thomasdarimont / keycloak-extension-playground Goto Github PK
View Code? Open in Web Editor NEWSimple project environment for creating custom Keycloak extensions
License: Apache License 2.0
Simple project environment for creating custom Keycloak extensions
License: Apache License 2.0
Exciting extensions you have here!
Am trying to get auth-check-authz-policy-extension to work. But I no nothing about how to create a jar file or java.
git clone https://github.com/thomasdarimont/keycloak-extension-playground.git
#KC_VERSION=11.0.1
cd keycloak-extension-playground/auth-check-authz-policy-extension/src
jar cvf auth-check-authz-policy-extension/src/auth.jar .
chown keycloak:keycloak auth.jar
mv auth.jar $KEYCLOAK_STANDALONE/deployments/
root@login:[~]: grep 'auth.jar' $KEYCLOAK_STANDALONE/log/server.log
2020-08-27 12:08:32,157 INFO [org.jboss.as.server.deployment] (MSC service thread 1-5) WFLYSRV0027: Starting deployment of "auth.jar" (runtime-name: "auth.jar")
2020-08-27 12:08:43,292 INFO [org.jboss.as.server] (ServerService Thread Pool -- 33) WFLYSRV0010: Deployed "auth.jar" (runtime-name : "auth.jar")
root@login:[~]: grep 'sun.java.command' $KEYCLOAK_STANDALONE/log/server.log
sun.java.command = /opt/keycloak/jboss-modules.jar -mp /opt/keycloak/modules org.jboss.as.standalone -Djboss.home.dir=/opt/keycloak -Djboss.server.base.dir=/opt/keycloak/standalone -b 127.0.0.1 -Dkeycloak.profile=preview -Dkeycloak.profile.feature.scripts=enabled
I can not see anything new in the admin console panel. I guess I should see something new when doing Create Authenticator Execution
and see the new extension Check Authz Policy
.
Hi, first thank you for this great extensions, you saved time for us
the issue i found in "auth-identity-first-extension" is that remember me isn't working cuz it's in "SelectUserAuthinticatorform" class.
it should be in "PasswordAuthenticationForm" class in validatePasswordForm
String rememberMe = formData.getFirst("rememberMe");
boolean remember = rememberMe != null && rememberMe.equalsIgnoreCase("on");
if (remember) {
context.getAuthenticationSession().setAuthNote(Details.REMEMBER_ME, "true");
context.getEvent().detail(Details.REMEMBER_ME, "true");
} else {
context.getAuthenticationSession().removeAuthNote(Details.REMEMBER_ME);
}
I'm just wondering about the possibility to test new endpoints added by custom keycloak extension?
I followed the instruction to import the project into the IDE, but when I want to run it, got a ClassNotFound Exception.
it's from KeycloakServer.java:376 ResteasyDeployment deployment = new ResteasyDeployment();
`Connected to the target VM, address: '127.0.0.1:54521', transport: 'socket'
OpenJDK 64-Bit Server VM warning: Sharing is only supported for boot loader classes because bootstrap classpath has been appended
Starting KeycloakPlaygroundServer
../simple-theme/target/theme/
23:21:11,577 INFO main [org.keycloak.testsuite.KeycloakServer] Using jboss.server.data.dir /tmp/keycloak-server-4631126189321439181/data
Disconnected from the target VM, address: '127.0.0.1:54521', transport: 'socket'
Exception in thread "main" java.lang.NoClassDefFoundError: org/jboss/resteasy/spi/ResteasyDeployment
at org.keycloak.testsuite.KeycloakServer.start(KeycloakServer.java:376)
at org.keycloak.testsuite.KeycloakServer.bootstrapKeycloakServer(KeycloakServer.java:228)
at com.github.thomasdarimont.keycloak.server.KeycloakPlaygroundServer.main(KeycloakPlaygroundServer.java:19)
Caused by: java.lang.ClassNotFoundException: org.jboss.resteasy.spi.ResteasyDeployment
at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:602)
at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:178)
at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:521)
... 3 more
Process finished with exit code 1
`
Hi after I set up my required group it lets me log in without the group anyway. I am getting this warning WARN [org.keycloak.events] (default task-1163) type=LOGIN_ERROR, realmId=realmname, clientId=clientid, userId=null, ipAddress=localipadress, error=rejected_by_user, auth_method=saml, redirect_uri=realm/sso/auth/samlp, code_id=560cd383-5c91-497b-89e1-213516516, username=myusername, authSessionParentId=213213132-5c91-497b-89e1-4dfd11a0c332, authSessionTabId=1321321321
Please help I am using this flow:
Thank you in advance I am using 10.0.1 in standalone mode
Using the module under KC 18.0.2 the attribute "terms_accepted" is not being created.
