[keycloak-dev] min-time-between-jwks-requests Problems when running tests
sthorger at redhat.com
Mon Mar 6 07:07:02 EST 2017
Is this maybe something we should improve in the adapter in the first
place? A blind only allow one request every 10 seconds seems a bit to
forceful. Would it not be better to allow X number of failed attempts
within some window?
On 2 March 2017 at 12:26, Marek Posolda <mposolda at redhat.com> wrote:
> On 02/03/17 10:08, Marek Posolda wrote:
> > On 02/03/17 00:29, Bill Burke wrote:
> >> Ok, I just spent 1.5 days on debugging a problem and I was ready to
> >> throw my Laptop out of the window I was getting so frustrated.
> >> #1 I copied code from the arquillian adapter tests to deploy my own
> >> servlet. When running in IntelliJ, all logging messages by the servlet
> >> and OIDC adapters were eaten and never displayed.
> > Keycloak logging disabled in
> > testsuite/integration-arquillian/tests/base/src/test/resources/log4j.
> > . AFAIK it's disabled just because running whole testsuite produces very
> > big logs, which caused issues with travis.
> > I hope it's possible to fix that and have Keycloak logging enabled when
> > running from IDE, but still keep it disabled when running from command
> > line with "mvn" command. Will try to look into it. Created :
> > https://issues.jboss.org/browse/KEYCLOAK-4520
> Fixed now. Logging for both server and adapters is enabled now when
> running test from IDE.
> >> #2 If you have a @Deployment it deploys it in @BeforeClass and only once
> >> for all tests run in the class
> >> #3 I recreate/destroy my realms for every test
> >> #4 The default "min-time-between-jwks-requests" is 10 seconds...Because
> >> my servlet doesn't get redeployed per test, the 1st test would set up
> >> the cache for the realm key for the servlet. The 2nd test would run,
> >> because the realms were recreated, there is a different key, but the
> >> min-time-between-jwkds-requests was 10 seconds so it wasn't updating
> >> key and my logins would fail. This was extermely frustrating to debug
> >> because of #1 and because it only happened if I was running all tests in
> >> the class.
> >> The workaround is to set "min-time-between-jwks-requests" to zero in
> >> your adapter configuration. This is an FYI just in case somebody else
> >> runs into this. Took me awhile to figure out.
> > Another possibility is to put private/public keys into your realm JSON.
> > Then there is always same keys and same "kid" and application doesn't
> > need to re-download it.
> > FYI. with my latest changes, there is no realm reimport for every test
> > for most of the tests (see other thread I sent yesterday). But
> > unfortunately this is not yet the case for Adapter tests (subclasses of
> > AbstractAdapterTest)...
> > Marek
> >> _______________________________________________
> >> keycloak-dev mailing list
> >> keycloak-dev at lists.jboss.org
> >> https://lists.jboss.org/mailman/listinfo/keycloak-dev
> > _______________________________________________
> > keycloak-dev mailing list
> > keycloak-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-dev
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
More information about the keycloak-dev