I try to implement a custom OAuth social login provider for Keycloak. My blueprint is the implementation of the Facobook social login privider in the keycloak code.
This is my pom.xml:
<dependencies>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-core</artifactId>
<version>${keycloak.version}</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-server-spi</artifactId>
<version>${keycloak.version}</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-server-spi-private</artifactId>
<version>${keycloak.version}</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-services</artifactId>
<version>${keycloak.version}</version>
<scope>provided</scope>
</dependency>
</dependencies>
I can build the JAR file and move it to {KECLOAK_HOME}/standalone/deployments/. The JAR has a org.keycloak.broker.social.SocialIdentityProviderFactory to register my my provider and is recognized by the Keycloak. I can see my new social login provider in the Identity Providers dropdown. Untill this point everything is ok.
My problem is, when i selct this provider, i get an error with the following log:
14:01:35,759 WARN [org.jboss.modules] (default task-11) Failed to define class de.klett.keycloak.idp.DemologinIdentityProvider in Module "deployment.idp-demlogin.jar" from Service Module Loader: java.lang.NoClassDefFoundError: Failed to link de/keycloak/idp/demologin/DemologinIdentityProvider (Module "deployment.idp-demologin.jar" from Service Module Loader): org/keycloak/broker/oidc/AbstractOAuth2IdentityProvider
So, how can i fix this?
How can i make the org/keycloak/broker/oidc/AbstractOAuth2IdentityProvider available for my keycloak module?
I dont have a module.xml defined because i'm using the Keycloak Deployer. The social SPI is a private SPI in Keycloak. Is it even possible to use a private SPI in custom extension?
Related
I managed to get the keycloak default login:
After successful login, keycloak redirect to uri: {hostname}/oauth2/authorization/keycloak. I'm just not sure where did that come from? Where's the setting in the Keycloak that can change that? I have my redirect uri in keycloak client set to: http://localhost/*. That doesn't do it. Wh
Here're my pom:
<properties>
<java.version>11</java.version>
<spring-cloud.version>Hoxton.SR4</spring-cloud.version>
</properties>
...
<!-- gateway -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-actuator</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-config</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-gateway</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-netflix-eureka-client</artifactId>
</dependency>
<!-- end of gateway -->
<!-- using CircuitBreaker -->
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-circuitbreaker-reactor-resilience4j</artifactId>
</dependency>
<!-- end of CircuitBreaker -->
<!-- oauth2 keycloak -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-webflux</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-oauth2-client</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-security</artifactId>
</dependency>
<!-- end of oauth2 keycloak -->
This is my gateway and keycloak settings in application.properties:
#Gateway
spring.cloud.gateway.routes[0].id=person
spring.cloud.gateway.routes[0].uri=http://localhost:8022/
spring.cloud.gateway.routes[0].predicates[0].name=Path
spring.cloud.gateway.routes[0].predicates[0].args[pattern]=/personprocess/**
spring.cloud.gateway.routes[0].filters[0].name=CircuitBreaker
spring.cloud.gateway.routes[0].filters[0].args[name]=myCircuitBreaker
spring.cloud.gateway.routes[0].filters[0].args[fallbackUri]=forward:/myCircuitBreaker/inCaseOfFailureUseThis
spring.cloud.gateway.routes[1].id=keycloak
spring.cloud.gateway.routes[1].uri=http://localhost:8180/
spring.cloud.gateway.routes[1].predicates[0].name=Path
spring.cloud.gateway.routes[1].predicates[0].args[pattern]=/auth/**
spring.cloud.gateway.routes[1].filters[0].name=TokenRelay
spring.cloud.gateway.routes[1].filters[1].name=RemoveRequestHeader
spring.cloud.gateway.routes[1].filters[1].args[name]=Cookie
#Keycloak
spring.security.oauth2.client.registration.keycloak.client-id=gateway-app
spring.security.oauth2.client.registration.keycloak.client-secret=f52b34e1-3cae-4de7-83ae-2d795e3b72d7
spring.security.oauth2.client.registration.keycloak.clientName=gateway-app
spring.security.oauth2.client.registration.keycloak.authorization-grant-type=authorization_code
spring.security.oauth2.client.registration.keycloak.redirectUri=http://localhost/personprocess/
spring.security.oauth2.client.provider.keycloak.authorization-uri=http://localhost:8180/auth/realms/gateway-realm/protocol/openid-connect/auth
spring.security.oauth2.client.provider.keycloak.token-uri=http://localhost:8180/auth/realms/gateway-realm/protocol/openid-connect/token
spring.security.oauth2.client.provider.keycloak.user-info-uri=http://localhost:8180/auth/realms/gateway-realm/protocol/openid-connect/userinfo
spring.security.oauth2.client.provider.keycloak.jwk-set-uri=http://localhost:8180/auth/realms/gateway-realm/protocol/openid-connect/certs
spring.security.oauth2.client.provider.keycloak.user-name-attribute=
I have tested the security token using Postman, and it is all valid. What's the next step?