I tried to modify a number of things but without success.
Regards,
Giovanni
Hi, thank you for sharing this great collection of extensions, I am having a bit of trouble using the requere group extension the extension gets deployed but it doesn't appear in the keycloak admin panel. Most likely I am missing something. I am using keycloak 10.0.1 in standalone mode I just packaged the files to a jar and uploaded it to /keycloak/standalone/deployments Thank you in advance
I'd like to customize the login behavior to include a cookie in the response containing the user's name. Standard-ish "Remember me" kind of functionality. What's the most logical place to put this?
Hello,
I have added the dynamic idp redirector extension, which is very great, but unfortunately, it seems that when I use a "conditional prompt OTP form" after the dynamic idp redirector, user is never prompt for OTP.
When I place the OTP before the idp, it works perfectly : user is prompt for OTP and then redirected to its IDP.
Am i doing something wrong ?
After first time log in, authentication fails after submitting the password. This is probably caused by the entity
object passed to SimpleTrustedDeviceManager.toModel
, which could be null if TrustedDeviceRepository.lookupTrustedDevice
can not find any device.
Failed authentication: java.lang.NullPointerException
at com.github.thomasdarimont.keycloak.trustdevice.model.SimpleTrustedDeviceManager.toModel(SimpleTrustedDeviceManager.java:60)
at com.github.thomasdarimont.keycloak.trustdevice.model.SimpleTrustedDeviceManager.lookupTrustedDevice(SimpleTrustedDeviceManager.java:22)
at com.github.thomasdarimont.keycloak.trustdevice.auth.TrustedDeviceAuthenticator.lookupTrustedDevice(TrustedDeviceAuthenticator.java:53)
at com.github.thomasdarimont.keycloak.trustdevice.auth.TrustedDeviceCondition.matchCondition(TrustedDeviceCondition.java:24)
at org.keycloak.authentication.DefaultAuthenticationFlow.conditionalNotMatched(DefaultAuthenticationFlow.java:373)
at org.keycloak.authentication.DefaultAuthenticationFlow.lambda$isConditionalSubflowDisabled$5(DefaultAuthenticationFlow.java:349)
at java.base/java.util.stream.MatchOps$1MatchSink.accept(MatchOps.java:90)
at java.base/java.util.ArrayList$ArrayListSpliterator.tryAdvance(ArrayList.java:1632)
at java.base/java.util.stream.ReferencePipeline.forEachWithCancel(ReferencePipeline.java:127)
at java.base/java.util.stream.AbstractPipeline.copyIntoWithCancel(AbstractPipeline.java:502)
at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:488)
at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:474)
at java.base/java.util.stream.MatchOps$MatchOp.evaluateSequential(MatchOps.java:230)
at java.base/java.util.stream.MatchOps$MatchOp.evaluateSequential(MatchOps.java:196)
at java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
at java.base/java.util.stream.ReferencePipeline.anyMatch(ReferencePipeline.java:528)
at org.keycloak.authentication.DefaultAuthenticationFlow.isConditionalSubflowDisabled(DefaultAuthenticationFlow.java:349)
at org.keycloak.authentication.DefaultAuthenticationFlow.processFlow(DefaultAuthenticationFlow.java:260)
at org.keycloak.authentication.DefaultAuthenticationFlow.processSingleFlowExecutionModel(DefaultAuthenticationFlow.java:395)
at org.keycloak.authentication.DefaultAuthenticationFlow.continueAuthenticationAfterSuccessfulAction(DefaultAuthenticationFlow.java:196)
at org.keycloak.authentication.DefaultAuthenticationFlow.processAction(DefaultAuthenticationFlow.java:172)
at org.keycloak.authentication.AuthenticationProcessor.authenticationAction(AuthenticationProcessor.java:990)
at org.keycloak.services.resources.LoginActionsService.processFlow(LoginActionsService.java:321)
at org.keycloak.services.resources.LoginActionsService.processAuthentication(LoginActionsService.java:292)
at org.keycloak.services.resources.LoginActionsService.authenticate(LoginActionsService.java:276)
