[keycloak-user] upgrade to 3.4 issue

mj lists at merit.unu.edu
Fri Nov 17 08:38:57 EST 2017


Hi Stian, list,

So, manually editing standalone.xml got me further, but not yet 100% 
succes. :-)

I edited standalone.xml by hand, and have things working on port 8080. 
But we have been using keycloak 2.x / 3.x through apache2 reverse https 
proxy, requiring the following config in standalone.xml:

> <http-listener name="default" socket-binding="http" redirect-socket="proxy-https" proxy-address-forwarding="true" enable-http2="true"/>

However, keycloak 3.4 complains with this config:

> 14:34:18,158 ERROR [org.jboss.as.controller] (Controller Boot Thread) WFLYCTL0362: Capabilities required by resource '/subsystem=undertow/server=default-server/http-listener=default' are not available:
>     org.wildfly.network.socket-binding.proxy-https; Possible registration points for this capability: 
> 		/socket-binding-group=*/socket-binding=*
> 14:34:18,161 FATAL [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0056: Server boot has failed in an unrecoverable manner; exiting. See previous messages for details.
> 14:34:18,189 INFO  [org.jboss.as] (MSC service thread 1-3) WFLYSRV0050: Keycloak 3.4.0.Final (WildFly Core 3.0.1.Final) stopped in 6ms

Some advise would be appreciated, as we are not that experienced in 
wildfly / java, etc.

Or is there perhaps another (new?) way to have keycloak running on https 
with an lets encrypt ssl certificate?

Using the apache2 reverse proxy way has served us very well, the last years.

Thanks!
MJ

On 11/15/2017 09:26 AM, Stian Thorgersen wrote:
> That seems like it could be an issue caused by the fact that KC 3.3 was 
> based on WildFly 11 Beta. You'll probably have to manually update the 
> standalone file (or grab the one from 3.2 release if you still have that).
> 
> On 14 November 2017 at 11:17, lists <lists at merit.unu.edu 
> <mailto:lists at merit.unu.edu>> wrote:
> 
>     Hi,
> 
>     Today we tried to upgrade our standalone 3.3 install to 3.4, following
>     the docs:
> 
>     - copied 3.3 /standalone/ over the 3.4 install, replacing all
>     - copied mysql connector in modules/system/layers/keycloak/org
> 
>     But then, the standalone upgrade script doesn't work:
> 
>      > root at server:/opt/keycloak-3.4.0.Final# bin/jboss-cli.sh
>     --file=bin/migrate-standalone.cli
>      > Cannot start embedded server: WFLYEMB0021: Cannot start embedded
>     process: Operation failed: WFLYSRV0056: Server boot has failed in an
>     unrecoverable manner; exiting. See previous messages for details.
>      > root at server:/opt/keycloak-3.4.0.Final#
> 
>     When starting the 3.4 server without having run the upgrade script, we
>     see what the actual problem appears to be:
> 
>      > OPVDX001: Validation error in standalone.xml
>     -----------------------------------
>      > |
>      > |  470:     </spi>
>      > |  471: </subsystem>
>      > |  472: <subsystem xmlns="urn:wildfly:elytron:1.2"
>     final-providers="combined-providers"
>     disallowed-providers="OracleUcrypto">
>      > |       ^^^^ Unexpected element '{urn:wildfly:elytron:1.2}subsystem'
>      > |
>      > |  473:     <providers>
>      > |  474:         <aggregate-providers name="combined-providers">
>      > |  475:             <providers name="elytron"/>
>      > |
>      > | The primary underlying error message was:
>      > | > ParseError at [row,col]:[472,9]
>      > | > Message: Unexpected element '{urn:wildfly:elytron:1.2}subsystem'
>      > |
>      >
>     |-------------------------------------------------------------------------------
> 
>     The same standalone.xml still works in the keycloak 3.3, so it basically
>     seems to be ok, or not corrupt at least. This install has been upgraded
>     from:
>     3.0 -> 3.1 -> 3.3 (we skipped 3.2)
> 
>     It seems that our config has to be migrated using the script, but the
>     upgrade-standalone.cli script will not run...
> 
>     What to do?
> 
>     MJ
>     _______________________________________________
>     keycloak-user mailing list
>     keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org>
>     https://lists.jboss.org/mailman/listinfo/keycloak-user
>     <https://lists.jboss.org/mailman/listinfo/keycloak-user>
> 
> 


More information about the keycloak-user mailing list