Account Console internal server error on all buttons - keycloak

Using the keycloak docker image (11.0.1), as a user I can login to
http://localhost:9990/auth/realms/myrealm/account/
But when I click on any button (e.g. cancel on the edit account page), it shows:
We are sorry...
An internal server error has occurred
I looked in to the dev tools and see that the POST http://localhost:9990/auth/realms/myrealm/account/ results in a 403 Forbidden.
I checked the effective roles of that specific user. In Role Mappings > Client Roles > Account > it shows manage-account and view-profile as effective permissions.
Also, the keycloak server logs show nothing that would help me to understand what the problem is (having set ROOT_LOGLEVEL: ALL and KEYCLOAK_LOGLEVEL: ALL)
keycloak_1 | 23:11:55,143 DEBUG [io.undertow.request] (default I/O-11) Matched prefix path /auth for path /auth/realms/myrealm/account/
keycloak_1 | 23:11:55,145 DEBUG [io.undertow.request.security] (default task-1) Attempting to authenticate /auth/realms/myrealm/account/, authentication required: false
keycloak_1 | 23:11:55,145 DEBUG [io.undertow.request.security] (default task-1) Authentication outcome was NOT_ATTEMPTED with method io.undertow.security.impl.CachedAuthenticatedSessionMechanism#66fae46c for /auth/realms/myrealm/account/
keycloak_1 | 23:11:55,145 DEBUG [io.undertow.request.security] (default task-1) Authentication result was ATTEMPTED for /auth/realms/myrealm/account/
keycloak_1 | 23:11:55,145 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (default task-1) new JtaTransactionWrapper
keycloak_1 | 23:11:55,145 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (default task-1) was existing? false
keycloak_1 | 23:11:55,147 DEBUG [org.jboss.resteasy.resteasy_jaxrs.i18n] (default task-1) RESTEASY002315: PathInfo: /realms/myrealm/account/
keycloak_1 | 23:11:55,147 TRACE [org.keycloak.models.cache.infinispan.RealmCacheSession] (default task-1) realm by name cache hit: myrealm
keycloak_1 | 23:11:55,147 TRACE [org.keycloak.models.cache.infinispan.RealmCacheSession] (default task-1) by id cache hit: myrealm
keycloak_1 | 23:11:55,148 TRACE [org.keycloak.models.cache.infinispan.RealmCacheSession] (default task-1) client by name cache hit: account
keycloak_1 | 23:11:55,148 TRACE [org.keycloak.models.cache.infinispan.RealmCacheSession] (default task-1) client by id cache hit: account
keycloak_1 | 23:11:55,148 TRACE [org.keycloak.connections.jpa.DefaultJpaConnectionProviderFactory] (default task-1) Create JpaConnectionProvider
keycloak_1 | 23:11:55,148 DEBUG [org.hibernate.resource.transaction.backend.jta.internal.JtaTransactionCoordinatorImpl] (default task-1) Hibernate RegisteredSynchronization successfully registered with JTA platform
keycloak_1 | 23:11:55,149 DEBUG [org.keycloak.services.util.CookieHelper] (default task-1) Couldnt find cookie {0}, trying {1}
keycloak_1 | 23:11:55,150 TRACE [org.keycloak.keys.DefaultKeyManager] (default task-1) Found key: realm=myrealm kid=cd7dde2b-a543-42cf-ba5c-f60ae03d3c78 algorithm=HS256 use=SIG
keycloak_1 | 23:11:55,150 TRACE [org.keycloak.models.cache.infinispan.RealmCacheSession] (default task-1) by id cache hit: myrealm
keycloak_1 | 23:11:55,150 TRACE [org.keycloak.models.cache.infinispan.UserCacheSession] (default task-1) getuserById a353603c-66cf-4488-bd1b-fea8ae51a9db
keycloak_1 | 23:11:55,150 TRACE [org.keycloak.models.cache.infinispan.UserCacheSession] (default task-1) getuserById a353603c-66cf-4488-bd1b-fea8ae51a9db
keycloak_1 | 23:11:55,150 TRACE [org.keycloak.models.cache.infinispan.UserCacheSession] (default task-1) return managedusers
keycloak_1 | 23:11:55,151 TRACE [org.keycloak.keys.DefaultKeyManager] (default task-1) Active key found: realm=myrealm kid=cd7dde2b-a543-42cf-ba5c-f60ae03d3c78 algorithm=HS256 use=SIG
keycloak_1 | 23:11:55,151 DEBUG [org.keycloak.services.managers.AuthenticationManager] (default task-1) Create login cookie - name: KEYCLOAK_IDENTITY, path: /auth/realms/myrealm/, max-age: -1
keycloak_1 | 23:11:55,154 TRACE [org.keycloak.models.cache.infinispan.RealmCacheSession] (default task-1) realm by name cache hit: myrealm
keycloak_1 | 23:11:55,154 TRACE [org.keycloak.models.cache.infinispan.RealmCacheSession] (default task-1) by id cache hit: myrealm
keycloak_1 | 23:11:55,155 DEBUG [freemarker.cache] (default task-1) Couldn't find template in cache for "error.ftl"("en_US", UTF-8, parsed); will try to load it.
keycloak_1 | 23:11:55,155 DEBUG [freemarker.cache] (default task-1) TemplateLoader.findTemplateSource("error_en_US.ftl"): Not found
keycloak_1 | 23:11:55,155 DEBUG [freemarker.cache] (default task-1) TemplateLoader.findTemplateSource("error_en.ftl"): Not found
keycloak_1 | 23:11:55,155 DEBUG [freemarker.cache] (default task-1) TemplateLoader.findTemplateSource("error.ftl"): Found
keycloak_1 | 23:11:55,156 DEBUG [freemarker.cache] (default task-1) Loading template for "error.ftl"("en_US", UTF-8, parsed) from "file:/opt/jboss/keycloak/themes/base/login/error.ftl"
keycloak_1 | 23:11:55,157 DEBUG [freemarker.cache] (default task-1) Couldn't find template in cache for "template.ftl"("en_US", UTF-8, parsed); will try to load it.
keycloak_1 | 23:11:55,157 DEBUG [freemarker.cache] (default task-1) TemplateLoader.findTemplateSource("template_en_US.ftl"): Not found
keycloak_1 | 23:11:55,157 DEBUG [freemarker.cache] (default task-1) TemplateLoader.findTemplateSource("template_en.ftl"): Not found
keycloak_1 | 23:11:55,158 DEBUG [freemarker.cache] (default task-1) TemplateLoader.findTemplateSource("template.ftl"): Found
keycloak_1 | 23:11:55,158 DEBUG [freemarker.cache] (default task-1) Loading template for "template.ftl"("en_US", UTF-8, parsed) from "file:/opt/jboss/keycloak/themes/base/login/template.ftl"
keycloak_1 | 23:11:55,176 DEBUG [org.jboss.resteasy.resteasy_jaxrs.i18n] (default task-1) MessageBodyWriter: org.jboss.resteasy.spi.ResteasyProviderFactory$SortedKey
keycloak_1 | 23:11:55,176 DEBUG [org.jboss.resteasy.resteasy_jaxrs.i18n] (default task-1) MessageBodyWriter: org.jboss.resteasy.plugins.providers.StringTextStar
keycloak_1 | 23:11:55,176 DEBUG [org.jboss.resteasy.resteasy_jaxrs.i18n] (default task-1) MessageBodyWriter: org.jboss.resteasy.plugins.providers.StringTextStar
keycloak_1 | 23:11:55,176 DEBUG [org.jboss.resteasy.resteasy_jaxrs.i18n] (default task-1) Interceptor Context: org.jboss.resteasy.core.interception.ServerWriterInterceptorContext, Method : proceed
keycloak_1 | 23:11:55,176 DEBUG [org.jboss.resteasy.resteasy_jaxrs.i18n] (default task-1) WriterInterceptor: org.jboss.resteasy.security.doseta.DigitalSigningInterceptor
keycloak_1 | 23:11:55,176 DEBUG [org.jboss.resteasy.security.doseta.i18n] (default task-1) Interceptor : org.jboss.resteasy.security.doseta.DigitalSigningInterceptor, Method : aroundWriteTo
keycloak_1 | 23:11:55,176 DEBUG [org.jboss.resteasy.resteasy_jaxrs.i18n] (default task-1) Interceptor Context: org.jboss.resteasy.core.interception.ServerWriterInterceptorContext, Method : proceed
keycloak_1 | 23:11:55,176 DEBUG [org.jboss.resteasy.resteasy_jaxrs.i18n] (default task-1) MessageBodyWriter: org.jboss.resteasy.spi.ResteasyProviderFactory$SortedKey
keycloak_1 | 23:11:55,176 DEBUG [org.jboss.resteasy.resteasy_jaxrs.i18n] (default task-1) MessageBodyWriter: org.jboss.resteasy.plugins.providers.StringTextStar
keycloak_1 | 23:11:55,177 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (default task-1) JtaTransactionWrapper rollback
keycloak_1 | 23:11:55,177 DEBUG [org.hibernate.resource.jdbc.internal.LogicalConnectionManagedImpl] (default task-1) Initiating JDBC connection release from afterTransaction
keycloak_1 | 23:11:55,177 DEBUG [org.hibernate.engine.transaction.internal.TransactionImpl] (default task-1) On TransactionImpl creation, JpaCompliance#isJpaTransactionComplianceEnabled == false
keycloak_1 | 23:11:55,177 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (default task-1) JtaTransactionWrapper end
keycloak_1 | 23:11:55,177 TRACE [org.keycloak.connections.jpa.DefaultJpaConnectionProvider] (default task-1) DefaultJpaConnectionProvider close()
keycloak_1 | 23:11:55,457 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (Timer-2) new JtaTransactionWrapper
keycloak_1 | 23:11:55,457 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (Timer-2) was existing? false
keycloak_1 | 23:11:55,457 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (Timer-2) JtaTransactionWrapper commit
keycloak_1 | 23:11:55,458 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (Timer-2) JtaTransactionWrapper end
keycloak_1 | 23:11:55,458 DEBUG [org.keycloak.services.scheduled.ScheduledTaskRunner] (Timer-2) Executed scheduled task AbstractLastSessionRefreshStoreFactory$$Lambda$2004/0x0000000841634040
What could be the issue?

Turns out it is a bug in 11.0.1 see https://issues.redhat.com/browse/KEYCLOAK-15260?jql=project%20%3D%20keycloak%20and%20fixVersion%20%3D%2011.0.2
Updating the image to 11.0.2 solves the issue.

Related

keycloak on kubernetes: x509 auth with ingress

Does anyone have an example config for x509 authentication w/ Keycloak on Kubernetes via an ingress endpoint? I have x509 working fine w/ a NodePort setup, but access via ingress fails and Keycloak cycles to the username/password form.
18:37:54,474 DEBUG [org.keycloak.authentication.AuthenticationProcessor] (default task-2) AUTHENTICATE
18:37:54,474 DEBUG [org.keycloak.authentication.AuthenticationProcessor] (default task-2) AUTHENTICATE ONLY
18:37:54,474 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-2) processFlow: x509-browser
18:37:54,475 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-2) check execution: 'auth-cookie', requirement: 'ALTERNATIVE'
18:37:54,475 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-2) authenticator: auth-cookie
18:37:54,475 DEBUG [org.keycloak.authentication.AuthenticationSelectionResolver] (default task-2) Going through the flow 'x509-browser' for adding executions
18:37:54,475 DEBUG [org.keycloak.authentication.AuthenticationSelectionResolver] (default task-2) Going through the flow 'x509-browser forms' for adding executions
18:37:54,475 DEBUG [org.keycloak.authentication.AuthenticationSelectionResolver] (default task-2) Selections when trying execution 'auth-cookie' : [ authSelection - auth-cookie, authSelection - auth-x509-client-username-form, authSelection - auth-username-password-form]
18:37:54,475 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-2) invoke authenticator.authenticate: auth-cookie
18:37:54,475 DEBUG [org.keycloak.services.util.CookieHelper] (default task-2) Could not find cookie KEYCLOAK_IDENTITY, trying KEYCLOAK_IDENTITY_LEGACY
18:37:54,475 DEBUG [org.keycloak.services.managers.AuthenticationManager] (default task-2) Could not find cookie: KEYCLOAK_IDENTITY
18:37:54,476 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-2) authenticator ATTEMPTED: auth-cookie
18:37:54,476 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-2) check execution: 'auth-x509-client-username-form', requirement: 'ALTERNATIVE'
18:37:54,476 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-2) authenticator: auth-x509-client-username-form
18:37:54,476 DEBUG [org.keycloak.authentication.AuthenticationSelectionResolver] (default task-2) Going through the flow 'x509-browser' for adding executions
18:37:54,476 DEBUG [org.keycloak.authentication.AuthenticationSelectionResolver] (default task-2) Going through the flow 'x509-browser forms' for adding executions
18:37:54,476 DEBUG [org.keycloak.authentication.AuthenticationSelectionResolver] (default task-2) Selections when trying execution 'auth-x509-client-username-form' : [ authSelection - auth-x509-client-username-form, authSelection - auth-username-password-form]
18:37:54,476 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-2) invoke authenticator.authenticate: auth-x509-client-username-form
18:37:54,476 DEBUG [org.keycloak.services] (default task-2) [X509ClientCertificateAuthenticator:authenticate] x509 client certificate is not available for mutual SSL.
