[keycloak-user] Issue on Direct Grant API

Stian Thorgersen sthorger at redhat.com
Mon Dec 4 10:10:56 EST 2017


Strange. 'hmac-generated' is a built in key provider so it shouldn't have
any problems finding that.

Try opening
http://localhost:8080/auth/admin/master/console/#/server-info/providers and
put 'key' in the search box. As long as you don't have any custom key
providers the list should be:
rsa
java-keystore
rsa-generated
aes-generated
hmac-generated

On 4 December 2017 at 14:57, Marcelo Miura <marcelo.miura at gdcommunity.co.uk>
wrote:

> Hi,
>
> I’m using Direct Grant to authenticate with an admin user to be able to
> create new users into Keycloak and be able to reset user passwords.
>
> But for some reason, the authentication is not working anymore. It’s
> returning that the user credentials are invalid, as follows:
> {
>     "error": "invalid_grant",
>     "error_description": "Invalid user credentials"
> }
>
> But when logging in into the Admin Console, the credentials are working
> fine.
>
> Keycloak log:
>
> 2017-11-30 20:22:31,631 WARN  [org.keycloak.events] (default task-29)
> type=LOGIN_ERROR, realmId=master, clientId=admin, userId=null,
> ipAddress=xxx.xx.xx.xx error=invalid_user_credentials,
> auth_method=openid-connect, grant_type=password, client_auth_method=client-secret,
> username=admin
> 2017-11-30 20:22:31,631 WARN  [org.keycloak.services] (Brute Force
> Protector) KC-SERVICES0053: login failure for user <userid> from
> xxx.xx.xx.xx
>
> *replaced some values as required by the client
>
> Not sure if it’s related but on the last days when accessing the realm
> settings - keys, it was displaying an error: "Error! An unexpected server
> error has occurred” and the tabs Active and Providers didn’t show any keys.
> Keycloak log:
>
> 2017-11-30 20:20:52,033 ERROR [org.keycloak.keys.DefaultKeyManager]
> (default task-24) Failed to load provider <provider id>:
> java.lang.NullPointerException
>         at org.keycloak.keys.DefaultKeyManager.getProviders(
> DefaultKeyManager.java:133)
>         at org.keycloak.keys.DefaultKeyManager.getPublicKey(
> DefaultKeyManager.java:70)
>         at org.keycloak.services.managers.AuthenticationManager.
> verifyIdentityToken(AuthenticationManager.java:688)
>         at org.keycloak.services.managers.AppAuthManager.
> authenticateBearerToken(AppAuthManager.java:64)
>         at org.keycloak.services.resources.admin.AdminRoot.
> authenticateRealmAdminRequest(AdminRoot.java:175)
>         at org.keycloak.services.resources.admin.AdminRoot.
> getRealmsAdmin(AdminRoot.java:209)
>         at sun.reflect.GeneratedMethodAccessor371.invoke(Unknown Source)
>         at sun.reflect.DelegatingMethodAccessorImpl.invoke(
> DelegatingMethodAccessorImpl.java:43)
>         at java.lang.reflect.Method.invoke(Method.java:498)
>         at org.jboss.resteasy.core.ResourceLocatorInvoker.createResource(
> ResourceLocatorInvoker.java:79)
>         at org.jboss.resteasy.core.ResourceLocatorInvoker.createResource(
> ResourceLocatorInvoker.java:58)
>         at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(
> ResourceLocatorInvoker.java:100)
>         at org.jboss.resteasy.core.SynchronousDispatcher.invoke(
> SynchronousDispatcher.java:395)
>         at org.jboss.resteasy.core.SynchronousDispatcher.invoke(
> SynchronousDispatcher.java:202)
>         at org.jboss.resteasy.plugins.server.servlet.
> ServletContainerDispatcher.service(ServletContainerDispatcher.java:221)
>         at org.jboss.resteasy.plugins.server.servlet.
