[keycloak-user] Can not logout from demo broker

Andrej P ado.boj.83 at gmail.com
Mon Nov 9 02:59:10 EST 2015


Hi Marko,

still I didn't try your advices, but I don't understand, why should I
download  DEMO (keycloak-demo-1.6.1.Final.zip), because I want to add
keycloak into running wildfly domain mode and before I always downloaded
 OVERLAYkeycloak-overlay-1.6.0.Final.zip
<http://www.redhat.com/j/elqNow/elqRedir.htm?ref=http://downloads.jboss.org/keycloak/1.6.1.Final/keycloak-overlay-1.6.1.Final.zip>
.

Andrej.

On Thu, Nov 5, 2015 at 11:26 PM, Marko Strukelj <mstrukel at redhat.com> wrote:

> @Andrej, try to use the following instructions to set up Keycloak in
> domain mode. These instructions work for me, so if you follow them
> precisely they should also work for you.
>
> This setup approach assumes that you may want to deploy your secured
> applications into the same server(s) running Keycloak server.
>
> Download keycloak-demo-1.6.1.Final.zip from
> http://keycloak.jboss.org/keycloak/downloads.
>
> unzip ~/Downloads/keycloak-demo-1.6.1.Final.zip
>
> cd keycloak-demo-1.6.1.Final/keycloak
>
>
> Open for edit: domain/configuration/domain.xml
>
> Add to <extensions> section:
>
>     <extension module="org.keycloak.keycloak-server-subsystem"/>
>     <extension module="org.keycloak.keycloak-adapter-subsystem"/>
>
> The second one is for securing your deployed .wars with Keycloak server.
>
>
> Scroll down to <profile name="full-ha">
>
> Add to <subsystem xmlns="urn:jboss:domain:datasources:3.0"> section:
>
>                     <datasource
> jndi-name="java:jboss/datasources/KeycloakDS" pool-name="KeycloakDS"
> enabled="true" use-java-context="true">
>
> <connection-url>jdbc:h2:${jboss.server.data.dir}/keycloak;AUTO_SERVER=TRUE</connection-url>
>                         <driver>h2</driver>
>                         <security>
>                             <user-name>sa</user-name>
>                             <password>sa</password>
>                         </security>
>                     </datasource>
>
>
> Add to <subsystem xmlns="urn:jboss:domain:infinispan:3.0"> section:
>
>                 <cache-container name="keycloak"
> jndi-name="infinispan/Keycloak">
>                     <transport lock-timeout="60000"/>
>                     <invalidation-cache name="realms" mode="SYNC"/>
>                     <invalidation-cache name="users" mode="SYNC"/>
>                     <distributed-cache name="sessions" mode="SYNC"
> owners="1"/>
>                     <distributed-cache name="loginFailures" mode="SYNC"
> owners="1"/>
>                 </cache-container>
>
>
> Before the ending </profile> add:
>
>             <subsystem xmlns="urn:jboss:domain:keycloak-server:1.1">
>                 <web-context>auth</web-context>
>             </subsystem>
>
>             <subsystem xmlns="urn:jboss:domain:keycloak:1.1"/>
>
>
> The second one is for securing your deployed .wars with Keycloak server.
>
> Make sure that you really add all these sections to 'full-ha'. If you use
> search or any kind of shortcuts to jump through the edited file, it very
> easy to end up in a different section. So doublecheck.
>
> Now scroll further down to <server-groups> section, and change
> 'main-server-group' to use 'full-ha' profile:
>
>         <server-group name="main-server-group" profile="full-ha">
>             <jvm name="default">
>                 <heap size="64m" max-size="512m"/>
>             </jvm>
>             <socket-binding-group ref="full-ha-sockets"/>
>         </server-group>
>
>
> Save the file.
>
>
> Now start Keycloak in domain mode:
>
>     bin/domain.sh
>
>
> Observing the log, you should see many entries for 'server-one', and
> 'server-two'.
>
> You should also see two big stacktraces, as the server will try to start
