Can't logout from Keycloak: localhost:80 connection refused - jboss

I have:
Keycloak running as Docker container (Image: jboss/keycloak:16.1.1)
Traefik running (Image: traefik:v2.6.0)
a small Realm called demo-realm with one client called demo-client, which is a JEE Application deployed on jboss/wildfly:17.0.1.Final and this WILDFLY Server has the Keycloak Adapter System configured as per documentation.
Traefik rules for Keycloak
"traefik.docker.network": network-kf-LOCAL
"traefik.http.routers.keycloak.rule": Host(`keycloak.localhost`)
"traefik.http.routers.keycloak.service": "keycloak-application"
"traefik.http.services.keycloak-application.loadbalancer.server.port": "8080"
I set the KEYCLOAK_FRONTEND_URL for my Keycloak service in order to make redirect to login page work because frontend request url and backend url are not the same:
KEYCLOAK_FRONTEND_URL: http://keycloak.localhost/auth
Deployment Configuration in standalone.xml of my client
<secure-deployment name="my-app.war">
<realm>${env.KEYCLOAK_REALM}</realm>
<auth-server-url>${env.KEYCLOAK_BASEURL_INTERN}</auth-server-url>
<resource>${env.KEYCLOAK_CLIENT_ID}</resource>
<ssl-required>external</ssl-required>
<public-client>true</public-client>
<principal-attribute>preferred_username</principal-attribute>
</secure-deployment>
Client Configuration inside Keycloak Admin Dashboard:
Note that my client application is also running behind Traefik using the Rule
"traefik.http.routers.traefik.rule": Host(`localhost`) && PathPrefix(`demo`)
so I dont specify a port in the client configuration inside keycloak.
Redirect to Login Screen and authentication already works, so i can enter my credentials and I'm logged in. I just can't logout or end the session.
If i try to destroy the session using both the Keycloak Administration Console or URL http://keycloak.localhost/auth/realms/demo-realm/protocol/openid-connect/logout the keycloak service logs the following:
15:22:10,893 INFO [org.jboss.as] (Controller Boot Thread) WFLYSRV0051: Admin console listening on http://127.0.0.1:9990
2022-02-14T15:23:12.847092400Z 15:23:12,846 WARN [org.keycloak.connections.httpclient.DefaultHttpClientFactory] (default task-1) TruststoreProvider is disabled
2022-02-14T15:23:12.963517200Z 15:23:12,960 WARN [org.keycloak.connections.httpclient.DefaultHttpClientFactory] (default task-1) Connect to localhost:80 [localhost/127.0.0.1] failed: Connection refused (Connection refused): org.apache.http.conn.HttpHostConnectException: Connect to localhost:80 [localhost/127.0.0.1] failed: Connection refused (Connection refused)
......
2022-02-14T15:23:12.964548700Z Caused by: java.net.ConnectException: Connection refused (Connection refused)
......
2022-02-14T15:23:12.966559000Z 15:23:12,964 WARN [org.keycloak.services] (default task-1) KC-SERVICES0057: Logout for client 'demo-client' failed: org.apache.http.conn.HttpHostConnectException: Connect to localhost:80 [localhost/127.0.0.1] failed: Connection refused (Connection refused)
Why It tries to reach localhost:80 ?? Keycloak runs on 8080. I cannot see any port 80 in the configuration of keycloak.

Related

kie server in Jboss EAP 7.4.0 localhost:8080/kie-server/services/rest/server' as failed due to Connection refused (Connection refused)

