Keycloak LOGIN_ERROR when accessed through iFrame - keycloak

Facing issue with Keycloak login when trying to access it using iFrame. I am getting following error:
2020-08-29 04:06:50,976 WARN [org.keycloak.events] (default task-9654) type=LOGIN_ERROR, realmId=34d62e4f-f267-4f1a-8ec7-075e5046543b, clientId=null, userId=null, ipAddress=192.168.66.183, error=invalid_code
Its working fine when trying to access it via chrome browser,
2020-08-29 04:08:44,310 INFO [org.keycloak.events] (default task-9658) type=LOGIN, realmId=34d62e4f-f267-4f1a-8ec7-075e5046543b, clientId=dxp-frontend, userId=6db38019-c323-4071-abc2-a39c705ed122, ipAddress=192.168.66.183, auth_method=openid-connect, auth_type=code, redirect_uri=https://dxp-model1.devopnet.in.telstra.com.au/csrtb/, consent=no_consent_required, code_id=ac77dc9d-9237-4c17-b74d-9f3c9582ebbd, username=dxpcsr1, authSessionParentId=ac77dc9d-9237-4c17-b74d-9f3c9582ebbd, authSessionTabId=3K3KgKVc2bc
2020-08-29 04:08:45,811 INFO [org.keycloak.events] (default task-9658) type=CODE_TO_TOKEN, realmId=34d62e4f-f267-4f1a-8ec7-075e5046543b, clientId=dxp-frontend, userId=6db38019-c323-4071-abc2-a39c705ed122, ipAddress=192.168.66.183, token_id=15905d22-c77f-4f6d-bce4-63c36ed04f0b, grant_type=authorization_code, refresh_token_type=Refresh, scope='openid profile email', refresh_token_id=a0b3437b-c2b3-4179-ad24-833459a847db, code_id=ac77dc9d-9237-4c17-b74d-9f3c9582ebbd, client_auth_method=client-secret
Additional Information
Using K8 cluster where a single instance of Keycloak is deployed.