18:37:54,476 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-2) authenticator ATTEMPTED: auth-x509-client-username-form
18:37:54,476 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-2) check execution: 'x509-browser forms flow', requirement: 'ALTERNATIVE'
18:37:54,476 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-2) processFlow: x509-browser forms
18:37:54,476 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-2) check execution: 'auth-username-password-form', requirement: 'REQUIRED'
18:37:54,476 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-2) authenticator: auth-username-password-form
Ingress is just an API and implemented by various providers, which support additional configuration in a product specific way.
In your example it is nginx.
Make sure that nginx is deployed with support for SNI based TLS passthrough, therefore keycloak will receive the original TLS connection and leverage client certificates.
For nginx the ingress configuration for that is an additional annotation:
annotations:
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
Relevant documentation: https://kubernetes.github.io/ingress-nginx/user-guide/tls/#ssl-passthrough

bitnami Keycloak docker is not starting- "Failed to delete PingData in database"

My docker compose has the following 2 services and keycloak used to startup just fine until today:
postgresql:
image: 'docker.io/bitnami/postgresql:11'
environment:
- ALLOW_EMPTY_PASSWORD=yes
- POSTGRESQL_USERNAME=bn_keycloak
- POSTGRESQL_DATABASE=bitnami_keycloak
- KEYCLOAK_ENABLE_STATISTICS=true
volumes:
- 'postgresql_data:/bitnami/postgresql'
keycloak-1:
image: docker.io/bitnami/keycloak:latest
ports:
- '80:8080'
- '8443:8443'
environment:
- KEYCLOAK_CREATE_ADMIN_USER=true
- KEYCLOAK_JGROUPS_DISCOVERY_PROTOCOL=JDBC_PING
- 'KEYCLOAK_JGROUPS_DISCOVERY_PROPERTIES=datasource_jndi_name=>java:jboss/datasources/KeycloakDS, initialize_sql=>"CREATE TABLE IF NOT EXISTS JGROUPSPING ( own_addr varchar(200) NOT NULL, cluster_name varchar(200) NOT NULL, created timestamp default current_timestamp, ping_data BYTEA, constraint PK_JGROUPSPING PRIMARY KEY (own_addr, cluster_name))"'
depends_on:
- postgresql
When I start the container, all of a sudden today, I get lots of ServerService Thread Pool errors:
WARNING: Native build is an experimental feature and could change at any time
base_postgresql_1 is up-to-date
Recreating base_keycloak-1_1 ... done
Attaching to base_keycloak-1_1
keycloak-1_1 | keycloak 22:33:45.49
keycloak-1_1 | keycloak 22:33:45.49 Welcome to the Bitnami keycloak container
keycloak-1_1 | keycloak 22:33:45.49 Subscribe to project updates by watching https://github.com/bitnami/bitnami-docker-keycloak
keycloak-1_1 | keycloak 22:33:45.49 Submit issues and feature requests at https://github.com/bitnami/bitnami-docker-keycloak/issues
keycloak-1_1 | keycloak 22:33:45.49
keycloak-1_1 | keycloak 22:33:45.49 INFO ==> ** Starting keycloak setup **
keycloak-1_1 | keycloak 22:33:45.50 INFO ==> Validating settings in KEYCLOAK_* env vars...
keycloak-1_1 | keycloak 22:33:45.50 INFO ==> Trying to connect to PostgreSQL server postgresql...
keycloak-1_1 | keycloak 22:33:45.51 INFO ==> Found PostgreSQL server listening at postgresql:5432
keycloak-1_1 | keycloak 22:33:45.51 INFO ==> Configuring database settings
keycloak-1_1 | keycloak 22:33:49.30 INFO ==> Configuring jgroups settings
keycloak-1_1 | keycloak 22:33:51.97 INFO ==> Configuring cache count
keycloak-1_1 | keycloak 22:33:54.57 INFO ==> Configuring authentication cache count
keycloak-1_1 | keycloak 22:33:57.83 INFO ==> Configuring log level
keycloak-1_1 | keycloak 22:34:00.41 INFO ==> Configuring proxy address forwarding
keycloak-1_1 | keycloak 22:34:03.36 INFO ==> Configuring node identifier
keycloak-1_1 |
keycloak-1_1 | keycloak 22:34:06.34 INFO ==> ** keycloak setup finished! **
keycloak-1_1 | keycloak 22:34:06.35 INFO ==> ** Starting keycloak **
keycloak-1_1 | =========================================================================
keycloak-1_1 |
keycloak-1_1 | JBoss Bootstrap Environment
keycloak-1_1 |
keycloak-1_1 | JBOSS_HOME: /opt/bitnami/keycloak
keycloak-1_1 |
keycloak-1_1 | JAVA: /opt/bitnami/java/bin/java
keycloak-1_1 |
keycloak-1_1 | JAVA_OPTS: -server -Xms64m -Xmx512m -XX:MetaspaceSize=96M -XX:MaxMetaspaceSize=256m -Djava.net.preferIPv4Stack=true -Djboss.modules.system.pkgs=org.jboss.byteman -Djava.awt.headless=true --add-exports=java.base/sun.nio.ch=ALL-UNNAMED --add-exports=jdk.unsupported/sun.misc=ALL-UNNAMED --add-exports=jdk.unsupported/sun.reflect=ALL-UNNAMED
keycloak-1_1 |
keycloak-1_1 | =========================================================================
keycloak-1_1 |
keycloak-1_1 | 22:34:07,041 INFO [org.jboss.modules] (main) JBoss Modules version 1.11.0.Final
keycloak-1_1 | 22:34:07,407 INFO [org.jboss.msc] (main) JBoss MSC version 1.4.12.Final
keycloak-1_1 | 22:34:07,415 INFO [org.jboss.threads] (main) JBoss Threads version 2.4.0.Final
keycloak-1_1 | 22:34:07,521 INFO [org.jboss.as] (MSC service thread 1-2) WFLYSRV0049: Keycloak 15.0.2 (WildFly Core 15.0.1.Final) starting
keycloak-1_1 | 22:34:08,114 INFO [org.wildfly.security] (ServerService Thread Pool -- 22) ELY00001: WildFly Elytron version 1.15.3.Final
keycloak-1_1 | 22:34:08,383 INFO [org.jboss.as.controller.management-deprecated] (ServerService Thread Pool -- 6) WFLYCTL0033: Extension 'security' is deprecated and may not be supported in future versions
keycloak-1_1 | 22:34:08,601 INFO [org.jboss.as.controller.management-deprecated] (Controller Boot Thread) WFLYCTL0028: Attribute 'security-realm' in the resource at address '/core-service=management/management-interface=http-interface' is deprecated, and may be removed in a future version. See the attribute description in the output of the read-resource-description operation to learn more about the deprecation.
keycloak-1_1 | 22:34:08,645 INFO [org.jboss.as.controller.management-deprecated] (ServerService Thread Pool -- 9) WFLYCTL0028: Attribute 'security-realm' in the resource at address '/subsystem=undertow/server=default-server/https-listener=https' is deprecated, and may be removed in a future version. See the attribute description in the output of the read-resource-description operation to learn more about the deprecation.
keycloak-1_1 | 22:34:08,715 INFO [org.jboss.as.repository] (ServerService Thread Pool -- 11) WFLYDR0001: Content added at location /opt/bitnami/keycloak/standalone/data/content/c5/ 5fa6c6a460550cd8d70e55c435ef6834bff971/content
keycloak-1_1 | 22:34:08,832 INFO [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0039: Creating http management service using socket-binding (management-http)
keycloak-1_1 | 22:34:08,857 INFO [org.xnio] (MSC service thread 1-7) XNIO version 3.8.4.Final
keycloak-1_1 | 22:34:08,866 INFO [org.xnio.nio] (MSC service thread 1-7) XNIO NIO Implementation Version 3.8.4.Final
keycloak-1_1 | 22:34:08,904 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 39) WFLYCLINF0001: Activating Infinispan subsystem.
keycloak-1_1 | 22:34:08,916 INFO [org.jboss.as.naming] (ServerService Thread Pool -- 50) WFLYNAM0001: Activating Naming Subsystem
keycloak-1_1 | 22:34:08,934 INFO [org.jboss.as.connector] (MSC service thread 1-4) WFLYJCA0009: Starting Jakarta Connectors Subsystem (WildFly/IronJacamar 1.4.27.Final)
keycloak-1_1 | 22:34:08,934 INFO [org.jboss.as.clustering.jgroups] (ServerService Thread Pool -- 43) WFLYCLJG0001: Activating JGroups subsystem. JGroups version 4.2.11
keycloak-1_1 | 22:34:08,939 INFO [org.wildfly.extension.health] (ServerService Thread Pool -- 38) WFLYHEALTH0001: Activating Base Health Subsystem
keycloak-1_1 | 22:34:08,941 INFO [org.jboss.as.jaxrs] (ServerService Thread Pool -- 41) WFLYRS0016: RESTEasy version 3.15.1.Final
keycloak-1_1 | 22:34:08,946 INFO [org.jboss.as.security] (ServerService Thread Pool -- 53) WFLYSEC0002: Activating Security Subsystem
keycloak-1_1 | 22:34:08,949 INFO [org.jboss.as.security] (MSC service thread 1-7) WFLYSEC0001: Current PicketBox version=5.0.3.Final-redhat-00007
keycloak-1_1 | 22:34:08,955 INFO [org.wildfly.extension.io] (ServerService Thread Pool -- 40) WFLYIO001: Worker 'default' has auto-configured to 24 IO threads with 192 max task threads based on your 12 available processors
keycloak-1_1 | 22:34:08,962 INFO [org.jboss.remoting] (MSC service thread 1-3) JBoss Remoting version 5.0.20.Final
keycloak-1_1 | 22:34:08,958 INFO [org.wildfly.extension.metrics] (ServerService Thread Pool -- 48) WFLYMETRICS0001: Activating Base Metrics Subsystem
keycloak-1_1 | 22:34:08,995 INFO [org.wildfly.extension.undertow] (MSC service thread 1-5) WFLYUT0003: Undertow 2.2.5.Final starting
keycloak-1_1 | 22:34:08,996 INFO [org.jboss.as.connector.subsystems.datasources] (ServerService Thread Pool -- 33) WFLYJCA0004: Deploying JDBC-compliant driver class org.h2.Driver (version 1.4)
keycloak-1_1 | 22:34:09,010 INFO [org.jboss.as.connector.deployers.jdbc] (MSC service thread 1-8) WFLYJCA0018: Started Driver service with driver-name = h2
keycloak-1_1 | 22:34:09,019 INFO [org.jboss.as.naming] (MSC service thread 1-5) WFLYNAM0003: Starting Naming Service
keycloak-1_1 | 22:34:09,032 WARN [org.wildfly.clustering.web.undertow] (ServerService Thread Pool -- 56) WFLYCLWEBUT0007: No routing provider found for default-server; using legacy provider based on static configuration
keycloak-1_1 | 22:34:09,041 INFO [org.jboss.as.mail.extension] (MSC service thread 1-1) WFLYMAIL0001: Bound mail session [java:jboss/mail/Default]
keycloak-1_1 | 22:34:09,078 INFO [org.jboss.as.connector.subsystems.datasources] (ServerService Thread Pool -- 33) WFLYJCA0005: Deploying non-JDBC-compliant driver class org.postgresql.Driver ( version 42.2)
keycloak-1_1 | 22:34:09,090 INFO [org.jboss.as.connector.deployers.jdbc] (MSC service thread 1-3) WFLYJCA0018: Started Driver service with driver-name = postgresql
keycloak-1_1 | 22:34:09,139 WARN [org.wildfly.extension.elytron] (MSC service thread 1-3) WFLYELY00023: KeyStore file '/opt/bitnami/keycloak/standalone/configuration/application.keystore' does not exist. Used blank.
