[keycloak-user] "Error! An unexpected server error has occurred" in Keycloak admin interface when retrieving a user

Edgar Vonk - Info.nl Edgar at info.nl
Wed Sep 14 03:41:30 EDT 2016 

Hi Marek,

Very sorry, this was our fault. We were using an outdated and customized version of the users.js file from Keycloak in our theme and this was causing the issue.

We do now see a somewhat related issue in that our user admin accounts (with the manage-users realm-management role) now also see the ‘Configure - User Federation’ menu item and are actually able to change some (but not all) settings in our user federation (and can even delete them I think). Maybe any ideas on how to make sure these users no longer get access to Configure - User Federation?

cheers

Edgar


> On 08 Sep 2016, at 14:04, Marek Posolda <mposolda at redhat.com> wrote:
> 
> Hi Edgar,
> 
> I was trying to reproduce, but wasn't able. The expected format to invoke this endpoint should be /auth/admin/realms/our-custom-realm/attack-detection/brute-force/users /{userId} so I understand why it fails. But I am not seeing anything in admin console UI, which invokes it from this format.
> 
> Feel free to create JIRA if you find steps to reproduce it from clean KC.
> 
> Marek
> 
> On 07/09/16 13:33, Edgar Vonk - Info.nl wrote:
>> Hi Marek,
>> 
>> It’s the brute force detection REST endpoint that is causing the issue.
>> 
>> /auth/admin/realms/our-custom-realm/attack-detection/brute-force/users?username=edgar at info.nl
>> 
>> gives a: “Failed to load resource: the server responded with a status of 405 (Method Not Allowed)"
>> 
>> 
>>> On 07 Sep 2016, at 12:27, Edgar Vonk - Info.nl <Edgar at info.nl> wrote:
>>> 
>>> Hi Marek,
>>> 
>>> Thanks for the quick reply. Sorry, forgot to mention that: I did also add the view-users role. However the issue remains unfortunately.
>>> 
>>> Will try to find the endpoint in question and report back!
>>> 
>>> cheers
>>> 
>>>> On 07 Sep 2016, at 11:24, Marek Posolda <mposolda at redhat.com> wrote:
>>>> 
>>>> I guess you need to add "view-users" role as well?
>>>> 
>>>> For tracking, you can try to enable FF plugin like Firebug (or similar in Chrome) and see what REST endpoint exactly returns 405 and what role it requires.
>>>> 
>>>> Marek
>>>> 
>>>> On 07/09/16 10:55, Edgar Vonk - Info.nl wrote:
>>>>> Using a specific user admin account that is part of our Keycloak customers realm (not the master realm) with permissions to edit users only (manage-users realm-management role) whenever I click on a user in the Keycloak admin interface (Manage - Users) I get a "Error! An unexpected server error has occurred” with the stacktrace below in the logs. All actions do seem to work properly however. It also happens when I create a user, but also there the user is created just fine it seems.
>>>>> 
>>>>> I am guessing it is a permission issue on some REST endpoint in the admin interface or something?
>>>>> 
>>>>> 
>>>>> [0m08:14:06,715 ERROR [org.jboss.resteasy.resteasy_jaxrs.i18n] (default task-40) RESTEASY002010: Failed to execute: javax.ws.rs.NotAllowedException: RESTEASY003650: No resource method found for GET, return 405 with Allow header
>>>>> 	at org.jboss.resteasy.core.registry.SegmentNode.match(SegmentNode.java:377)
>>>>> 	at org.jboss.resteasy.core.registry.SegmentNode.match(SegmentNode.java:116)
>>>>> 	at org.jboss.resteasy.core.registry.RootNode.match(RootNode.java:43)
>>>>> 	at org.jboss.resteasy.core.LocatorRegistry.getResourceInvoker(LocatorRegistry.java:79)
>>>>> 	at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:129)
>>>>> 	at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:107)
>>>>> 	at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:133)
>>>>> 	at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:107)
>>>>> 	at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:133)
>>>>> 	at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:101)
>>>>> 	at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:395)
>>>>> 	at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:202)
>>>>> 	at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:221)
>>>>> 	at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
>>>>> 	at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
>>>>> 	at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
>>>>> 	at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
>>>>> 	at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
>>>>> 	at org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:90)
>>>>> 	at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)
>>>>> 	at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
>>>>> 	at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
>>>>> 	at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
>>>>> 	at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
>>>>> 	at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
>>>>> 	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>>>>> 	at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
>>>>> 	at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
>>>>> 	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>>>>> 	at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
>>>>> 	at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
>>>>> 	at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
>>>>> 	at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
>>>>> 	at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
>>>>> 	at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
>>>>> 	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>>>>> 	at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
>>>>> 	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>>>>> 	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>>>>> 	at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:284)
>>>>> 	at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:263)
>>>>> 	at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
>>>>> 	at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:174)
>>>>> 	at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
>>>>> 	at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:793)
>>>>> 	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
>>>>> 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
>>>>> 	at java.lang.Thread.run(Thread.java:745)
>>>>> 
>>>>> _______________________________________________
>>>>> keycloak-user mailing list
>>>>> keycloak-user at lists.jboss.org
>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>> 
>>> 
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
> 
>

More information about the keycloak-user mailing list