Related

Keycloak Admin Client throws error in server logs

am using keycloak admin client with my custom SPI.
I am getting this error when am trying to to create keycloak builder.
previously i tried this solution also but this didnt worked for me.
keycloak version 20.0.2 quarkus dist
this is the code I am using for builder
KeycloakBuilder.builder()
.serverUrl("http://localhost:8080/")
.realm("xxxxx")
.username("xxxx")
.password("xxxxx")
.clientId("admin-cli")
.resteasyClient(
new ResteasyClientBuilder()
.connectionPoolSize(10).build()
).build();
here's the error log
2023-01-26 13:11:33,684 ERROR [org.keycloak.services.error.KeycloakErrorHandler] (executor-thread-4) Uncaught server error: java.lang.InstantiationError: org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder
at com.nafath.keycloak.NafathTokenAuthenticator.getKeycloakInstance(NafathTokenAuthenticator.java:178)
at com.nafath.keycloak.NafathTokenAuthenticator.saveNewUser(NafathTokenAuthenticator.java:127)
at com.nafath.keycloak.NafathTokenAuthenticator.authenticate(NafathTokenAuthenticator.java:116)
at org.keycloak.authentication.DefaultAuthenticationFlow.processSingleFlowExecutionModel(DefaultAuthenticationFlow.java:446)
at org.keycloak.authentication.DefaultAuthenticationFlow.processFlow(DefaultAuthenticationFlow.java:250)
at org.keycloak.authentication.AuthenticationProcessor.authenticateOnly(AuthenticationProcessor.java:1017)
at org.keycloak.authentication.AuthenticationProcessor.authenticate(AuthenticationProcessor.java:879)
at org.keycloak.protocol.AuthorizationEndpointBase.handleBrowserAuthenticationRequest(AuthorizationEndpointBase.java:151)
at org.keycloak.protocol.oidc.endpoints.AuthorizationEndpoint.buildAuthorizationCodeAuthorizationResponse(AuthorizationEndpoint.java:338)
at org.keycloak.protocol.oidc.endpoints.AuthorizationEndpoint.process(AuthorizationEndpoint.java:194)
at org.keycloak.protocol.oidc.endpoints.AuthorizationEndpoint.buildGet(AuthorizationEndpoint.java:112)
at java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:104)
at java.base/java.lang.reflect.Method.invoke(Method.java:577)
at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:170)
at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:130)
at org.jboss.resteasy.core.ResourceMethodInvoker.internalInvokeOnTarget(ResourceMethodInvoker.java:660)
at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTargetAfterFilter(ResourceMethodInvoker.java:524)
at org.jboss.resteasy.core.ResourceMethodInvoker.lambda$invokeOnTarget$2(ResourceMethodInvoker.java:474)
at org.jboss.resteasy.core.interception.jaxrs.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:364)
at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:476)
at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:434)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:192)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:152)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:183)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:141)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:32)