keycloak-1_1 | 22:34:09,177 INFO [org.wildfly.extension.undertow] (ServerService Thread Pool -- 56) WFLYUT0014: Creating file handler for path '/opt/bitnami/keycloak/welcome-content' with options [ directory-listing: 'false', follow-symlink: 'false', case-sensitive: 'true', safe-symlink-paths: '[]']
keycloak-1_1 | 22:34:09,198 WARN [org.wildfly.extension.elytron] (MSC service thread 1-3) WFLYELY01084: KeyStore /opt/bitnami/keycloak/standalone/configuration/application.keystore not found, it will be auto generated on first use with a self-signed certificate for host localhost
keycloak-1_1 | WARNING: An illegal reflective access operation has occurred
keycloak-1_1 | WARNING: Illegal reflective access by org.wildfly.extension.elytron.SSLDefinitions (jar:file:/opt/bitnami/keycloak/modules/system/layers/base/org/wildfly/extension/elytron/main/ wildfly-elytron-integration-15.0.1.Final.jar!/) to method com.sun.net.ssl.internal.ssl.Provider.isFIPS()
keycloak-1_1 | WARNING: Please consider reporting this to the maintainers of org.wildfly.extension.elytron.SSLDefinitions
keycloak-1_1 | WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
keycloak-1_1 | WARNING: All illegal access operations will be denied in a future release
... until finally I see this:
keycloak-1_1 | 22:39:09,543 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0348: Timeout after [300] seconds waiting for service container stability. Operation will roll back. Step that first updated the service container was 'add' at address '[
keycloak-1_1 | ("core-service" => "management"),
keycloak-1_1 | ("management-interface" => "http-interface")
keycloak-1_1 | ]'
keycloak-1_1 | 22:39:09,566 INFO [org.jboss.as.server.deployment] (MSC service thread 1-5) WFLYSRV0028: Stopped deployment keycloak-server.war (runtime-name: keycloak-server.war) in 17ms
keycloak-1_1 | 22:39:09,567 INFO [org.keycloak.subsystem.server.extension.KeycloakProviderDeploymentProcessor] (MSC service thread 1-4) Undeploying Keycloak provider: keycloak-metrics-spi-2.4.0.jar
keycloak-1_1 | 22:39:09,574 INFO [org.jboss.as.server.deployment] (MSC service thread 1-6) WFLYSRV0028: Stopped deployment keycloak-metrics-spi-2.4.0.jar (runtime-name: keycloak-metrics-spi-2.4.0.jar) in 24ms
keycloak-1_1 | 22:39:09,575 INFO [org.wildfly.extension.undertow] (MSC service thread 1-8) WFLYUT0008: Undertow HTTPS listener https suspending
keycloak-1_1 | 22:39:09,581 INFO [org.wildfly.extension.undertow] (MSC service thread 1-8) WFLYUT0007: Undertow HTTPS listener https stopped, was bound to 0.0.0.0:8443
keycloak-1_1 | 22:39:10,736 WARN [org.jgroups.protocols.pbcast.GMS] (ServerService Thread Pool -- 58) 686f5f3e69c1: JOIN(686f5f3e69c1) sent to e4a802d5ef7c timed out (after 3000 ms), on try 7
keycloak-1_1 | 22:39:14,213 WARN [org.jgroups.protocols.pbcast.GMS] (ServerService Thread Pool -- 58) 686f5f3e69c1: JOIN(686f5f3e69c1) sent to 01fadbd6831b timed out (after 3000 ms), on try 7
[snip]
and a bunch more:
keycloak-1_1 | 22:39:14,587 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0190: Step handler org.jboss.as.controller.AbstractControllerService$ModelControllerServiceInitializationBootStepHandler$1#25e2ac57 for operation boottime-controller-initializer-step at address [] failed -- java.util.concurrent.TimeoutException: java.util.concurrent.TimeoutException
keycloak-1_1 | at org.jboss.as.controller#15.0.1.Final//org.jboss.as.controller.OperationContextImpl.waitForRemovals(OperationContextImpl.java:525)
keycloak-1_1 | at org.jboss.as.controller#15.0.1.Final//org.jboss.as.controller.AbstractOperationContext$Step.handleResult(AbstractOperationContext.java:1559)
keycloak-1_1 | at org.jboss.as.controller#15.0.1.Final//org.jboss.as.controller.AbstractOperationContext$Step.finalizeInternal(AbstractOperationContext.java:1513)
keycloak-1_1 | at org.jboss.as.controller#15.0.1.Final//org.jboss.as.controller.AbstractOperationContext$Step.finalizeStep(AbstractOperationContext.java:1496)
keycloak-1_1 | at org.jboss.as.controller#15.0.1.Final//org.jboss.as.controller.AbstractOperationContext$Step.access$400(AbstractOperationContext.java:1360)
keycloak-1_1 | at org.jboss.as.controller#15.0.1.Final//org.jboss.as.controller.AbstractOperationContext.executeResultHandlerPhase(AbstractOperationContext.java:912)
keycloak-1_1 | at org.jboss.as.controller#15.0.1.Final//org.jboss.as.controller.AbstractOperationContext.processStages(AbstractOperationContext.java:762)
keycloak-1_1 | at org.jboss.as.controller#15.0.1.Final//org.jboss.as.controller.AbstractOperationContext.executeOperation(AbstractOperationContext.java:468)
keycloak-1_1 | at org.jboss.as.controller#15.0.1.Final//org.jboss.as.controller.OperationContextImpl.executeOperation(OperationContextImpl.java:1415)
keycloak-1_1 | at org.jboss.as.controller#15.0.1.Final//org.jboss.as.controller.ModelControllerImpl.boot(ModelControllerImpl.java:529)
keycloak-1_1 | at org.jboss.as.controller#15.0.1.Final//org.jboss.as.controller.AbstractControllerService.boot(AbstractControllerService.java:515)
keycloak-1_1 | at org.jboss.as.controller#15.0.1.Final//org.jboss.as.controller.AbstractControllerService.boot(AbstractControllerService.java:477)
keycloak-1_1 | at org.jboss.as.server#15.0.1.Final//org.jboss.as.server.ServerService.boot(ServerService.java:459)
keycloak-1_1 | at org.jboss.as.server#15.0.1.Final//org.jboss.as.server.ServerService.boot(ServerService.java:412)
keycloak-1_1 | at org.jboss.as.controller#15.0.1.Final//org.jboss.as.controller.AbstractControllerService$1.run(AbstractControllerService.java:416)
keycloak-1_1 | at java.base/java.lang.Thread.run(Thread.java:829)
keycloak-1_1 |
keycloak-1_1 | 22:39:14,589 ERROR [org.jboss.as.controller.client] (Controller Boot Thread) WFLYCTL0190: Step handler org.jboss.as.controller.AbstractControllerService$ModelControllerServiceInitializationBootStepHandler$1#25e2ac57 for operation boottime-controller-initializer-step at address [] failed -- java.util.concurrent.TimeoutException
keycloak-1_1 | 22:39:14,590 ERROR [org.jboss.as.server] (ServerService Thread Pool -- 34) WFLYSRV0022: Deploy of deployment "keycloak-metrics-spi-2.4.0.jar" was rolled back with no failure message
keycloak-1_1 | 22:39:14,593 ERROR [org.jboss.as.server] (ServerService Thread Pool -- 46) WFLYSRV0022: Deploy of deployment "keycloak-server.war" was rolled back with no failure message
keycloak-1_1 | 22:39:14,594 INFO [org.jboss.as.mail.extension] (MSC service thread 1-5) WFLYMAIL0002: Unbound mail session [java:jboss/mail/Default]
keycloak-1_1 | 22:39:14,595 INFO [org.wildfly.extension.undertow] (MSC service thread 1-3) WFLYUT0008: Undertow HTTP listener default suspending
keycloak-1_1 | 22:39:14,596 INFO [org.wildfly.extension.undertow] (MSC service thread 1-3) WFLYUT0007: Undertow HTTP listener default stopped, was bound to 0.0.0.0:8080
keycloak-1_1 | 22:39:14,597 INFO [org.jboss.as.connector.subsystems.datasources] (MSC service thread 1-5) WFLYJCA0010: Unbound data source [java:jboss/datasources/KeycloakDS]
keycloak-1_1 | 22:39:14,597 INFO [org.jboss.as.connector.subsystems.datasources] (MSC service thread 1-8) WFLYJCA0010: Unbound data source [java:jboss/datasources/ExampleDS]
keycloak-1_1 | 22:39:14,599 INFO [org.wildfly.extension.undertow] (MSC service thread 1-8) WFLYUT0019: Host default-host stopping
keycloak-1_1 | 22:39:14,600 INFO [org.wildfly.extension.undertow] (MSC service thread 1-2) WFLYUT0008: Undertow AJP listener ajp suspending
keycloak-1_1 | 22:39:14,601 INFO [org.wildfly.extension.undertow] (MSC service thread 1-2) WFLYUT0007: Undertow AJP listener ajp stopped, was bound to 0.0.0.0:8009
keycloak-1_1 | 22:39:14,601 INFO [org.jboss.modcluster] (ServerService Thread Pool -- 37) MODCLUSTER000002: Initiating mod_cluster shutdown
keycloak-1_1 | 22:39:14,603 INFO [org.wildfly.extension.undertow] (MSC service thread 1-6) WFLYUT0004: Undertow 2.2.5.Final stopping
keycloak-1_1 | 22:39:14,603 INFO [org.jboss.as.connector.deployers.jdbc] (MSC service thread 1-5) WFLYJCA0019: Stopped Driver service with driver-name = h2
keycloak-1_1 | 22:39:17,594 WARN [org.jgroups.protocols.pbcast.GMS] (ServerService Thread Pool -- 58) 686f5f3e69c1: JOIN(686f5f3e69c1) sent to 910704d8ddf5 timed out (after 3000 ms), on try 7
keycloak-1_1 | 22:39:19,630 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0190: Step handler org.jboss.as.controller.ParallelBootOperationStepHandler$2#296cb863 for operation parallel-subsystem-boot at address [] failed -- java.util.concurrent.TimeoutException: java.util.concurrent.TimeoutException
keycloak-1_1 | at org.jboss.as.controller#15.0.1.Final//org.jboss.as.controller.OperationContextImpl.waitForRemovals(OperationContextImpl.java:525)
keycloak-1_1 | at org.jboss.as.controller#15.0.1.Final//org.jboss.as.controller.AbstractOperationContext$Step.handleResult(AbstractOperationContext.java:1559)
keycloak-1_1 | at org.jboss.as.controller#15.0.1.Final//org.jboss.as.controller.AbstractOperationContext$Step.finalizeInternal(AbstractOperationContext.java:1513)
keycloak-1_1 | at org.jboss.as.controller#15.0.1.Final//org.jboss.as.controller.AbstractOperationContext$Step.finalizeStep(AbstractOperationContext.java:1496)
keycloak-1_1 | at org.jboss.as.controller#15.0.1.Final//org.jboss.as.controller.AbstractOperationContext$Step.access$400(AbstractOperationContext.java:1360)
keycloak-1_1 | at org.jboss.as.controller#15.0.1.Final//org.jboss.as.controller.AbstractOperationContext.executeResultHandlerPhase(AbstractOperationContext.java:912)
keycloak-1_1 | at org.jboss.as.controller#15.0.1.Final//org.jboss.as.controller.AbstractOperationContext.processStages(AbstractOperationContext.java:762)
keycloak-1_1 | at org.jboss.as.controller#15.0.1.Final//org.jboss.as.controller.AbstractOperationContext.executeOperation(AbstractOperationContext.java:468)
keycloak-1_1 | at org.jboss.as.controller#15.0.1.Final//org.jboss.as.controller.OperationContextImpl.executeOperation(OperationContextImpl.java:1415)
keycloak-1_1 | at org.jboss.as.controller#15.0.1.Final//org.jboss.as.controller.ModelControllerImpl.boot(ModelControllerImpl.java:529)
keycloak-1_1 | at org.jboss.as.controller#15.0.1.Final//org.jboss.as.controller.AbstractControllerService.boot(AbstractControllerService.java:515)
keycloak-1_1 | at org.jboss.as.controller#15.0.1.Final//org.jboss.as.controller.AbstractControllerService.boot(AbstractControllerService.java:477)
keycloak-1_1 | at org.jboss.as.server#15.0.1.Final//org.jboss.as.server.ServerService.boot(ServerService.java:459)
keycloak-1_1 | at org.jboss.as.server#15.0.1.Final//org.jboss.as.server.ServerService.boot(ServerService.java:412)
