatcher.java:395)
at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(
SynchronousDispatcher.java:202)
at org.jboss.resteasy.plugins.server.servlet.
ServletContainerDispatcher.service(ServletContainerDispatcher.java:221)
at org.jboss.resteasy.plugins.server.servlet.
HttpServletDispatcher.service(HttpServletDispatcher.java:56)
at org.jboss.resteasy.plugins.server.servlet.
HttpServletDispatcher.service(HttpServletDispatcher.java:51)
at
javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
at
io.undertow.servlet.handlers.ServletHandler.handleRequest(
ServletHandler.java:85)
at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.
doFilter(FilterHandler.java:129)
at
org.keycloak.services.filters.KeycloakSessionServletFilter.
doFilter(KeycloakSessionServletFilter.java:90)
at io.undertow.servlet.core.ManagedFilter.doFilter(
ManagedFilter.java:60)
at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.
doFilter(FilterHandler.java:131)
at
io.undertow.servlet.handlers.FilterHandler.handleRequest(
FilterHandler.java:84)
at
io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.
handleRequest(ServletSecurityRoleHandler.java:62)
at
io.undertow.servlet.handlers.ServletDispatchingHandler.
handleRequest(ServletDispatchingHandler.java:36)
at org.wildfly.extension.undertow.security.
SecurityContextAssociationHandler.handleRequest(
SecurityContextAssociationHandler.java:78)
at io.undertow.server.handlers.Pr
<http://io.undertow.server.handlers.Pr>edicateHandler.handleRequest(
PredicateHandler.java:43)
at io.undertow.servlet.handlers.security.
SSLInformationAssociationHandler.handleRequest(
SSLInformationAssociationHandler.java:131)
at io.undertow.servlet.handlers.security.
ServletAuthenticationCallHandler.handleRequest(
ServletAuthenticationCallHandler.java:57)
at io.undertow.server.handlers.Pr
<http://io.undertow.server.handlers.Pr>edicateHandler.handleRequest(
PredicateHandler.java:43)
at
io.undertow.security.handlers.AbstractConfidentialityHandler
.handleRequest(AbstractConfidentialityHandler.java:46)
at io.undertow.servlet.handlers.security.
ServletConfidentialityConstraintHandler.handleRequest(
ServletConfidentialityConstraintHandler.java:64)
at
io.undertow.security.handlers.AuthenticationMechanismsHandle
r.handleRequest(AuthenticationMechanismsHandler.java:60)
at io.undertow.servlet.handlers.security.
CachedAuthenticatedSessionHandler.handleRequest(
CachedAuthenticatedSessionHandler.java:77)
at
io.undertow.security.handlers.NotificationReceiverHandler.
handleRequest(NotificationReceiverHandler.java:50)
at
io.undertow.security.handlers.AbstractSecurityContextAssocia
tionHandler.handleRequest(AbstractSecurityContextAssocia
tionHandler.java:43)
at io.undertow.server.handlers.Pr
<http://io.undertow.server.handlers.Pr>edicateHandler.handleRequest(
PredicateHandler.java:43)
at org.wildfly.extension.undertow.security.jacc.
JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
at io.undertow.server.handlers.Pr
<http://io.undertow.server.handlers.Pr>edicateHandler.handleRequest(
PredicateHandler.java:43)
at io.undertow.server.handlers.Pr
<http://io.undertow.server.handlers.Pr>edicateHandler.handleRequest(
PredicateHandler.java:43)
at
io.undertow.servlet.handlers.ServletInitialHandler.
handleFirstRequest(ServletInitialHandler.java:284)
at
io.undertow.servlet.handlers.ServletInitialHandler.
dispatchRequest(ServletInitialHandler.java:263)
at
io.undertow.servlet.handlers.ServletInitialHandler.access$
000(ServletInitialHandler.java:81)
at
io.undertow.servlet.handlers.ServletInitialHandler$1.
handleRequest(ServletInitialHandler.java:174)
at
io.undertow.server.Connectors.executeRootHandler(Connectors.
java:202)
at io.undertow.server.HttpServerExchange$1.run(
HttpServerExchange.java:793)
at java.util.concurrent.ThreadPoolExecutor.runWorker(
ThreadPoolExecutor.java:1142)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(
ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by:
javax.naming.directory.InvalidAttributeIdentifierException:
[LDAP: error code 17 - pwdLastSet: attribute type
undefined]; remaining
name 'uid=11111111111,dc=zz,dc=dd,dc=aa'
at
com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3205)
at
com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3082)
at
com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2888)
at
com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1475)
at
com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(
ComponentDirContext.java:277)
at
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.
modifyAttributes(PartialCompositeDirContext.java:192)
at
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.
modifyAttributes(PartialCompositeDirContext.java:181)
at
javax.naming.directory.InitialDirContext.modifyAttributes(
InitialDirContext.java:167)
at
javax.naming.directory.InitialDirContext.modifyAttributes(
InitialDirContext.java:167)
at org.keycloak.federation.ldap.idm.store.ldap.
LDAPOperationManager$6.execute(LDAPOperationManager.java:405)
at org.keycloak.federation.ldap.idm.store.ldap.
LDAPOperationManager$6.execute(LDAPOperationManager.java:402)
at org.keycloak.federation.ldap.idm.store.ldap.
LDAPOperationManager.execute(LDAPOperationManager.java:535)
at
org.keycloak.federation.ldap.idm.store.ldap.LDAPOperationManager.
modifyAttributes(LDAPOperationManager.java:402)
... 59 more
2017-03-08 11:05:28,865 WARN [org.keycloak.events]
(default task-6)
type=LOGIN_ERROR, realmId=myrealm,
clientId=teste-portal, userId=null,
ipAddress=xxx.xxx.xxx.xxx, error=invalid_user_credentials,
auth_method=openid-connect, auth_type=code,
redirect_uri=http://127.0.0.1:
8080/teste-portal/
and then, I got this result in my ldap:
dn: uid=11111111111,dc=zz,dc=dd,dc=aa
givenName:: IA==
uid: 11111111111
objectClass: top
objectClass: inetOrgPerson
objectClass: person
objectClass: organizationalPerson
objectClass: phpgwAccount
objectClass: shadowAccount
sn:: IA==
cn:: IA==
structuralObjectClass: inetOrgPerson
entryUUID: 07f0e7caxxxxxxxxxxx
creatorsName: cn=admin,dc=zz,dc=dd,dc=aa
createTimestamp: 20170308140529Z
entryCSN: 20170308140529.527857Z#000000#000#000000
modifiersName: cn=admin,dc=zz,dc=dd,dc=aa
modifyTimestamp: 20170308140529Z
So, I wrote the uid as 11111111111, but I didn't set the
sn, cn and
givenName as 'IA=='. It looks like some problem occurs in
my configuration.
please, need help!!
Best Regards,
--
---
*Celso Agra*
--
---
*Celso Agra*
7:40 a.m.
I'm using slapd.
Here is the object classes that I'm using: top, inetOrgPerson, person,
organizationalPerson, phpgwAccount, shadowAccount
2017-03-10 7:41 GMT-03:00 Marek Posolda <mposolda(a)redhat.com>:
This looks like bad LDAP mapping for username and UUID. Which LDAP
are you
using btv?
Marek
On 09/03/17 16:03, Celso Agra wrote:
Hi,
I solved this error, just removing the MSAD account controls, but now I'm
getting a new error, when I finished my registration:
here is the log:
2017-03-09 11:58:00,375 ERROR [io.undertow.request] (default task-1)
> UT005023: Exception handling request to
/auth/realms/myrealm/login-actions/required-action:
> org.jboss.resteasy.spi.UnhandledException: java.lang.NullPointerException
> at org.jboss.resteasy.core.ExceptionHandler.
> handleApplicationException(ExceptionHandler.java:76)
> at org.jboss.resteasy.core.ExceptionHandler.handleException(
> ExceptionHandler.java:212)
> at org.jboss.resteasy.core.SynchronousDispatcher.writeException(
> SynchronousDispatcher.java:168)
> at org.jboss.resteasy.core.SynchronousDispatcher.invoke(
> SynchronousDispatcher.java:411)
> at org.jboss.resteasy.core.SynchronousDispatcher.invoke(
> SynchronousDispatcher.java:202)
> at org.jboss.resteasy.plugins.server.servlet.
> ServletContainerDispatcher.service(ServletContainerDispatcher.java:221)
> at org.jboss.resteasy.plugins.server.servlet.
> HttpServletDispatcher.service(HttpServletDispatcher.java:56)
> at org.jboss.resteasy.plugins.server.servlet.
> HttpServletDispatcher.service(HttpServletDispatcher.java:51)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
> at io.undertow.servlet.handlers.ServletHandler.handleRequest(
> ServletHandler.java:85)
> at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.
> doFilter(FilterHandler.java:129)
> at org.keycloak.services.filters.KeycloakSessionServletFilter.
> doFilter(KeycloakSessionServletFilter.java:90)
> at io.undertow.servlet.core.ManagedFilter.doFilter(
> ManagedFilter.java:60)
> at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.
> doFilter(FilterHandler.java:131)
> at io.undertow.servlet.handlers.FilterHandler.handleRequest(
> FilterHandler.java:84)
> at io.undertow.servlet.handlers.security.
> ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.
> java:62)
> at io.undertow.servlet.handlers.ServletDispatchingHandler.
> handleRequest(ServletDispatchingHandler.java:36)
> at org.wildfly.extension.undertow.security.
> SecurityContextAssociationHandler.handleRequest(
> SecurityContextAssociationHandler.java:78)
> at io.undertow.server.handlers.PredicateHandler.handleRequest(
> PredicateHandler.java:43)
> at io.undertow.servlet.handlers.security.
> SSLInformationAssociationHandler.handleRequest(
> SSLInformationAssociationHandler.java:131)
> at io.undertow.servlet.handlers.security.
> ServletAuthenticationCallHandler.handleRequest(
> ServletAuthenticationCallHandler.java:57)
> at io.undertow.server.handlers.PredicateHandler.handleRequest(
> PredicateHandler.java:43)
> at io.undertow.security.handlers.AbstractConfidentialityHandler
> .handleRequest(AbstractConfidentialityHandler.java:46)
> at io.undertow.servlet.handlers.security.
> ServletConfidentialityConstraintHandler.handleRequest(
> ServletConfidentialityConstraintHandler.java:64)
> at io.undertow.security.handlers.AuthenticationMechanismsHandle
> r.handleRequest(AuthenticationMechanismsHandler.java:60)
> at io.undertow.servlet.handlers.security.
> CachedAuthenticatedSessionHandler.handleRequest(
> CachedAuthenticatedSessionHandler.java:77)
> at io.undertow.security.handlers.NotificationReceiverHandler.
> handleRequest(NotificationReceiverHandler.java:50)
> at io.undertow.security.handlers.AbstractSecurityContextAssocia
> tionHandler.handleRequest(AbstractSecurityContextAssocia
> tionHandler.java:43)
> at io.undertow.server.handlers.PredicateHandler.handleRequest(
> PredicateHandler.java:43)
> at org.wildfly.extension.undertow.security.jacc.
> JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
> at io.undertow.server.handlers.PredicateHandler.handleRequest(
> PredicateHandler.java:43)
> at io.undertow.server.handlers.PredicateHandler.handleRequest(
> PredicateHandler.java:43)
> at io.undertow.servlet.handlers.ServletInitialHandler.
> handleFirstRequest(ServletInitialHandler.java:284)
> at io.undertow.servlet.handlers.ServletInitialHandler.
> dispatchRequest(ServletInitialHandler.java:263)
> at io.undertow.servlet.handlers.ServletInitialHandler.access$
> 000(ServletInitialHandler.java:81)
> at io.undertow.servlet.handlers.ServletInitialHandler$1.
> handleRequest(ServletInitialHandler.java:174)
> at io.undertow.server.Connectors.executeRootHandler(Connectors.