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:492)
at org.jboss.resteasy.core.SynchronousDispatcher.lambda$invoke$4(SynchronousDispatcher.java:261)
at org.jboss.resteasy.core.SynchronousDispatcher.lambda$preprocess$0(SynchronousDispatcher.java:161)
at org.jboss.resteasy.core.interception.jaxrs.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:364)
at org.jboss.resteasy.core.SynchronousDispatcher.preprocess(SynchronousDispatcher.java:164)
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:247)
at io.quarkus.resteasy.runtime.standalone.RequestDispatcher.service(RequestDispatcher.java:73)
at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler.dispatch(VertxRequestHandler.java:151)
at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler.handle(VertxRequestHandler.java:82)
at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler.handle(VertxRequestHandler.java:42)
at io.vertx.ext.web.impl.RouteState.handleContext(RouteState.java:1284)
at io.vertx.ext.web.impl.RoutingContextImplBase.iterateNext(RoutingContextImplBase.java:173)
at io.vertx.ext.web.impl.RoutingContextImpl.next(RoutingContextImpl.java:140)
at io.quarkus.vertx.http.runtime.StaticResourcesRecorder$2.handle(StaticResourcesRecorder.java:84)
at io.quarkus.vertx.http.runtime.StaticResourcesRecorder$2.handle(StaticResourcesRecorder.java:71)
at io.vertx.ext.web.impl.RouteState.handleContext(RouteState.java:1284)
at io.vertx.ext.web.impl.RoutingContextImplBase.iterateNext(RoutingContextImplBase.java:173)
at io.vertx.ext.web.impl.RoutingContextImpl.next(RoutingContextImpl.java:140)
at io.quarkus.vertx.http.runtime.VertxHttpRecorder$6.handle(VertxHttpRecorder.java:430)
at io.quarkus.vertx.http.runtime.VertxHttpRecorder$6.handle(VertxHttpRecorder.java:408)
at io.vertx.ext.web.impl.RouteState.handleContext(RouteState.java:1284)
at io.vertx.ext.web.impl.RoutingContextImplBase.iterateNext(RoutingContextImplBase.java:173)
at io.vertx.ext.web.impl.RoutingContextImpl.next(RoutingContextImpl.java:140)
at org.keycloak.quarkus.runtime.integration.web.QuarkusRequestFilter.lambda$createBlockingHandler$0(QuarkusRequestFilter.java:82)
at io.quarkus.vertx.core.runtime.VertxCoreRecorder$14.runWith(VertxCoreRecorder.java:564)
at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2449)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1478)
at org.jboss.threads.DelegatingRunnable.run(DelegatingRunnable.java:29)
at org.jboss.threads.ThreadLocalResettingRunnable.run(ThreadLocalResettingRunnable.java:29)
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
at java.base/java.lang.Thread.run(Thread.java:833)
I tried it with resteasy version 4

Wildfly 26.1.0 final + elytron-oidc-client + wont propagate user to EJB + user become anonymous