> HttpServletDispatcher.service(HttpServletDispatcher.java:56)
>         at org.jboss.resteasy.plugins.server.servlet.
> HttpServletDispatcher.service(HttpServletDispatcher.java:51)
>         at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
>         at io.undertow.servlet.handlers.ServletHandler.handleRequest(
> ServletHandler.java:85)
>         at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.
> doFilter(FilterHandler.java:129)
>         at org.keycloak.services.filters.KeycloakSessionServletFilter.
> doFilter(KeycloakSessionServletFilter.java:90)
>         at io.undertow.servlet.core.ManagedFilter.doFilter(
> ManagedFilter.java:60)
>         at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.
> doFilter(FilterHandler.java:131)
>         at io.undertow.servlet.handlers.FilterHandler.handleRequest(
> FilterHandler.java:84)
>         at io.undertow.servlet.handlers.security.
> ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.
> java:62)
>         at io.undertow.servlet.handlers.ServletDispatchingHandler.
> handleRequest(ServletDispatchingHandler.java:36)
>         at org.wildfly.extension.undertow.security.
> SecurityContextAssociationHandler.handleRequest(
> SecurityContextAssociationHandler.java:78)
>         at io.undertow.server.handlers.PredicateHandler.handleRequest(
> PredicateHandler.java:43)
>         at io.undertow.servlet.handlers.security.
> SSLInformationAssociationHandler.handleRequest(
> SSLInformationAssociationHandler.java:131)
>         at io.undertow.servlet.handlers.security.
> ServletAuthenticationCallHandler.handleRequest(
> ServletAuthenticationCallHandler.java:57)
>         at io.undertow.server.handlers.PredicateHandler.handleRequest(
> PredicateHandler.java:43)
>         at io.undertow.security.handlers.AbstractConfidentialityHandler
> .handleRequest(AbstractConfidentialityHandler.java:46)
>         at io.undertow.servlet.handlers.security.
> ServletConfidentialityConstraintHandler.handleRequest(
> ServletConfidentialityConstraintHandler.java:64)
>         at io.undertow.security.handlers.AuthenticationMechanismsHandle
> r.handleRequest(AuthenticationMechanismsHandler.java:60)
>         at io.undertow.servlet.handlers.security.
> CachedAuthenticatedSessionHandler.handleRequest(
> CachedAuthenticatedSessionHandler.java:77)
>         at io.undertow.security.handlers.NotificationReceiverHandler.
> handleRequest(NotificationReceiverHandler.java:50)
>         at io.undertow.security.handlers.AbstractSecurityContextAssocia
> tionHandler.handleRequest(AbstractSecurityContextAssocia
> tionHandler.java:43)
>         at io.undertow.server.handlers.PredicateHandler.handleRequest(
> PredicateHandler.java:43)
>         at org.wildfly.extension.undertow.security.jacc.
> JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
>         at io.undertow.server.handlers.PredicateHandler.handleRequest(
> PredicateHandler.java:43)
>         at io.undertow.server.handlers.PredicateHandler.handleRequest(
> PredicateHandler.java:43)
>         at io.undertow.servlet.handlers.ServletInitialHandler.
> handleFirstRequest(ServletInitialHandler.java:284)
>         at io.undertow.servlet.handlers.ServletInitialHandler.
> dispatchRequest(ServletInitialHandler.java:263)
>         at io.undertow.servlet.handlers.ServletInitialHandler.access$
> 000(ServletInitialHandler.java:81)
>         at io.undertow.servlet.handlers.ServletInitialHandler$1.
> handleRequest(ServletInitialHandler.java:174)
>         at io.undertow.server.Connectors.executeRootHandler(Connectors.
