[keycloak-user] S3_ping authentication problem

For Ever forsudden at gmail.com
Thu May 17 16:44:38 EDT 2018


Hello Everyone:

                  I'm trying to etup clustering with S3_ping.  I'm getting
the below error message when starting up Keycloak in standalone clustered
mode.




NOTE:

            I did a test as the user on my Linux node using awscli.  The
username on the Linux box is the same as the IAM user in AWS.  I gave
list,read and write permisison(Policy) for the user in IAM

20:37:04,480 ERROR [org.jboss.as.controller.management-operation]
(Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([
    ("subsystem" => "jgroups"),
    ("channel" => "ee")
]) - failure description: {"WFLYCTL0080: Failed services" => {"
org.wildfly.clustering.jgroups.channel.ee" => "java.io.IOException: bucket
's3-ping-keycloak-sothebys-dev' could not be accessed (rsp=403 (Forbidden).
Maybe the bucket is owned by somebody else or the authentication failed
    Caused by: java.io.IOException: bucket 's3-ping-keycloak-sothebys-dev'
could not be accessed (rsp=403 (Forbidden). Maybe the bucket is owned by
somebody else or the authentication failed"}}




###standaline-ha.xml snippet.

<stack name="tcp">
                    <transport type="TCP" socket-binding="jgroups-tcp"/>
                    <socket-protocol type="MPING"
socket-binding="jgroups-mping"/>
                    <protocol type="MERGE3"/>
                    <protocol type="S3_PING">
                        <property name="access_key">
                            blahblah
                        </property>
                        <property name="secret_access_key">
                           blahblah
                        </property>
                        <property name="location">
                           s3-ping-somebucket
                        </property>
                    </protocol>


More information about the keycloak-user mailing list