I am trying to upgrade from WF24 to WF26.1.0 final and migrate from the jboss:domain:keycloak module to elytron-oidc-client.
I have installed WF26.1.0 and configured elytron-oidc-client with secure-deployment to use our Keycloak server for authentication. I can log into my webpages and rest services provided by the WAR deployment, and I get the correct roles listed for my keycloak users.
Here is the log that shows when elytron-oidc-client retrieves the authenticated user and adds it to a generic security domain with the 'virtual' realm:
2022-05-01 06:46:10,652 TRACE [org.wildfly.security] (default task-4) Handling SecurityIdentityCallback: identity = SecurityIdentity{principal=testuser, securityDomain=org.wildfly.security.auth.server.SecurityDomain#3e51905b, authorizationIdentity=EMPTY, realmInfo=RealmInfo{name='virtual', securityRealm=org.wildfly.security.http.oidc.OidcSecurityRealm#796ef014}, creationTime=2022-05-01T04:46:10.651489Z}
The secure deployment look like this in stanalone-full.xml:
<subsystem xmlns="urn:wildfly:elytron-oidc-client:1.0">
<realm name="MyRealm">
<auth-server-url>https://127.0.0.1/auth/</auth-server-url>
<ssl-required>NONE</ssl-required>
<enable-cors>true</enable-cors>
<principal-attribute>preferred_username</principal-attribute>
</realm>
<secure-deployment name="farm-application-fleet-jsweb.war">
<realm>MyRealm</realm>
<resource>MyResource</resource>
<public-client>true</public-client>
</secure-deployment>
</subsystem>
When a REST service deployed in the WAR tries to connect to a EJB deployed in a different EAR then the user become "anonymous" and access is not allowed.
Here are some of my Wildfly log that shows the authenticated user become anonymous when I am calling the EJB method getAllMvaCodes declared like this:
#RolesAllowed({ "user","appuser" })
public GeneralResponse getAllMvaCodes () {....}
Instead of an correct result because my authenticated user has the correct roles, I get "is not allowed":
2022-05-01 06:46:10,651 TRACE [org.wildfly.security] (default task-4) Role mapping: principal [testuser] -> decoded roles [appuser, workshop, car_booking, plowing, superadmin, triplog, admin, transport, user] -> domain decoded roles [] -> realm mapped roles [appuser, workshop, car_booking, plowing, superadmin, triplog, admin, transport, user] -> domain mapped roles [appuser, workshop, car_booking, plowing, superadmin, triplog, admin, transport, user]
2022-05-01 06:46:10,651 TRACE [org.xnio.nio.selector] (default I/O-19) Selected key channel=java.nio.channels.SocketChannel[connected local=/127.0.0.1:8443 remote=/127.0.0.1:49577], selector=sun.nio.ch.KQueueSelectorImpl#db86f05, interestOps=1, readyOps=1 for java.nio.channels.SocketChannel[connected local=/127.0.0.1:8443 remote=/127.0.0.1:49577]
2022-05-01 06:46:10,651 TRACE [org.wildfly.security] (default task-4) Authorizing principal testuser.
2022-05-01 06:46:10,651 TRACE [org.xnio.nio.selector] (default I/O-19) Calling handleReady key 1 for java.nio.channels.SocketChannel[connected local=/127.0.0.1:8443 remote=/127.0.0.1:49577]
2022-05-01 06:46:10,651 TRACE [org.wildfly.security] (default task-4) Authorizing against the following attributes: [Roles] => [appuser, workshop, car_booking, plowing, superadmin, triplog, admin, transport, user]
2022-05-01 06:46:10,651 TRACE [org.xnio.listener] (default I/O-19) Invoking listener io.undertow.server.protocol.framed.AbstractFramedChannel$FrameReadListener#6a65085c on channel org.xnio.conduits.ConduitStreamSourceChannel#734aed38
2022-05-01 06:46:10,651 TRACE [org.wildfly.security] (default task-4) Authorizing against the following runtime attributes: [] => []
2022-05-01 06:46:10,651 TRACE [io.undertow.request.io] (default I/O-19) Invoking receive listener: io.undertow.server.protocol.http2.Http2ReceiveListener#226d75b6 - receiver: null
2022-05-01 06:46:10,651 TRACE [org.wildfly.security] (default task-4) Permission mapping: identity [testuser] with roles [appuser, workshop, car_booking, plowing, superadmin, triplog, admin, transport, user] implies ("org.wildfly.security.auth.permission.LoginPermission" "") = true
2022-05-01 06:46:10,651 TRACE [org.wildfly.security] (default task-4) Authorization succeed
2022-05-01 06:46:10,651 TRACE [org.xnio.listener] (default I/O-19) Invoking listener io.undertow.server.protocol.http2.Http2ReceiveListener#226d75b6 on channel Http2Channel peer /127.0.0.1:49577 local /127.0.0.1:8443[ No Receiver [] -- [] -- []
2022-05-01 06:46:10,651 ERROR [org.jboss.as.ejb3.invocation] (default task-6) WFLYEJB0034: Jakarta Enterprise Beans Invocation failed on component InvoiceBean for method public abstract no.farm.service.fleet.dto.GeneralResponse no.farm.service.fleet.ejb.InvoiceRemote.getAllMvaCodes(): javax.ejb.EJBAccessException: WFLYEJB0364: Invocation on method: public abstract no.farm.service.fleet.dto.GeneralResponse no.farm.service.fleet.ejb.InvoiceRemote.getAllMvaCodes() of bean: InvoiceBean is not allowed
Is there a way that I can configure Wildfly to propagate the user correctly from the WEB to the EJB?