at org.keycloak.services.resources.LoginActionsService.authenticateForm(LoginActionsService.java:349)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:170)
at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:130)
at org.jboss.resteasy.core.ResourceMethodInvoker.internalInvokeOnTarget(ResourceMethodInvoker.java:660)
at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTargetAfterFilter(ResourceMethodInvoker.java:524)
at org.jboss.resteasy.core.ResourceMethodInvoker.lambda$invokeOnTarget$2(ResourceMethodInvoker.java:474)
at org.jboss.resteasy.core.interception.jaxrs.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:364)
at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:476)
at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:434)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:192)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:141)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:32)
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:492)
at org.jboss.resteasy.core.SynchronousDispatcher.lambda$invoke$4(SynchronousDispatcher.java:261)
at org.jboss.resteasy.core.SynchronousDispatcher.lambda$preprocess$0(SynchronousDispatcher.java:161)
at org.jboss.resteasy.core.interception.jaxrs.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:364)
at org.jboss.resteasy.core.SynchronousDispatcher.preprocess(SynchronousDispatcher.java:164)
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:247)
at io.quarkus.resteasy.runtime.standalone.RequestDispatcher.service(RequestDispatcher.java:73)
at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler.dispatch(VertxRequestHandler.java:151)
at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler.handle(VertxRequestHandler.java:82)
at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler.handle(VertxRequestHandler.java:42)
at io.vertx.ext.web.impl.RouteState.handleContext(RouteState.java:1212)
at io.vertx.ext.web.impl.RoutingContextImplBase.iterateNext(RoutingContextImplBase.java:163)
at io.vertx.ext.web.impl.RoutingContextImpl.next(RoutingContextImpl.java:141)
at io.quarkus.vertx.http.runtime.StaticResourcesRecorder$2.handle(StaticResourcesRecorder.java:67)
at io.quarkus.vertx.http.runtime.StaticResourcesRecorder$2.handle(StaticResourcesRecorder.java:55)
at io.vertx.ext.web.impl.RouteState.handleContext(RouteState.java:1212)
at io.vertx.ext.web.impl.RoutingContextImplBase.iterateNext(RoutingContextImplBase.java:163)
at io.vertx.ext.web.impl.RoutingContextImpl.next(RoutingContextImpl.java:141)
at io.quarkus.vertx.http.runtime.VertxHttpRecorder$5.handle(VertxHttpRecorder.java:380)
at io.quarkus.vertx.http.runtime.VertxHttpRecorder$5.handle(VertxHttpRecorder.java:358)
at io.vertx.ext.web.impl.RouteState.handleContext(RouteState.java:1212)
at io.vertx.ext.web.impl.RoutingContextImplBase.iterateNext(RoutingContextImplBase.java:163)
at io.vertx.ext.web.impl.RoutingContextImpl.next(RoutingContextImpl.java:141)
at org.keycloak.quarkus.runtime.integration.web.QuarkusRequestFilter.lambda$createBlockingHandler$1(QuarkusRequestFilter.java:71)
at io.vertx.core.impl.ContextImpl.lambda$null$0(ContextImpl.java:159)
at io.vertx.core.impl.AbstractContext.dispatch(AbstractContext.java:100)
at io.vertx.core.impl.ContextImpl.lambda$executeBlocking$1(ContextImpl.java:157)
at io.quarkus.vertx.core.runtime.VertxCoreRecorder$13.runWith(VertxCoreRecorder.java:543)
at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2449)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1478)
at org.jboss.threads.DelegatingRunnable.run(DelegatingRunnable.java:29)
at org.jboss.threads.ThreadLocalResettingRunnable.run(ThreadLocalResettingRunnable.java:29)
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
at java.base/java.lang.Thread.run(Thread.java:829)
It would be cool if TravisCI could be configured for this repository to build the JARs and upload them to the releases section.