> up, and fail due to not being able to find the keycloak-server.json file.
> (The stacktrace should be more descriptive - current error reporting
> NullPointerException is a bug)
>
> But that's good, it means that keycloak-server subsystem was picked up,
> and started to get initialized.
>
> Running this results in two additional directories created:
>
>     domain/servers/server-one
>
> and
>
>     domain/servers/server-two
>
> Now just copy the configuration from standalone to these two directories:
>
> mkdir domain/servers/server-one/configuration
> cp standalone/configuration/keycloak-server.json
> domain/servers/server-one/configuration/
> cp -r standalone/configuration/themes
> domain/servers/server-one/configuration/
> cp -r standalone/configuration/providers
> domain/servers/server-one/configuration/
>
> mkdir domain/servers/server-two/configuration
> cp standalone/configuration/keycloak-server.json
> domain/servers/server-two/configuration/
> cp -r standalone/configuration/themes
> domain/servers/server-two/configuration/
> cp -r standalone/configuration/providers
> domain/servers/server-two/configuration/
>
>
> And start the server again:
>
>     bin/domain.sh
>
>
> You should now see the server start up without any errors. You can now
> open Keycloak admin on server-one:
>
>     http://localhost:8080/auth
>
> And on server-two:
>
>     http://localhost:8230/auth/
>
>
>
> This procedure has always worked for me. If it fails for you then provide
> your domain.xml, and stdout from console with any stack traces.
>
>
>
> On Thu, Nov 5, 2015 at 9:02 PM, Stian Thorgersen <sthorger at redhat.com>
> wrote:
>
>> I came across this:
>> https://issues.jboss.org/browse/KEYCLOAK-2037
>>
>> Maybe it's the same issue here?
>>
>> On 4 November 2015 at 16:35, Marko Strukelj <mstrukel at redhat.com> wrote:
>>
>>> On Wed, Nov 4, 2015 at 4:10 PM, Andrej P <ado.boj.83 at gmail.com> wrote:
>>>
>>>>
>>>>
>>>> On Wed, Nov 4, 2015 at 3:48 PM, Marko Strukelj <mstrukel at redhat.com>
>>>> wrote:
>>>>
>>>>> Can you confirm that you see the following lines in
>>>>> your host-controller.log:
>>>>>
>>>>> [Server:authentication-server-demosetup] 15:58:23,220 INFO
>>>>>  [org.wildfly.extension.undertow] (ServerService Thread Pool -- 72)
>>>>> WFLYUT0021: Registered web context: /auth
>>>>> [Server:authentication-server-demosetup] 15:58:23,267 INFO
>>>>>  [org.jboss.as.server] (ServerService Thread Pool -- 36) WFLYSRV0010:
>>>>> Deployed "keycloak-server.war" (runtime-name : "keycloak-server.war")
>>>>>
>>>>    No, this lines are missing in log.
>>>>
>>>
>>> That's the root of your problem then. Keycloak server subsystem doesn't
>>> seem to be initialized at all.
>>> From your config files it follows that your
>>> 'authentication-server-demosetup' server is using 'group-authentication'
>>> group, and 'group-authentication' group is using 'idbt-ha' profile, and
>>> 'idbt-ha' profile contains keycloak-server subsystem declaration ...
>>>
>>> I see no reason for Keycloak server to not get initialized.
>>>
>>> I'm sorry to say, but I'm out of ideas. If I were you I would try from
>>> scratch with an OOTB domain.xml, and host.xml, and setup up Keycloak server
>>> without any additional applications deployed, following the instructions I
>>> described previously - just get server-one, and server-two using the same
>>> group tied to full-ha profile. That way you should get Keycloak up and
>>> running. Then I would slowly evolve the configuration towards what you have
>>> now. Somewhere during that process there must be a step, that breaks
>>> things, and it's not obvious what that step is.
>>>
>>>
>>>
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20151109/262e29d9/attachment-0001.html 


More information about the keycloak-user mailing list