The elytron-oidc-client subsystem makes use of a virtual security domain. Currently, this virtual security domain can't be referenced from other deployments.
However, the identity would get propagated to EJBs within the same deployment.

Keycloak Identity Broker: HMACSHA256 Signature not available

I'm running Keycloak 15.0.2 in docker (jboss/keycloak:15.0.2) and use Identity Brokering with an external OpenId Connect Identity Provider
When a login is initialized on keycloak the browser is redirected to the external IDP. After authenticated there the browser is redirected to keycloaks broker endpoint /broker/oidc/endpoint?code=xxx
But then Keycloak throws a Exception caused by
Caused by: java.security.NoSuchAlgorithmException: HMACSHA256 Signature not available
Has someone an idea why this is happening? Should this HMACSHA256 algorithm not already be part of the JRE in the docker-container?
Full stacktrace
10:43:06,687 ERROR [org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider] (default task-36) Failed to make identity provider oauth callback: java.lang.RuntimeException: org.keycloak.crypto.SignatureException: Signing failed
at org.keycloak.keycloak-core#15.0.2//org.keycloak.jose.jws.JWSBuilder$EncodingBuilder.sign(JWSBuilder.java:116)
at org.keycloak.keycloak-services#15.0.2//org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider.authenticateTokenRequest(AbstractOAuth2IdentityProvider.java:408)
at org.keycloak.keycloak-services#15.0.2//org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider$Endpoint.generateTokenRequest(AbstractOAuth2IdentityProvider.java:576)
at org.keycloak.keycloak-services#15.0.2//org.keycloak.broker.oidc.OIDCIdentityProvider$OIDCEndpoint.generateTokenRequest(OIDCIdentityProvider.java:323)
at org.keycloak.keycloak-services#15.0.2//org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider$Endpoint.authResponse(AbstractOAuth2IdentityProvider.java:500)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.jboss.resteasy.resteasy-jaxrs#3.15.1.Final//org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:138)
at org.jboss.resteasy.resteasy-jaxrs#3.15.1.Final//org.jboss.resteasy.core.ResourceMethodInvoker.internalInvokeOnTarget(ResourceMethodInvoker.java:546)
at org.jboss.resteasy.resteasy-jaxrs#3.15.1.Final//org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTargetAfterFilter(ResourceMethodInvoker.java:435)
at org.jboss.resteasy.resteasy-jaxrs#3.15.1.Final//org.jboss.resteasy.core.ResourceMethodInvoker.lambda$invokeOnTarget$0(ResourceMethodInvoker.java:396)
at org.jboss.resteasy.resteasy-jaxrs#3.15.1.Final//org.jboss.resteasy.core.interception.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:358)
at org.jboss.resteasy.resteasy-jaxrs#3.15.1.Final//org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:398)
at org.jboss.resteasy.resteasy-jaxrs#3.15.1.Final//org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:365)
at org.jboss.resteasy.resteasy-jaxrs#3.15.1.Final//org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:150)
at org.jboss.resteasy.resteasy-jaxrs#3.15.1.Final//org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:110)
at org.jboss.resteasy.resteasy-jaxrs#3.15.1.Final//org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:141)
at org.jboss.resteasy.resteasy-jaxrs#3.15.1.Final//org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:104)
at org.jboss.resteasy.resteasy-jaxrs#3.15.1.Final//org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:440)
at org.jboss.resteasy.resteasy-jaxrs#3.15.1.Final//org.jboss.resteasy.core.SynchronousDispatcher.lambda$invoke$4(SynchronousDispatcher.java:229)
at org.jboss.resteasy.resteasy-jaxrs#3.15.1.Final//org.jboss.resteasy.core.SynchronousDispatcher.lambda$preprocess$0(SynchronousDispatcher.java:135)
at org.jboss.resteasy.resteasy-jaxrs#3.15.1.Final//org.jboss.resteasy.core.interception.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:358)
at org.jboss.resteasy.resteasy-jaxrs#3.15.1.Final//org.jboss.resteasy.core.SynchronousDispatcher.preprocess(SynchronousDispatcher.java:138)
at org.jboss.resteasy.resteasy-jaxrs#3.15.1.Final//org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:215)
at org.jboss.resteasy.resteasy-jaxrs#3.15.1.Final//org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:245)
at org.jboss.resteasy.resteasy-jaxrs#3.15.1.Final//org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:61)
at org.jboss.resteasy.resteasy-jaxrs#3.15.1.Final//org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
at javax.servlet.api#2.0.0.Final//javax.servlet.http.HttpServlet.service(HttpServlet.java:590)
at io.undertow.servlet#2.2.5.Final//io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74)
at io.undertow.servlet#2.2.5.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
at org.keycloak.keycloak-wildfly-extensions#15.0.2//org.keycloak.provider.wildfly.WildFlyRequestFilter.lambda$doFilter$0(WildFlyRequestFilter.java:41)
at org.keycloak.keycloak-services#15.0.2//org.keycloak.services.filters.AbstractRequestFilter.filter(AbstractRequestFilter.java:43)
at org.keycloak.keycloak-wildfly-extensions#15.0.2//org.keycloak.provider.wildfly.WildFlyRequestFilter.doFilter(WildFlyRequestFilter.java:39)