On running the command $EAP_HOME/bin/standalone.sh -c standalone-full.xml -b I'm getting error like
12:06:15,197 INFO
[org.kie.server.controller.websocket.client.WebSocketKieServerControllerImpl]
(KieServer-ControllerConnect) Kie Server points to non Web Socket
controller 'http://localhost:8080/business-central/rest/controller',
using default REST mechanism 12:06:15,198 WARN
[org.kie.server.services.impl.controller.DefaultRestControllerImpl]
(KieServer-ControllerConnect) Exception encountered while syncing with
controller at
http://localhost:8080/business-central/rest/controller/server/default-kieserver
error Connection refused (Connection refused) 12:06:19,805 WARN
[org.kie.server.client.impl.AbstractKieServicesClientImpl]
(Thread-125) Marking endpoint
'http://localhost:8080/kie-server/services/rest/server' as failed due
to Connection refused (Connection refused) 12:06:19,805 WARN
[org.kie.server.client.impl.AbstractKieServicesClientImpl]
(Thread-125) Cannot invoke request - 'No available endpoints found'
12:06:24,812 WARN
[org.kie.server.client.impl.AbstractKieServicesClientImpl]
(Thread-125) Marking endpoint
'http://localhost:8080/kie-server/services/rest/server' as failed due
to Connection refused (Connection refused) 12:06:24,812 WARN
[org.kie.server.client.impl.AbstractKieServicesClientImpl]
(Thread-125) Cannot invoke request - 'No available endpoints found'
on bind address, business central is running but I cannot find any execution server
but when I run the same command without bind address like
./standalone.sh -c standalone-full.xml
All are working properly
What would be the issue when using bind address
I'm using
rhpam 7.12.0
jboss eap 7.4.0
I've done default configuration. And I didn't change any configuration

Login Failure: Pool is empty and connection creation failed

when I tried to SSO using Shibboleth IDP, a login Error occured, when username and password was submitted as, Login Failure: Pool is empty and connection creation failed.
My error logs are as follows
==> /opt/shibboleth-idp/logs/idp-warn.log <==
at org.ldaptive.provider.jndi.JndiConnectionFactory.createInternal(JndiConnectionFactory.java:102)
Caused by: javax.naming.CommunicationException: localhost:10389
at com.sun.jndi.ldap.Connection.<init>(Connection.java:216)
Caused by: java.net.ConnectException: Connection refused (Connection refused)
at java.net.PlainSocketImpl.socketConnect(Native Method)
2018-08-13 09:32:53,752 - WARN [org.ldaptive.pool.BlockingConnectionPool:600] - unable to create active connection
2018-08-13 09:32:53,753 - ERROR [org.ldaptive.pool.BlockingConnectionPool:197] - Could not service check out request
2018-08-13 09:32:53,754 - WARN [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:192] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by admin produced exception
org.ldaptive.pool.PoolExhaustedException: Pool is empty and connection creation failed
at org.ldaptive.pool.BlockingConnectionPool.getConnection(BlockingConnectionPool.java:198)
Can anyone suggest me a way to solve this?
Old question, answer for google.
Check /opt/shibboleth-idp/conf/ldap.properties if your domain/IP and port are correct.
In my case i missed out that the image bitnami/openldap uses port 1389 by default.

JBoss EAP on Eclipse does not have jndi service

I was trying to follow some EJB tutorial, most of them started talking about JNDI, and I am having trouble to get the service running on the JBOSS AS.
I have tried both the community and EAP version of JBoss in Eclipse, but both fails.
So now whenever I run lines like BeanRemote beanRemote = (BeanRemote) context.lookup("somecontext"); it throws these error.
javax.naming.CommunicationException: Could not obtain connection to any of these urls: localhost and discovery failed with error: javax.naming.CommunicationException: Receive timed out [Root exception is java.net.SocketTimeoutException: Receive timed out] [Root exception is javax.naming.CommunicationException: Failed to connect to server localhost:1099 [Root exception is javax.naming.ServiceUnavailableException: Failed to connect to server localhost:1099 [Root exception is java.net.ConnectException: Connection refused: connect]]]
Caused by: javax.naming.CommunicationException: Failed to connect to server localhost:1099 [Root exception is javax.naming.ServiceUnavailableException: Failed to connect to server localhost:1099 [Root exception is java.net.ConnectException: Connection refused: connect]]
Caused by: javax.naming.ServiceUnavailableException: Failed to connect to server localhost:1099 [Root exception is java.net.ConnectException: Connection refused: connect]
Caused by: java.net.ConnectException: Connection refused: connect
well of course it is caused by the port not opened, but I think its because the Jboss server is not providing the service, although its web port and admin port 8080 and 9990 is working fine.
I am using eclipse Oxygen 4.7.0, I have downloaded the Red Hat JBoss developer Studio. I added the server via the "New Server" wizard, then downloaded the server runtimes within the wizard. However there just seems no way to configure jndi, nor can I find any file that is related to jndi or jnp in the downloaded path. The XML configuration showed that only Management 9990 and Web 8080 port is open.
I don't understand why is this not enabled by default, and I don't know what to do. Is JNDI configurable somewhere in the management console? please help
Turns out method of linking to jndi changed in EAP 7 from EAP 5
this articles shows the correct method.
jndi.properties has been changed to jboss-ejb-client.properties, and the standard config now becomes
endpoint.name=client-endpoint
remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED=false
remote.connections=default
remote.connection.default.host=yourhostaddress
remote.connection.default.port = 8080
remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS=false
and context lookup string has been changed to
ejb:<app-name>/<module-name>/<distinct-name>/<bean-name>!<fully-qualified-classname-of-the-remote-interface>