> java:202)
> at io.undertow.server.HttpServerExchange$1.run(
> HttpServerExchange.java:793)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(
> ThreadPoolExecutor.java:1142)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(
> ThreadPoolExecutor.java:617)
> at java.lang.Thread.run(Thread.java:745)
> Caused by: java.lang.NullPointerException
> at org.keycloak.events.EventBuilder.user(EventBuilder.java:103)
> at org.keycloak.services.resources.LoginActionsService.
> initEvent(LoginActionsService.java:815)
> at org.keycloak.services.resources.LoginActionsService.
> access$500(LoginActionsService.java:88)
> at org.keycloak.services.resources.LoginActionsService$
> Checks.verifyRequiredAction(LoginActionsService.java:297)
> at org.keycloak.services.resources.LoginActionsService.
> processRequireAction(LoginActionsService.java:853)
> at org.keycloak.services.resources.LoginActionsService.
> requiredActionGET(LoginActionsService.java:846)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(
> NativeMethodAccessorImpl.java:62)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(
> DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
> at org.jboss.resteasy.core.MethodInjectorImpl.invoke(
> MethodInjectorImpl.java:139)
> at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(
> ResourceMethodInvoker.java:295)
> at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(
> ResourceMethodInvoker.java:249)
> at org.jboss.resteasy.core.ResourceLocatorInvoker.
> invokeOnTargetObject(ResourceLocatorInvoker.java:138)
> at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(
> ResourceLocatorInvoker.java:101)
> at org.jboss.resteasy.core.SynchronousDispatcher.invoke(
> SynchronousDispatcher.java:395)
> ... 37 more
2017-03-09 9:47 GMT-03:00 Celso Agra <celso.agra(a)gmail.com>:
> Got it!
>
> But I haven't seen the pwdLastSet here in my LDAP`mappers. I'm using the
> "Edit Mode" as WRITABLE, but I'm not setting this attribute.
> Here is my attributes:
>
>> cn
>> MSAD account controls
>> cpf
>> creation date
>> email
>> first name
>> last name
>> modify date
>> phpgwAccountStatus
>> username
>
>
> Thanks!!
>
> Best Regards,
>
> Celso Agra
>
> 2017-03-09 5:46 GMT-03:00 Marek Posolda <mposolda(a)redhat.com>:
>
>> Hi,
>>
>> The error may indicate that you configured "pwdLastSet" attribute
mapper
>> in Keycloak to write into the LDAP, but it looks that writing this
>> attribute is unsupported. Maybe switch this mapper to read-only will help?
>>
>> Marek
>>
>>
>> On 08/03/17 15:29, Celso Agra wrote:
>>
>>> Hi all,
>>>
>>> I'm trying to configure KC with LDAP, but some errors are occurring.
>>> First, I configured my LDAP to write in the LDAP server, but for some
>>> reasons I got this error when I try to register an user:
>>>
>>> 2017-03-08 11:05:28,862 WARN [org.keycloak.services] (default task-6)
>>>
>>>> KC-SERVICES0013: Failed authentication: org.keycloak.models.ModelExcep
>>>> tion:
>>>> Could not modify attribute for DN [uid=11111111111,dc=zz,dc=dd,dc=aa]
>>>>
>>> at org.keycloak.federation.ldap.i
>>> dm.store.ldap.LDAPOperationManager.
>>>
>>>> modifyAttributes(LDAPOperationManager.java:410)
>>>>
>>> at org.keycloak.federation.ldap.i
>>> dm.store.ldap.LDAPOperationManager.
>>>
>>>> modifyAttributes(LDAPOperationManager.java:104)
>>>>
>>> at org.keycloak.federation.ldap.idm.store.ldap.
>>>
>>>> LDAPIdentityStore.update(LDAPIdentityStore.java:105)
>>>>
>>> at org.keycloak.federation.ldap.mappers.msad.
>>>
>>>> MSADUserAccountControlMapper$MSADUserModelDelegate.addRequiredAction(
>>>> MSADUserAccountControlMapper.java:235)
>>>>
>>> at org.keycloak.federation.ldap.mappers.msad.
>>>
>>>> MSADUserAccountControlMapper$MSADUserModelDelegate.addRequiredAction(
>>>> MSADUserAccountControlMapper.java:220)
>>>>
>>> at org.keycloak.models.utils.User
>>> ModelDelegate.addRequiredAction(
>>>
>>>> UserModelDelegate.java:112)
>>>>
>>> at org.keycloak.authentication.forms.RegistrationPassword.
>>>
>>>> success(RegistrationPassword.java:101)
>>>>
>>> at org.keycloak.authentication.Fo
>>> rmAuthenticationFlow.processAction(
>>>
>>>> FormAuthenticationFlow.java:234)
>>>>
>>> at org.keycloak.authentication.DefaultAuthenticationFlow.
>>>
>>>> processAction(DefaultAuthenticationFlow.java:76)
>>>>
>>> at org.keycloak.authentication.AuthenticationProcessor.
>>>
>>>> authenticationAction(AuthenticationProcessor.java:759)
>>>>
>>> at org.keycloak.services.resource
>>> s.LoginActionsService.processFlow(
>>>
>>>> LoginActionsService.java:356)
>>>>
>>> at org.keycloak.services.resources.LoginActionsService.
>>>
>>>> processRegistration(LoginActionsService.java:477)
>>>>
>>> at org.keycloak.services.resources.LoginActionsService.
>>>
>>>> processRegister(LoginActionsService.java:535)
>>>>
>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>>
>>> at sun.reflect.NativeMethodAccessorImpl.invoke(
>>>
>>>> NativeMethodAccessorImpl.java:62)
>>>>
>>> at sun.reflect.DelegatingMethodAccessorImpl.invoke(
>>>
>>>> DelegatingMethodAccessorImpl.java:43)
>>>>
>>> at java.lang.reflect.Method.invoke(Method.java:498)
>>>
>>> at org.jboss.resteasy.core.MethodInjectorImpl.invoke(
>>>
>>>> MethodInjectorImpl.java:139)
>>>>
>>> at org.jboss.resteasy.core.Resour
>>> ceMethodInvoker.invokeOnTarget(
>>>
>>>> ResourceMethodInvoker.java:295)
>>>>
>>> at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(
>>>
>>>> ResourceMethodInvoker.java:249)
>>>>
>>> at org.jboss.resteasy.core.ResourceLocatorInvoker.
>>>
>>>> invokeOnTargetObject(ResourceLocatorInvoker.java:138)
>>>>
>>> at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(
>>>
>>>> ResourceLocatorInvoker.java:101)
>>>>
>>> at org.jboss.resteasy.core.SynchronousDispatcher.invoke(
>>>
>>>> SynchronousDispatcher.java:395)
>>>>
>>> at org.jboss.resteasy.core.SynchronousDispatcher.invoke(
>>>
>>>> SynchronousDispatcher.java:202)
>>>>
>>> at org.jboss.resteasy.plugins.server.servlet.
>>>
>>>> ServletContainerDispatcher.service(ServletContainerDispatche
>>>> r.java:221)
>>>>
>>> at org.jboss.resteasy.plugins.server.servlet.
>>>
>>>> HttpServletDispatcher.service(HttpServletDispatcher.java:56)
>>>>
>>> at org.jboss.resteasy.plugins.server.servlet.
>>>
>>>> HttpServletDispatcher.service(HttpServletDispatcher.java:51)
>>>>
>>> at javax.servlet.http.HttpServlet
>>> .service(HttpServlet.java:790)
>>>
>>> at io.undertow.servlet.handlers.ServletHandler.handleRequest(
>>>
>>>> ServletHandler.java:85)
>>>>
>>> at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.
>>>
>>>> doFilter(FilterHandler.java:129)
>>>>
>>> at org.keycloak.services.filters.KeycloakSessionServletFilter.
>>>
>>>> doFilter(KeycloakSessionServletFilter.java:90)
>>>>
>>> at io.undertow.servlet.core.ManagedFilter.doFilter(
>>>
>>>> ManagedFilter.java:60)
>>>>
>>> at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.
>>>
>>>> doFilter(FilterHandler.java:131)
>>>>
>>> at io.undertow.servlet.handlers.FilterHandler.handleRequest(
>>>
>>>> FilterHandler.java:84)
>>>>
>>> at io.undertow.servlet.handlers.s
>>> ecurity.ServletSecurityRoleHandler.
>>>
>>>> handleRequest(ServletSecurityRoleHandler.java:62)
>>>>
>>> at io.undertow.servlet.handlers.ServletDispatchingHandler.
>>>
>>>> handleRequest(ServletDispatchingHandler.java:36)
>>>>
>>> at org.wildfly.extension.undertow.security.
>>>
>>>> SecurityContextAssociationHandler.handleRequest(
>>>> SecurityContextAssociationHandler.java:78)
>>>>
>>> at io.undertow.server.handlers.PredicateHandler.handleRequest(
>>>
>>>> PredicateHandler.java:43)
>>>>
>>> at io.undertow.servlet.handlers.security.
>>>
>>>> SSLInformationAssociationHandler.handleRequest(
>>>> SSLInformationAssociationHandler.java:131)
>>>>
>>> at io.undertow.servlet.handlers.security.
>>>
>>>> ServletAuthenticationCallHandler.handleRequest(
>>>> ServletAuthenticationCallHandler.java:57)
>>>>
>>> at io.undertow.server.handlers.PredicateHandler.handleRequest(
>>>
>>>> PredicateHandler.java:43)
>>>>
>>> at io.undertow.security.handlers.
>>> AbstractConfidentialityHandler
>>>
>>>> .handleRequest(AbstractConfidentialityHandler.java:46)
>>>>
>>> at io.undertow.servlet.handlers.security.
>>>
>>>> ServletConfidentialityConstraintHandler.handleRequest(
>>>> ServletConfidentialityConstraintHandler.java:64)
>>>>
>>> at io.undertow.security.handlers.
>>> AuthenticationMechanismsHandle
>>>
>>>> r.handleRequest(AuthenticationMechanismsHandler.java:60)
>>>>
>>> at io.undertow.servlet.handlers.security.
>>>
>>>> CachedAuthenticatedSessionHandler.handleRequest(
>>>> CachedAuthenticatedSessionHandler.java:77)
>>>>
>>> at io.undertow.security.handlers.NotificationReceiverHandler.
>>>
>>>> handleRequest(NotificationReceiverHandler.java:50)
>>>>
>>> at io.undertow.security.handlers.
>>> AbstractSecurityContextAssocia
>>>
>>>> tionHandler.handleRequest(AbstractSecurityContextAssocia
>>>> tionHandler.java:43)
>>>>
>>> at io.undertow.server.handlers.PredicateHandler.handleRequest(
>>>
>>>> PredicateHandler.java:43)
>>>>
>>> at org.wildfly.extension.undertow.security.jacc.
>>>
>>>> JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
>>>>
>>> at io.undertow.server.handlers.PredicateHandler.handleRequest(
>>>
>>>> PredicateHandler.java:43)
>>>>
>>> at io.undertow.server.handlers.PredicateHandler.handleRequest(
>>>
>>>> PredicateHandler.java:43)
>>>>
>>> at io.undertow.servlet.handlers.ServletInitialHandler.
>>>
>>>> handleFirstRequest(ServletInitialHandler.java:284)
>>>>
>>> at io.undertow.servlet.handlers.ServletInitialHandler.
>>>
>>>> dispatchRequest(ServletInitialHandler.java:263)
>>>>
>>> at io.undertow.servlet.handlers.ServletInitialHandler.access$
>>>
>>>> 000(ServletInitialHandler.java:81)
>>>>
>>> at io.undertow.servlet.handlers.ServletInitialHandler$1.
>>>
>>>> handleRequest(ServletInitialHandler.java:174)
>>>>
>>> at io.undertow.server.Connectors.
>>> executeRootHandler(Connectors.