at io.undertow.servlet#2.2.5.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
at io.undertow.servlet#2.2.5.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
at io.undertow.servlet#2.2.5.Final//io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
at io.undertow.servlet#2.2.5.Final//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
at io.undertow.servlet#2.2.5.Final//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
at io.undertow.servlet#2.2.5.Final//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
at org.wildfly.extension.undertow#23.0.2.Final//org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
at io.undertow.core#2.2.5.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.servlet#2.2.5.Final//io.undertow.servlet.handlers.RedirectDirHandler.handleRequest(RedirectDirHandler.java:68)
at io.undertow.servlet#2.2.5.Final//io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:117)
at io.undertow.servlet#2.2.5.Final//io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
at io.undertow.core#2.2.5.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.core#2.2.5.Final//io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
at io.undertow.servlet#2.2.5.Final//io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
at io.undertow.core#2.2.5.Final//io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
at io.undertow.servlet#2.2.5.Final//io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
at io.undertow.core#2.2.5.Final//io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
at io.undertow.core#2.2.5.Final//io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
at io.undertow.core#2.2.5.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at org.wildfly.extension.undertow#23.0.2.Final//org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
at io.undertow.core#2.2.5.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at org.wildfly.extension.undertow#23.0.2.Final//org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68)
at io.undertow.servlet#2.2.5.Final//io.undertow.servlet.handlers.SendErrorPageHandler.handleRequest(SendErrorPageHandler.java:52)
at io.undertow.core#2.2.5.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.servlet#2.2.5.Final//io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:269)
at io.undertow.servlet#2.2.5.Final//io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:78)
at io.undertow.servlet#2.2.5.Final//io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:133)
at io.undertow.servlet#2.2.5.Final//io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:130)
at io.undertow.servlet#2.2.5.Final//io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
at io.undertow.servlet#2.2.5.Final//io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
at org.wildfly.extension.undertow#23.0.2.Final//org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)
at org.wildfly.extension.undertow#23.0.2.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530)
at org.wildfly.extension.undertow#23.0.2.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530)
at org.wildfly.extension.undertow#23.0.2.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530)
at org.wildfly.extension.undertow#23.0.2.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530)
at io.undertow.servlet#2.2.5.Final//io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:249)
at io.undertow.servlet#2.2.5.Final//io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:78)
at io.undertow.servlet#2.2.5.Final//io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:99)
at io.undertow.core#2.2.5.Final//io.undertow.server.Connectors.executeRootHandler(Connectors.java:387)
at io.undertow.core#2.2.5.Final//io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:841)
at org.jboss.threads#2.4.0.Final//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
at org.jboss.threads#2.4.0.Final//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1990)
at org.jboss.threads#2.4.0.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
at org.jboss.threads#2.4.0.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
at org.jboss.xnio#3.8.4.Final//org.xnio.XnioWorker$WorkerThreadFactory$1$1.run(XnioWorker.java:1280)
at java.base/java.lang.Thread.run(Thread.java:829)
Caused by: org.keycloak.crypto.SignatureException: Signing failed
at org.keycloak.keycloak-core#15.0.2//org.keycloak.crypto.AsymmetricSignatureSignerContext.sign(AsymmetricSignatureSignerContext.java:53)
at org.keycloak.keycloak-core#15.0.2//org.keycloak.jose.jws.JWSBuilder$EncodingBuilder.sign(JWSBuilder.java:114)
... 80 more
Caused by: java.security.NoSuchAlgorithmException: HMACSHA256 Signature not available
at java.base/java.security.Signature.getInstance(Signature.java:267)
at org.keycloak.keycloak-core#15.0.2//org.keycloak.crypto.AsymmetricSignatureSignerContext.sign(AsymmetricSignatureSignerContext.java:48)
... 81 more
10:43:06,693 WARN [org.keycloak.events] (default task-36) type=IDENTITY_PROVIDER_LOGIN_ERROR, realmId=Test, clientId=application, userId=null, ipAddress=10.0.0.2, error=identity_provider_login_failure, code_id=10584c92-b25a-4961-b181-8ebcecc236c8, authSessionParentId=10584c92-b25a-4961-b181-8ebcecc236c8, authSessionTabId=Z9JGLzHz2qk

