4:40 p.m.
I've installed the keycloak-wildfly-adapter-dist-4.6.0.Final.zip adapter in
a clean version of WildFly Full 14.0.1.Final, running on Windows 8.1. The
keycloak server is running on a separate port.
When I configure the adapter subsystem (server not running) with the newer
Elytron adapter using
cd bin
jboss-cli.bat --file=adapter-elytron-install-offline.cli
-Dserver.config=standalone-full.xml
and thereafter attempt to sign into a basic war application I get the
keycloak login page, followed by an error page once credentials are posted.
The server.log reports the following (abbreviated) error stacktrace
2018-11-21 20:17:37,654 ERROR [io.undertow.request] (default task-1)
UT005023: Exception handling request to /curo-crm/:
java.lang.IllegalArgumentException:
org.infinispan.commons.marshall.NotSerializableException:
org.keycloak.adapters.elytron.ElytronAccount
at
org.wildfly.clustering.web.infinispan.session.coarse.CoarseSessionAttributes.setAttribute(CoarseSessionAttributes.java:71)
[snip]
Caused by: org.infinispan.commons.marshall.NotSerializableException:
org.keycloak.adapters.elytron.ElytronAccount
Now, if I configure the adapter subsystem with the legacy non-Elytron
adapter on WildFly using
cd bin
jboss-cli.bat --file=adapter-install-offline.cli -Dserver.config=standalone-full.xml
everything works without errors i.e. I can access the protected web app on
login success.
Question 1: Have I missed something in the server configuration that is
causing the NotSerializableException?
Question 2: The keycloak config documentation recommends the use of the
newer Elytron adapter over the legacy non-Elytron adapter, but gives no
reasoning. Are there drawbacks to using the legacy version?
Thanks
6:04 p.m.
I have been pulling my hair out over this thinking something was amiss
with my configuration, but it turns out to be something unrelated. My
web.xml includes the <distributable/> attribute which I have subsequently
learnt contractually obligates you to ensure all session attributes are
serializable. The ElytronAccount object obviously isn't, which resulted in
the reported NotSerializableException in my webapp after successful
authentication.
I have since commented out <distributable/> in web.xml and all is working
flawlessly.
On Wed, 21 Nov 2018 at 21:40, Andrew Murphy <andrew.murphy(a)confido.ie>
wrote:
I've installed the keycloak-wildfly-adapter-dist-4.6.0.Final.zip adapter
in a clean version of WildFly Full 14.0.1.Final, running on Windows 8.1.
The keycloak server is running on a separate port.
When I configure the adapter subsystem (server not running) with the newer
Elytron adapter using
> cd bin
> jboss-cli.bat --file=adapter-elytron-install-offline.cli
-Dserver.config=standalone-full.xml
and thereafter attempt to sign into a basic war application I get the
keycloak login page, followed by an error page once credentials are posted.
The server.log reports the following (abbreviated) error stacktrace
2018-11-21 20:17:37,654 ERROR [io.undertow.request] (default task-1)
UT005023: Exception handling request to /curo-crm/:
java.lang.IllegalArgumentException:
org.infinispan.commons.marshall.NotSerializableException:
org.keycloak.adapters.elytron.ElytronAccount
at
org.wildfly.clustering.web.infinispan.session.coarse.CoarseSessionAttributes.setAttribute(CoarseSessionAttributes.java:71)
[snip]
Caused by: org.infinispan.commons.marshall.NotSerializableException:
org.keycloak.adapters.elytron.ElytronAccount
Now, if I configure the adapter subsystem with the legacy non-Elytron
adapter on WildFly using
> cd bin
> jboss-cli.bat --file=adapter-install-offline.cli
-Dserver.config=standalone-full.xml
everything works without errors i.e. I can access the protected web app on
login success.
Question 1: Have I missed something in the server configuration that is
causing the NotSerializableException?
Question 2: The keycloak config documentation recommends the use of the
newer Elytron adapter over the legacy non-Elytron adapter, but gives no
reasoning. Are there drawbacks to using the legacy version?
Thanks
--
Andrew Murphy
Mobile: +353 (0)8 3802 2469
2:01 a.m.
Thanks for the details. Created
https://issues.jboss.org/browse/KEYCLOAK-8980 for this issue.
On Fri, Nov 30, 2018 at 12:10 AM Andrew Murphy <andrew.murphy(a)confido.ie>
wrote:
I have been pulling my hair out over this thinking something was
amiss
with my configuration, but it turns out to be something unrelated. My
web.xml includes the <distributable/> attribute which I have subsequently
learnt contractually obligates you to ensure all session attributes are
serializable. The ElytronAccount object obviously isn't, which resulted in
the reported NotSerializableException in my webapp after successful
authentication.
I have since commented out <distributable/> in web.xml and all is working
flawlessly.
