I am having keycloak running on docker container version 15.0.2 , Java version 1.8.0_181
OS - Windows server 2016 10.0
ERROR [org.keycloak.services] (default task-2) KC-SERVICES0029: Failed to send email: javax.mail.AuthenticationFailedException: 421 4.7.66 TLS 1.0 and 1.1 are not supported. Please upgrade/update your client to support TLS 1.2
Click here to see details of Keycloak server info
Related
I've turned on less secured apps on google.
Checked use SMTP Authentication in Jenkins.
Tried using AWS Simple email service too.
But still, Authentication required error is showing up
Error logs using Google SMTP
ERROR: 530-5.5.1 Authentication Required. Learn more at
530 5.5.1 https://support.google.com/mail/?p=WantAuthError x9sm20383081pje.27 - gsmtp
com.sun.mail.smtp.SMTPSendFailedException: 530-5.5.1 Authentication Required. Learn more at
530 5.5.1 https://support.google.com/mail/?p=WantAuthError x9sm20383081pje.27 - gsmtp
at com.sun.mail.smtp.SMTPTransport.issueSendCommand(SMTPTransport.java:2057)
at com.sun.mail.smtp.SMTPTransport.mailFrom(SMTPTransport.java:1580)
at com.sun.mail.smtp.SMTPTransport.sendMessage(SMTPTransport.java:1097)
at javax.mail.Transport.send0(Transport.java:195)
at javax.mail.Transport.send(Transport.java:124)
at hudson.tasks.MailSender.run(MailSender.java:130)
at hudson.tasks.Mailer.perform(Mailer.java:175)
at hudson.tasks.Mailer.perform(Mailer.java:138)
at hudson.tasks.BuildStepMonitor$1.perform(BuildStepMonitor.java:20)
at hudson.model.AbstractBuild$AbstractBuildExecution.perform(AbstractBuild.java:741)
at hudson.model.AbstractBuild$AbstractBuildExecution.performAllBuildSteps(AbstractBuild.java:690)
at hudson.model.Build$BuildExecution.post2(Build.java:186)
at hudson.model.AbstractBuild$AbstractBuildExecution.post(AbstractBuild.java:635)
at hudson.model.Run.execute(Run.java:1840)
at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43)
at hudson.model.ResourceController.execute(ResourceController.java:97)
at hudson.model.Executor.run(Executor.java:429)
Finished: FAILURE
Error logs using using AWS Simple Email Service
ERROR: 530 Authentication required
com.sun.mail.smtp.SMTPSendFailedException: 530 Authentication required
at com.sun.mail.smtp.SMTPTransport.issueSendCommand(SMTPTransport.java:2057)
at com.sun.mail.smtp.SMTPTransport.mailFrom(SMTPTransport.java:1580)
at com.sun.mail.smtp.SMTPTransport.sendMessage(SMTPTransport.java:1097)
at javax.mail.Transport.send0(Transport.java:195)
at javax.mail.Transport.send(Transport.java:124)
at hudson.tasks.MailSender.run(MailSender.java:130)
at hudson.tasks.Mailer.perform(Mailer.java:175)
at hudson.tasks.Mailer.perform(Mailer.java:138)
at hudson.tasks.BuildStepMonitor$1.perform(BuildStepMonitor.java:20)
at hudson.model.AbstractBuild$AbstractBuildExecution.perform(AbstractBuild.java:741)
at hudson.model.AbstractBuild$AbstractBuildExecution.performAllBuildSteps(AbstractBuild.java:690)
at hudson.model.Build$BuildExecution.post2(Build.java:186)
at hudson.model.AbstractBuild$AbstractBuildExecution.post(AbstractBuild.java:635)
at hudson.model.Run.execute(Run.java:1840)
at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43)
at hudson.model.ResourceController.execute(ResourceController.java:97)
at hudson.model.Executor.run(Executor.java:429)
Finished: FAILURE
I'm running CAS server and mongoDB in containers and I'm trying log in to CAS but I receive error message (user is not authenticated).