>>>
>>>> java:202)
>>>>
>>> at io.undertow.server.HttpServerExchange$1.run(
>>>
>>>> HttpServerExchange.java:793)
>>>>
>>> at java.util.concurrent.ThreadPoolExecutor.runWorker(
>>>
>>>> ThreadPoolExecutor.java:1142)
>>>>
>>> at java.util.concurrent.ThreadPoolExecutor$Worker.run(
>>>
>>>> ThreadPoolExecutor.java:617)
>>>>
>>> at java.lang.Thread.run(Thread.java:745)
>>>
>>> Caused by: javax.naming.directory.InvalidAttributeIdentifierException:
>>>
>>>> [LDAP: error code 17 - pwdLastSet: attribute type undefined]; remaining
>>>> name 'uid=11111111111,dc=zz,dc=dd,dc=aa'
>>>>
>>> at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3205)
>>>
>>> at com.sun.jndi.ldap.LdapCtx.proc
>>> essReturnCode(LdapCtx.java:3082)
>>>
>>> at com.sun.jndi.ldap.LdapCtx.proc
>>> essReturnCode(LdapCtx.java:2888)
>>>
>>> at com.sun.jndi.ldap.LdapCtx.c_mo
>>> difyAttributes(LdapCtx.java:1475)
>>>
>>> at com.sun.jndi.toolkit.ctx.Compo
>>> nentDirContext.p_modifyAttributes(
>>>
>>>> ComponentDirContext.java:277)
>>>>
>>> at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.
>>>
>>>> modifyAttributes(PartialCompositeDirContext.java:192)
>>>>
>>> at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.
>>>
>>>> modifyAttributes(PartialCompositeDirContext.java:181)
>>>>
>>> at javax.naming.directory.InitialDirContext.modifyAttributes(
>>>
>>>> InitialDirContext.java:167)
>>>>
>>> at javax.naming.directory.InitialDirContext.modifyAttributes(
>>>
>>>> InitialDirContext.java:167)
>>>>
>>> at org.keycloak.federation.ldap.idm.store.ldap.
>>>
>>>> LDAPOperationManager$6.execute(LDAPOperationManager.java:405)
>>>>
>>> at org.keycloak.federation.ldap.idm.store.ldap.
>>>
>>>> LDAPOperationManager$6.execute(LDAPOperationManager.java:402)
>>>>
>>> at org.keycloak.federation.ldap.idm.store.ldap.
>>>
>>>> LDAPOperationManager.execute(LDAPOperationManager.java:535)
>>>>
>>> at org.keycloak.federation.ldap.i
>>> dm.store.ldap.LDAPOperationManager.
>>>
>>>> modifyAttributes(LDAPOperationManager.java:402)
>>>>
>>> ... 59 more
>>>
>>> 2017-03-08 11:05:28,865 WARN [org.keycloak.events] (default task-6)
>>>
>>>> type=LOGIN_ERROR, realmId=myrealm, clientId=teste-portal, userId=null,
>>>> ipAddress=xxx.xxx.xxx.xxx, error=invalid_user_credentials,
>>>> auth_method=openid-connect, auth_type=code, redirect_uri=
>>>> http://127.0.0.1:
>>>> 8080/teste-portal/
>>>>
>>>
>>> and then, I got this result in my ldap:
>>>
>>> dn: uid=11111111111,dc=zz,dc=dd,dc=aa
>>>
>>> givenName:: IA==
>>>
>>> uid: 11111111111
>>>
>>> objectClass: top
>>>
>>> objectClass: inetOrgPerson
>>>
>>> objectClass: person
>>>
>>> objectClass: organizationalPerson
>>>
>>> objectClass: phpgwAccount
>>>
>>> objectClass: shadowAccount
>>>
>>> sn:: IA==
>>>
>>> cn:: IA==
>>>
>>> structuralObjectClass: inetOrgPerson
>>>
>>> entryUUID: 07f0e7caxxxxxxxxxxx
>>>
>>> creatorsName: cn=admin,dc=zz,dc=dd,dc=aa
>>>
>>> createTimestamp: 20170308140529Z
>>>
>>> entryCSN: 20170308140529.527857Z#000000#000#000000
>>>
>>> modifiersName: cn=admin,dc=zz,dc=dd,dc=aa
>>>
>>> modifyTimestamp: 20170308140529Z
>>>
>>>
>>> So, I wrote the uid as 11111111111, but I didn't set the sn, cn and
>>> givenName as 'IA=='. It looks like some problem occurs in my
>>> configuration.
>>>
>>> please, need help!!
>>>
>>>
>>> Best Regards,
>>>
>>>
>>
>
>
> --
> ---
> *Celso Agra*
>
--
---
*Celso Agra*
--
---
*Celso Agra*
12:50 p.m.
Hi all,
I saw an example about LDAP and Keycloak integration here
<https://github.com/keycloak/keycloak/tree/master/examples/ldap>;.
So, it is running with ApacheDS LDAP server. I was thinking, would be
possible run this integration with *slapd* tool? Also, I'm using schema
instead of ldif structure. It could be a problem?
Thanks!
2017-03-10 10:40 GMT-03:00 Celso Agra <celso.agra(a)gmail.com>:
I'm using slapd.
Here is the object classes that I'm using: top, inetOrgPerson, person,
organizationalPerson, phpgwAccount, shadowAccount
2017-03-10 7:41 GMT-03:00 Marek Posolda <mposolda(a)redhat.com>:
> This looks like bad LDAP mapping for username and UUID. Which LDAP are
> you using btv?
>
> Marek
>
>
> On 09/03/17 16:03, Celso Agra wrote:
>
> Hi,
>
> I solved this error, just removing the MSAD account controls, but now I'm
> getting a new error, when I finished my registration:
> here is the log:
>
> 2017-03-09 11:58:00,375 ERROR [io.undertow.request] (default task-1)
>> UT005023: Exception handling request to
/auth/realms/myrealm/login-actions/required-action:
>> org.jboss.resteasy.spi.UnhandledException:
>> java.lang.NullPointerException
>> at org.jboss.resteasy.core.ExceptionHandler.handleApplicationEx
>> ception(ExceptionHandler.java:76)
>> at org.jboss.resteasy.core.ExceptionHandler.handleException(Exc
>> eptionHandler.java:212)
>> at org.jboss.resteasy.core.SynchronousDispatcher.writeException
>> (SynchronousDispatcher.java:168)
>> at org.jboss.resteasy.core.SynchronousDispatcher.invoke(Synchro
>> nousDispatcher.java:411)
>> at org.jboss.resteasy.core.SynchronousDispatcher.invoke(Synchro
>> nousDispatcher.java:202)
>> at org.jboss.resteasy.plugins.server.servlet.ServletContainerDi
>> spatcher.service(ServletContainerDispatcher.java:221)
>> at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatc
>> her.service(HttpServletDispatcher.java:56)
>> at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatc
>> her.service(HttpServletDispatcher.java:51)
>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
>> at io.undertow.servlet.handlers.ServletHandler.handleRequest(Se
>> rvletHandler.java:85)
>> at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.d
>> oFilter(FilterHandler.java:129)
>> at org.keycloak.services.filters.KeycloakSessionServletFilter.d
>> oFilter(KeycloakSessionServletFilter.java:90)
>> at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilte
>> r.java:60)
>> at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.d
>> oFilter(FilterHandler.java:131)
>> at io.undertow.servlet.handlers.FilterHandler.handleRequest(Fil
>> terHandler.java:84)
>> at io.undertow.servlet.handlers.security.ServletSecurityRoleHan
>> dler.handleRequest(ServletSecurityRoleHandler.java:62)
>> at io.undertow.servlet.handlers.ServletDispatchingHandler.handl
>> eRequest(ServletDispatchingHandler.java:36)
>> at org.wildfly.extension.undertow.security.SecurityContextAssoc
>> iationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
>> at io.undertow.server.handlers.PredicateHandler.handleRequest(P
>> redicateHandler.java:43)
>> at io.undertow.servlet.handlers.security.SSLInformationAssociat
>> ionHandler.handleRequest(SSLInformationAssociationHandler.java:131)
>> at io.undertow.servlet.handlers.security.ServletAuthenticationC
>> allHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
>> at io.undertow.server.handlers.PredicateHandler.handleRequest(P
>> redicateHandler.java:43)
>> at io.undertow.security.handlers.AbstractConfidentialityHandler
>> .handleRequest(AbstractConfidentialityHandler.java:46)
>> at io.undertow.servlet.handlers.security.ServletConfidentiality
>> ConstraintHandler.handleRequest(ServletConfident
>> ialityConstraintHandler.java:64)
>> at io.undertow.security.handlers.AuthenticationMechanismsHandle
>> r.handleRequest(AuthenticationMechanismsHandler.java:60)
>> at io.undertow.servlet.handlers.security.CachedAuthenticatedSes
>> sionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
>> at io.undertow.security.handlers.NotificationReceiverHandler.ha
>> ndleRequest(NotificationReceiverHandler.java:50)
>> at io.undertow.security.handlers.AbstractSecurityContextAssocia
>> tionHandler.handleRequest(AbstractSecurityContextAssociation
>> Handler.java:43)
>> at io.undertow.server.handlers.PredicateHandler.handleRequest(P
>> redicateHandler.java:43)
>> at org.wildfly.extension.undertow.security.jacc.JACCContextIdHa
>> ndler.handleRequest(JACCContextIdHandler.java:61)
>> at io.undertow.server.handlers.PredicateHandler.handleRequest(P
>> redicateHandler.java:43)
>> at io.undertow.server.handlers.PredicateHandler.handleRequest(P
>> redicateHandler.java:43)
>> at io.undertow.servlet.handlers.ServletInitialHandler.handleFir
>> stRequest(ServletInitialHandler.java:284)
>> at io.undertow.servlet.handlers.ServletInitialHandler.dispatchR
>> equest(ServletInitialHandler.java:263)
>> at io.undertow.servlet.handlers.ServletInitialHandler.access$00
>> 0(ServletInitialHandler.java:81)
>> at io.undertow.servlet.handlers.ServletInitialHandler$1.handleR
>> equest(ServletInitialHandler.java:174)
>> at io.undertow.server.Connectors.executeRootHandler(Connectors.
>> java:202)
>> at io.undertow.server.HttpServerExchange$1.run(HttpServerExchan
>> ge.java:793)
>> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPool
>> Executor.java:1142)
>> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoo
>> lExecutor.java:617)
>> at java.lang.Thread.run(Thread.java:745)
>> Caused by: java.lang.NullPointerException
>> at org.keycloak.events.EventBuilder.user(EventBuilder.java:103)
>> at org.keycloak.services.resources.LoginActionsService.initEven
>> t(LoginActionsService.java:815)
>> at org.keycloak.services.resources.LoginActionsService.access$
>> 500(LoginActionsService.java:88)
>> at org.keycloak.services.resources.LoginActionsService$Checks.
>> verifyRequiredAction(LoginActionsService.java:297)
>> at org.keycloak.services.resources.LoginActionsService.processR
>> equireAction(LoginActionsService.java:853)
>> at org.keycloak.services.resources.LoginActionsService.required
>> ActionGET(LoginActionsService.java:846)
>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAcce
>> ssorImpl.java:62)
>> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMe
>> thodAccessorImpl.java:43)
>> at java.lang.reflect.Method.invoke(Method.java:498)
>> at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInje
>> ctorImpl.java:139)
>> at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget
>> (ResourceMethodInvoker.java:295)
>> at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(Resourc
>> eMethodInvoker.java:249)
>> at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTarge
>> tObject(ResourceLocatorInvoker.java:138)
>> at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(Resour
>> ceLocatorInvoker.java:101)
>> at org.jboss.resteasy.core.SynchronousDispatcher.invoke(Synchro
>> nousDispatcher.java:395)
>> ... 37 more
>
>
>
>
>
> 2017-03-09 9:47 GMT-03:00 Celso Agra <celso.agra(a)gmail.com>:
>
>> Got it!
>>
>> But I haven't seen the pwdLastSet here in my LDAP`mappers. I'm using the
>> "Edit Mode" as WRITABLE, but I'm not setting this attribute.
>> Here is my attributes:
>>
>>> cn
>>> MSAD account controls
>>> cpf
>>> creation date
>>> email
>>> first name
>>> last name
>>> modify date
>>> phpgwAccountStatus
>>> username
>>
>>
>> Thanks!!