> java:202)
>         at io.undertow.server.HttpServerExchange$1.run(
> HttpServerExchange.java:793)
>         at java.util.concurrent.ThreadPoolExecutor.runWorker(
> ThreadPoolExecutor.java:1142)
>         at java.util.concurrent.ThreadPoolExecutor$Worker.run(
> ThreadPoolExecutor.java:617)
>         at java.lang.Thread.run(Thread.java:745)
>
> 2017-11-30 20:20:52,038 ERROR [io.undertow.request] (default task-24)
> UT005023: Exception handling request to /auth/admin/realms/master/components:
> org.jboss.resteasy.spi.UnhandledException: java.lang.RuntimeException:
> java.lang.IllegalArgumentException: No such provider 'hmac-generated'
>         at org.jboss.resteasy.core.ExceptionHandler.
> handleApplicationException(ExceptionHandler.java:76)
>         at org.jboss.resteasy.core.ExceptionHandler.handleException(
> ExceptionHandler.java:212)
>         at org.jboss.resteasy.core.SynchronousDispatcher.writeException(
> SynchronousDispatcher.java:168)
>         at org.jboss.resteasy.core.SynchronousDispatcher.invoke(
> SynchronousDispatcher.java:411)
>         at org.jboss.resteasy.core.SynchronousDispatcher.invoke(
> SynchronousDispatcher.java:202)
>         at org.jboss.resteasy.plugins.server.servlet.
> ServletContainerDispatcher.service(ServletContainerDispatcher.java:221)
>         at org.jboss.resteasy.plugins.server.servlet.
> HttpServletDispatcher.service(HttpServletDispatcher.java:56)
>         at org.jboss.resteasy.plugins.server.servlet.
> HttpServletDispatcher.service(HttpServletDispatcher.java:51)
>         at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
>         at io.undertow.servlet.handlers.ServletHandler.handleRequest(
> ServletHandler.java:85)
>         at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.
> doFilter(FilterHandler.java:129)
>         at org.keycloak.services.filters.KeycloakSessionServletFilter.
> doFilter(KeycloakSessionServletFilter.java:90)
>         at io.undertow.servlet.core.ManagedFilter.doFilter(
> ManagedFilter.java:60)
>         at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.
> doFilter(FilterHandler.java:131)
>         at io.undertow.servlet.handlers.FilterHandler.handleRequest(
> FilterHandler.java:84)
>         at io.undertow.servlet.handlers.security.
> ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.
> java:62)
>         at io.undertow.servlet.handlers.ServletDispatchingHandler.
> handleRequest(ServletDispatchingHandler.java:36)
>         at org.wildfly.extension.undertow.security.
> SecurityContextAssociationHandler.handleRequest(
> SecurityContextAssociationHandler.java:78)
>         at io.undertow.server.handlers.PredicateHandler.handleRequest(
> PredicateHandler.java:43)
>         at io.undertow.servlet.handlers.security.
> SSLInformationAssociationHandler.handleRequest(
> SSLInformationAssociationHandler.java:131)
>         at io.undertow.servlet.handlers.security.
> ServletAuthenticationCallHandler.handleRequest(
> ServletAuthenticationCallHandler.java:57)
>         at io.undertow.server.handlers.PredicateHandler.handleRequest(
> PredicateHandler.java:43)
>         at io.undertow.security.handlers.AbstractConfidentialityHandler
> .handleRequest(AbstractConfidentialityHandler.java:46)
>         at io.undertow.servlet.handlers.security.
> ServletConfidentialityConstraintHandler.handleRequest(
> ServletConfidentialityConstraintHandler.java:64)
>         at io.undertow.security.handlers.AuthenticationMechanismsHandle
> r.handleRequest(AuthenticationMechanismsHandler.java:60)
>         at io.undertow.servlet.handlers.security.
> CachedAuthenticatedSessionHandler.handleRequest(
> CachedAuthenticatedSessionHandler.java:77)
>         at io.undertow.security.handlers.NotificationReceiverHandler.
> handleRequest(NotificationReceiverHandler.java:50)
>         at io.undertow.security.handlers.AbstractSecurityContextAssocia
> tionHandler.handleRequest(AbstractSecurityContextAssocia
> tionHandler.java:43)
>         at io.undertow.server.handlers.PredicateHandler.handleRequest(
> PredicateHandler.java:43)
>         at org.wildfly.extension.undertow.security.jacc.
> JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
>         at io.undertow.server.handlers.PredicateHandler.handleRequest(
> PredicateHandler.java:43)
>         at io.undertow.server.handlers.PredicateHandler.handleRequest(
> PredicateHandler.java:43)
>         at io.undertow.servlet.handlers.ServletInitialHandler.
> handleFirstRequest(ServletInitialHandler.java:284)
>         at io.undertow.servlet.handlers.ServletInitialHandler.
> dispatchRequest(ServletInitialHandler.java:263)
>         at io.undertow.servlet.handlers.ServletInitialHandler.access$
> 000(ServletInitialHandler.java:81)
>         at io.undertow.servlet.handlers.ServletInitialHandler$1.
> handleRequest(ServletInitialHandler.java:174)
>         at io.undertow.server.Connectors.executeRootHandler(Connectors.
> java:202)
>         at io.undertow.server.HttpServerExchange$1.run(
> HttpServerExchange.java:793)
>         at java.util.concurrent.ThreadPoolExecutor.runWorker(
> ThreadPoolExecutor.java:1142)
>         at java.util.concurrent.ThreadPoolExecutor$Worker.run(
> ThreadPoolExecutor.java:617)
>         at java.lang.Thread.run(Thread.java:745)
> Caused by: java.lang.RuntimeException: java.lang.IllegalArgumentException:
> No such provider 'hmac-generated'
>         at org.keycloak.models.utils.ComponentUtil.
> getComponentConfigProperties(ComponentUtil.java:69)
>         at org.keycloak.models.utils.ComponentUtil.
> getComponentConfigProperties(ComponentUtil.java:39)
>         at org.keycloak.models.utils.StripSecretsUtils.strip(
> StripSecretsUtils.java:39)
>         at org.keycloak.models.utils.ModelToRepresentation.
> toRepresentation(ModelToRepresentation.java:815)
>         at org.keycloak.services.resources.admin.ComponentResource.
> getComponents(ComponentResource.java:118)
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>         at sun.reflect.NativeMethodAccessorImpl.invoke(
> NativeMethodAccessorImpl.java:62)
>         at sun.reflect.DelegatingMethodAccessorImpl.invoke(
> DelegatingMethodAccessorImpl.java:43)
>         at java.lang.reflect.Method.invoke(Method.java:498)
>         at org.jboss.resteasy.core.MethodInjectorImpl.invoke(
> MethodInjectorImpl.java:139)
>         at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(
> ResourceMethodInvoker.java:295)
>         at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(
> ResourceMethodInvoker.java:249)
>         at org.jboss.resteasy.core.ResourceLocatorInvoker.
> invokeOnTargetObject(ResourceLocatorInvoker.java:138)
>         at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(
> ResourceLocatorInvoker.java:107)
>         at org.jboss.resteasy.core.ResourceLocatorInvoker.
> invokeOnTargetObject(ResourceLocatorInvoker.java:133)
>         at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(
> ResourceLocatorInvoker.java:107)
>         at org.jboss.resteasy.core.ResourceLocatorInvoker.
> invokeOnTargetObject(ResourceLocatorInvoker.java:133)
>         at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(
> ResourceLocatorInvoker.java:101)
>         at org.jboss.resteasy.core.SynchronousDispatcher.invoke(
> SynchronousDispatcher.java:395)
>         ... 37 more
> Caused by: java.lang.IllegalArgumentException: No such provider
> 'hmac-generated'
>         at org.keycloak.models.utils.ComponentUtil.getComponentFactory(
> ComponentUtil.java:81)
>         at org.keycloak.models.utils.ComponentUtil.
> getComponentConfigProperties(ComponentUtil.java:56)
>         ... 55 more
>
>
> But when I check the keycloak database, seems that the key and provider
> are there.
> Any thoughts?
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user


More information about the keycloak-user mailing list