I had the same issue and could solve it by changing the "Client Assertion Signature Algorithm" from HS256 to RS256 for the identity provider in Keycloak.

Keycloak retry database connection during startup

I have Keycloak on one server configured to connect to a remote PostgreSQL database, both the database and the Keycloak server start at the same time in the morning but the database takes a little more time before it's available which prevents the Keycloak service from starting:
WARN [org.jboss.jca.core.connectionmanager.pool.strategy.OnePool] (ServerService Thread Pool -- 63) IJ000604: Throwable while attempting to get a new connection: null: javax.resource.ResourceException: IJ031084: Unable to create connection
I tried adding the following lines to standalone.xml but it only seems to prevent Keycloak from crashing if it's already started and the database reboots:
<validation>
<check-valid-connection-sql>select 1</check-valid-connection-sql>
<validate-on-match>false</validate-on-match>
<background-validation>true</background-validation>
<background-validation-millis>15000</background-validation-millis>
</validation>

If anyone is looking for a solution and is using systemd, I ended up adding these two lines to my keycloak.service file in the [Service] block:
Restart=always
RestartSec=5min

Failed to boot JBoss:java.lang.NullPointerException

I'm running jboss using command line its showing error as Failed to boot JBoss:java.lang.NullPointerException.
Failed to boot JBoss:
java.lang.NullPointerException
at org.jboss.system.server.profileservice.repository.StaticProfileFactory.create Source(StaticProfileFa
ctory.java:313)
at org.jboss.system.server.profileservice.repository.StaticProfileFactory.create ProfileMetaData(Static
ProfileFactory.java:270)
at org.jboss.system.server.profileservice.repository.StaticProfileFactory.createApplicationProfile(Sta
ticProfileFactory.java:245)
at org.jboss.system.server.profileservice.repository.StaticProfileFactory.createApplicationProfiles(St
aticProfileFactory.java:232)
at org.jboss.system.server.profileservice.repository.StaticProfileFactory.createProfileMetaData(Static
ProfileFactory.java:214)
at org.jboss.system.server.profileservice.repository.AbstractBootstrapProfileFactory.createProfiles(Ab
stractBootstrapProfileFactory.java:90)
at org.jboss.system.server.profileservice.ProfileServiceBootstrap.start(ProfileServiceBootstrap.java:2
60)
at org.jboss.bootstrap.AbstractServerImpl.start(AbstractServerImpl.java:461)
at org.jboss.Main.boot(Main.java:221)
at org.jboss.Main$1.run(Main.java:556)
at java.lang.Thread.run(Thread.java:722)
06:07:01,743 INFO [ServerImpl] Runtime shutdown hook called, forceHalt: true
06:07:01,744 WARN [ProfileServiceBootstrap] Error deactivating profile: ProfileKey#eba82b[domain=default, ser
ver=default, name=default]
org.jboss.profileservice.spi.NoSuchProfileException: No active profile for: ProfileKey#eba82b[domain=default,
server=default, name=default]
at org.jboss.system.server.profileservice.repository.AbstractProfileService.deactivateProfile(Abstract
ProfileService.java:391)
at org.jboss.system.server.profileservice.ProfileServiceBootstrap.shutdown(ProfileServiceBootstrap.jav
a:327)
at org.jboss.bootstrap.AbstractServerImpl.shutdownServer(AbstractServerImpl.java:571)
at org.jboss.bootstrap.AbstractServerImpl$ShutdownHook.run(AbstractServerImpl.java:909)
06:07:01,747 WARN [ProfileServiceBootstrap] Error unregistering profile: ProfileKey#eba82b[domain=default, se
rver=default, name=default]
org.jboss.profileservice.spi.NoSuchProfileException: No such profile: ProfileKey#eba82b[domain=default, server
=default, name=default]
at org.jboss.system.server.profileservice.repository.AbstractProfileService.getProfile(AbstractProfile
Service.java:181)
at org.jboss.system.server.profileservice.ProfileServiceBootstrap.shutdown(ProfileServiceBootstrap.jav
a:336)
at org.jboss.bootstrap.AbstractServerImpl.shutdownServer(AbstractServerImpl.java:571) at org.jboss.bootstrap.AbstractServerImpl$ShutdownHook.run(AbstractServerImpl.java:909)
06:07:02,085 INFO [ServerImpl] Shutdown complete
Shutdown complete
Halting VM
Press any key to continue . . .
Can anybody guide me to resolve this issue, your help will be appreciated.

org.jboss.profileservice.spi.NoSuchProfileException might be the reason of this NPE. Make sure that you have the 'default' domain present - I assume that you're tring to launch JBoss 5, is that correct?