>>
>> Best Regards,
>>
>> Celso Agra
>>
>> 2017-03-09 5:46 GMT-03:00 Marek Posolda <mposolda(a)redhat.com>:
>>
>>> Hi,
>>>
>>> The error may indicate that you configured "pwdLastSet" attribute
>>> mapper in Keycloak to write into the LDAP, but it looks that writing this
>>> attribute is unsupported. Maybe switch this mapper to read-only will help?
>>>
>>> Marek
>>>
>>>
>>> On 08/03/17 15:29, Celso Agra wrote:
>>>
>>>> Hi all,
>>>>
>>>> I'm trying to configure KC with LDAP, but some errors are occurring.
>>>> First, I configured my LDAP to write in the LDAP server, but for some
>>>> reasons I got this error when I try to register an user:
>>>>
>>>> 2017-03-08 11:05:28,862 WARN [org.keycloak.services] (default task-6)
>>>>
>>>>> KC-SERVICES0013: Failed authentication:
org.keycloak.models.ModelExcep
>>>>> tion:
>>>>> Could not modify attribute for DN
[uid=11111111111,dc=zz,dc=dd,dc=aa]
>>>>>
>>>> at org.keycloak.federation.ldap.i
>>>> dm.store.ldap.LDAPOperationManager.
>>>>
>>>>> modifyAttributes(LDAPOperationManager.java:410)
>>>>>
>>>> at org.keycloak.federation.ldap.i
>>>> dm.store.ldap.LDAPOperationManager.
>>>>
>>>>> modifyAttributes(LDAPOperationManager.java:104)
>>>>>
>>>> at org.keycloak.federation.ldap.idm.store.ldap.
>>>>
>>>>> LDAPIdentityStore.update(LDAPIdentityStore.java:105)
>>>>>
>>>> at org.keycloak.federation.ldap.mappers.msad.
>>>>
>>>>>
MSADUserAccountControlMapper$MSADUserModelDelegate.addRequiredAction(
>>>>> MSADUserAccountControlMapper.java:235)
>>>>>
>>>> at org.keycloak.federation.ldap.mappers.msad.
>>>>
>>>>>
MSADUserAccountControlMapper$MSADUserModelDelegate.addRequiredAction(
>>>>> MSADUserAccountControlMapper.java:220)
>>>>>
>>>> at org.keycloak.models.utils.User
>>>> ModelDelegate.addRequiredAction(
>>>>
>>>>> UserModelDelegate.java:112)
>>>>>
>>>> at org.keycloak.authentication.forms.RegistrationPassword.
>>>>
>>>>> success(RegistrationPassword.java:101)
>>>>>
>>>> at org.keycloak.authentication.Fo
>>>> rmAuthenticationFlow.processAction(
>>>>
>>>>> FormAuthenticationFlow.java:234)
>>>>>
>>>> at org.keycloak.authentication.DefaultAuthenticationFlow.
>>>>
>>>>> processAction(DefaultAuthenticationFlow.java:76)
>>>>>
>>>> at org.keycloak.authentication.AuthenticationProcessor.
>>>>
>>>>> authenticationAction(AuthenticationProcessor.java:759)
>>>>>
>>>> at org.keycloak.services.resource
>>>> s.LoginActionsService.processFlow(
>>>>
>>>>> LoginActionsService.java:356)
>>>>>
>>>> at org.keycloak.services.resources.LoginActionsService.
>>>>
>>>>> processRegistration(LoginActionsService.java:477)
>>>>>
>>>> at org.keycloak.services.resources.LoginActionsService.
>>>>
>>>>> processRegister(LoginActionsService.java:535)
>>>>>
>>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
>>>> Method)
>>>>
>>>> at sun.reflect.NativeMethodAccessorImpl.invoke(
>>>>
>>>>> NativeMethodAccessorImpl.java:62)
>>>>>
>>>> at sun.reflect.DelegatingMethodAccessorImpl.invoke(
>>>>
>>>>> DelegatingMethodAccessorImpl.java:43)
>>>>>
>>>> at java.lang.reflect.Method.invoke(Method.java:498)
>>>>
>>>> at org.jboss.resteasy.core.MethodInjectorImpl.invoke(
>>>>
>>>>> MethodInjectorImpl.java:139)
>>>>>
>>>> at org.jboss.resteasy.core.Resour
>>>> ceMethodInvoker.invokeOnTarget(
>>>>
>>>>> ResourceMethodInvoker.java:295)
>>>>>
>>>> at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(
>>>>
>>>>> ResourceMethodInvoker.java:249)
>>>>>
>>>> at org.jboss.resteasy.core.ResourceLocatorInvoker.
>>>>
>>>>> invokeOnTargetObject(ResourceLocatorInvoker.java:138)
>>>>>
>>>> at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(
>>>>
>>>>> ResourceLocatorInvoker.java:101)
>>>>>
>>>> at org.jboss.resteasy.core.SynchronousDispatcher.invoke(
>>>>
>>>>> SynchronousDispatcher.java:395)
>>>>>
>>>> at org.jboss.resteasy.core.SynchronousDispatcher.invoke(
>>>>
>>>>> SynchronousDispatcher.java:202)
>>>>>
>>>> at org.jboss.resteasy.plugins.server.servlet.
>>>>
>>>>> ServletContainerDispatcher.service(ServletContainerDispatche
>>>>> r.java:221)
>>>>>
>>>> at org.jboss.resteasy.plugins.server.servlet.
>>>>
>>>>> HttpServletDispatcher.service(HttpServletDispatcher.java:56)
>>>>>
>>>> at org.jboss.resteasy.plugins.server.servlet.
>>>>
>>>>> HttpServletDispatcher.service(HttpServletDispatcher.java:51)
>>>>>
>>>> at javax.servlet.http.HttpServlet
>>>> .service(HttpServlet.java:790)
>>>>
>>>> at io.undertow.servlet.handlers.ServletHandler.handleRequest(
>>>>
>>>>> ServletHandler.java:85)
>>>>>
>>>> at io.undertow.servlet.handlers.F
>>>> ilterHandler$FilterChainImpl.
>>>>
>>>>> doFilter(FilterHandler.java:129)
>>>>>
>>>> at org.keycloak.services.filters.
>>>> KeycloakSessionServletFilter.
>>>>
>>>>> doFilter(KeycloakSessionServletFilter.java:90)
>>>>>
>>>> at io.undertow.servlet.core.ManagedFilter.doFilter(
>>>>
>>>>> ManagedFilter.java:60)
>>>>>
>>>> at io.undertow.servlet.handlers.F
>>>> ilterHandler$FilterChainImpl.
>>>>
>>>>> doFilter(FilterHandler.java:131)
>>>>>
>>>> at io.undertow.servlet.handlers.FilterHandler.handleRequest(
>>>>
>>>>> FilterHandler.java:84)
>>>>>
>>>> at io.undertow.servlet.handlers.s
>>>> ecurity.ServletSecurityRoleHandler.
>>>>
>>>>> handleRequest(ServletSecurityRoleHandler.java:62)
>>>>>
>>>> at io.undertow.servlet.handlers.ServletDispatchingHandler.
>>>>
>>>>> handleRequest(ServletDispatchingHandler.java:36)
>>>>>
>>>> at org.wildfly.extension.undertow.security.
>>>>
>>>>> SecurityContextAssociationHandler.handleRequest(
>>>>> SecurityContextAssociationHandler.java:78)
>>>>>
>>>> at io.undertow.server.handlers.Pr
>>>> edicateHandler.handleRequest(
>>>>
>>>>> PredicateHandler.java:43)
>>>>>
>>>> at io.undertow.servlet.handlers.security.
>>>>
>>>>> SSLInformationAssociationHandler.handleRequest(
>>>>> SSLInformationAssociationHandler.java:131)
>>>>>
>>>> at io.undertow.servlet.handlers.security.
>>>>
>>>>> ServletAuthenticationCallHandler.handleRequest(
>>>>> ServletAuthenticationCallHandler.java:57)
>>>>>
>>>> at io.undertow.server.handlers.Pr
>>>> edicateHandler.handleRequest(
>>>>
>>>>> PredicateHandler.java:43)
>>>>>
>>>> at io.undertow.security.handlers.
>>>> AbstractConfidentialityHandler
>>>>
>>>>> .handleRequest(AbstractConfidentialityHandler.java:46)
>>>>>
>>>> at io.undertow.servlet.handlers.security.
>>>>
>>>>> ServletConfidentialityConstraintHandler.handleRequest(
>>>>> ServletConfidentialityConstraintHandler.java:64)
>>>>>
>>>> at io.undertow.security.handlers.
>>>> AuthenticationMechanismsHandle
>>>>
>>>>> r.handleRequest(AuthenticationMechanismsHandler.java:60)
>>>>>
>>>> at io.undertow.servlet.handlers.security.
>>>>
>>>>> CachedAuthenticatedSessionHandler.handleRequest(
>>>>> CachedAuthenticatedSessionHandler.java:77)
>>>>>
>>>> at io.undertow.security.handlers.NotificationReceiverHandler.
>>>>
>>>>> handleRequest(NotificationReceiverHandler.java:50)
>>>>>
>>>> at io.undertow.security.handlers.
>>>> AbstractSecurityContextAssocia
>>>>
>>>>> tionHandler.handleRequest(AbstractSecurityContextAssocia
>>>>> tionHandler.java:43)
>>>>>
>>>> at io.undertow.server.handlers.Pr
>>>> edicateHandler.handleRequest(
>>>>
>>>>> PredicateHandler.java:43)
>>>>>
>>>> at org.wildfly.extension.undertow.security.jacc.
>>>>
>>>>> JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
>>>>>
>>>> at io.undertow.server.handlers.Pr
>>>> edicateHandler.handleRequest(
>>>>
>>>>> PredicateHandler.java:43)
>>>>>
>>>> at io.undertow.server.handlers.Pr
>>>> edicateHandler.handleRequest(
>>>>
>>>>> PredicateHandler.java:43)
>>>>>
>>>> at io.undertow.servlet.handlers.ServletInitialHandler.
>>>>
>>>>> handleFirstRequest(ServletInitialHandler.java:284)
>>>>>
>>>> at io.undertow.servlet.handlers.ServletInitialHandler.
>>>>
>>>>> dispatchRequest(ServletInitialHandler.java:263)
>>>>>
>>>> at io.undertow.servlet.handlers.ServletInitialHandler.access$
>>>>
>>>>> 000(ServletInitialHandler.java:81)
>>>>>
>>>> at io.undertow.servlet.handlers.ServletInitialHandler$1.
>>>>
>>>>> handleRequest(ServletInitialHandler.java:174)
>>>>>
>>>> at io.undertow.server.Connectors.
>>>> executeRootHandler(Connectors.
>>>>
>>>>> java:202)
>>>>>
>>>> at io.undertow.server.HttpServerExchange$1.run(
>>>>
>>>>> HttpServerExchange.java:793)
>>>>>
>>>> at java.util.concurrent.ThreadPoolExecutor.runWorker(
>>>>
>>>>> ThreadPoolExecutor.java:1142)
>>>>>
>>>> at java.util.concurrent.ThreadPoolExecutor$Worker.run(
>>>>
>>>>> ThreadPoolExecutor.java:617)
>>>>>
>>>> at java.lang.Thread.run(Thread.java:745)
>>>>
>>>> Caused by: javax.naming.directory.InvalidAttributeIdentifierException:
>>>>
>>>>> [LDAP: error code 17 - pwdLastSet: attribute type undefined];
>>>>> remaining
>>>>> name 'uid=11111111111,dc=zz,dc=dd,dc=aa'
>>>>>
>>>> at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3205)
>>>>
>>>> at com.sun.jndi.ldap.LdapCtx.proc
>>>> essReturnCode(LdapCtx.java:3082)
>>>>
>>>> at com.sun.jndi.ldap.LdapCtx.proc
>>>> essReturnCode(LdapCtx.java:2888)
>>>>
>>>> at com.sun.jndi.ldap.LdapCtx.c_mo
>>>> difyAttributes(LdapCtx.java:1475)
>>>>
>>>> at com.sun.jndi.toolkit.ctx.Compo
>>>> nentDirContext.p_modifyAttributes(
>>>>
>>>>> ComponentDirContext.java:277)
>>>>>
>>>> at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.