Containers for CAS and mongoDB are in this same network "cas_net"
2018-11-08 20:54:13,595 DEBUG [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - <[MongoAuthenticationHandler] exception details: [Failed to validate credentials: Timed out after 30000 ms while waiting for a server that matches ReadPreferenceServerSelector{readPreference=primary}. Client view of cluster state is {type=UNKNOWN, servers=[{address=172.18.0.3:27017, type=UNKNOWN, state=CONNECTING, exception={com.mongodb.MongoSecurityException: Exception authenticating MongoCredential{mechanism=null, userName='root', source='cas', password=<hidden>, mechanismProperties={}}}, caused by {com.mongodb.MongoCommandException: Command failed with error 18: 'Authentication failed.' on server 172.18.0.3:27017. The full response is { "ok" : 0.0, "errmsg" : "Authentication failed.", "code" : 18, "codeName" : "AuthenticationFailed" }}}]].>
2018-11-08 20:54:13,597 ERROR [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - <Authentication has failed. Credentials may be incorrect or CAS cannot find authentication handler that supports [casuser] of type [UsernamePasswordCredential].>
2018-11-08 20:54:13,601 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: casuser
WHAT: Supplied credentials: [casuser]
ACTION: AUTHENTICATION_SUCCESS
APPLICATION: CAS
WHEN: Thu Nov 08 20:54:13 UTC 2018
CLIENT IP ADDRESS: 172.17.0.1
SERVER IP ADDRESS: 172.17.0.4
=============================================================
cas.properties file
cas.server.name: https://localhost:8443
cas.server.prefix: https://localhost:8443/cas
cas.adminPagesSecurity.ip=127\.0\.0\.1
logging.config: file:/etc/cas/config/log4j2.xml
cas.serviceRegistry.config.location: classpath:/services
#SSL
server.ssl.enable=true
server.ssl.keyStore=file:/etc/cas/thekeystore
server.ssl.keyStorePassword=****
server.ssl.keyPassword=****
#MongoDB Auth
cas.authn.mongo.mongoHostUri=mongodb://root:*****#172.18.0.3:27017/cas
cas.authn.mongo.usernameAttribute=username
cas.authn.mongo.attributes=first_name,last_name
cas.authn.mongo.passwordAttribute=password
cas.authn.mongo.collectionName=users
logging.level.org.apereo=DEBUG
cas.authn.accept.users=
Consider turning on DEBUG logs for mongodb. The packages you need at DEBUG are org.pac4j, com.mongodb so you can get more info.
It's possible that your credentials root:***** are not found in the cas database, or that they dont have the right permissions.
I have tried Developer Studio 11.3.0, and 12.0.0. I've tried EAP 6.4.0, and 7.1.0. Everything gives me the same error. I've run it with servers in RHEL on AWS and a DevStudio in Windows 10 or Windows 7. I've run it with server and DevStudio on the same Fedora system. Always the same error when I try to "start" the remote server:
The initialization produced an exception, which can occur due to incorrect security credentials. Please review the exception messages by clicking the Details button.
* java.io.IOException: java.net.ConnectException: WFLYPRT0053: Could not connect to http-remoting://LOCALHOST:9990. The connection failed
* java.net.ConnectException: WFLYPRT0053: Could not connect to http-remoting://LOCALHOST:9990. The connection failed
* WFLYPRT0053: Could not connect to http-remoting://LOCALHOST:9990. The connection failed
* Authentication failed: all available authentication mechanisms failed:
JBOSS-LOCAL-USER: javax.security.sasl.SaslException: ELY05128: [JBOSS-LOCAL-USER] Failed to read challenge file [Caused by java.io.FileNotFoundException: /datavirt/jboss/EAP-7.1.0/standalone/tmp/auth/local3848441195962286340.challenge (Permission denied)]
DIGEST-MD5: javax.security.sasl.SaslException: DIGEST-MD5: Server rejected authentication
Here's a bit of the server.log file, where things go wrong. (It's slightly different in 6.4.0, but not substantially.)