I found out that you can't mix gateway and spring security in a single pom.
The solution is to split the the apps into a gateway and a spring security.
I am new to REST webservices and I am trying to build a webservice using jersey to upload a file. When deploying, i get this error
Artifact RestTest:war exploded: java.io.IOException: com.sun.enterprise.admin.remote.RemoteFailureException: Error occurred during deployment: Exception while loading the app : CDI definition failure:WELD-000071: Managed bean with a parameterized bean class must be #Dependent: class org.glassfish.jersey.process.internal.DefaultRespondingContext. Please see server.log for more details.
I created the project using this command:
mvn archetype:generate -DarchetypeArtifactId=jersey-quickstart-webapp \
-DarchetypeGroupId=org.glassfish.jersey.archetypes -DinteractiveMode=false \
-DgroupId=com.test -DartifactId=RestTest -Dpackage=com.test \
-DarchetypeVersion=2.27
My pom.xml looks like:
<dependencies>
<dependency>
<groupId>org.glassfish.jersey.containers</groupId>
<artifactId>jersey-container-servlet-core</artifactId>
</dependency>
<dependency>
<groupId>org.glassfish.jersey.inject</groupId>
<artifactId>jersey-hk2</artifactId>
</dependency>
<dependency>
<groupId>org.glassfish.jersey.media</groupId>
<artifactId>jersey-media-multipart</artifactId>
<scope>provided</scope>
<version>2.0-m05-2</version>
</dependency>
<dependency>
<groupId>org.glassfish.jersey.core</groupId>
<artifactId>jersey-common</artifactId>
<version>2.0-m05-2</version>
</dependency>
</dependencies>
According to this answer, i've changed to scope to 'provided', but it isn't working.
Thanks in advance :)
I'm writing a custom authentication SPI for Keycloak.
To authenticate cookie, I want to use AuthenticationManager of keycloak-services. I've added keycloak-services as maven dependency in the project. It doesn't give any compilation error but after deploying the SPI on Keycloak, it's throwing me below exception.
Here is the Exception :
ERROR [org.keycloak.services.error.KeycloakErrorHandler] (default
task-68) Uncaught server error: java.lang.NoClassDefFoundError:
org/keycloak/services/managers/AuthenticationManager
at org.keycloak.examples.authenticator.SecretQuestionAuthenticator.authenticate(SecretQuestionAuthenticator.java:102)
at org.keycloak.authentication.DefaultAuthenticationFlow.processFlow(DefaultAuthenticationFlow.java:200)
at org.keycloak.authentication.AuthenticationProcessor.authenticateOnly(AuthenticationProcessor.java:853)
at org.keycloak.authentication.AuthenticationProcessor.authenticate(AuthenticationProcessor.java:722)
at org.keycloak.protocol.AuthorizationEndpointBase.handleBrowserAuthenticationRequest(AuthorizationEndpointBase.java:145)
at org.keycloak.protocol.oidc.endpoints.AuthorizationEndpoint.buildAuthorizationCodeAuthorizationResponse(AuthorizationEndpoint.java:395)
at org.keycloak.protocol.oidc.endpoints.AuthorizationEndpoint.build(AuthorizationEndpoint.java:139)
Maven Dependency
<dependencies>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-core</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-server-spi</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-server-spi-private</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.jboss.logging</groupId>
<artifactId>jboss-logging</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-services</artifactId>
<scope>provided</scope>
</dependency>
</dependencies>
It turns out that the way I was deploying the code was causing the issue. I was deploying the code on Keycloak using
mvn clean install wildfly:deploy
When we deploy the code using the above command, it's not able to load jar file in the keycloak context.