>>>>
>>>>> modifyAttributes(PartialCompositeDirContext.java:192)
>>>>>
>>>> at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.
>>>>
>>>>> modifyAttributes(PartialCompositeDirContext.java:181)
>>>>>
>>>> at javax.naming.directory.InitialDirContext.modifyAttributes(
>>>>
>>>>> InitialDirContext.java:167)
>>>>>
>>>> at javax.naming.directory.InitialDirContext.modifyAttributes(
>>>>
>>>>> InitialDirContext.java:167)
>>>>>
>>>> at org.keycloak.federation.ldap.idm.store.ldap.
>>>>
>>>>> LDAPOperationManager$6.execute(LDAPOperationManager.java:405)
>>>>>
>>>> at org.keycloak.federation.ldap.idm.store.ldap.
>>>>
>>>>> LDAPOperationManager$6.execute(LDAPOperationManager.java:402)
>>>>>
>>>> at org.keycloak.federation.ldap.idm.store.ldap.
>>>>
>>>>> LDAPOperationManager.execute(LDAPOperationManager.java:535)
>>>>>
>>>> at org.keycloak.federation.ldap.i
>>>> dm.store.ldap.LDAPOperationManager.
>>>>
>>>>> modifyAttributes(LDAPOperationManager.java:402)
>>>>>
>>>> ... 59 more
>>>>
>>>> 2017-03-08 11:05:28,865 WARN [org.keycloak.events] (default task-6)
>>>>
>>>>> type=LOGIN_ERROR, realmId=myrealm, clientId=teste-portal,
userId=null,
>>>>> ipAddress=xxx.xxx.xxx.xxx, error=invalid_user_credentials,
>>>>> auth_method=openid-connect, auth_type=code, redirect_uri=
>>>>> http://127.0.0.1:
>>>>> 8080/teste-portal/
>>>>>
>>>>
>>>> and then, I got this result in my ldap:
>>>>
>>>> dn: uid=11111111111,dc=zz,dc=dd,dc=aa
>>>>
>>>> givenName:: IA==
>>>>
>>>> uid: 11111111111
>>>>
>>>> objectClass: top
>>>>
>>>> objectClass: inetOrgPerson
>>>>
>>>> objectClass: person
>>>>
>>>> objectClass: organizationalPerson
>>>>
>>>> objectClass: phpgwAccount
>>>>
>>>> objectClass: shadowAccount
>>>>
>>>> sn:: IA==
>>>>
>>>> cn:: IA==
>>>>
>>>> structuralObjectClass: inetOrgPerson
>>>>
>>>> entryUUID: 07f0e7caxxxxxxxxxxx
>>>>
>>>> creatorsName: cn=admin,dc=zz,dc=dd,dc=aa
>>>>
>>>> createTimestamp: 20170308140529Z
>>>>
>>>> entryCSN: 20170308140529.527857Z#000000#000#000000
>>>>
>>>> modifiersName: cn=admin,dc=zz,dc=dd,dc=aa
>>>>
>>>> modifyTimestamp: 20170308140529Z
>>>>
>>>>
>>>> So, I wrote the uid as 11111111111, but I didn't set the sn, cn and
>>>> givenName as 'IA=='. It looks like some problem occurs in my
>>>> configuration.
>>>>
>>>> please, need help!!
>>>>
>>>>
>>>> Best Regards,
>>>>
>>>>
>>>
>>
>>
>> --
>> ---
>> *Celso Agra*
>>
>
>
>
> --
> ---
> *Celso Agra*
>
>
>
--
---
*Celso Agra*
--
---
*Celso Agra*
2:47 p.m.
On 14/03/17 18:50, Celso Agra wrote:
Hi all,
I saw an example about LDAP and Keycloak integration here
<https://github.com/keycloak/keycloak/tree/master/examples/ldap>;.
So, it is running with ApacheDS LDAP server. I was thinking, would be
possible run this integration with *slapd* tool? Also, I'm using
schema instead of ldif structure. It could be a problem?
This example is just a
"quickstart" to quickly show LDAP in action. It
uses ApacheDS just because it's Java based LDAP, which easily runs
everywhere just by executing "mvn exec:java" without additional steps
needed and without a need to install something at OS level etc.
I never tried this example with slapd. I think the most things will
work, but devil is in details, so not sure at 100%.
Marek
Thanks!
2017-03-10 10:40 GMT-03:00 Celso Agra <celso.agra(a)gmail.com
<mailto:celso.agra@gmail.com>>:
I'm using slapd.
Here is the object classes that I'm using: top, inetOrgPerson,
person, organizationalPerson, phpgwAccount, shadowAccount
2017-03-10 7:41 GMT-03:00 Marek Posolda <mposolda(a)redhat.com
<mailto:mposolda@redhat.com>>:
This looks like bad LDAP mapping for username and UUID. Which
LDAP are you using btv?
Marek
On 09/03/17 16:03, Celso Agra wrote:
> Hi,
>
> I solved this error, just removing the MSAD account controls,
> but now I'm getting a new error, when I finished my registration:
> here is the log:
>
> 2017-03-09 11:58:00,375 ERROR [io.undertow.request]
> (default task-1) UT005023: Exception handling request to
> /auth/realms/myrealm/login-actions/required-action:
> org.jboss.resteasy.spi.UnhandledException:
> java.lang.NullPointerException
> at
>
org.jboss.resteasy.core.ExceptionHandler.handleApplicationException(ExceptionHandler.java:76)
> at
>
org.jboss.resteasy.core.ExceptionHandler.handleException(ExceptionHandler.java:212)
> at
>
org.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:168)
> at
>
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:411)
> at
>
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:202)
> at
>
org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:221)
> at
>
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
> at
>
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
> at
> javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
> at
>
io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
> at
>
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
> at
>
org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:90)
> at
> io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)
> at
>
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> at
>
io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
> at
>
io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
> at
>
io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
> at
>
org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
> at io.undertow.server.handlers.Pr
>
<http://io.undertow.server.handlers.Pr>edicateHandler.handleRequest(Pre...
> at
>
io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
> at
>
io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
> at io.undertow.server.handlers.Pr
>
<http://io.undertow.server.handlers.Pr>edicateHandler.handleRequest(Pre...
> at
>
io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
> at
>
io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
> at
>
io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
> at
>
io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
> at
>
io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
> at
>
io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
> at io.undertow.server.handlers.Pr
>
<http://io.undertow.server.handlers.Pr>edicateHandler.handleRequest(Pre...
> at
>
org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
> at io.undertow.server.handlers.Pr
>
<http://io.undertow.server.handlers.Pr>edicateHandler.handleRequest(Pre...
> at io.undertow.server.handlers.Pr
>
<http://io.undertow.server.handlers.Pr>edicateHandler.handleRequest(Pre...
> at
>
io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:284)
> at
>
io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:263)
> at
>
io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
> at
>
io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:174)
> at
> io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
> at
> io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:793)
> at
>
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> at
>
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> at java.lang.Thread.run(Thread.java:745)
> Caused by: java.lang.NullPointerException
> at
> org.keycloak.events.EventBuilder.user(EventBuilder.java:103)
> at
>
org.keycloak.services.resources.LoginActionsService.initEvent(LoginActionsService.java:815)
> at
>
org.keycloak.services.resources.LoginActionsService.access$500(LoginActionsService.java:88)
> at
>
org.keycloak.services.resources.LoginActionsService$Checks.verifyRequiredAction(LoginActionsService.java:297)
> at
>
org.keycloak.services.resources.LoginActionsService.processRequireAction(LoginActionsService.java:853)
> at
>
org.keycloak.services.resources.LoginActionsService.requiredActionGET(LoginActionsService.java:846)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
>
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at
>
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
> at
>
org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:139)
> at
>
org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:295)
> at
>
org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:249)
> at
>
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:138)
> at
>
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:101)
> at
>
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:395)
> ... 37 more
>
>
>
>
>
> 2017-03-09 9:47 GMT-03:00 Celso Agra <celso.agra(a)gmail.com
> <mailto:celso.agra@gmail.com>>:
>
> Got it!
>
> But I haven't seen the pwdLastSet here in my
> LDAP`mappers. I'm using the "Edit Mode" as WRITABLE, but
> I'm not setting this attribute.
> Here is my attributes:
>
> cn
> MSAD account controls
> cpf
> creation date
> email
> first name
> last name
> modify date
> phpgwAccountStatus
> username
>
>
> Thanks!!
>
> Best Regards,
>
> Celso Agra
>
> 2017-03-09 5:46 GMT-03:00 Marek Posolda
> <mposolda(a)redhat.com <mailto:mposolda@redhat.com>>:
>
> Hi,
>
> The error may indicate that you configured
> "pwdLastSet" attribute mapper in Keycloak to write
> into the LDAP, but it looks that writing this
> attribute is unsupported. Maybe switch this mapper to
> read-only will help?
>
> Marek
>
>
> On 08/03/17 15:29, Celso Agra wrote:
>
> Hi all,
>
> I'm trying to configure KC with LDAP, but some
> errors are occurring.
> First, I configured my LDAP to write in the LDAP
> server, but for some
> reasons I got this error when I try to register
> an user:
>
> 2017-03-08 11:05:28,862 WARN
> [org.keycloak.services] (default task-6)
>
> KC-SERVICES0013: Failed authentication:
> org.keycloak.models.ModelException:
> Could not modify attribute for DN
> [uid=11111111111,dc=zz,dc=dd,dc=aa]
>
> at
>
org.keycloak.federation.ldap.idm.store.ldap.LDAPOperationManager.
>
> modifyAttributes(LDAPOperationManager.java:410)
>
> at
>
org.keycloak.federation.ldap.idm.store.ldap.LDAPOperationManager.
>
> modifyAttributes(LDAPOperationManager.java:104)
>
> at
> org.keycloak.federation.ldap.idm.store.ldap.
>
> LDAPIdentityStore.update(LDAPIdentityStore.java:105)
>
> at
> org.keycloak.federation.ldap.mappers.msad.
>
>
MSADUserAccountControlMapper$MSADUserModelDelegate.addRequiredAction(
> MSADUserAccountControlMapper.java:235)
>
> at
> org.keycloak.federation.ldap.mappers.msad.
>
>
MSADUserAccountControlMapper$MSADUserModelDelegate.addRequiredAction(
> MSADUserAccountControlMapper.java:220)
>
> at
> org.keycloak.models.utils.UserModelDelegate.addRequiredAction(
>
> UserModelDelegate.java:112)
>
> at org.keycloak.authentication.fo
>
<http://org.keycloak.authentication.fo>rms.RegistrationPassword.
>
> success(RegistrationPassword.java:101)
>
> at org.keycloak.authentication.Fo
>
<http://org.keycloak.authentication.Fo>rmAuthenticationFlow.processAction(
>
> FormAuthenticationFlow.java:234)
>
> at org.keycloak.authentication.De
>
<http://org.keycloak.authentication.De>faultAuthenticationFlow.
>
> processAction(DefaultAuthenticationFlow.java:76)
>
> at org.keycloak.authentication.Au
>
<http://org.keycloak.authentication.Au>thenticationProcessor.
>
> authenticationAction(AuthenticationProcessor.java:759)
>
> at
> org.keycloak.services.resources.LoginActionsService.processFlow(
>
> LoginActionsService.java:356)
>
> at
> org.keycloak.services.resources.LoginActionsService.
>
> processRegistration(LoginActionsService.java:477)
>
> at
> org.keycloak.services.resources.LoginActionsService.
