[keycloak-user] Keycloak will run server-jre only

Subodh Joshi subodhcjoshi82 at gmail.com
Mon Mar 26 03:30:30 EDT 2018


Ok As per Stackoverflow reply




*That looks like the very common Oracle/Sun crypto-limited-to-128-bits
issue, for which there are already about a hundred Qs, except that should
apply equally to Oracle/Sun JDK, (client) JRE, AND server-JRE when that
exists (last 1.5 years), and 8u161 or 162, or 9, of any of those -- or any
OpenJDK since forever -- should fix it. – *
So its known issue and keycloak also come under it



* All variants of Oracle 8u161 and 162 (JDK, client JRE, server-JRE) fixed
the crypto-limited-policy issue (by making it configurable but default to
unlimited), which I think (but cannot be absolutely certain) is the issue
you have. (OpenJDK is built differently and never had this problem in any
version.) *

On Fri, Mar 23, 2018 at 3:35 PM, Bruno Oliveira <bruno at abstractj.org> wrote:

> I believe that for Oracle JRE you have to install JCE[1].
>
> [1] - http://www.oracle.com/technetwork/java/javase/
> downloads/jce8-download-2133166.html
>
> On 2018-03-23, Subodh Joshi wrote:
> > Hi Team,
> >
> > Is their any restriction that keycloak will work with server-jre only and
> > not with client-jre ?
> > In my linux machine we have following version installed
> >
> >  /usr/sbin/alternatives --config java
> >
> > There are 2 programs which provide 'java'.
> >
> >   Selection    Command
> > -----------------------------------------------
> > *  1           java-1.8.0-openjdk.x86_64
> > (/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.141-2.b16.el7_4.
> x86_64/jre/bin/java)
> >  + 2           /usr/java/jre1.8.0_102/bin/java
> >
> > Then its working fine with openjdk but keycloak not coming up with Oracle
> > client-jre and giving this exception
> >
> > 2018-03-22 12:30:56,163 ERROR
> > [org.jboss.as.controller.management-operation] (ServerService Thread
> > Pool -- 26) WFLYCTL0013: Operation ("add") failed - address: ([
> >     ("subsystem" => "datasources"),
> >     ("data-source" => "KeycloakDS")
> > ]): org.jboss.as.server.services.security.VaultReaderException:
> > WFLYSRV0227: Security exception accessing the vault
> >         at org.jboss.as.server.services.security.RuntimeVaultReader.
> retrieveFromVault(RuntimeVaultReader.java:124)
> >         at org.jboss.as.server.RuntimeExpressionResolver.
> resolvePluggableExpression(RuntimeExpressionResolver.java:65)
> >         at org.jboss.as.controller.ExpressionResolverImpl.
> resolveExpressionString(ExpressionResolverImpl.java:341)
> >         at org.jboss.as.controller.ExpressionResolverImpl.
> parseAndResolve(ExpressionResolverImpl.java:246)
> >         at org.jboss.as.controller.ExpressionResolverImpl.
> resolveExpressionStringRecursively(ExpressionResolverImpl.java:143)
> >         at org.jboss.as.controller.ExpressionResolverImpl.
> resolveExpressionsRecursively(ExpressionResolverImpl.java:84)
> >         at org.jboss.as.controller.ExpressionResolverImpl.
> resolveExpressions(ExpressionResolverImpl.java:66)
> >         at org.jboss.as.controller.ModelControllerImpl.
> resolveExpressions(ModelControllerImpl.java:868)
> >         at org.jboss.as.controller.OperationContextImpl.
> resolveExpressions(OperationContextImpl.java:1269)
> >         at org.jboss.as.controller.ParallelBootOperationContext.
> resolveExpressions(ParallelBootOperationContext.java:438)
> >         at org.jboss.as.controller.AttributeDefinition$1.
> resolveExpressions(AttributeDefinition.java:619)
> >         at org.jboss.as.controller.AttributeDefinition.resolveValue(
> AttributeDefinition.java:683)
> >         at org.jboss.as.controller.AttributeDefinition.
> resolveModelAttribute(AttributeDefinition.java:642)
> >         at org.jboss.as.controller.AttributeDefinition.
> resolveModelAttribute(AttributeDefinition.java:616)
> >         at org.jboss.as.connector.util.ModelNodeUtil.
> getResolvedStringIfSetOrGetDefault(ModelNodeUtil.java:35)
> >         at org.jboss.as.connector.subsystems.datasources.
> DataSourceModelNodeUtil.from(DataSourceModelNodeUtil.java:178)
> >         at org.jboss.as.connector.subsystems.datasources.
> AbstractDataSourceAdd.secondRuntimeStep(AbstractDataSourceAdd.java:348)
> >         at org.jboss.as.connector.subsystems.datasources.
> AbstractDataSourceAdd$1.execute(AbstractDataSourceAdd.java:133)
> >         at org.jboss.as.controller.AbstractOperationContext.executeStep(
> AbstractOperationContext.java:980)
> >         at org.jboss.as.controller.AbstractOperationContext.
> processStages(AbstractOperationContext.java:726)
> >         at org.jboss.as.controller.AbstractOperationContext.
> executeOperation(AbstractOperationContext.java:450)
> >         at org.jboss.as.controller.ParallelBootOperationStepHandl
> er$ParallelBootTask.run(ParallelBootOperationStepHandler.java:386)
> >         at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown
> Source)
> >         at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown
> Source)
> >         at java.lang.Thread.run(Unknown Source)
> >         at org.jboss.threads.JBossThread.run(JBossThread.java:320)
> > Caused by: org.jboss.security.vault.SecurityVaultException:
> > java.security.InvalidKeyException: Illegal key size or default
> > parameters
> >         at org.picketbox.plugins.vault.PicketBoxSecurityVault.retrieve(
> PicketBoxSecurityVault.java:297)
> >         at org.jboss.as.server.services.security.RuntimeVaultReader.
> getValue(RuntimeVaultReader.java:157)
> >         at org.jboss.as.server.services.security.RuntimeVaultReader.
> retrieveFromVault(RuntimeVaultReader.java:110)
> >         ... 25 more
> > Caused by: java.security.InvalidKeyException: Illegal key size or
> > default parameters
> >         at javax.crypto.Cipher.checkCryptoPerm(Cipher.java:1026)
> >         at javax.crypto.Cipher.implInit(Cipher.java:801)
> >
> >
> > But same setup working with *open-jdk *without any issue after that i
> > updated the Oracle Java and used *server-jre *
> >
> > [root at ha1 ~]#  /usr/sbin/alternatives --config java
> >
> > There are 2 programs which provide 'java'.
> >
> >   Selection    Command
> > -----------------------------------------------
> > *  1           java-1.8.0-openjdk.x86_64
> > (/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.141-2.b16.el7_4.
> x86_64/jre/bin/java)
> >  + 2           /usr/java/jre1.8.0_102/bin/java
> >
> > This time it worked totally fine and keycloak running without any issue .
> > --
> > Subodh Chandra Joshi
> >   <subodh1_joshi82 at yahoo.co.in>
> > http://www.questioninmind.com
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
>
> --
>
> abstractj
>



-- 
Subodh Chandra Joshi
subodh1_joshi82 at yahoo.co.in
http://www.trendsinnews.com


More information about the keycloak-user mailing list