To make it work, we have to deploy the code using module structure as mentioned in the Keycloak SPI.
When we deploy the code using module method, we can add the dependencies in the module.xml file of the newly created module, which can then be used in the code.
I was also facing similiar issues in keycloak 15.0.2.
Solved by following this link :
https://keycloak.discourse.group/t/how-to-get-authenticated-user-inside-realmresourceprovider/13260/2
In case the link isn't accessible, this is the solution:
you must add the jboss-deployment-structure.xml in META-INF of the jar
with the required modules.
<?xml version="1.0" encoding="UTF-8"?>
<jboss-deployment-structure>
<deployment>
<dependencies>
<module name="org.keycloak.keycloak-core" export="true"/>
<module name="org.keycloak.keycloak-server-spi" export="true"/>
<module name="org.keycloak.keycloak-server-spi-private" export="true"/>
<module name="org.keycloak.keycloak-services" export="true"/>
</dependencies>
</deployment>
</jboss-deployment-structure>
I have an Eureka Server where I want to register a very basic SpringBoot service. Unfortunately the service doesnt register although I tried to follow all the articles I could find.
Moreover when I check description of the DiscoveryClient (that gets autowired), I see "Spring Cloud No-op DiscoveryClient" which suggests (as per NoopDiscoveryClient.java source) that Eureka client library isnt found.
In pom I have
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-netflix-eureka-client</artifactId>
</dependency>
which if I am right should make sure that proper netflix libraries are in place. #EnableEurekaClient annotation is present. No errors on the console when starting the client, nothing interesting in the Eureka Server console logs.
This is the configuration from the application.yml:
eureka:
client:
serviceUrl:
defaultZone: ${vcap.services.eureka-service.credentials.uri:http://127.0.0.1:8761}/eureka/
Any suggestions are really welcomed as I am running out of ideas :)
http://start.spring.io is your friend. You need to use the starters.
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-dependencies</artifactId>
<version>Brixton.M5</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
and
<dependencies>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-eureka</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
</dependencies>
Except #spencergibb's answer, in my case it also require <spring-cloud.version> inside the <properties>:
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<java.version>1.8</java.version>
<spring-cloud.version>Greenwich.M3</spring-cloud.version>
</properties>
When using embedded jetty and started via
mvn jetty:run
The following exception is thrown:
Exception in thread "main" java.util.ServiceConfigurationError:
org.apache.juli.logging.Log: Provider org.eclipse.jetty.apache.jsp.JuliLog not a subtype
Here is the pom.xml snippets:
<dependencies>
<dependency>
<groupId>org.eclipse.jetty.orbit</groupId>
<artifactId>javax.servlet</artifactId>
<version>3.0.0.v201112011016</version>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>servlet-api</artifactId>
<version>2.5</version>
</dependency>
<dependency>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-maven-plugin</artifactId>
<version>9.3.7.v20160115</version>
</dependency>
<dependency>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-websocket</artifactId>
<version>8.1.19.v20160209</version>
</dependency>
<dependency>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-webapp</artifactId>
<version>8.1.19.v20160209</version>
</dependency>
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-classic</artifactId>
<version>1.1.6</version>
</dependency>
Any pointers to a correctly configured embedded jetty (preferably also using websockets) appreciated.
Don't try to enable everything all at once.
Jetty is a highly modular system, you can pick and choose what you want to run. Nothing is mandatory by default, even the Server!
If you want examples of embedded jetty with websockets, consider reviewing the example projects that the Jetty project has put together at ...
https://github.com/jetty-project/embedded-websocket-echo-examples
Some advice:
Build up your requirements layer by layer
Start with basic websocket endpoint functionality (get this working first!)
then add slf4j + logback. (be sure you use an appropriate version, see the <scope>optional</scope> dependencies present in your previous layer before you choose a version of slf4j or logback). Test this like there is no tommorrow.
then add jsp support (as your error seems to indicate your desire for jsp support)