>
> processRegister(LoginActionsService.java:535)
>
> at
> sun.reflect.NativeMethodAccessorImpl.invoke0(Native
> Method)
>
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(
>
> NativeMethodAccessorImpl.java:62)
>
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(
>
> DelegatingMethodAccessorImpl.java:43)
>
> at
> java.lang.reflect.Method.invoke(Method.java:498)
>
> at
> org.jboss.resteasy.core.MethodInjectorImpl.invoke(
>
> MethodInjectorImpl.java:139)
>
> at
> org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(
>
> ResourceMethodInvoker.java:295)
>
> at
> org.jboss.resteasy.core.ResourceMethodInvoker.invoke(
>
> ResourceMethodInvoker.java:249)
>
> at
> org.jboss.resteasy.core.ResourceLocatorInvoker.
>
> invokeOnTargetObject(ResourceLocatorInvoker.java:138)
>
> at
> org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(
>
> ResourceLocatorInvoker.java:101)
>
> at
> org.jboss.resteasy.core.SynchronousDispatcher.invoke(
>
> SynchronousDispatcher.java:395)
>
> at
> org.jboss.resteasy.core.SynchronousDispatcher.invoke(
>
> SynchronousDispatcher.java:202)
>
> at
> org.jboss.resteasy.plugins.server.servlet.
>
>
ServletContainerDispatcher.service(ServletContainerDispatcher.java:221)
>
> at
> org.jboss.resteasy.plugins.server.servlet.
>
> HttpServletDispatcher.service(HttpServletDispatcher.java:56)
>
> at
> org.jboss.resteasy.plugins.server.servlet.
>
> HttpServletDispatcher.service(HttpServletDispatcher.java:51)
>
> at
> javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
>
> at
> io.undertow.servlet.handlers.ServletHandler.handleRequest(
>
> ServletHandler.java:85)
>
> at
> io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.
>
> doFilter(FilterHandler.java:129)
>
> at
> org.keycloak.services.filters.KeycloakSessionServletFilter.
>
> doFilter(KeycloakSessionServletFilter.java:90)
>
> at
> io.undertow.servlet.core.ManagedFilter.doFilter(
>
> ManagedFilter.java:60)
>
> at
> io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.
>
> doFilter(FilterHandler.java:131)
>
> at
> io.undertow.servlet.handlers.FilterHandler.handleRequest(
>
> FilterHandler.java:84)
>
> at
>
io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.
>
> handleRequest(ServletSecurityRoleHandler.java:62)
>
> at
> io.undertow.servlet.handlers.ServletDispatchingHandler.
>
> handleRequest(ServletDispatchingHandler.java:36)
>
> at org.wildfly.extension.undertow.security.
>
> SecurityContextAssociationHandler.handleRequest(
> SecurityContextAssociationHandler.java:78)
>
> at io.undertow.server.handlers.Pr
>
<http://io.undertow.server.handlers.Pr>edicateHandler.handleRequest(
>
> PredicateHandler.java:43)
>
> at io.undertow.servlet.handlers.security.
>
> SSLInformationAssociationHandler.handleRequest(
> SSLInformationAssociationHandler.java:131)
>
> at io.undertow.servlet.handlers.security.
>
> ServletAuthenticationCallHandler.handleRequest(
> ServletAuthenticationCallHandler.java:57)
>
> at io.undertow.server.handlers.Pr
>
<http://io.undertow.server.handlers.Pr>edicateHandler.handleRequest(
>
> PredicateHandler.java:43)
>
> at
> io.undertow.security.handlers.AbstractConfidentialityHandler
>
> .handleRequest(AbstractConfidentialityHandler.java:46)
>
> at io.undertow.servlet.handlers.security.
>
> ServletConfidentialityConstraintHandler.handleRequest(
> ServletConfidentialityConstraintHandler.java:64)
>
> at
> io.undertow.security.handlers.AuthenticationMechanismsHandle
>
> r.handleRequest(AuthenticationMechanismsHandler.java:60)
>
> at io.undertow.servlet.handlers.security.
>
> CachedAuthenticatedSessionHandler.handleRequest(
> CachedAuthenticatedSessionHandler.java:77)
>
> at
> io.undertow.security.handlers.NotificationReceiverHandler.
>
> handleRequest(NotificationReceiverHandler.java:50)
>
> at
> io.undertow.security.handlers.AbstractSecurityContextAssocia
>
> tionHandler.handleRequest(AbstractSecurityContextAssocia
> tionHandler.java:43)
>
> at io.undertow.server.handlers.Pr
>
<http://io.undertow.server.handlers.Pr>edicateHandler.handleRequest(
>
> PredicateHandler.java:43)
>
> at
> org.wildfly.extension.undertow.security.jacc.
>
>
JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
>
> at io.undertow.server.handlers.Pr
>
<http://io.undertow.server.handlers.Pr>edicateHandler.handleRequest(
>
> PredicateHandler.java:43)
>
> at io.undertow.server.handlers.Pr
>
<http://io.undertow.server.handlers.Pr>edicateHandler.handleRequest(
>
> PredicateHandler.java:43)
>
> at
> io.undertow.servlet.handlers.ServletInitialHandler.
>
> handleFirstRequest(ServletInitialHandler.java:284)
>
> at
> io.undertow.servlet.handlers.ServletInitialHandler.
>
> dispatchRequest(ServletInitialHandler.java:263)
>
> at
> io.undertow.servlet.handlers.ServletInitialHandler.access$
>
> 000(ServletInitialHandler.java:81)
>
> at
> io.undertow.servlet.handlers.ServletInitialHandler$1.
>
> handleRequest(ServletInitialHandler.java:174)
>
> at
> io.undertow.server.Connectors.executeRootHandler(Connectors.
>
> java:202)
>
> at
> io.undertow.server.HttpServerExchange$1.run(
>
> HttpServerExchange.java:793)
>
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(
>
> ThreadPoolExecutor.java:1142)
>
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(
>
> ThreadPoolExecutor.java:617)
>
> at java.lang.Thread.run(Thread.java:745)
>
> Caused by:
> javax.naming.directory.InvalidAttributeIdentifierException:
>
> [LDAP: error code 17 - pwdLastSet: attribute
> type undefined]; remaining
> name 'uid=11111111111,dc=zz,dc=dd,dc=aa'
>
> at
> com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3205)
>
> at
> com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3082)
>
> at
> com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2888)
>
> at
> com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1475)
>
> at
> com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(
>
> ComponentDirContext.java:277)
>
> at
> com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.
>
> modifyAttributes(PartialCompositeDirContext.java:192)
>
> at
> com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.
>
> modifyAttributes(PartialCompositeDirContext.java:181)
>
> at
> javax.naming.directory.InitialDirContext.modifyAttributes(
>
> InitialDirContext.java:167)
>
> at
> javax.naming.directory.InitialDirContext.modifyAttributes(
>
> InitialDirContext.java:167)
>
> at
> org.keycloak.federation.ldap.idm.store.ldap.
>
>
LDAPOperationManager$6.execute(LDAPOperationManager.java:405)
>
> at
> org.keycloak.federation.ldap.idm.store.ldap.
>
>
LDAPOperationManager$6.execute(LDAPOperationManager.java:402)
>
> at
> org.keycloak.federation.ldap.idm.store.ldap.
>
> LDAPOperationManager.execute(LDAPOperationManager.java:535)
>
> at
>
org.keycloak.federation.ldap.idm.store.ldap.LDAPOperationManager.
>
> modifyAttributes(LDAPOperationManager.java:402)
>
> ... 59 more
>
> 2017-03-08 11:05:28,865 WARN
> [org.keycloak.events] (default task-6)
>
> type=LOGIN_ERROR, realmId=myrealm,
> clientId=teste-portal, userId=null,
> ipAddress=xxx.xxx.xxx.xxx,
> error=invalid_user_credentials,
> auth_method=openid-connect, auth_type=code,
> redirect_uri=http://127.0.0.1:
> 8080/teste-portal/
>
>
> and then, I got this result in my ldap:
>
> dn: uid=11111111111,dc=zz,dc=dd,dc=aa
>
> givenName:: IA==
>
> uid: 11111111111
>
> objectClass: top
>
> objectClass: inetOrgPerson
>
> objectClass: person
>
> objectClass: organizationalPerson
>
> objectClass: phpgwAccount
>
> objectClass: shadowAccount
>
> sn:: IA==
>
> cn:: IA==
>
> structuralObjectClass: inetOrgPerson
>
> entryUUID: 07f0e7caxxxxxxxxxxx
>
> creatorsName: cn=admin,dc=zz,dc=dd,dc=aa
>
> createTimestamp: 20170308140529Z
>
> entryCSN: 20170308140529.527857Z#000000#000#000000
>
> modifiersName: cn=admin,dc=zz,dc=dd,dc=aa
>
> modifyTimestamp: 20170308140529Z
>
>
> So, I wrote the uid as 11111111111, but I didn't
> set the sn, cn and
> givenName as 'IA=='. It looks like some problem
> occurs in my configuration.
>
> please, need help!!
>
>
> Best Regards,
>
>
>
>
>
> --
> ---
> *Celso Agra*
>
>
>
>
> --
> ---
> *Celso Agra*
--
---
*Celso Agra*
--
---
*Celso Agra*
9:11 a.m.
Thanks Marek!
Problem was solved! I was using a wrong filter. So this is ok.
So, my problem for now is related to password. So, my LDAP is configured
with MD5 hash algorithm. So, would be possible keycloak set hash password,
for that? And how the application set the password in the LDAP repo?
Here is my error below when I try to change the password:
Could not modify attribute for DN [uid=xxxxxxx,dc=tt,dc=zz,dc=br]
2017-03-15 10:52:58,541 WARN [org.keycloak.events] (default task-14)
type=UPDATE_PASSWORD_ERROR, realmId=myRealm, clientId=teste-portal,
userId=b18dd5a7-3c60-4470-ab9c-ac0f00920b29, ipAddress=xxx.xxx.xxx.xx,
error=password_rejected, reason='Could not modify attribute for DN
[uid=xxxxxxx,dc=tt,dc=zz,dc=br]', auth_method=openid-connect,
custom_required_action=UPDATE_PASSWORD, response_type=code, redirect_uri=
http://127.0.0.1:8080/teste-portal/,
code_id=e5fd81e1-fde6-4b35-a08e-5fe5c982e416, username=xxxxxxx,
response_mode=query
Also, my LDAP doesn't have 'userPassword' attribute, and this not being set
by Keycloak. How set this attibute using keycloak register?
Thanks!
2017-03-14 16:47 GMT-03:00 Marek Posolda <mposolda(a)redhat.com>:
On 14/03/17 18:50, Celso Agra wrote:
Hi all,
I saw an example about LDAP and Keycloak integration here
<https://github.com/keycloak/keycloak/tree/master/examples/ldap>;.
So, it is running with ApacheDS LDAP server. I was thinking, would be
possible run this integration with *slapd* tool? Also, I'm using schema
instead of ldif structure. It could be a problem?
This example is just a "quickstart" to quickly show LDAP in action. It
uses ApacheDS just because it's Java based LDAP, which easily runs
everywhere just by executing "mvn exec:java" without additional steps
needed and without a need to install something at OS level etc.
I never tried this example with slapd. I think the most things will work,
but devil is in details, so not sure at 100%.
Marek
Thanks!
2017-03-10 10:40 GMT-03:00 Celso Agra <celso.agra(a)gmail.com>:
> I'm using slapd.
>
> Here is the object classes that I'm using: top, inetOrgPerson, person,
> organizationalPerson, phpgwAccount, shadowAccount
>
>
> 2017-03-10 7:41 GMT-03:00 Marek Posolda <mposolda(a)redhat.com>:
>
>> This looks like bad LDAP mapping for username and UUID. Which LDAP are
>> you using btv?