I love your work and normally end up copying it over to a new repository, with travis configured to push up a JAR. It makes it easy for docker-compose examples to just fetch the JAR remotely.
I found the logging properties here keycloak-playground-server/src/main/resources/logging.properties, but editing it doesn't seem to have an effect on the Keycloak or extension loglevel. Is there another way to set the level when using the playground server? Thanks!
I installed and configured auth-require-role-extension
to restrict logins against a SAML app but unfortunately it does not work.
The problem seems to be that the UserModel user is null
therefore the NullPointerException.
I'm hitting the error even before the logging form is displayed (I don't type user nor password)
I am using Keycloak v9.0.0. Do you think it might be a bug of this specific version of Keycloak?
2020-04-01 15:05:25,236 WARN [org.keycloak.services] (default task-15) KC-SERVICES0013: Failed authentication: java.lang.NullPointerException
at com.github.thomasdarimont.keycloak.auth.requiregroup.RequireRoleAuthenticator.userHasRole(RequireRoleAuthenticator.java:49)
at com.github.thomasdarimont.keycloak.auth.requiregroup.RequireRoleAuthenticator.authenticate(RequireRoleAuthenticator.java:31)
at org.keycloak.authentication.DefaultAuthenticationFlow.processSingleFlowExecutionModel(DefaultAuthenticationFlow.java:496)
at org.keycloak.authentication.DefaultAuthenticationFlow.processFlow(DefaultAuthenticationFlow.java:306)
at org.keycloak.authentication.AuthenticationProcessor.authenticateOnly(AuthenticationProcessor.java:998)
at org.keycloak.authentication.AuthenticationProcessor.authenticate(AuthenticationProcessor.java:860)
at org.keycloak.protocol.AuthorizationEndpointBase.handleBrowserAuthenticationRequest(AuthorizationEndpointBase.java:150)
at org.keycloak.protocol.saml.SamlService.newBrowserAuthentication(SamlService.java:582)
at org.keycloak.protocol.saml.SamlService.newBrowserAuthentication(SamlService.java:578)
at org.keycloak.protocol.saml.SamlService$BindingProtocol.loginRequest(SamlService.java:370)
at org.keycloak.protocol.saml.SamlService$BindingProtocol.handleSamlRequest(SamlService.java:263)
at org.keycloak.protocol.saml.SamlService$BindingProtocol.execute(SamlService.java:516)
at org.keycloak.protocol.saml.SamlService.redirectBinding(SamlService.java:591)
at sun.reflect.GeneratedMethodAccessor758.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:138)
at org.jboss.resteasy.core.ResourceMethodInvoker.internalInvokeOnTarget(ResourceMethodInvoker.java:517)
at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTargetAfterFilter(ResourceMethodInvoker.java:406)
at org.jboss.resteasy.core.ResourceMethodInvoker.lambda$invokeOnTarget$0(ResourceMethodInvoker.java:370)
at org.jboss.resteasy.core.interception.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:356)
at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:372)
at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:344)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:137)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:100)
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:440)
at org.jboss.resteasy.core.SynchronousDispatcher.lambda$invoke$4(SynchronousDispatcher.java:229)
at org.jboss.resteasy.core.SynchronousDispatcher.lambda$preprocess$0(SynchronousDispatcher.java:135)
at org.jboss.resteasy.core.interception.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:356)
at org.jboss.resteasy.core.SynchronousDispatcher.preprocess(SynchronousDispatcher.java:138)
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:215)
at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:227)
at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:590)
