[keycloak-user] S3_ping authentication problem
For Ever
forsudden at gmail.com
Thu May 17 16:44:38 EDT 2018
Hello Everyone:
I'm trying to etup clustering with S3_ping. I'm getting
the below error message when starting up Keycloak in standalone clustered
mode.
NOTE:
I did a test as the user on my Linux node using awscli. The
username on the Linux box is the same as the IAM user in AWS. I gave
list,read and write permisison(Policy) for the user in IAM
20:37:04,480 ERROR [org.jboss.as.controller.management-operation]
(Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([
("subsystem" => "jgroups"),
("channel" => "ee")
]) - failure description: {"WFLYCTL0080: Failed services" => {"
org.wildfly.clustering.jgroups.channel.ee" => "java.io.IOException: bucket
's3-ping-keycloak-sothebys-dev' could not be accessed (rsp=403 (Forbidden).
Maybe the bucket is owned by somebody else or the authentication failed
Caused by: java.io.IOException: bucket 's3-ping-keycloak-sothebys-dev'
could not be accessed (rsp=403 (Forbidden). Maybe the bucket is owned by
somebody else or the authentication failed"}}
###standaline-ha.xml snippet.
<stack name="tcp">
<transport type="TCP" socket-binding="jgroups-tcp"/>
<socket-protocol type="MPING"
socket-binding="jgroups-mping"/>
<protocol type="MERGE3"/>
<protocol type="S3_PING">
<property name="access_key">
blahblah
</property>
<property name="secret_access_key">
blahblah
</property>
<property name="location">
s3-ping-somebucket
</property>
</protocol>
More information about the keycloak-user
mailing list