WildFly management via reverse proxy fails with XNIO000816: Redirect encountered establishing connection

I have Wildfly 10 running on a docker swarm cluster. All HTTP requests go to a Load Balancer (traefik). In traefik (btw. labels in docker stack yml, it works perfectly) app.wildfly.my.swarm on port 80 redirects to the Wildfly container's 8080 port and admin.wildfly.my.swarm on port 80 redirects to port 9990. In my browser everything is working fine.
But if I try to use the maven wildfly plugin for remote deployment it fails with:
[ERROR] Failed to execute goal org.wildfly.plugins:wildfly-maven-plugin:1.2.1.Final:deploy (default-cli) on project automat: Failed to execute goal deploy. java.net.ConnectException: WFLYPRT0053: Could not connect to remote+http://admin.wildfly.my.swarm:80. The connection failed: XNIO000816: Redirect encountered establishing connection -> [Help 1]
Only if I open the management port directly it works.
Is there anywhere configuration needed to be able to deploy remotely with maven wildfly plugin to wildfly which is behind a proxy?
EDIT:
If trying to connect with CLI:
./bin/jboss-cli.sh
You are disconnected at the moment. Type 'connect' to connect to the server or 'help' for the list of supported commands.
[disconnected /] connect admin.wildfly.my.swarm
The controller is not available at admin.wildfly.my.swarm:9990: java.net.ConnectException: WFLYPRT0053: Could not connect to http-remoting://admin.wildfly.my.swarm:9990. The connection failed: WFLYPRT0053: Could not connect to http-remoting://admin.wildfly.my.swarm:9990. The connection failed: Connection refused
[disconnected /] connect admin.wildfly.my.swarm:30000
Authenticating against security realm: ManagementRealm
Username: admin
Password:
Warning! There were errors trying to load extensions. For more details, please, execute 'extension-commands --errors'
[standalone#admin.wildfly.my.swarm:30000 /]
Port 30000 is auto-assigned by swarm.

Connection timeout to local JBoss 7.2.0 on osx

I'm attempting to connect to a locally deployed JBoss 7.2.0 on osx, but I get the following error message when trying to connect with the CLI:
$ bin/jboss-cli.sh
You are disconnected at the moment. Type 'connect' to connect to the server or 'help' for the list of supported commands.
[disconnected /] connect
The controller is not available at localhost:9999: java.net.ConnectException: JBAS012144: Could not connect to remote://localhost:9999. The connection timed out: JBAS012144: Could not connect to remote://localhost:9999. The connection timed out
[disconnected /]
Netstat shows:
tcp4 0 0 127.0.0.1.9999 *.* LISTEN
and the server log states:
16:24:37,118 INFO [org.jboss.as.remoting] (MSC service thread 1-3) JBAS017100: Listening on 127.0.0.1:9999
In addition to which, I can telnet to 127.0.0.1:9999 (though the connection dies due to incorrect packet size, which I presume is as intended).
I've verified that standalone.xml states 127.0.0.1 as the correct binding address and 9999 as the correct port for management-native.
Is there anything I've missed, or any other way to trouble shoot?
Yeah, a bug in OpenJDK turned out to be it.