On Wed, 21 Nov 2018 at 21:40, Andrew Murphy <andrew.murphy(a)confido.ie>
wrote:
>
> I've installed the keycloak-wildfly-adapter-dist-4.6.0.Final.zip adapter
> in a clean version of WildFly Full 14.0.1.Final, running on Windows 8.1.
> The keycloak server is running on a separate port.
>
> When I configure the adapter subsystem (server not running) with the
newer
> Elytron adapter using
>
> > cd bin
> > jboss-cli.bat --file=adapter-elytron-install-offline.cli
-Dserver.config=standalone-full.xml
>
> and thereafter attempt to sign into a basic war application I get the
> keycloak login page, followed by an error page once credentials are
posted.
> The server.log reports the following (abbreviated) error stacktrace
>
> 2018-11-21 20:17:37,654 ERROR [io.undertow.request] (default task-1)
> UT005023: Exception handling request to /curo-crm/:
> java.lang.IllegalArgumentException:
> org.infinispan.commons.marshall.NotSerializableException:
> org.keycloak.adapters.elytron.ElytronAccount
> at
>
org.wildfly.clustering.web.infinispan.session.coarse.CoarseSessionAttributes.setAttribute(CoarseSessionAttributes.java:71)
> [snip]
> Caused by: org.infinispan.commons.marshall.NotSerializableException:
> org.keycloak.adapters.elytron.ElytronAccount
>
> Now, if I configure the adapter subsystem with the legacy non-Elytron
> adapter on WildFly using
>
> > cd bin
> > jboss-cli.bat --file=adapter-install-offline.cli
-Dserver.config=standalone-full.xml
>
> everything works without errors i.e. I can access the protected web app
on
> login success.
>
> Question 1: Have I missed something in the server configuration that is
> causing the NotSerializableException?
> Question 2: The keycloak config documentation recommends the use of the
> newer Elytron adapter over the legacy non-Elytron adapter, but gives no
> reasoning. Are there drawbacks to using the legacy version?
>
> Thanks
>
>
--
Andrew Murphy
Mobile: +353 (0)8 3802 2469
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
6:40 a.m.
Hi Andrew,
I'm wondering if you are using distributable for any other reason but
propagation of the security context. Is that the case?
Thanks.
Pedro Igor
On Thu, Nov 29, 2018 at 9:10 PM Andrew Murphy <andrew.murphy(a)confido.ie>
wrote:
I have been pulling my hair out over this thinking something was
amiss
with my configuration, but it turns out to be something unrelated. My
web.xml includes the <distributable/> attribute which I have subsequently
learnt contractually obligates you to ensure all session attributes are
serializable. The ElytronAccount object obviously isn't, which resulted in
the reported NotSerializableException in my webapp after successful
authentication.
I have since commented out <distributable/> in web.xml and all is working
flawlessly.
On Wed, 21 Nov 2018 at 21:40, Andrew Murphy <andrew.murphy(a)confido.ie>
wrote:
>
> I've installed the keycloak-wildfly-adapter-dist-4.6.0.Final.zip adapter
> in a clean version of WildFly Full 14.0.1.Final, running on Windows 8.1.
> The keycloak server is running on a separate port.
>
> When I configure the adapter subsystem (server not running) with the
newer
> Elytron adapter using
>
> > cd bin
> > jboss-cli.bat --file=adapter-elytron-install-offline.cli
-Dserver.config=standalone-full.xml
>
> and thereafter attempt to sign into a basic war application I get the
> keycloak login page, followed by an error page once credentials are
posted.
> The server.log reports the following (abbreviated) error stacktrace
>
> 2018-11-21 20:17:37,654 ERROR [io.undertow.request] (default task-1)
> UT005023: Exception handling request to /curo-crm/:
> java.lang.IllegalArgumentException:
> org.infinispan.commons.marshall.NotSerializableException:
> org.keycloak.adapters.elytron.ElytronAccount
> at
>
org.wildfly.clustering.web.infinispan.session.coarse.CoarseSessionAttributes.setAttribute(CoarseSessionAttributes.java:71)
> [snip]
> Caused by: org.infinispan.commons.marshall.NotSerializableException:
> org.keycloak.adapters.elytron.ElytronAccount
>
> Now, if I configure the adapter subsystem with the legacy non-Elytron
> adapter on WildFly using
>
> > cd bin
> > jboss-cli.bat --file=adapter-install-offline.cli
-Dserver.config=standalone-full.xml
>
> everything works without errors i.e. I can access the protected web app
on
> login success.
>
> Question 1: Have I missed something in the server configuration that is
> causing the NotSerializableException?
> Question 2: The keycloak config documentation recommends the use of the
> newer Elytron adapter over the legacy non-Elytron adapter, but gives no
> reasoning. Are there drawbacks to using the legacy version?
>
> Thanks
>
>
--
Andrew Murphy
Mobile: +353 (0)8 3802 2469
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
1967
days inactive
1981
days old
3 comments
3 participants
participants (3)
-
Andrew Murphy -
Hynek Mlnarik -
Pedro Igor Silva