keycloak-1_1 | at org.jboss.as.controller#15.0.1.Final//org.jboss.as.controller.AbstractControllerService$1.run(AbstractControllerService.java:416)
keycloak-1_1 | at java.base/java.lang.Thread.run(Thread.java:829)
keycloak-1_1 |
keycloak-1_1 | 22:39:19,630 ERROR [org.jboss.as.controller.client] (Controller Boot Thread) WFLYCTL0190: Step handler org.jboss.as.controller.ParallelBootOperationStepHandler$2#296cb863 for operation parallel-subsystem-boot at address [] failed -- java.util.concurrent.TimeoutException
keycloak-1_1 | 22:39:20,953 WARN [org.jgroups.protocols.pbcast.GMS] (ServerService Thread Pool -- 58) 686f5f3e69c1: JOIN(686f5f3e69c1) sent to 910704d8ddf5 timed out (after 3000 ms), on try 7
keycloak-1_1 | 22:39:24,308 WARN [org.jgroups.protocols.pbcast.GMS] (ServerService Thread Pool -- 58) 686f5f3e69c1: JOIN(686f5f3e69c1) sent to 910704d8ddf5 timed out (after 3000 ms), on try 7
keycloak-1_1 | 22:39:24,632 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0190: Step handler org.jboss.as.controller.AbstractAddStepHandler$1#7b2fdf4f for operation add at address [
keycloak-1_1 | ("socket-binding-group" => "standard-sockets"),
keycloak-1_1 | ("remote-destination-outbound-socket-binding" => "mail-smtp")
keycloak-1_1 | ] failed -- java.util.concurrent.TimeoutException: java.util.concurrent.TimeoutException
keycloak-1_1 | at org.jboss.as.controller#15.0.1.Final//org.jboss.as.controller.OperationContextImpl.waitForRemovals(OperationContextImpl.java:525)
keycloak-1_1 | at org.jboss.as.controller#15.0.1.Final//org.jboss.as.controller.AbstractOperationContext$Step.handleResult(AbstractOperationContext.java:1559)
keycloak-1_1 | at org.jboss.as.controller#15.0.1.Final//org.jboss.as.controller.AbstractOperationContext$Step.finalizeInternal(AbstractOperationContext.java:1513)
keycloak-1_1 | at org.jboss.as.controller#15.0.1.Final//org.jboss.as.controller.AbstractOperationContext$Step.finalizeStep(AbstractOperationContext.java:1496)
keycloak-1_1 | at org.jboss.as.controller#15.0.1.Final//org.jboss.as.controller.AbstractOperationContext$Step.access$400(AbstractOperationContext.java:1360)
keycloak-1_1 | at org.jboss.as.controller#15.0.1.Final//org.jboss.as.controller.AbstractOperationContext.executeResultHandlerPhase(AbstractOperationContext.java:912)
keycloak-1_1 | at org.jboss.as.controller#15.0.1.Final//org.jboss.as.controller.AbstractOperationContext.processStages(AbstractOperationContext.java:762)
keycloak-1_1 | at org.jboss.as.controller#15.0.1.Final//org.jboss.as.controller.AbstractOperationContext.executeOperation(AbstractOperationContext.java:468)
keycloak-1_1 | at org.jboss.as.controller#15.0.1.Final//org.jboss.as.controller.OperationContextImpl.executeOperation(OperationContextImpl.java:1415)
keycloak-1_1 | at org.jboss.as.controller#15.0.1.Final//org.jboss.as.controller.ModelControllerImpl.boot(ModelControllerImpl.java:529)
keycloak-1_1 | at org.jboss.as.controller#15.0.1.Final//org.jboss.as.controller.AbstractControllerService.boot(AbstractControllerService.java:515)
keycloak-1_1 | at org.jboss.as.controller#15.0.1.Final//org.jboss.as.controller.AbstractControllerService.boot(AbstractControllerService.java:477)
keycloak-1_1 | at org.jboss.as.server#15.0.1.Final//org.jboss.as.server.ServerService.boot(ServerService.java:459)
keycloak-1_1 | at org.jboss.as.server#15.0.1.Final//org.jboss.as.server.ServerService.boot(ServerService.java:412)
keycloak-1_1 | at org.jboss.as.controller#15.0.1.Final//org.jboss.as.controller.AbstractControllerService$1.run(AbstractControllerService.java:416)
keycloak-1_1 | at java.base/java.lang.Thread.run(Thread.java:829)
keycloak-1_1 |
keycloak-1_1 | 22:39:24,633 ERROR [org.jboss.as.controller.client] (Controller Boot Thread) WFLYCTL0190: Step handler org.jboss.as.controller.AbstractAddStepHandler$1#7b2fdf4f for operation add at address [
keycloak-1_1 | ("socket-binding-group" => "standard-sockets"),
keycloak-1_1 | ("remote-destination-outbound-socket-binding" => "mail-smtp")
keycloak-1_1 | ] failed -- java.util.concurrent.TimeoutException
keycloak-1_1 | 22:39:29,634 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0190: Step handler org.jboss.as.controller.AbstractAddStepHandler$1#4f909ceb for operation add at address [
keycloak-1_1 | ("socket-binding-group" => "standard-sockets"),
keycloak-1_1 | ("socket-binding" => "txn-status-manager")
keycloak-1_1 | ] failed -- java.util.concurrent.TimeoutException: java.util.concurrent.TimeoutException
keycloak-1_1 | at org.jboss.as.controller#15.0.1.Final//org.jboss.as.controller.OperationContextImpl.waitForRemovals(OperationContextImpl.java:525)
keycloak-1_1 | at org.jboss.as.controller#15.0.1.Final//org.jboss.as.controller.AbstractOperationContext$Step.handleResult(AbstractOperationContext.java:1559)
keycloak-1_1 | at org.jboss.as.controller#15.0.1.Final//org.jboss.as.controller.AbstractOperationContext$Step.finalizeInternal(AbstractOperationContext.java:1513)
keycloak-1_1 | at org.jboss.as.controller#15.0.1.Final//org.jboss.as.controller.AbstractOperationContext$Step.finalizeStep(AbstractOperationContext.java:1496)
keycloak-1_1 | at org.jboss.as.controller#15.0.1.Final//org.jboss.as.controller.AbstractOperationContext$Step.access$400(AbstractOperationContext.java:1360)
keycloak-1_1 | at org.jboss.as.controller#15.0.1.Final//org.jboss.as.controller.AbstractOperationContext.executeResultHandlerPhase(AbstractOperationContext.java:912)
keycloak-1_1 | at org.jboss.as.controller#15.0.1.Final//org.jboss.as.controller.AbstractOperationContext.processStages(AbstractOperationContext.java:762)
keycloak-1_1 | at org.jboss.as.controller#15.0.1.Final//org.jboss.as.controller.AbstractOperationContext.executeOperation(AbstractOperationContext.java:468)
keycloak-1_1 | at org.jboss.as.controller#15.0.1.Final//org.jboss.as.controller.OperationContextImpl.executeOperation(OperationContextImpl.java:1415)
keycloak-1_1 | at org.jboss.as.controller#15.0.1.Final//org.jboss.as.controller.ModelControllerImpl.boot(ModelControllerImpl.java:529)
Until it gives up:
keycloak-1_1 | 22:40:43,851 ERROR [org.jgroups.protocols.JDBC_PING] (Thread-77) JGRP000215: Failed to delete PingData in database
keycloak-1_1 | 22:40:43,859 INFO [org.jboss.as] (MSC service thread 1-4) WFLYSRV0050: Keycloak 15.0.2 (WildFly Core 15.0.1.Final) stopped in 6ms
keycloak-1_1 | base_keycloak-1_1 exited with code 1
Any idea what I can do to fix this? I can't find the volume locally- I'd like to delete that to let it start over. This is only for localhost debugging.
I have similar issues on my local machine,
what I do then is:
docker-compose down and docker-compose up
if this does not help then I delete volume, be aware that volume will be named differently that in yaml file, it contains prefix ie:
kc-tests_postgresql_data
You can check this by using docker volume ls
After deleting volume all works fine.
Not best solution but well at least for develop when its destroyed it helps.

JBoss EAP 7.1 RH-SSO 7.2 Rest Service Keycloak Bearer Only AuthenticatedActionsValve.invoke Policy enforcement is disabled 403 Forbidden

My configuration is:
JBoss EAP 7.1.4
RH-SSO 7.2.4
JDK 1.8.0u172
We have built a Rest/JSON web service based on the jboss-eap-quickstarts-7.1\contacts-jquerymobile example, without any of the JavaScript GUI components, which works fine.
We then attempted to secure this Rest/JSON web service using the redhat-sso-quickstarts-7.2.x\service-jee-jaxrs example for guidance, after getting the service-jee-jaxrs example running locally.
The Rest/JSON web service is secured using keycloak, and access is bearer only.
Here is the web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.1" blah blah blah >
<module-name>OurRestService</module-name>
<security-constraint>
<web-resource-collection>
<web-resource-name>All</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>mobilerole</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>KEYCLOAK</auth-method>
</login-config>
<security-role>
<role-name>mobilerole</role-name>
</security-role>
</web-app>
Here is the keycloak.json
{
"realm": "mobilerealm",
"bearer-only": true,
"auth-server-url": "blah blah localhost:8180/auth",
"ssl-required": "external",
"resource": "OurRestService",
"confidential-port": 0
}
Below is the JBoss server log output from an attempted GET using PostMan. As you can see the bearer only token is successfully authenticated by SSO, but the web service never fires, and PostMan gets a 403 Forbidden.
Please note the last 2 lines of the server log:
2018-08-30 13:13:19,851 DEBUG [org.keycloak.adapters.AuthenticatedActionsHandler] (default task-4) AuthenticatedActionsValve.invoke http://localhost:8080/OurRestService/rest/contacts/
2018-08-30 13:13:19,851 DEBUG [org.keycloak.adapters.AuthenticatedActionsHandler] (default task-4) Policy enforcement is disabled.
What am I missing?
2018-08-30 13:13:19,737 DEBUG [io.undertow.request] (default I/O-5) Matched prefix path /OurRestService for path /OurRestService/rest/contacts/
2018-08-30 13:13:19,738 DEBUG [org.keycloak.adapters.PreAuthActionsHandler] (default task-4) adminRequest ourUrlToGetPastStackOverflow10URLlimit/contacts/
2018-08-30 13:13:19,738 DEBUG [io.undertow.request.security] (default task-4) Security constraints for request /OurRestService/rest/contacts/ are [SingleConstraintMatch{emptyRoleSemantic=PERMIT, requiredRoles=[therole]}]
2018-08-30 13:13:19,738 DEBUG [io.undertow.request.security] (default task-4) Authenticating required for request HttpServerExchange{ GET /OurRestService/rest/contacts/ request {Postman-Token=[ba346ce6-995e-4c1c-859f-9d92c449b8c9], Accept=[*/*], cache-control=[no-cache], accept-encoding=[gzip, deflate], User-Agent=[PostmanRuntime/7.2.0], Connection=[keep-alive], Authorization=[Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJxSzJKWjUyVjFmU0pKRG82M0hmZHlJbjYyWERlX2hhSWhFMGV5ZXZkQlowIn0.eyJqdGkiOiI5YWM3MWUxMC1kMTYxLTRiYjYtYmE0OC1iMTRlZmJiZjRkZDEiLCJleHAiOjE1MzU2NDk0OTMsIm5iZiI6MCwiaWF0IjoxNTM1NjQ5MTkzLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgxODAvYXV0aC9yZWFsbXMvbW9iaWxlcmVhbG0iLCJhdWQiOiJhZG1pbi1jbGkiLCJzdWIiOiIyMThlYTcwNC0zYTdhLTQ3NjYtYTI1MS02OWQ5YWE4ZTc1ZmYiLCJ0eXAiOiJCZWFyZXIiLCJhenAiOiJhZG1pbi1jbGkiLCJhdXRoX3RpbWUiOjAsInNlc3Npb25fc3RhdGUiOiJjNjk4MzMxMi1mZTM1LTQwODQtYWQxMC1kZTQwOGY3NzQ1YzgiLCJhY3IiOiIxIiwiYWxsb3dlZC1vcmlnaW5zIjpbXSwicmVzb3VyY2VfYWNjZXNzIjp7fSwibmFtZSI6Ik1vYmlsZSBVc2VyIiwicHJlZmVycmVkX3VzZXJuYW1lIjoibW9iaWxldXNlciIsImdpdmVuX25hbWUiOiJNb2JpbGUiLCJmYW1pbHlfbmFtZSI6IlVzZXIiLCJlbWFpbCI6InNoYXduLmZpcnRoQGdtYWlsLmNvbSJ9.HFCYIdW7Xyd0eKjXOouujVCUH5zjnxNDbOBLQOnjfOzEj4Ff4pHd6q6Ukl3unmWpvM9tU2FtzoPtsxQ-BqIu1ITBuq5_U-fk0OebTCOWtF566vW6BjJb3czRO8f3pB1hd5O7-xCT2KXSv-oEIi0s0ZweiLH0A1PeYy7wur_eCuhONgiu7wI6uR-gimcZVe7o3yhKsDnukrdR-N8xrp1T9PugQe5MZq20ER2Hvc-TW_npnTxRyCHa4tg59_p7-JBGA-BT03mFvOdd4vALeW8xkK3vtaVQevMSa8u3WZrpNGsAvoKpT6QTzm6W0TxAb3t_ptOjusxoLqqRacmP-C9OUg], Content-Type=[application/json], cookie=[JSESSIONID=E7uZRSGcR1FaiNDFCYmJcF7YnJaQof0yP3LxstT5.sfirth], Host=[localhost:8080]} response {X-Powered-By=[Undertow/1], Server=[JBoss-EAP/7]}}