at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74)
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
at org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:91)
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
at io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.servlet.handlers.RedirectDirHandler.handleRequest(RedirectDirHandler.java:68)
at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:132)
at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:269)
at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:78)
at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:133)
at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:130)
at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
at org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1504)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1504)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1504)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1504)
at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:249)
at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:78)
at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:99)
at io.undertow.server.Connectors.executeRootHandler(Connectors.java:376)
at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:830)
at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
at java.lang.Thread.run(Thread.java:748)
2020-04-01 15:05:25,238 WARN [org.keycloak.events] (default task-15) type=LOGIN_ERROR, realmId=test, clientId=https://10.80.64.43/mellon/metadata, userId=null, ipAddress=10.80.64.22, error=invalid_user_credentials, auth_method=saml, redirect_uri=https://10.80.64.43/mellon/postResponse, code_id=e687718e-2552-4d6b-b88f-0b7e19415b67, authSessionParentId=e687718e-2552-4d6b-b88f-0b7e19415b67, authSessionTabId=nfB7ULaB4J4
Hi,
I'm try to test out auth-trust-device extension and it away break my keycloak server. I create jar file
auth-trust-device-1.0.0.0-SNAPSHOT.jar and copy to /keycloak/standalone/deployment and I'll get this error
16:43:04,085 INFO [org.jboss.as.repository] (DeploymentScanner-threads - 2) WFLYDR0001: Content added at location /keycloak/standalone/data/content/ec/239f2ec1d9098df712980dc6c0ef1e31d6f134/content
16:43:04,139 INFO [org.jboss.as.server.deployment] (MSC service thread 1-1) WFLYSRV0027: Starting deployment of "auth-trust-device-1.0.0.0-SNAPSHOT.jar" (runtime-name: "auth-trust-device-1.0.0.0-SNAPSHOT.jar")
16:43:04,782 WARN [org.jboss.as.dependency.private] (MSC service thread 1-1) WFLYSRV0018: Deployment "deployment.auth-trust-device-1.0.0.0-SNAPSHOT.jar" is using a private module ("org.keycloak.keycloak-server-spi-private") which may be changed or removed in future versions without notice.
16:43:04,784 WARN [org.jboss.as.dependency.private] (MSC service thread 1-1) WFLYSRV0018: Deployment "deployment.auth-trust-device-1.0.0.0-SNAPSHOT.jar" is using a private module ("org.apache.httpcomponents") which may be changed or removed in future versions without notice.
16:43:04,788 WARN [org.jboss.as.dependency.private] (MSC service thread 1-1) WFLYSRV0018: Deployment "deployment.auth-trust-device-1.0.0.0-SNAPSHOT.jar" is using a private module ("org.keycloak.keycloak-services") which may be changed or removed in future versions without notice.
16:43:04,793 WARN [org.jboss.as.dependency.private] (MSC service thread 1-1) WFLYSRV0018: Deployment "deployment.auth-trust-device-1.0.0.0-SNAPSHOT.jar" is using a private module ("org.bouncycastle") which may be changed or removed in future versions without notice.
16:43:04,794 WARN [org.jboss.as.dependency.private] (MSC service thread 1-1) WFLYSRV0018: Deployment "deployment.auth-trust-device-1.0.0.0-SNAPSHOT.jar" is using a private module ("com.google.guava") which may be changed or removed in future versions without notice.