>>
>> Marek
>>
>>
>> On 09/03/17 16:03, Celso Agra wrote:
>>
>> Hi,
>>
>> I solved this error, just removing the MSAD account controls, but now
>> I'm getting a new error, when I finished my registration:
>> here is the log:
>>
>> 2017-03-09 11:58:00,375 ERROR [io.undertow.request] (default task-1)
>>> UT005023: Exception handling request to
/auth/realms/myrealm/login-actions/required-action:
>>> org.jboss.resteasy.spi.UnhandledException:
>>> java.lang.NullPointerException
>>> at org.jboss.resteasy.core.ExceptionHandler.handleApplicationEx
>>> ception(ExceptionHandler.java:76)
>>> at org.jboss.resteasy.core.ExceptionHandler.handleException(Exc
>>> eptionHandler.java:212)
>>> at org.jboss.resteasy.core.SynchronousDispatcher.writeException
>>> (SynchronousDispatcher.java:168)
>>> at org.jboss.resteasy.core.SynchronousDispatcher.invoke(Synchro
>>> nousDispatcher.java:411)
>>> at org.jboss.resteasy.core.SynchronousDispatcher.invoke(Synchro
>>> nousDispatcher.java:202)
>>> at org.jboss.resteasy.plugins.server.servlet.ServletContainerDi
>>> spatcher.service(ServletContainerDispatcher.java:221)
>>> at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatc
>>> her.service(HttpServletDispatcher.java:56)
>>> at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatc
>>> her.service(HttpServletDispatcher.java:51)
>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
>>> at io.undertow.servlet.handlers.ServletHandler.handleRequest(Se
>>> rvletHandler.java:85)
>>> at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.d
>>> oFilter(FilterHandler.java:129)
>>> at org.keycloak.services.filters.KeycloakSessionServletFilter.d
>>> oFilter(KeycloakSessionServletFilter.java:90)
>>> at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilte
>>> r.java:60)
>>> at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.d
>>> oFilter(FilterHandler.java:131)
>>> at io.undertow.servlet.handlers.FilterHandler.handleRequest(Fil
>>> terHandler.java:84)
>>> at io.undertow.servlet.handlers.security.ServletSecurityRoleHan
>>> dler.handleRequest(ServletSecurityRoleHandler.java:62)
>>> at io.undertow.servlet.handlers.ServletDispatchingHandler.handl
>>> eRequest(ServletDispatchingHandler.java:36)
>>> at org.wildfly.extension.undertow.security.SecurityContextAssoc
>>> iationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
>>> at io.undertow.server.handlers.PredicateHandler.handleRequest(P
>>> redicateHandler.java:43)
>>> at io.undertow.servlet.handlers.security.SSLInformationAssociat
>>> ionHandler.handleRequest(SSLInformationAssociationHandler.java:131)
>>> at io.undertow.servlet.handlers.security.ServletAuthenticationC
>>> allHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
>>> at io.undertow.server.handlers.PredicateHandler.handleRequest(P
>>> redicateHandler.java:43)
>>> at io.undertow.security.handlers.AbstractConfidentialityHandler
>>> .handleRequest(AbstractConfidentialityHandler.java:46)
>>> at io.undertow.servlet.handlers.security.ServletConfidentiality
>>> ConstraintHandler.handleRequest(ServletConfidentialityConstr
>>> aintHandler.java:64)
>>> at io.undertow.security.handlers.AuthenticationMechanismsHandle
>>> r.handleRequest(AuthenticationMechanismsHandler.java:60)
>>> at io.undertow.servlet.handlers.security.CachedAuthenticatedSes
>>> sionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
>>> at io.undertow.security.handlers.NotificationReceiverHandler.ha
>>> ndleRequest(NotificationReceiverHandler.java:50)
>>> at io.undertow.security.handlers.AbstractSecurityContextAssocia
>>> tionHandler.handleRequest(AbstractSecurityContextAssociation
>>> Handler.java:43)
>>> at io.undertow.server.handlers.PredicateHandler.handleRequest(P
>>> redicateHandler.java:43)
>>> at org.wildfly.extension.undertow.security.jacc.JACCContextIdHa
>>> ndler.handleRequest(JACCContextIdHandler.java:61)
>>> at io.undertow.server.handlers.PredicateHandler.handleRequest(P
>>> redicateHandler.java:43)
>>> at io.undertow.server.handlers.PredicateHandler.handleRequest(P
>>> redicateHandler.java:43)
>>> at io.undertow.servlet.handlers.ServletInitialHandler.handleFir
>>> stRequest(ServletInitialHandler.java:284)
>>> at io.undertow.servlet.handlers.ServletInitialHandler.dispatchR
>>> equest(ServletInitialHandler.java:263)
>>> at io.undertow.servlet.handlers.ServletInitialHandler.access$00
>>> 0(ServletInitialHandler.java:81)
>>> at io.undertow.servlet.handlers.ServletInitialHandler$1.handleR
>>> equest(ServletInitialHandler.java:174)
>>> at io.undertow.server.Connectors.executeRootHandler(Connectors.
>>> java:202)
>>> at io.undertow.server.HttpServerExchange$1.run(HttpServerExchan
>>> ge.java:793)
>>> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPool
>>> Executor.java:1142)
>>> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoo
>>> lExecutor.java:617)
>>> at java.lang.Thread.run(Thread.java:745)
>>> Caused by: java.lang.NullPointerException
>>> at org.keycloak.events.EventBuilder.user(EventBuilder.java:103)
>>> at org.keycloak.services.resources.LoginActionsService.initEven
>>> t(LoginActionsService.java:815)
>>> at org.keycloak.services.resources.LoginActionsService.access$5
>>> 00(LoginActionsService.java:88)
>>> at org.keycloak.services.resources.LoginActionsService$Checks.v
>>> erifyRequiredAction(LoginActionsService.java:297)
>>> at org.keycloak.services.resources.LoginActionsService.processR
>>> equireAction(LoginActionsService.java:853)
>>> at org.keycloak.services.resources.LoginActionsService.required
>>> ActionGET(LoginActionsService.java:846)
>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAcce
>>> ssorImpl.java:62)
>>> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMe
>>> thodAccessorImpl.java:43)
>>> at java.lang.reflect.Method.invoke(Method.java:498)
>>> at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInje
>>> ctorImpl.java:139)
>>> at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget
>>> (ResourceMethodInvoker.java:295)
>>> at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(Resourc
>>> eMethodInvoker.java:249)
>>> at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTarge
>>> tObject(ResourceLocatorInvoker.java:138)
>>> at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(Resour
>>> ceLocatorInvoker.java:101)
>>> at org.jboss.resteasy.core.SynchronousDispatcher.invoke(Synchro
>>> nousDispatcher.java:395)
>>> ... 37 more
>>
>>
>>
>>
>>
>> 2017-03-09 9:47 GMT-03:00 Celso Agra <celso.agra(a)gmail.com>:
>>
>>> Got it!
>>>
>>> But I haven't seen the pwdLastSet here in my LDAP`mappers. I'm using
>>> the "Edit Mode" as WRITABLE, but I'm not setting this
attribute.
>>> Here is my attributes:
>>>
>>>> cn
>>>> MSAD account controls
>>>> cpf
>>>> creation date
>>>> email
>>>> first name
>>>> last name
>>>> modify date
>>>> phpgwAccountStatus
>>>> username
>>>
>>>
>>> Thanks!!
>>>
>>> Best Regards,
>>>
>>> Celso Agra
>>>
>>> 2017-03-09 5:46 GMT-03:00 Marek Posolda <mposolda(a)redhat.com>:
>>>
>>>> Hi,
>>>>
>>>> The error may indicate that you configured "pwdLastSet"
attribute
>>>> mapper in Keycloak to write into the LDAP, but it looks that writing
this
>>>> attribute is unsupported. Maybe switch this mapper to read-only will
help?
>>>>
>>>> Marek
>>>>
>>>>
>>>> On 08/03/17 15:29, Celso Agra wrote:
>>>>
>>>>> Hi all,
>>>>>
>>>>> I'm trying to configure KC with LDAP, but some errors are
occurring.
>>>>> First, I configured my LDAP to write in the LDAP server, but for
some
>>>>> reasons I got this error when I try to register an user:
>>>>>
>>>>> 2017-03-08 11:05:28,862 WARN [org.keycloak.services] (default
task-6)
>>>>>
>>>>>> KC-SERVICES0013: Failed authentication:
>>>>>> org.keycloak.models.ModelException:
>>>>>> Could not modify attribute for DN [uid=11111111111,dc=zz,dc=dd,d
>>>>>> c=aa]
>>>>>>
>>>>> at org.keycloak.federation.ldap.i
>>>>> dm.store.ldap.LDAPOperationManager.
>>>>>
>>>>>> modifyAttributes(LDAPOperationManager.java:410)
>>>>>>
>>>>> at org.keycloak.federation.ldap.i
>>>>> dm.store.ldap.LDAPOperationManager.
>>>>>
>>>>>> modifyAttributes(LDAPOperationManager.java:104)
>>>>>>
>>>>> at org.keycloak.federation.ldap.idm.store.ldap.
>>>>>
>>>>>> LDAPIdentityStore.update(LDAPIdentityStore.java:105)
>>>>>>
>>>>> at org.keycloak.federation.ldap.mappers.msad.
>>>>>
>>>>>> MSADUserAccountControlMapper$MSADUserModelDelegate.addRequir
>>>>>> edAction(
>>>>>> MSADUserAccountControlMapper.java:235)
>>>>>>
>>>>> at org.keycloak.federation.ldap.mappers.msad.
>>>>>
>>>>>> MSADUserAccountControlMapper$MSADUserModelDelegate.addRequir
>>>>>> edAction(
>>>>>> MSADUserAccountControlMapper.java:220)
>>>>>>
>>>>> at org.keycloak.models.utils.User
>>>>> ModelDelegate.addRequiredAction(
>>>>>
>>>>>> UserModelDelegate.java:112)
>>>>>>
>>>>> at org.keycloak.authentication.forms.RegistrationPassword.
>>>>>
>>>>>> success(RegistrationPassword.java:101)
>>>>>>
>>>>> at org.keycloak.authentication.Fo
>>>>> rmAuthenticationFlow.processAction(
>>>>>
>>>>>> FormAuthenticationFlow.java:234)
>>>>>>
>>>>> at org.keycloak.authentication.DefaultAuthenticationFlow.
>>>>>
>>>>>> processAction(DefaultAuthenticationFlow.java:76)
>>>>>>
>>>>> at org.keycloak.authentication.AuthenticationProcessor.
>>>>>
>>>>>> authenticationAction(AuthenticationProcessor.java:759)
>>>>>>
>>>>> at org.keycloak.services.resource
>>>>> s.LoginActionsService.processFlow(
>>>>>
>>>>>> LoginActionsService.java:356)
>>>>>>
>>>>> at org.keycloak.services.resources.LoginActionsService.
>>>>>
>>>>>> processRegistration(LoginActionsService.java:477)
>>>>>>
>>>>> at org.keycloak.services.resources.LoginActionsService.
>>>>>
>>>>>> processRegister(LoginActionsService.java:535)
>>>>>>
>>>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
>>>>> Method)
>>>>>
>>>>> at sun.reflect.NativeMethodAccessorImpl.invoke(
>>>>>
>>>>>> NativeMethodAccessorImpl.java:62)
>>>>>>
>>>>> at sun.reflect.DelegatingMethodAccessorImpl.invoke(
>>>>>
>>>>>> DelegatingMethodAccessorImpl.java:43)
>>>>>>
>>>>> at java.lang.reflect.Method.invoke(Method.java:498)
>>>>>
>>>>> at org.jboss.resteasy.core.MethodInjectorImpl.invoke(
>>>>>
>>>>>> MethodInjectorImpl.java:139)
>>>>>>
>>>>> at org.jboss.resteasy.core.Resour
>>>>> ceMethodInvoker.invokeOnTarget(
>>>>>
>>>>>> ResourceMethodInvoker.java:295)
>>>>>>
>>>>> at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(
>>>>>
>>>>>> ResourceMethodInvoker.java:249)
>>>>>>
>>>>> at org.jboss.resteasy.core.ResourceLocatorInvoker.