2018-08-30 13:13:19,738 DEBUG [io.undertow.request.security] (default task-4) Setting authentication required for exchange HttpServerExchange{ GET /OurRestService/rest/contacts/ request {Postman-Token=[ba346ce6-995e-4c1c-859f-9d92c449b8c9], Accept=[*/*], cache-control=[no-cache], accept-encoding=[gzip, deflate], User-Agent=[PostmanRuntime/7.2.0], Connection=[keep-alive], Authorization=[Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJxSzJKWjUyVjFmU0pKRG82M0hmZHlJbjYyWERlX2hhSWhFMGV5ZXZkQlowIn0.eyJqdGkiOiI5YWM3MWUxMC1kMTYxLTRiYjYtYmE0OC1iMTRlZmJiZjRkZDEiLCJleHAiOjE1MzU2NDk0OTMsIm5iZiI6MCwiaWF0IjoxNTM1NjQ5MTkzLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgxODAvYXV0aC9yZWFsbXMvbW9iaWxlcmVhbG0iLCJhdWQiOiJhZG1pbi1jbGkiLCJzdWIiOiIyMThlYTcwNC0zYTdhLTQ3NjYtYTI1MS02OWQ5YWE4ZTc1ZmYiLCJ0eXAiOiJCZWFyZXIiLCJhenAiOiJhZG1pbi1jbGkiLCJhdXRoX3RpbWUiOjAsInNlc3Npb25fc3RhdGUiOiJjNjk4MzMxMi1mZTM1LTQwODQtYWQxMC1kZTQwOGY3NzQ1YzgiLCJhY3IiOiIxIiwiYWxsb3dlZC1vcmlnaW5zIjpbXSwicmVzb3VyY2VfYWNjZXNzIjp7fSwibmFtZSI6Ik1vYmlsZSBVc2VyIiwicHJlZmVycmVkX3VzZXJuYW1lIjoibW9iaWxldXNlciIsImdpdmVuX25hbWUiOiJNb2JpbGUiLCJmYW1pbHlfbmFtZSI6IlVzZXIiLCJlbWFpbCI6InNoYXduLmZpcnRoQGdtYWlsLmNvbSJ9.HFCYIdW7Xyd0eKjXOouujVCUH5zjnxNDbOBLQOnjfOzEj4Ff4pHd6q6Ukl3unmWpvM9tU2FtzoPtsxQ-BqIu1ITBuq5_U-fk0OebTCOWtF566vW6BjJb3czRO8f3pB1hd5O7-xCT2KXSv-oEIi0s0ZweiLH0A1PeYy7wur_eCuhONgiu7wI6uR-gimcZVe7o3yhKsDnukrdR-N8xrp1T9PugQe5MZq20ER2Hvc-TW_npnTxRyCHa4tg59_p7-JBGA-BT03mFvOdd4vALeW8xkK3vtaVQevMSa8u3WZrpNGsAvoKpT6QTzm6W0TxAb3t_ptOjusxoLqqRacmP-C9OUg], Content-Type=[application/json], cookie=[JSESSIONID=E7uZRSGcR1FaiNDFCYmJcF7YnJaQof0yP3LxstT5.sfirth], Host=[localhost:8080]} response {X-Powered-By=[Undertow/1], Server=[JBoss-EAP/7]}}
2018-08-30 13:13:19,738 DEBUG [io.undertow.request.security] (default task-4) Attempting to authenticate HttpServerExchange{ GET /OurRestService/rest/contacts/ request {Postman-Token=[ba346ce6-995e-4c1c-859f-9d92c449b8c9], Accept=[*/*], cache-control=[no-cache], accept-encoding=[gzip, deflate], User-Agent=[PostmanRuntime/7.2.0], Connection=[keep-alive], Authorization=[Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJxSzJKWjUyVjFmU0pKRG82M0hmZHlJbjYyWERlX2hhSWhFMGV5ZXZkQlowIn0.eyJqdGkiOiI5YWM3MWUxMC1kMTYxLTRiYjYtYmE0OC1iMTRlZmJiZjRkZDEiLCJleHAiOjE1MzU2NDk0OTMsIm5iZiI6MCwiaWF0IjoxNTM1NjQ5MTkzLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgxODAvYXV0aC9yZWFsbXMvbW9iaWxlcmVhbG0iLCJhdWQiOiJhZG1pbi1jbGkiLCJzdWIiOiIyMThlYTcwNC0zYTdhLTQ3NjYtYTI1MS02OWQ5YWE4ZTc1ZmYiLCJ0eXAiOiJCZWFyZXIiLCJhenAiOiJhZG1pbi1jbGkiLCJhdXRoX3RpbWUiOjAsInNlc3Npb25fc3RhdGUiOiJjNjk4MzMxMi1mZTM1LTQwODQtYWQxMC1kZTQwOGY3NzQ1YzgiLCJhY3IiOiIxIiwiYWxsb3dlZC1vcmlnaW5zIjpbXSwicmVzb3VyY2VfYWNjZXNzIjp7fSwibmFtZSI6Ik1vYmlsZSBVc2VyIiwicHJlZmVycmVkX3VzZXJuYW1lIjoibW9iaWxldXNlciIsImdpdmVuX25hbWUiOiJNb2JpbGUiLCJmYW1pbHlfbmFtZSI6IlVzZXIiLCJlbWFpbCI6InNoYXduLmZpcnRoQGdtYWlsLmNvbSJ9.HFCYIdW7Xyd0eKjXOouujVCUH5zjnxNDbOBLQOnjfOzEj4Ff4pHd6q6Ukl3unmWpvM9tU2FtzoPtsxQ-BqIu1ITBuq5_U-fk0OebTCOWtF566vW6BjJb3czRO8f3pB1hd5O7-xCT2KXSv-oEIi0s0ZweiLH0A1PeYy7wur_eCuhONgiu7wI6uR-gimcZVe7o3yhKsDnukrdR-N8xrp1T9PugQe5MZq20ER2Hvc-TW_npnTxRyCHa4tg59_p7-JBGA-BT03mFvOdd4vALeW8xkK3vtaVQevMSa8u3WZrpNGsAvoKpT6QTzm6W0TxAb3t_ptOjusxoLqqRacmP-C9OUg], Content-Type=[application/json], cookie=[JSESSIONID=E7uZRSGcR1FaiNDFCYmJcF7YnJaQof0yP3LxstT5.sfirth], Host=[localhost:8080]} response {Expires=[0], Cache-Control=[no-cache, no-store, must-revalidate], X-Powered-By=[Undertow/1], Server=[JBoss-EAP/7], Pragma=[no-cache]}}, authentication required: true
2018-08-30 13:13:19,738 DEBUG [io.undertow.request.security] (default task-4) Authentication outcome was NOT_ATTEMPTED with method io.undertow.security.impl.CachedAuthenticatedSessionMechanism#6715ee5d for HttpServerExchange{ GET /OurRestService/rest/contacts/ request {Postman-Token=[ba346ce6-995e-4c1c-859f-9d92c449b8c9], Accept=[*/*], cache-control=[no-cache], accept-encoding=[gzip, deflate], User-Agent=[PostmanRuntime/7.2.0], Connection=[keep-alive], Authorization=[Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJxSzJKWjUyVjFmU0pKRG82M0hmZHlJbjYyWERlX2hhSWhFMGV5ZXZkQlowIn0.eyJqdGkiOiI5YWM3MWUxMC1kMTYxLTRiYjYtYmE0OC1iMTRlZmJiZjRkZDEiLCJleHAiOjE1MzU2NDk0OTMsIm5iZiI6MCwiaWF0IjoxNTM1NjQ5MTkzLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgxODAvYXV0aC9yZWFsbXMvbW9iaWxlcmVhbG0iLCJhdWQiOiJhZG1pbi1jbGkiLCJzdWIiOiIyMThlYTcwNC0zYTdhLTQ3NjYtYTI1MS02OWQ5YWE4ZTc1ZmYiLCJ0eXAiOiJCZWFyZXIiLCJhenAiOiJhZG1pbi1jbGkiLCJhdXRoX3RpbWUiOjAsInNlc3Npb25fc3RhdGUiOiJjNjk4MzMxMi1mZTM1LTQwODQtYWQxMC1kZTQwOGY3NzQ1YzgiLCJhY3IiOiIxIiwiYWxsb3dlZC1vcmlnaW5zIjpbXSwicmVzb3VyY2VfYWNjZXNzIjp7fSwibmFtZSI6Ik1vYmlsZSBVc2VyIiwicHJlZmVycmVkX3VzZXJuYW1lIjoibW9iaWxldXNlciIsImdpdmVuX25hbWUiOiJNb2JpbGUiLCJmYW1pbHlfbmFtZSI6IlVzZXIiLCJlbWFpbCI6InNoYXduLmZpcnRoQGdtYWlsLmNvbSJ9.HFCYIdW7Xyd0eKjXOouujVCUH5zjnxNDbOBLQOnjfOzEj4Ff4pHd6q6Ukl3unmWpvM9tU2FtzoPtsxQ-BqIu1ITBuq5_U-fk0OebTCOWtF566vW6BjJb3czRO8f3pB1hd5O7-xCT2KXSv-oEIi0s0ZweiLH0A1PeYy7wur_eCuhONgiu7wI6uR-gimcZVe7o3yhKsDnukrdR-N8xrp1T9PugQe5MZq20ER2Hvc-TW_npnTxRyCHa4tg59_p7-JBGA-BT03mFvOdd4vALeW8xkK3vtaVQevMSa8u3WZrpNGsAvoKpT6QTzm6W0TxAb3t_ptOjusxoLqqRacmP-C9OUg], Content-Type=[application/json], cookie=[JSESSIONID=E7uZRSGcR1FaiNDFCYmJcF7YnJaQof0yP3LxstT5.sfirth], Host=[localhost:8080]} response {Expires=[0], Cache-Control=[no-cache, no-store, must-revalidate], X-Powered-By=[Undertow/1], Server=[JBoss-EAP/7], Pragma=[no-cache]}}
2018-08-30 13:13:19,739 DEBUG [org.keycloak.adapters.BearerTokenRequestAuthenticator] (default task-4) Verifying access_token
2018-08-30 13:13:19,801 DEBUG [org.apache.http.impl.conn.tsccm.ThreadSafeClientConnManager] (default task-4) Get connection: {}->localhost:8180, timeout = 0
2018-08-30 13:13:19,802 DEBUG [org.apache.http.impl.conn.tsccm.ConnPoolByRoute] (default task-4) [{}->localhost:8180] total kept alive: 0, total issued: 0, total allocated: 0 out of 20
2018-08-30 13:13:19,802 DEBUG [org.apache.http.impl.conn.tsccm.ConnPoolByRoute] (default task-4) No free connections [{}->localhost:8180][null]
2018-08-30 13:13:19,802 DEBUG [org.apache.http.impl.conn.tsccm.ConnPoolByRoute] (default task-4) Available capacity: 20 out of 20 [{}->localhost:8180][null]
2018-08-30 13:13:19,802 DEBUG [org.apache.http.impl.conn.tsccm.ConnPoolByRoute] (default task-4) Creating new connection [{}->localhost:8180]
2018-08-30 13:13:19,809 DEBUG [org.apache.http.impl.conn.DefaultClientConnectionOperator] (default task-4) Connecting to localhost:8180
2018-08-30 13:13:19,820 DEBUG [org.apache.http.client.protocol.RequestAddCookies] (default task-4) CookieSpec selected: compatibility
2018-08-30 13:13:19,820 DEBUG [org.apache.http.client.protocol.RequestAuthCache] (default task-4) Auth cache not set in the context
2018-08-30 13:13:19,821 DEBUG [org.apache.http.client.protocol.RequestTargetAuthentication] (default task-4) Target auth state: UNCHALLENGED
2018-08-30 13:13:19,821 DEBUG [org.apache.http.client.protocol.RequestProxyAuthentication] (default task-4) Proxy auth state: UNCHALLENGED
2018-08-30 13:13:19,821 DEBUG [org.apache.http.impl.client.DefaultHttpClient] (default task-4) Attempt 1 to execute request
2018-08-30 13:13:19,821 DEBUG [org.apache.http.impl.conn.DefaultClientConnection] (default task-4) Sending request: GET /auth/realms/mobilerealm/protocol/openid-connect/certs HTTP/1.1
2018-08-30 13:13:19,821 DEBUG [org.apache.http.wire] (default task-4) >> "GET /auth/realms/mobilerealm/protocol/openid-connect/certs HTTP/1.1[\r][\n]"
2018-08-30 13:13:19,822 DEBUG [org.apache.http.wire] (default task-4) >> "Host: localhost:8180[\r][\n]"
2018-08-30 13:13:19,822 DEBUG [org.apache.http.wire] (default task-4) >> "Connection: Keep-Alive[\r][\n]"
2018-08-30 13:13:19,822 DEBUG [org.apache.http.wire] (default task-4) >> "[\r][\n]"
2018-08-30 13:13:19,822 DEBUG [org.apache.http.headers] (default task-4) >> GET /auth/realms/mobilerealm/protocol/openid-connect/certs HTTP/1.1
2018-08-30 13:13:19,822 DEBUG [org.apache.http.headers] (default task-4) >> Host: localhost:8180
2018-08-30 13:13:19,822 DEBUG [org.apache.http.headers] (default task-4) >> Connection: Keep-Alive
2018-08-30 13:13:19,825 DEBUG [org.apache.http.wire] (default task-4) << "HTTP/1.1 200 OK[\r][\n]"
2018-08-30 13:13:19,826 DEBUG [org.apache.http.wire] (default task-4) << "Connection: keep-alive[\r][\n]"
2018-08-30 13:13:19,826 DEBUG [org.apache.http.wire] (default task-4) << "Cache-Control: no-cache[\r][\n]"
2018-08-30 13:13:19,826 DEBUG [org.apache.http.wire] (default task-4) << "Content-Type: application/json[\r][\n]"
2018-08-30 13:13:19,826 DEBUG [org.apache.http.wire] (default task-4) << "Content-Length: 462[\r][\n]"
2018-08-30 13:13:19,826 DEBUG [org.apache.http.wire] (default task-4) << "Date: Thu, 30 Aug 2018 17:13:19 GMT[\r][\n]"
2018-08-30 13:13:19,826 DEBUG [org.apache.http.wire] (default task-4) << "[\r][\n]"
2018-08-30 13:13:19,826 DEBUG [org.apache.http.impl.conn.DefaultClientConnection] (default task-4) Receiving response: HTTP/1.1 200 OK
2018-08-30 13:13:19,826 DEBUG [org.apache.http.headers] (default task-4) << HTTP/1.1 200 OK
2018-08-30 13:13:19,826 DEBUG [org.apache.http.headers] (default task-4) << Connection: keep-alive
2018-08-30 13:13:19,826 DEBUG [org.apache.http.headers] (default task-4) << Cache-Control: no-cache
2018-08-30 13:13:19,826 DEBUG [org.apache.http.headers] (default task-4) << Content-Type: application/json
2018-08-30 13:13:19,826 DEBUG [org.apache.http.headers] (default task-4) << Content-Length: 462
2018-08-30 13:13:19,826 DEBUG [org.apache.http.headers] (default task-4) << Date: Thu, 30 Aug 2018 17:13:19 GMT
2018-08-30 13:13:19,829 DEBUG [org.apache.http.impl.client.DefaultHttpClient] (default task-4) Connection can be kept alive indefinitely
2018-08-30 13:13:19,833 DEBUG [org.apache.http.wire] (default task-4) << "{"keys":[{"kid":"qK2JZ52V1fSJJDo63HfdyIn62XDe_haIhE0eyevdBZ0","kty":"RSA","alg":"RS256","use":"sig","n":"5dKNlsMOu2W6WB0X1G27PcqUoBLPzPUDtfQmA7uf0BaPSkYu7CnbUPdShrs09RGQM6tWWL_6_qiacFi9jBgyEAhT9MhQ-rgkPe0YpdyQtVqznZH5CHkaAq9fTxwmEUXUZvRWuP4cAF7Pi5RfVgOIRflI-AgGyiH-ygdinRQx10nr-m7Us2seCM8QB5zjsKz3YLNdnk_bmvc6axhPpZAAlUCaAMM-j0Edc9CR7NDw09aUIKGED8wWdmxxdteqfPVjKiIlFjg1-QiroEH2PnNOqFTn2UKX6imOJmEc9XlJCsthlEHz-1Pqz23imiLkk-n2S3CJVyvnnI-OvUYaaOF6_w","e":"AQAB"}]}"
2018-08-30 13:13:19,836 DEBUG [org.apache.http.impl.conn.tsccm.ThreadSafeClientConnManager] (default task-4) Released connection is reusable.
