[keycloak-user] DBusException: "Failed to connect to bus ""Failed to auth""

Miroslav Beranič miroslav.beranic at mibesis.si
Thu Aug 15 07:06:10 EDT 2019 

Hi,

I am trying to integrate FreeIPA with Keycloak ( same issue with 6.0.0 and
8.0.0-SNAPSHOT, following line numbers are from master/8.0.0-SNAPSHOT ).

I have issue with User Federation - SSSD Provider being DISABLED.

I run on OpenJDK 8 and Fedora 31.

I run WildFly in Standalone mode, with logging set to DEBUG.

In log server.log error message is written:
"org.freedesktop.dbus.exceptions.DBusException: "Failed to connect to bus
""Failed to auth"". This is from:
org/freedesktop/dbus/Transport.java:811
throw new IOException(getString("errorAuth"));

and

org/freedesktop/dbus/DBusConnection.java:306
throw new DBusException(getString("connectionFailure") + IOe.getMessage());

I guess this error message is not the most correct one ( or meaningful ).

Origin of the error is from:
org/freedesktop/dbus/Transport.java:488 ==>
org.freedesktop.dbus.Transport.SASL#auth, where username "root" is encoded
with stupidlyEncode(username); ( as I am on
JVM8, com.sun.security.auth.module.UnixSystem is not found ).
I get back "COMMAND_REJECTED" and as a result "state = FAILED"
( org/freedesktop/dbus/Transport.java:548 ).

I am able to execute dbus commands:

[root at sso ~]# dbus-send --print-reply --system
--dest=org.freedesktop.sssd.infopipe /org/freedesktop/sssd/infopipe
org.freedesktop.sssd.infopipe.Ping string:PING
Creating home directory for keycloak.
method return time=1565779939.956922 sender=:1.259 -> destination=:1.3491
serial=22 reply_serial=2
   string "PONG"
[root at sso ~]# echo $?
0

[root at sso ~]# dbus-send --print-reply --system
--dest=org.freedesktop.sssd.infopipe /org/freedesktop/sssd/infopipe
org.freedesktop.sssd.infopipe.GetUserGroups string:admin
method return time=1565537226.470653 sender=:1.87 -> destination=:1.104
serial=12 reply_serial=2
   array [
      string "trust admins"
      string "admins"
   ]
[root at sso ~]# echo $?
0

This terminal commands were pointed out as " self test of well configured
system ", but all of this commands work, WildFly/Keycloak on the other hand
rejects SSSD discovery.

Is it possible I am missing some SELinux setting? Is there a way to test
and get to this failure without WildFly -- by using terminal commands, that
I could pinpoint what is the problem.

I was working after steps presented by "Christian Heimes - Identity
management, single sign-on and certificates with FreeIPA" and "scott
poore's blog / How to setup Keycloak".

What am I missing? Is there some test I can run from Keycloak source, to
check beforehand, what is wrong?


Thanks a lot.


Kind Regards,
Miroslav

More information about the keycloak-user mailing list