[keycloak-user] error when an id is present in different realm

Julien Lambot jlambot at gmail.com
Thu Dec 21 10:05:31 EST 2017 

Hi List

Nice to meet you

We have implemented several Keycloak servers with an ldap (AD) user
federation.
Our configuration has several realms (e.g.: one for internal users and one
for our customers)

The issue is that sometimes some users cannot login as the login key
(username) seems to be duplicated. Though, it's not currently duplicated in
the same realm. (logs bellow).
We are wondering how the unicity of the users are verified.
Because, we could have some "Pierre Dupont" in several realms and this
would be anoying not to permit them to connect.

Hope i'm clear and thanks for all the good stuff in Keycloak.

Regards



2017-12-21 15:13:26,655 ERROR [org.jboss.resteasy.resteasy_jaxrs.i18n]
(default task-1) RESTEASY002005: Failed executing GET /admin/realms/master:
org.jboss.resteasy.spi.UnauthorizedException: Bearer
    at
org.keycloak.services.resources.admin.AdminRoot.authenticateRealmAdminRequest(AdminRoot.java:180)
    at
org.keycloak.services.resources.admin.AdminRoot.getRealmsAdmin(AdminRoot.java:211)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:497)
    at
org.jboss.resteasy.core.ResourceLocatorInvoker.createResource(ResourceLocatorInvoker.java:79)
    at
org.jboss.resteasy.core.ResourceLocatorInvoker.createResource(ResourceLocatorInvoker.java:58)
    at
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:100)
    at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:395)
    at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:202)
    at
org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:221)
    at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
    at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
    at
io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
    at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
    at
org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:90)
    at
io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)
    at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
    at
io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
    at
io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
    at
io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
    at
org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
    at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
    at
io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
    at
io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
    at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
    at
io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
    at
io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
    at
io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
    at
io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
    at
io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
    at
io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
    at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
    at
org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
    at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
    at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
    at
io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:284)
    at
io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:263)
    at
io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
    at
io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:174)
    at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
    at
io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:793)
    at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
    at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
    at java.lang.Thread.run(Thread.java:745)

More information about the keycloak-user mailing list