2018-08-30 13:13:19,836 DEBUG [org.apache.http.impl.conn.tsccm.ConnPoolByRoute] (default task-4) Releasing connection [{}->localhost:8180][null]
2018-08-30 13:13:19,836 DEBUG [org.apache.http.impl.conn.tsccm.ConnPoolByRoute] (default task-4) Pooling connection [{}->localhost:8180][null]; keep alive indefinitely
2018-08-30 13:13:19,836 DEBUG [org.apache.http.impl.conn.tsccm.ConnPoolByRoute] (default task-4) Notifying no-one, there are no waiting threads
2018-08-30 13:13:19,838 DEBUG [org.keycloak.adapters.rotation.JWKPublicKeyLocator] (default task-4) Realm public keys successfully retrieved for client OurRestService. New kids: [qK2JZ52V1fSJJDo63HfdyIn62XDe_haIhE0eyevdBZ0]
2018-08-30 13:13:19,839 DEBUG [org.keycloak.adapters.BearerTokenRequestAuthenticator] (default task-4) successful authorized
2018-08-30 13:13:19,841 DEBUG [io.undertow.request.security] (default task-4) Authenticated as 218ea704-3a7a-4766-a251-69d9aa8e75ff, roles []
2018-08-30 13:13:19,849 DEBUG [org.keycloak.adapters.wildfly.WildflyRequestAuthenticator] (default task-4) propagate security context to wildfly
2018-08-30 13:13:19,849 DEBUG [org.keycloak.adapters.RequestAuthenticator] (default task-4) User '218ea704-3a7a-4766-a251-69d9aa8e75ff' invoking 'ourUrlToGetPastStackOverflow10URLlimit/contacts/' on client 'OurRestService'
2018-08-30 13:13:19,849 DEBUG [org.keycloak.adapters.RequestAuthenticator] (default task-4) Bearer AUTHENTICATED
2018-08-30 13:13:19,850 DEBUG [io.undertow.request.security] (default task-4) Authentication outcome was AUTHENTICATED with method org.keycloak.adapters.wildfly.WildflyAuthenticationMechanism#2d35f3f1 for HttpServerExchange{ GET /OurRestService/rest/contacts/ request {Postman-Token=[ba346ce6-995e-4c1c-859f-9d92c449b8c9], Accept=[*/*], cache-control=[no-cache], accept-encoding=[gzip, deflate], User-Agent=[PostmanRuntime/7.2.0], Connection=[keep-alive], Authorization=[Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJxSzJKWjUyVjFmU0pKRG82M0hmZHlJbjYyWERlX2hhSWhFMGV5ZXZkQlowIn0.eyJqdGkiOiI5YWM3MWUxMC1kMTYxLTRiYjYtYmE0OC1iMTRlZmJiZjRkZDEiLCJleHAiOjE1MzU2NDk0OTMsIm5iZiI6MCwiaWF0IjoxNTM1NjQ5MTkzLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgxODAvYXV0aC9yZWFsbXMvbW9iaWxlcmVhbG0iLCJhdWQiOiJhZG1pbi1jbGkiLCJzdWIiOiIyMThlYTcwNC0zYTdhLTQ3NjYtYTI1MS02OWQ5YWE4ZTc1ZmYiLCJ0eXAiOiJCZWFyZXIiLCJhenAiOiJhZG1pbi1jbGkiLCJhdXRoX3RpbWUiOjAsInNlc3Npb25fc3RhdGUiOiJjNjk4MzMxMi1mZTM1LTQwODQtYWQxMC1kZTQwOGY3NzQ1YzgiLCJhY3IiOiIxIiwiYWxsb3dlZC1vcmlnaW5zIjpbXSwicmVzb3VyY2VfYWNjZXNzIjp7fSwibmFtZSI6Ik1vYmlsZSBVc2VyIiwicHJlZmVycmVkX3VzZXJuYW1lIjoibW9iaWxldXNlciIsImdpdmVuX25hbWUiOiJNb2JpbGUiLCJmYW1pbHlfbmFtZSI6IlVzZXIiLCJlbWFpbCI6InNoYXduLmZpcnRoQGdtYWlsLmNvbSJ9.HFCYIdW7Xyd0eKjXOouujVCUH5zjnxNDbOBLQOnjfOzEj4Ff4pHd6q6Ukl3unmWpvM9tU2FtzoPtsxQ-BqIu1ITBuq5_U-fk0OebTCOWtF566vW6BjJb3czRO8f3pB1hd5O7-xCT2KXSv-oEIi0s0ZweiLH0A1PeYy7wur_eCuhONgiu7wI6uR-gimcZVe7o3yhKsDnukrdR-N8xrp1T9PugQe5MZq20ER2Hvc-TW_npnTxRyCHa4tg59_p7-JBGA-BT03mFvOdd4vALeW8xkK3vtaVQevMSa8u3WZrpNGsAvoKpT6QTzm6W0TxAb3t_ptOjusxoLqqRacmP-C9OUg], Content-Type=[application/json], cookie=[JSESSIONID=E7uZRSGcR1FaiNDFCYmJcF7YnJaQof0yP3LxstT5.sfirth], Host=[localhost:8080]} response {Expires=[0], Cache-Control=[no-cache, no-store, must-revalidate], X-Powered-By=[Undertow/1], Server=[JBoss-EAP/7], Pragma=[no-cache]}}
2018-08-30 13:13:19,850 DEBUG [io.undertow.request.security] (default task-4) Authentication result was AUTHENTICATED for HttpServerExchange{ GET /OurRestService/rest/contacts/ request {Postman-Token=[ba346ce6-995e-4c1c-859f-9d92c449b8c9], Accept=[*/*], cache-control=[no-cache], accept-encoding=[gzip, deflate], User-Agent=[PostmanRuntime/7.2.0], Connection=[keep-alive], Authorization=[Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJxSzJKWjUyVjFmU0pKRG82M0hmZHlJbjYyWERlX2hhSWhFMGV5ZXZkQlowIn0.eyJqdGkiOiI5YWM3MWUxMC1kMTYxLTRiYjYtYmE0OC1iMTRlZmJiZjRkZDEiLCJleHAiOjE1MzU2NDk0OTMsIm5iZiI6MCwiaWF0IjoxNTM1NjQ5MTkzLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgxODAvYXV0aC9yZWFsbXMvbW9iaWxlcmVhbG0iLCJhdWQiOiJhZG1pbi1jbGkiLCJzdWIiOiIyMThlYTcwNC0zYTdhLTQ3NjYtYTI1MS02OWQ5YWE4ZTc1ZmYiLCJ0eXAiOiJCZWFyZXIiLCJhenAiOiJhZG1pbi1jbGkiLCJhdXRoX3RpbWUiOjAsInNlc3Npb25fc3RhdGUiOiJjNjk4MzMxMi1mZTM1LTQwODQtYWQxMC1kZTQwOGY3NzQ1YzgiLCJhY3IiOiIxIiwiYWxsb3dlZC1vcmlnaW5zIjpbXSwicmVzb3VyY2VfYWNjZXNzIjp7fSwibmFtZSI6Ik1vYmlsZSBVc2VyIiwicHJlZmVycmVkX3VzZXJuYW1lIjoibW9iaWxldXNlciIsImdpdmVuX25hbWUiOiJNb2JpbGUiLCJmYW1pbHlfbmFtZSI6IlVzZXIiLCJlbWFpbCI6InNoYXduLmZpcnRoQGdtYWlsLmNvbSJ9.HFCYIdW7Xyd0eKjXOouujVCUH5zjnxNDbOBLQOnjfOzEj4Ff4pHd6q6Ukl3unmWpvM9tU2FtzoPtsxQ-BqIu1ITBuq5_U-fk0OebTCOWtF566vW6BjJb3czRO8f3pB1hd5O7-xCT2KXSv-oEIi0s0ZweiLH0A1PeYy7wur_eCuhONgiu7wI6uR-gimcZVe7o3yhKsDnukrdR-N8xrp1T9PugQe5MZq20ER2Hvc-TW_npnTxRyCHa4tg59_p7-JBGA-BT03mFvOdd4vALeW8xkK3vtaVQevMSa8u3WZrpNGsAvoKpT6QTzm6W0TxAb3t_ptOjusxoLqqRacmP-C9OUg], Content-Type=[application/json], cookie=[JSESSIONID=E7uZRSGcR1FaiNDFCYmJcF7YnJaQof0yP3LxstT5.sfirth], Host=[localhost:8080]} response {Expires=[0], Cache-Control=[no-cache, no-store, must-revalidate], X-Powered-By=[Undertow/1], Server=[JBoss-EAP/7], Pragma=[no-cache]}}
2018-08-30 13:13:19,851 DEBUG [org.keycloak.adapters.AuthenticatedActionsHandler] (default task-4) AuthenticatedActionsValve.invoke ourUrlToGetPastStackOverflow10URLlimit/contacts/
2018-08-30 13:13:19,851 DEBUG [org.keycloak.adapters.AuthenticatedActionsHandler] (default task-4) Policy enforcement is disabled.
Problem Solved!
What is not obvious from the Keycloak/SSO documentation is that on RH-SSO you need a Public client paired with your bearer-only client in order to get your authenticated token. So, the solution is to create a 2nd SSO client in your realm that is "public":
* Select `Clients` from the menu
* Click `Create`
* Add the following values:
* Client ID: RestAuth
* Client Protocol: `openid-connect`
* Click `Save`
You request your token from the public client, and that will give you access to your bearer-only rest API on JBoss.

Keycloak docker upgrade from 4.0.0 Beta to 4.1.0

I'm trying to update from Keycloak 4 beta to 4.1.0 docker container:
I've run the migrations:
bin/jboss-cli.sh --file=bin/migrate-standalone.cli,
jboss#3322946680a1 keycloak]$ bin/jboss-cli.sh --file=bin/migrate-standalone.cl
*** Begin Migration ***
Adding spi=userFederatedStorage...
