[keycloak-user] upgrade to 3.4 issue

mj lists at merit.unu.edu
Fri Nov 17 14:02:22 EST 2017 

Hi Martin,

And that fixed it! :-)

BTW we don't need the nocanon I guess. We don't see obvious style 
issues... :-)

Thanks!
MJ

On 11/17/2017 03:33 PM, mph at tecbakery.com wrote:
> Hi
> 
> sound familiar to me :-)
> guess you forgot to add
> 
>   <socket-binding name="proxy-https" port="443"/>
> in
> <socket-binding-group name="standard-sockets" [...]
> 
> in my standalone.xml at the very bottom.
> 
> in your apache conf you need these lines:
> 
>          RequestHeader set X-Forwarded-Proto "https"
>          RequestHeader set X-Forwarded-Port "443"
> 
>          [...]
> 
>          ProxyPass / http://localhost:[port]/ nocanon
> 
> (nocanon solved a style loading issue for me)
> 
> 
> Hope it helps
> 
> Martin
> 
> 
> 
> On 17.11.2017 14:38, mj wrote:
>> Hi Stian, list,
>>
>> So, manually editing standalone.xml got me further, but not yet 100%
>> succes. :-)
>>
>> I edited standalone.xml by hand, and have things working on port 8080.
>> But we have been using keycloak 2.x / 3.x through apache2 reverse https
>> proxy, requiring the following config in standalone.xml:
>>
>>> <http-listener name="default" socket-binding="http" redirect-socket="proxy-https" proxy-address-forwarding="true" enable-http2="true"/>
>> However, keycloak 3.4 complains with this config:
>>
>>> 14:34:18,158 ERROR [org.jboss.as.controller] (Controller Boot Thread) WFLYCTL0362: Capabilities required by resource '/subsystem=undertow/server=default-server/http-listener=default' are not available:
>>>      org.wildfly.network.socket-binding.proxy-https; Possible registration points for this capability:
>>> 		/socket-binding-group=*/socket-binding=*
>>> 14:34:18,161 FATAL [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0056: Server boot has failed in an unrecoverable manner; exiting. See previous messages for details.
>>> 14:34:18,189 INFO  [org.jboss.as] (MSC service thread 1-3) WFLYSRV0050: Keycloak 3.4.0.Final (WildFly Core 3.0.1.Final) stopped in 6ms
>> Some advise would be appreciated, as we are not that experienced in
>> wildfly / java, etc.
>>
>> Or is there perhaps another (new?) way to have keycloak running on https
>> with an lets encrypt ssl certificate?
>>
>> Using the apache2 reverse proxy way has served us very well, the last years.
>>
>> Thanks!
>> MJ
>>
>> On 11/15/2017 09:26 AM, Stian Thorgersen wrote:
>>> That seems like it could be an issue caused by the fact that KC 3.3 was
>>> based on WildFly 11 Beta. You'll probably have to manually update the
>>> standalone file (or grab the one from 3.2 release if you still have that).
>>>
>>> On 14 November 2017 at 11:17, lists <lists at merit.unu.edu
>>> <mailto:lists at merit.unu.edu>> wrote:
>>>
>>>      Hi,
>>>
>>>      Today we tried to upgrade our standalone 3.3 install to 3.4, following
>>>      the docs:
>>>
>>>      - copied 3.3 /standalone/ over the 3.4 install, replacing all
>>>      - copied mysql connector in modules/system/layers/keycloak/org
>>>
>>>      But then, the standalone upgrade script doesn't work:
>>>
>>>       > root at server:/opt/keycloak-3.4.0.Final# bin/jboss-cli.sh
>>>      --file=bin/migrate-standalone.cli
>>>       > Cannot start embedded server: WFLYEMB0021: Cannot start embedded
>>>      process: Operation failed: WFLYSRV0056: Server boot has failed in an
>>>      unrecoverable manner; exiting. See previous messages for details.
>>>       > root at server:/opt/keycloak-3.4.0.Final#
>>>
>>>      When starting the 3.4 server without having run the upgrade script, we
>>>      see what the actual problem appears to be:
>>>
>>>       > OPVDX001: Validation error in standalone.xml
>>>      -----------------------------------
>>>       > |
>>>       > |  470:     </spi>
>>>       > |  471: </subsystem>
>>>       > |  472: <subsystem xmlns="urn:wildfly:elytron:1.2"
>>>      final-providers="combined-providers"
>>>      disallowed-providers="OracleUcrypto">
>>>       > |       ^^^^ Unexpected element '{urn:wildfly:elytron:1.2}subsystem'
>>>       > |
>>>       > |  473:     <providers>
>>>       > |  474:         <aggregate-providers name="combined-providers">
>>>       > |  475:             <providers name="elytron"/>
>>>       > |
>>>       > | The primary underlying error message was:
>>>       > | > ParseError at [row,col]:[472,9]
>>>       > | > Message: Unexpected element '{urn:wildfly:elytron:1.2}subsystem'
>>>       > |
>>>       >
>>>      |-------------------------------------------------------------------------------
>>>
>>>      The same standalone.xml still works in the keycloak 3.3, so it basically
>>>      seems to be ok, or not corrupt at least. This install has been upgraded
>>>      from:
>>>      3.0 -> 3.1 -> 3.3 (we skipped 3.2)
>>>
>>>      It seems that our config has to be migrated using the script, but the
>>>      upgrade-standalone.cli script will not run...
>>>
>>>      What to do?
>>>
>>>      MJ
>>>      _______________________________________________
>>>      keycloak-user mailing list
>>>      keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org>
>>>      https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>      <https://lists.jboss.org/mailman/listinfo/keycloak-user>
>>>
>>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>

More information about the keycloak-user mailing list