>>>>>
>>>>>> invokeOnTargetObject(ResourceLocatorInvoker.java:138)
>>>>>>
>>>>> at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(
>>>>>
>>>>>> ResourceLocatorInvoker.java:101)
>>>>>>
>>>>> at org.jboss.resteasy.core.SynchronousDispatcher.invoke(
>>>>>
>>>>>> SynchronousDispatcher.java:395)
>>>>>>
>>>>> at org.jboss.resteasy.core.SynchronousDispatcher.invoke(
>>>>>
>>>>>> SynchronousDispatcher.java:202)
>>>>>>
>>>>> at org.jboss.resteasy.plugins.server.servlet.
>>>>>
>>>>>> ServletContainerDispatcher.service(ServletContainerDispatche
>>>>>> r.java:221)
>>>>>>
>>>>> at org.jboss.resteasy.plugins.server.servlet.
>>>>>
>>>>>> HttpServletDispatcher.service(HttpServletDispatcher.java:56)
>>>>>>
>>>>> at org.jboss.resteasy.plugins.server.servlet.
>>>>>
>>>>>> HttpServletDispatcher.service(HttpServletDispatcher.java:51)
>>>>>>
>>>>> at javax.servlet.http.HttpServlet
>>>>> .service(HttpServlet.java:790)
>>>>>
>>>>> at io.undertow.servlet.handlers.S
>>>>> ervletHandler.handleRequest(
>>>>>
>>>>>> ServletHandler.java:85)
>>>>>>
>>>>> at io.undertow.servlet.handlers.F
>>>>> ilterHandler$FilterChainImpl.
>>>>>
>>>>>> doFilter(FilterHandler.java:129)
>>>>>>
>>>>> at org.keycloak.services.filters.
>>>>> KeycloakSessionServletFilter.
>>>>>
>>>>>> doFilter(KeycloakSessionServletFilter.java:90)
>>>>>>
>>>>> at io.undertow.servlet.core.ManagedFilter.doFilter(
>>>>>
>>>>>> ManagedFilter.java:60)
>>>>>>
>>>>> at io.undertow.servlet.handlers.F
>>>>> ilterHandler$FilterChainImpl.
>>>>>
>>>>>> doFilter(FilterHandler.java:131)
>>>>>>
>>>>> at
io.undertow.servlet.handlers.FilterHandler.handleRequest(
>>>>>
>>>>>> FilterHandler.java:84)
>>>>>>
>>>>> at io.undertow.servlet.handlers.s
>>>>> ecurity.ServletSecurityRoleHandler.
>>>>>
>>>>>> handleRequest(ServletSecurityRoleHandler.java:62)
>>>>>>
>>>>> at io.undertow.servlet.handlers.ServletDispatchingHandler.
>>>>>
>>>>>> handleRequest(ServletDispatchingHandler.java:36)
>>>>>>
>>>>> at org.wildfly.extension.undertow.security.
>>>>>
>>>>>> SecurityContextAssociationHandler.handleRequest(
>>>>>> SecurityContextAssociationHandler.java:78)
>>>>>>
>>>>> at io.undertow.server.handlers.Pr
>>>>> edicateHandler.handleRequest(
>>>>>
>>>>>> PredicateHandler.java:43)
>>>>>>
>>>>> at io.undertow.servlet.handlers.security.
>>>>>
>>>>>> SSLInformationAssociationHandler.handleRequest(
>>>>>> SSLInformationAssociationHandler.java:131)
>>>>>>
>>>>> at io.undertow.servlet.handlers.security.
>>>>>
>>>>>> ServletAuthenticationCallHandler.handleRequest(
>>>>>> ServletAuthenticationCallHandler.java:57)
>>>>>>
>>>>> at io.undertow.server.handlers.Pr
>>>>> edicateHandler.handleRequest(
>>>>>
>>>>>> PredicateHandler.java:43)
>>>>>>
>>>>> at io.undertow.security.handlers.
>>>>> AbstractConfidentialityHandler
>>>>>
>>>>>> .handleRequest(AbstractConfidentialityHandler.java:46)
>>>>>>
>>>>> at io.undertow.servlet.handlers.security.
>>>>>
>>>>>> ServletConfidentialityConstraintHandler.handleRequest(
>>>>>> ServletConfidentialityConstraintHandler.java:64)
>>>>>>
>>>>> at io.undertow.security.handlers.
>>>>> AuthenticationMechanismsHandle
>>>>>
>>>>>> r.handleRequest(AuthenticationMechanismsHandler.java:60)
>>>>>>
>>>>> at io.undertow.servlet.handlers.security.
>>>>>
>>>>>> CachedAuthenticatedSessionHandler.handleRequest(
>>>>>> CachedAuthenticatedSessionHandler.java:77)
>>>>>>
>>>>> at io.undertow.security.handlers.
>>>>> NotificationReceiverHandler.
>>>>>
>>>>>> handleRequest(NotificationReceiverHandler.java:50)
>>>>>>
>>>>> at io.undertow.security.handlers.
>>>>> AbstractSecurityContextAssocia
>>>>>
>>>>>> tionHandler.handleRequest(AbstractSecurityContextAssocia
>>>>>> tionHandler.java:43)
>>>>>>
>>>>> at io.undertow.server.handlers.Pr
>>>>> edicateHandler.handleRequest(
>>>>>
>>>>>> PredicateHandler.java:43)
>>>>>>
>>>>> at org.wildfly.extension.undertow.security.jacc.
>>>>>
>>>>>> JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
>>>>>>
>>>>> at io.undertow.server.handlers.Pr
>>>>> edicateHandler.handleRequest(
>>>>>
>>>>>> PredicateHandler.java:43)
>>>>>>
>>>>> at io.undertow.server.handlers.Pr
>>>>> edicateHandler.handleRequest(
>>>>>
>>>>>> PredicateHandler.java:43)
>>>>>>
>>>>> at io.undertow.servlet.handlers.ServletInitialHandler.
>>>>>
>>>>>> handleFirstRequest(ServletInitialHandler.java:284)
>>>>>>
>>>>> at io.undertow.servlet.handlers.ServletInitialHandler.
>>>>>
>>>>>> dispatchRequest(ServletInitialHandler.java:263)
>>>>>>
>>>>> at io.undertow.servlet.handlers.S
>>>>> ervletInitialHandler.access$
>>>>>
>>>>>> 000(ServletInitialHandler.java:81)
>>>>>>
>>>>> at io.undertow.servlet.handlers.ServletInitialHandler$1.
>>>>>
>>>>>> handleRequest(ServletInitialHandler.java:174)
>>>>>>
>>>>> at io.undertow.server.Connectors.
>>>>> executeRootHandler(Connectors.
>>>>>
>>>>>> java:202)
>>>>>>
>>>>> at io.undertow.server.HttpServerExchange$1.run(
>>>>>
>>>>>> HttpServerExchange.java:793)
>>>>>>
>>>>> at java.util.concurrent.ThreadPoolExecutor.runWorker(
>>>>>
>>>>>> ThreadPoolExecutor.java:1142)
>>>>>>
>>>>> at java.util.concurrent.ThreadPoolExecutor$Worker.run(
>>>>>
>>>>>> ThreadPoolExecutor.java:617)
>>>>>>
>>>>> at java.lang.Thread.run(Thread.java:745)
>>>>>
>>>>> Caused by: javax.naming.directory.Invalid
>>>>> AttributeIdentifierException:
>>>>>
>>>>>> [LDAP: error code 17 - pwdLastSet: attribute type undefined];
>>>>>> remaining
>>>>>> name 'uid=11111111111,dc=zz,dc=dd,dc=aa'
>>>>>>
>>>>> at
com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3205)
>>>>>
>>>>> at com.sun.jndi.ldap.LdapCtx.proc
>>>>> essReturnCode(LdapCtx.java:3082)
>>>>>
>>>>> at com.sun.jndi.ldap.LdapCtx.proc
>>>>> essReturnCode(LdapCtx.java:2888)
>>>>>
>>>>> at com.sun.jndi.ldap.LdapCtx.c_mo
>>>>> difyAttributes(LdapCtx.java:1475)
>>>>>
>>>>> at com.sun.jndi.toolkit.ctx.Compo
>>>>> nentDirContext.p_modifyAttributes(
>>>>>
>>>>>> ComponentDirContext.java:277)
>>>>>>
>>>>> at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.
>>>>>
>>>>>> modifyAttributes(PartialCompositeDirContext.java:192)
>>>>>>
>>>>> at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.
>>>>>
>>>>>> modifyAttributes(PartialCompositeDirContext.java:181)
>>>>>>
>>>>> at javax.naming.directory.Initial
>>>>> DirContext.modifyAttributes(
>>>>>
>>>>>> InitialDirContext.java:167)
>>>>>>
>>>>> at javax.naming.directory.Initial
>>>>> DirContext.modifyAttributes(
>>>>>
>>>>>> InitialDirContext.java:167)
>>>>>>
>>>>> at org.keycloak.federation.ldap.idm.store.ldap.
>>>>>
>>>>>> LDAPOperationManager$6.execute(LDAPOperationManager.java:405)
>>>>>>
>>>>> at org.keycloak.federation.ldap.idm.store.ldap.
>>>>>
>>>>>> LDAPOperationManager$6.execute(LDAPOperationManager.java:402)
>>>>>>
>>>>> at org.keycloak.federation.ldap.idm.store.ldap.
>>>>>
>>>>>> LDAPOperationManager.execute(LDAPOperationManager.java:535)
>>>>>>
>>>>> at org.keycloak.federation.ldap.i
>>>>> dm.store.ldap.LDAPOperationManager.
>>>>>
>>>>>> modifyAttributes(LDAPOperationManager.java:402)
>>>>>>
>>>>> ... 59 more
>>>>>
>>>>> 2017-03-08 11:05:28,865 WARN [org.keycloak.events] (default task-6)
>>>>>
>>>>>> type=LOGIN_ERROR, realmId=myrealm, clientId=teste-portal,
>>>>>> userId=null,
>>>>>> ipAddress=xxx.xxx.xxx.xxx, error=invalid_user_credentials,
>>>>>> auth_method=openid-connect, auth_type=code, redirect_uri=
>>>>>> http://127.0.0.1:
>>>>>> 8080/teste-portal/
>>>>>>
>>>>>
>>>>> and then, I got this result in my ldap:
>>>>>
>>>>> dn: uid=11111111111,dc=zz,dc=dd,dc=aa
>>>>>
>>>>> givenName:: IA==
>>>>>
>>>>> uid: 11111111111
>>>>>
>>>>> objectClass: top
>>>>>
>>>>> objectClass: inetOrgPerson
>>>>>
>>>>> objectClass: person
>>>>>
>>>>> objectClass: organizationalPerson
>>>>>
>>>>> objectClass: phpgwAccount
>>>>>
>>>>> objectClass: shadowAccount
>>>>>
>>>>> sn:: IA==
>>>>>
>>>>> cn:: IA==
>>>>>
>>>>> structuralObjectClass: inetOrgPerson
>>>>>
>>>>> entryUUID: 07f0e7caxxxxxxxxxxx
>>>>>
>>>>> creatorsName: cn=admin,dc=zz,dc=dd,dc=aa
>>>>>
>>>>> createTimestamp: 20170308140529Z
>>>>>
>>>>> entryCSN: 20170308140529.527857Z#000000#000#000000
>>>>>
>>>>> modifiersName: cn=admin,dc=zz,dc=dd,dc=aa
>>>>>
>>>>> modifyTimestamp: 20170308140529Z
>>>>>
>>>>>
>>>>> So, I wrote the uid as 11111111111, but I didn't set the sn, cn
and
>>>>> givenName as 'IA=='. It looks like some problem occurs in my
>>>>> configuration.
>>>>>
>>>>> please, need help!!
>>>>>
>>>>>
>>>>> Best Regards,
>>>>>
>>>>>
>>>>
>>>
>>>
>>> --
>>> ---
>>> *Celso Agra*
>>>
>>
>>
>>
>> --
>> ---
>> *Celso Agra*
>>
>>
>>
>
>
> --
> ---
> *Celso Agra*
>
--
---
*Celso Agra*
--
---
*Celso Agra*
2846
days inactive
2853
days old
8 comments
2 participants
participants (2)
-
Celso Agra -
Marek Posolda