{"outcome" => "success"}
Removing declaration for userFederatedStorage SPI
{"outcome" => "success"}
*** End Migration ***
These all passed without errors, but when i start my container i get the following error:
Node name: 376cb8002a3c, Site name: null
Full Log
keycloak_1 | 21:35:04,117 INFO [org.keycloak.services] (ServerService Thread Pool -- 47) KC-SERVICES0001: Loading config from standalone.xml or domain.xml
keycloak_1 | 21:35:04,355 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 47) WFLYCLINF0002: Started realmRevisions cache from keycloak container
keycloak_1 | 21:35:04,359 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 47) WFLYCLINF0002: Started userRevisions cache from keycloak container
keycloak_1 | 21:35:04,371 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 47) WFLYCLINF0002: Started authorizationRevisions cache from keycloak container
keycloak_1 | 21:35:04,371 INFO [org.keycloak.connections.infinispan.DefaultInfinispanConnectionProviderFactory] (ServerService Thread Pool -- 47) Node name: 376cb8002a3c, Site name: null
keycloak_1 | 21:35:06,200 INFO [org.jboss.as.server] (Thread-2) WFLYSRV0220: Server shutdown has been requested via an OS signal
keycloak_1 | 21:35:06,204 ERROR [org.jboss.msc.service.fail] (ServerService Thread Pool -- 47) MSC000001: Failed to start service jboss.undertow.deployment.default-server.default-host./auth: org.jboss.msc.service.StartException in service jboss.undertow.deployment.default-server.default-host./auth: java.lang.RuntimeException: RESTEASY003325: Failed to construct public org.keycloak.services.resources.KeycloakApplication(javax.servlet.ServletContext,org.jboss.resteasy.core.Dispatcher)
keycloak_1 | at org.wildfly.extension.undertow.deployment.UndertowDeploymentService$1.run(UndertowDeploymentService.java:84)
keycloak_1 | at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
keycloak_1 | at java.util.concurrent.FutureTask.run(FutureTask.java:266)
keycloak_1 | at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
keycloak_1 | at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
keycloak_1 | at java.lang.Thread.run(Thread.java:748)
keycloak_1 | at org.jboss.threads.JBossThread.run(JBossThread.java:320)
keycloak_1 | Caused by: java.lang.RuntimeException: RESTEASY003325: Failed to construct public org.keycloak.services.resources.KeycloakApplication(javax.servlet.ServletContext,org.jboss.resteasy.core.Dispatcher)
keycloak_1 | at org.jboss.resteasy.core.ConstructorInjectorImpl.construct(ConstructorInjectorImpl.java:162)
keycloak_1 | at org.jboss.resteasy.spi.ResteasyProviderFactory.createProviderInstance(ResteasyProviderFactory.java:2298)
keycloak_1 | at org.jboss.resteasy.spi.ResteasyDeployment.createApplication(ResteasyDeployment.java:340)
keycloak_1 | at org.jboss.resteasy.spi.ResteasyDeployment.start(ResteasyDeployment.java:253)
keycloak_1 | at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.init(ServletContainerDispatcher.java:120)
keycloak_1 | at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.init(HttpServletDispatcher.java:36)
keycloak_1 | at io.undertow.servlet.core.LifecyleInterceptorInvocation.proceed(LifecyleInterceptorInvocation.java:117)
keycloak_1 | at org.wildfly.extension.undertow.security.RunAsLifecycleInterceptor.init(RunAsLifecycleInterceptor.java:78)
keycloak_1 | at io.undertow.servlet.core.LifecyleInterceptorInvocation.proceed(LifecyleInterceptorInvocation.java:103)
keycloak_1 | at io.undertow.servlet.core.ManagedServlet$DefaultInstanceStrategy.start(ManagedServlet.java:250)
keycloak_1 | at io.undertow.servlet.core.ManagedServlet.createServlet(ManagedServlet.java:133)
keycloak_1 | at io.undertow.servlet.core.DeploymentManagerImpl$2.call(DeploymentManagerImpl.java:565)
keycloak_1 | at io.undertow.servlet.core.DeploymentManagerImpl$2.call(DeploymentManagerImpl.java:536)
keycloak_1 | at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:42)
keycloak_1 | at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
keycloak_1 | at org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)
keycloak_1 | at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508)
keycloak_1 | at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508)
keycloak_1 | at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508)
keycloak_1 | at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508)
keycloak_1 | at io.undertow.servlet.core.DeploymentManagerImpl.start(DeploymentManagerImpl.java:578)
keycloak_1 | at org.wildfly.extension.undertow.deployment.UndertowDeploymentService.startContext(UndertowDeploymentService.java:100)
keycloak_1 | at org.wildfly.extension.undertow.deployment.UndertowDeploymentService$1.run(UndertowDeploymentService.java:81)
keycloak_1 | ... 6 more
keycloak_1 | Caused by: java.lang.RuntimeException: Exception invoking method [listUnrunChangeSets] on object [liquibase.Liquibase#1a0bbae4], using arguments [null,(),false]
keycloak_1 | at org.keycloak.common.util.reflections.Reflections.invokeMethod(Reflections.java:385)
keycloak_1 | at org.keycloak.connections.jpa.updater.liquibase.LiquibaseJpaUpdaterProvider.getLiquibaseUnrunChangeSets(LiquibaseJpaUpdaterProvider.java:284)
keycloak_1 | at org.keycloak.connections.jpa.updater.liquibase.LiquibaseJpaUpdaterProvider.validateChangeSet(LiquibaseJpaUpdaterProvider.java:252)
keycloak_1 | at org.keycloak.connections.jpa.updater.liquibase.LiquibaseJpaUpdaterProvider.validate(LiquibaseJpaUpdaterProvider.java:225)
keycloak_1 | at org.keycloak.connections.jpa.DefaultJpaConnectionProviderFactory.migration(DefaultJpaConnectionProviderFactory.java:287)
keycloak_1 | at org.keycloak.connections.jpa.DefaultJpaConnectionProviderFactory.lambda$lazyInit$0(DefaultJpaConnectionProviderFactory.java:179)
keycloak_1 | at org.keycloak.models.utils.KeycloakModelUtils.suspendJtaTransaction(KeycloakModelUtils.java:611)
keycloak_1 | at org.keycloak.connections.jpa.DefaultJpaConnectionProviderFactory.lazyInit(DefaultJpaConnectionProviderFactory.java:130)
keycloak_1 | at org.keycloak.connections.jpa.DefaultJpaConnectionProviderFactory.create(DefaultJpaConnectionProviderFactory.java:78)
keycloak_1 | at org.keycloak.connections.jpa.DefaultJpaConnectionProviderFactory.create(DefaultJpaConnectionProviderFactory.java:56)
keycloak_1 | at org.keycloak.services.DefaultKeycloakSession.getProvider(DefaultKeycloakSession.java:186)
keycloak_1 | at org.keycloak.models.jpa.JpaRealmProviderFactory.create(JpaRealmProviderFactory.java:51)
keycloak_1 | at org.keycloak.models.jpa.JpaRealmProviderFactory.create(JpaRealmProviderFactory.java:33)
keycloak_1 | at org.keycloak.services.DefaultKeycloakSession.getProvider(DefaultKeycloakSession.java:186)
keycloak_1 | at org.keycloak.services.DefaultKeycloakSession.realmLocalStorage(DefaultKeycloakSession.java:143)
keycloak_1 | at org.keycloak.models.cache.infinispan.RealmCacheSession.getRealmDelegate(RealmCacheSession.java:148)
keycloak_1 | at org.keycloak.models.cache.infinispan.RealmCacheSession.getMigrationModel(RealmCacheSession.java:141)
keycloak_1 | at org.keycloak.migration.MigrationModelManager.migrate(MigrationModelManager.java:80)
keycloak_1 | at org.keycloak.services.resources.KeycloakApplication.migrateModel(KeycloakApplication.java:245)
keycloak_1 | at org.keycloak.services.resources.KeycloakApplication.migrateAndBootstrap(KeycloakApplication.java:186)
keycloak_1 | at org.keycloak.services.resources.KeycloakApplication$1.run(KeycloakApplication.java:145)
keycloak_1 | at org.keycloak.models.utils.KeycloakModelUtils.runJobInTransaction(KeycloakModelUtils.java:227)
keycloak_1 | at org.keycloak.services.resources.KeycloakApplication.<init>(KeycloakApplication.java:136)
keycloak_1 | at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
keycloak_1 | at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
keycloak_1 | at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
keycloak_1 | at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
keycloak_1 | at org.jboss.resteasy.core.ConstructorInjectorImpl.construct(ConstructorInjectorImpl.java:150)
keycloak_1 | ... 28 more
keycloak_1 | Caused by: liquibase.exception.ValidationFailedException: Validation Failed:
keycloak_1 | 1 change sets check sum
keycloak_1 | META-INF/jpa-changelog-authz-4.0.0.CR1.xml::authz-4.0.0.CR1::psilva#redhat.com was: 7:f72c97037bdb11c6c399e1d14ba2bc65 but is now: 7:57960fc0b0f0dd0563ea6f8b2e4a1707
keycloak_1 |
keycloak_1 | at liquibase.changelog.DatabaseChangeLog.validate(DatabaseChangeLog.java:266)
keycloak_1 | at liquibase.Liquibase.listUnrunChangeSets(Liquibase.java:1189)
keycloak_1 | at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
keycloak_1 | at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
keycloak_1 | at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
keycloak_1 | at java.lang.reflect.Method.invoke(Method.java:498)
keycloak_1 | at org.keycloak.common.util.reflections.Reflections.invokeMethod(Reflections.java:379)
keycloak_1 | ... 55 more
keycloak_1 |
keycloak_1 | 21:35:06,234 INFO [org.jboss.as.connector.subsystems.datasources] (MSC service thread 1-5) WFLYJCA0010: Unbound data source [java:jboss/datasources/KeycloakDS]
keycloak_1 | 21:35:06,237 INFO [org.wildfly.extension.undertow] (MSC service thread 1-5) WFLYUT0008: Undertow HTTPS listener https suspending
keycloak_1 | 21:35:06,239 INFO [org.jboss.as.connector.subsystems.datasources] (MSC service thread 1-8) WFLYJCA0010: Unbound data source [java:jboss/datasources/ExampleDS]
keycloak_1 | 21:35:06,241 INFO [org.wildfly.extension.undertow] (MSC service thread 1-5) WFLYUT0007: Undertow HTTPS listener https stopped, was bound to 0.0.0.0:8443
keycloak_1 | 21:35:06,242 INFO [org.jboss.as.connector.deployers.jdbc] (MSC service thread 1-6) WFLYJCA0019: Stopped Driver service with driver-name = h2
keycloak_1 | 21:35:06,244 INFO [org.wildfly.extension.undertow] (MSC service thread 1-4) WFLYUT0019: Host default-host stopping
keycloak_1 | 21:35:06,246 INFO [org.wildfly.extension.undertow] (MSC service thread 1-4) WFLYUT0008: Undertow HTTP listener default suspending
keycloak_1 | 21:35:06,247 INFO [org.wildfly.extension.undertow] (MSC service thread 1-4) WFLYUT0007: Undertow HTTP listener default stopped, was bound to 0.0.0.0:8080
keycloak_1 | 21:35:06,248 INFO [org.wildfly.extension.undertow] (MSC service thread 1-5) WFLYUT0004: Undertow 1.4.18.Final stopping
keycloak_1 | 21:35:06,256 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 49) WFLYCLINF0003: Stopped work cache from keycloak container
keycloak_1 | 21:35:06,257 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 48) WFLYCLINF0003: Stopped realms cache from keycloak container
keycloak_1 | 21:35:06,258 INFO [org.jboss.as.connector.deployers.jdbc] (MSC service thread 1-6) WFLYJCA0019: Stopped Driver service with driver-name = postgresql
keycloak_1 | 21:35:06,258 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 58) WFLYCLINF0003: Stopped client-mappings cache from ejb container
keycloak_1 | 21:35:06,258 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 54) WFLYCLINF0003: Stopped loginFailures cache from keycloak container
keycloak_1 | 21:35:06,259 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 50) WFLYCLINF0003: Stopped clientSessions cache from keycloak container
keycloak_1 | 21:35:06,260 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 51) WFLYCLINF0003: Stopped sessions cache from keycloak container
keycloak_1 | 21:35:06,260 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 56) WFLYCLINF0003: Stopped users cache from keycloak container
keycloak_1 | 21:35:06,260 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 46) WFLYCLINF0003: Stopped offlineClientSessions cache from keycloak container
keycloak_1 | 21:35:06,262 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 52) WFLYCLINF0003: Stopped keys cache from keycloak container
keycloak_1 | 21:35:06,263 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 57) WFLYCLINF0003: Stopped authenticationSessions cache from keycloak container
keycloak_1 | 21:35:06,263 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 47) WFLYCLINF0003: Stopped offlineSessions cache from keycloak container
keycloak_1 | 21:35:06,264 INFO [org.jboss.as.server.deployment] (MSC service thread 1-2) WFLYSRV0028: Stopped deployment keycloak-server.war (runtime-name: keycloak-server.war) in 56ms
keycloak_1 | 21:35:06,265 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 59) WFLYCLINF0003: Stopped actionTokens cache from keycloak container
keycloak_1 | 21:35:06,266 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 55) WFLYCLINF0003: Stopped authorization cache from keycloak container
keycloak_1 | 21:35:06,268 INFO [org.jboss.as.clustering.infinispan] (MSC service thread 1-6) WFLYCLINF0003: Stopped authorizationRevisions cache from keycloak container
keycloak_1 | 21:35:06,270 INFO [org.jboss.as.clustering.infinispan] (MSC service thread 1-6) WFLYCLINF0003: Stopped realmRevisions cache from keycloak container
keycloak_1 | 21:35:06,272 INFO [org.jboss.as.clustering.infinispan] (MSC service thread 1-6) WFLYCLINF0003: Stopped userRevisions cache from keycloak container
keycloak_1 | 21:35:06,282 ERROR [org.jboss.as.server] (ServerService Thread Pool -- 45) WFLYSRV0022: Deploy of deployment "keycloak-server.war" was rolled back with no failure message
keycloak_1 | 21:35:06,291 INFO [org.jboss.as] (MSC service thread 1-1) WFLYSRV0050: Keycloak 4.1.0.Final (WildFly Core 3.0.8.Final) stopped in 83ms
keycloak_1 | identity_keycloak_1 exited with code 1
Are there changes to standalone.xml that need to be made in order to upgrade, how can i fix this?