2018-09-01 23:20:52,946 TRACE [org.jboss.remoting.endpoint] (management I/O-2) Allocated tick to 8 of endpoint "miramanee:MANAGEMENT" <68fb9f51> (opened org.jboss.remoting3.EndpointImpl$TrackingExecutor#18776914)
2018-09-01 23:20:52,946 TRACE [org.xnio.nio] (management I/O-2) Running task org.jboss.remoting3.remote.ServerConnectionOpenListener$2#228e4439
2018-09-01 23:20:52,946 TRACE [org.xnio.nio.selector] (management I/O-2) Beginning select on sun.nio.ch.EPollSelectorImpl#617c6bff (with timeout)
2018-09-01 23:20:52,946 TRACE [org.xnio.nio] (management I/O-2) Select, queue is empty
2018-09-01 23:20:52,946 TRACE [org.wildfly.security] (management task-7) Handling RealmCallback: selected = [ManagementRealm]
2018-09-01 23:20:52,946 TRACE [org.wildfly.security] (management task-7) Handling NameCallback: authenticationName = admin
2018-09-01 23:20:52,946 TRACE [org.wildfly.security] (management task-7) Principal assigning: [admin], pre-realm rewritten: [admin#ManagementRealm], realm name: [DIGEST], post-realm rewritten: [admin#ManagementRealm], realm rewritten: [admin#ManagementRealm]
2018-09-01 23:20:52,947 TRACE [org.wildfly.security] (management task-7) Handling CredentialCallback: obtained credential for correct realm "ManagementRealm"
2018-09-01 23:20:52,947 TRACE [org.wildfly.security] (management task-7) Handling CredentialCallback: obtained credential: org.wildfly.security.credential.PasswordCredential#b75f36fa
2018-09-01 23:20:52,947 TRACE [org.jboss.remoting.remote.server] (management task-7) Server sending authentication rejected: javax.security.sasl.SaslException: ELY05055: [DIGEST-MD5] Authentication rejected (invalid proof)
at org.wildfly.security.sasl.digest.DigestSaslServer.validateDigestResponse(DigestSaslServer.java:281)
at org.wildfly.security.sasl.digest.DigestSaslServer.evaluateMessage(DigestSaslServer.java:358)
at org.wildfly.security.sasl.util.AbstractSaslParticipant.evaluateMessage(AbstractSaslParticipant.java:180)
at org.wildfly.security.sasl.digest.DigestSaslServer.evaluateResponse(DigestSaslServer.java:331)
at org.wildfly.security.sasl.util.AuthenticationCompleteCallbackSaslServerFactory$1.evaluateResponse(AuthenticationCompleteCallbackSaslServerFactory.java:58)
at org.wildfly.security.sasl.util.AuthenticationTimeoutSaslServerFactory$DelegatingTimeoutSaslServer.evaluateResponse(AuthenticationTimeoutSaslServerFactory.java:106)
I am plumb stumped.
If you want to get it going quickly for learning/etc, then I can just say what I'm doing. I have RHEL 7 & EAP 7.1. I'm using dev studio 12 on same machine. When I added a server into dev studio, I had option to select local or remote. I selected local and had no problems starting via dev studio. The user I'm running dev studio with also has permissions to EAP home directory (I see file perm errors in your error). I also chose management options vs. Filesystem and shell operations. I also test, and this worked picking remote as well. But again, same server for everything/same localhost.
I installed a MongoDB server 4.0 Enterprise Edition on a Windows Server 2012 R2 and configured kerberos authentication following the official documentation https://docs.mongodb.com/manual/tutorial/control-access-to-mongodb-windows-with-kerberos-authentication/
When I tried to connect to the MongoDB server from a client the authentication failed and I've got this error in the MongoDB server log file:
2018-07-19T16:12:00.622+0200 I ACCESS [conn4] SASL GSSAPI authentication failed for .... on $external from client .... ; BadValue: SASL(-4): no mechanism available: Unable to find a callback: 32775
Did I miss something ?
We upgraded perl on our windows server 2012 to latest stable version. Ever since we did that we are getting intermittent Cannot connect to the server errors throwing 500 error responses.
But it is so intermittent we cannot identify the problem. Here is the debug log for some idea:
DEBUG: .../IO/Socket/SSL.pm:763: done Net::SSLeay::connect -> -1
DEBUG: .../IO/Socket/SSL.pm:773: ssl handshake in progress
DEBUG: .../IO/Socket/SSL.pm:783: waiting for fd to become ready: SSL wants a read first
DEBUG: .../IO/Socket/SSL.pm:803: socket ready, retrying connect
DEBUG: .../IO/Socket/SSL.pm:759: call Net::SSLeay::connect
DEBUG: .../IO/Socket/SSL.pm:763: done Net::SSLeay::connect -> -1
DEBUG: .../IO/Socket/SSL.pm:766: local error: SSL connect attempt failed
Windows server is running IIS 7.5 and We have a valid Certificate issued by COMODO.
Any insight would be much appreciated. Please let me know if you need any further information.
So updating windows server 2012 (my OS), which has not been updated in over a year fixed the problem. There must have been some windows patch for new tls support.