Thanks!
So it seems i was asking the wrong question. It looks like the Dockerfile used in the keycloak containers will start the server using CMD. This enables you to pass any of the boot parameters to the new container.
The param i wanted was --admin-only - this allowed me to start the service without prematurely running anything against the old version of the database. Here's how to upgrade Keycloak 4.1.0 while running docker:
snapshot database
snapshot themes
clone entire instance to a safe
new server
Once safe:
Ensure the new server has the database and keycloak config environment variables correct in you .env file:
POSTGRES_ROOT_PASSWORD=REDACTED_1
POSTGRES_DB=keycloak
POSTGRES_USER=keycloak
POSTGRES_PASSWORD=REDACTED_2
DB_VENDOR=POSTGRES
DB_ADDR=postgres
DB_DATABASE=keycloak
DB_USER=keycloak
DB_PASSWORD=REDACTED_2
KEYCLOAK_USER=YOUR-NAME
KEYCLOAK_PASSWORD=REDACTED_2
This is my compose file:
version: "3.3"
services:
keycloak:
image: jboss/keycloak:4.1.0.Final
ports:
- 8009:8009
- 8080:8080
- 8443:8443
env_file:
- .env
postgres:
image: postgres:9.5
env_file:
- .env
volumes:
- /path/to/your/db:/var/lib/postgresql/data
#this is optional
client:
image: ianneub/network-tools
env_file:
- .env
ports:
- "5430:5432"
command: sleep 60000000
nginx:
image: nginx
ports:
- 80:80
- 443:443
secrets:
- dhparam.pem
- privkey.pem
- fullchain.pem
volumes:
- ./nginx/nginx.conf:/etc/nginx/nginx.conf
secrets:
dhparam.pem:
file: ./nginx/dhparam.pem
privkey.pem:
file: ./nginx/privkey.pem
fullchain.pem:
file: ./nginx/fullchain.pem
Start the DB
docker-compose up postgres
Start the Admin Servvice:
docker-compose run keycloak --admin-only
You should see:
jboss#3322946680a1 keycloak]$ bin/jboss-cli.sh --file=bin/migrate-standalone.cl
*** Begin Migration ***
Adding spi=userFederatedStorage...
{"outcome" => "success"}
Removing declaration for userFederatedStorage SPI
{"outcome" => "success"}
*** End Migration ***
If you nginx.conf file is setup correctly, you should be good to go. From here out, docker-compose down && docker-compose up should work fine. This is only a mild variation from the docs at:
https://www.keycloak.org/docs/latest/upgrading/index.html#intro

drools on wildfly is not working

I am new to drools.
I am using drools 6.5.0 and wildfly 10.
I am developing a REST application with drools rules and executing through REST url.
My drools rules are executed in eclipse perfectly. After that I have deployed my REST application on wildfly. It is successful.
But, If I call the url from browser, it throws the below exception in console.
Is it mandatory to deploy KIE server for the rule execution? Because in tomcat the same application is working fine without KIE server.
droolsTest.java
KieServices ks = KieServices.Factory.get(); //This statement is working fine
KieContainer kContainer = ks.getKieClasspathContainer(); // Error is thrown in this statement
KieSession kSession = kContainer.newKieSession("ksession-rules");
Message message = new Message();
message.setMessage("Hello World Testing");
message.setStatus(Message.HELLO);
kSession.insert(message);
kSession.fireAllRules();
System.out.println("Drools Rules execution is Completed");
14:47:43,604 INFO [stdout] (default task-19) Error caught :java.lang.NoClassDef
FoundError: Could not initialize class org.drools.compiler.kie.builder.impl.KieC
ontainerImpl
14:47:43,607 ERROR [stderr] (default task-19) java.lang.NoClassDefFoundError: Co
uld not initialize class org.drools.compiler.kie.builder.impl.KieContainerImpl
14:47:43,625 ERROR [stderr] (default task-19) at org.drools.compiler.kie.build
er.impl.KieServicesImpl.newKieClasspathContainer(KieServicesImpl.java:135)
14:47:43,626 ERROR [stderr] (default task-19) at org.drools.compiler.kie.build
er.impl.KieServicesImpl.getKieClasspathContainer(KieServicesImpl.java:101)
14:47:43,626 ERROR [stderr] (default task-19) at org.drools.compiler.kie.build
er.impl.KieServicesImpl.getKieClasspathContainer(KieServicesImpl.java:79)
14:47:43,627 ERROR [stderr] (default task-19) at com.sample.DroolsTest.drools(
DroolsTest.java:45)
14:47:43,627 ERROR [stderr] (default task-19) at com.abc.rest.MessageRestSe
rvice.TestDroolsCode(MessageRestService.java:29)
14:47:43,628 ERROR [stderr] (default task-19) at sun.reflect.NativeMethodAcces
sorImpl.invoke0(Native Method)
14:47:43,628 ERROR [stderr] (default task-19) at sun.reflect.NativeMethodAcces
sorImpl.invoke(NativeMethodAccessorImpl.java:62)
14:47:43,628 ERROR [stderr] (default task-19) at sun.reflect.DelegatingMethodA
ccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
14:47:43,629 ERROR [stderr] (default task-19) at java.lang.reflect.Method.invo
ke(Method.java:498)
14:47:43,630 ERROR [stderr] (default task-19) at org.jboss.resteasy.core.Resou
rceLocatorInvoker.createResource(ResourceLocatorInvoker.java:79)
14:47:43,630 ERROR [stderr] (default task-19) at org.jboss.resteasy.core.Resou
rceLocatorInvoker.createResource(ResourceLocatorInvoker.java:58)
14:47:43,631 ERROR [stderr] (default task-19) at org.jboss.resteasy.core.Resou
rceLocatorInvoker.invoke(ResourceLocatorInvoker.java:100)
14:47:43,631 ERROR [stderr] (default task-19) at org.jboss.resteasy.core.Synch
ronousDispatcher.invoke(SynchronousDispatcher.java:402)
14:47:43,632 ERROR [stderr] (default task-19) at org.jboss.resteasy.core.Synch
ronousDispatcher.invoke(SynchronousDispatcher.java:209)
14:47:43,634 ERROR [stderr] (default task-19) at org.jboss.resteasy.plugins.se
rver.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:
221)
14:47:43,635 ERROR [stderr] (default task-19) at org.jboss.resteasy.plugins.se
rver.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
14:47:43,638 ERROR [stderr] (default task-19) at org.jboss.resteasy.plugins.se
rver.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
14:47:43,639 ERROR [stderr] (default task-19) at javax.servlet.http.HttpServle
t.service(HttpServlet.java:790)
14:47:43,640 ERROR [stderr] (default task-19) at io.undertow.servlet.handlers.
ServletHandler.handleRequest(ServletHandler.java:85)
14:47:43,641 ERROR [stderr] (default task-19) at io.undertow.servlet.handlers.
security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.jav
a:62)
14:47:43,641 ERROR [stderr] (default task-19) at io.undertow.servlet.handlers.
ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
14:47:43,642 ERROR [stderr] (default task-19) at org.wildfly.extension.underto
w.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssoci
ationHandler.java:78)
14:47:43,644 ERROR [stderr] (default task-19) at io.undertow.server.handlers.P
redicateHandler.handleRequest(PredicateHandler.java:43)
14:47:43,645 ERROR [stderr] (default task-19) at io.undertow.servlet.handlers.
security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociatio
nHandler.java:131)
14:47:43,647 ERROR [stderr] (default task-19) at io.undertow.servlet.handlers.
security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCal
lHandler.java:57)
14:47:43,649 ERROR [stderr] (default task-19) at io.undertow.server.handlers.P
redicateHandler.handleRequest(PredicateHandler.java:43)
14:47:43,653 ERROR [stderr] (default task-19) at io.undertow.security.handlers
.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.jav
a:46)
14:47:43,655 ERROR [stderr] (default task-19) at io.undertow.servlet.handlers.
security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidenti
alityConstraintHandler.java:64)
14:47:43,657 ERROR [stderr] (default task-19) at io.undertow.security.handlers
.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.j
ava:60)
14:47:43,658 ERROR [stderr] (default task-19) at io.undertow.servlet.handlers.
security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSess
ionHandler.java:77)
14:47:43,661 ERROR [stderr] (default task-19) at io.undertow.security.handlers
.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
14:47:43,663 ERROR [stderr] (default task-19) at io.undertow.security.handlers
.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContext
AssociationHandler.java:43)
14:47:43,664 ERROR [stderr] (default task-19) at io.undertow.server.handlers.P
redicateHandler.handleRequest(PredicateHandler.java:43)
14:47:43,665 ERROR [stderr] (default task-19) at org.wildfly.extension.underto
w.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
14:47:43,665 ERROR [stderr] (default task-19) at io.undertow.server.handlers.P
redicateHandler.handleRequest(PredicateHandler.java:43)
14:47:43,668 ERROR [stderr] (default task-19) at io.undertow.server.handlers.P
redicateHandler.handleRequest(PredicateHandler.java:43)
14:47:43,669 ERROR [stderr] (default task-19) at io.undertow.servlet.handlers.
ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
14:47:43,670 ERROR [stderr] (default task-19) at io.undertow.servlet.handlers.
ServletInitialHandler.access$100(ServletInitialHandler.java:81)
14:47:43,671 ERROR [stderr] (default task-19) at io.undertow.servlet.handlers.
ServletInitialHandler$2.call(ServletInitialHandler.java:138)
14:47:43,672 ERROR [stderr] (default task-19) at io.undertow.servlet.handlers.
ServletInitialHandler$2.call(ServletInitialHandler.java:135)
14:47:43,675 ERROR [stderr] (default task-19) at io.undertow.servlet.core.Serv
letRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction
.java:48)
14:47:43,676 ERROR [stderr] (default task-19) at io.undertow.servlet.core.Cont
extClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
14:47:43,677 ERROR [stderr] (default task-19) at io.undertow.servlet.api.Legac
yThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
14:47:43,681 ERROR [stderr] (default task-19) at io.undertow.servlet.api.Legac
yThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
14:47:43,682 ERROR [stderr] (default task-19) at io.undertow.servlet.api.Legac
yThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
14:47:43,686 ERROR [stderr] (default task-19) at io.undertow.servlet.api.Legac
yThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
14:47:43,695 ERROR [stderr] (default task-19) at io.undertow.servlet.api.Legac
yThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
14:47:43,702 ERROR [stderr] (default task-19) at io.undertow.servlet.handlers.
ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)
14:47:43,703 ERROR [stderr] (default task-19) at io.undertow.servlet.handlers.
ServletInitialHandler.access$000(ServletInitialHandler.java:81)
14:47:43,704 ERROR [stderr] (default task-19) at io.undertow.servlet.handlers.
ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104)
14:47:43,704 ERROR [stderr] (default task-19) at io.undertow.server.Connectors
.executeRootHandler(Connectors.java:202)
14:47:43,705 ERROR [stderr] (default task-19) at io.undertow.server.HttpServer
Exchange$1.run(HttpServerExchange.java:805)
14:47:43,705 ERROR [stderr] (default task-19) at java.util.concurrent.ThreadPo
olExecutor.runWorker(ThreadPoolExecutor.java:1142)
14:47:43,706 ERROR [stderr] (default task-19) at java.util.concurrent.ThreadPo
olExecutor$Worker.run(ThreadPoolExecutor.java:617)
14:47:43,706 ERROR [stderr] (default task-19) at java.lang.Thread.run(Thread.j
ava:745)
14:47:43,707 INFO [stdout] (default task-19) Executed
Could anyone provide your help.
Thanks
Senthil