16:43:04,795 WARN [org.jboss.as.dependency.private] (MSC service thread 1-1) WFLYSRV0018: Deployment "deployment.auth-trust-device-1.0.0.0-SNAPSHOT.jar" is using a private module ("org.apache.commons.io") which may be changed or removed in future versions without notice.
16:43:04,797 WARN [org.jboss.as.dependency.deprecated] (MSC service thread 1-1) WFLYSRV0221: Deployment "deployment.auth-trust-device-1.0.0.0-SNAPSHOT.jar" is using a deprecated module ("javax.api") which may be removed in future versions without notice.
16:43:04,812 INFO [org.keycloak.subsystem.server.extension.KeycloakProviderDeploymentProcessor] (MSC service thread 1-2) Deploying Keycloak provider: auth-trust-device-1.0.0.0-SNAPSHOT.jar
16:43:04,939 WARN [org.keycloak.services] (MSC service thread 1-2) KC-SERVICES0047: jpa-trusted-device-entity (com.github.thomasdarimont.keycloak.trustdevice.model.jpa.TrustedDeviceJpaEntityProviderFactory) is implementing the internal SPI jpa-entity-provider. This SPI is internal and may change without notice
16:43:05,010 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-2) MSC000001: Failed to start service jboss.deployment.unit."auth-trust-device-1.0.0.0-SNAPSHOT.jar".POST_MODULE: org.jboss.msc.service.StartException in service jboss.deployment.unit."auth-trust-device-1.0.0.0-SNAPSHOT.jar".POST_MODULE: WFLYSRV0153: Failed to process phase POST_MODULE of deployment "auth-trust-device-1.0.0.0-SNAPSHOT.jar"
at [email protected]//org.jboss.as.server.deployment.DeploymentUnitPhaseService.start(DeploymentUnitPhaseService.java:189)
at [email protected]//org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1739)
at [email protected]//org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1701)
at [email protected]//org.jboss.msc.service.ServiceControllerImpl$ControllerTask.run(ServiceControllerImpl.java:1559)
at [email protected]//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
at [email protected]//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1990)
at [email protected]//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
at [email protected]//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1363)
at java.base/java.lang.Thread.run(Thread.java:829)
Caused by: java.util.ServiceConfigurationError: org.keycloak.authentication.RequiredActionFactory: Provider com.github.thomasdarimont.keycloak.trustdevice.actions.RegisterTrustedDeviceActionFactory could not be instantiated
at java.base/java.util.ServiceLoader.fail(ServiceLoader.java:582)
at java.base/java.util.ServiceLoader$ProviderImpl.newInstance(ServiceLoader.java:804)
at java.base/java.util.ServiceLoader$ProviderImpl.get(ServiceLoader.java:722)
at java.base/java.util.ServiceLoader$3.next(ServiceLoader.java:1395)
at [email protected]//org.keycloak.provider.DefaultProviderLoader.load(DefaultProviderLoader.java:60)
at [email protected]//org.keycloak.provider.ProviderManager.load(ProviderManager.java:94)
at [email protected]//org.keycloak.services.DefaultKeycloakSessionFactory.loadFactories(DefaultKeycloakSessionFactory.java:294)
at [email protected]//org.keycloak.services.DefaultKeycloakSessionFactory.deploy(DefaultKeycloakSessionFactory.java:154)
at [email protected]//org.keycloak.provider.ProviderManagerRegistry.deploy(ProviderManagerRegistry.java:42)
at [email protected]//org.keycloak.subsystem.server.extension.KeycloakProviderDeploymentProcessor.deploy(KeycloakProviderDeploymentProcessor.java:58)
at [email protected]//org.jboss.as.server.deployment.DeploymentUnitPhaseService.start(DeploymentUnitPhaseService.java:182)
... 8 more
Caused by: java.lang.NoClassDefFoundError: org/owasp/html/HtmlPolicyBuilder
at deployment.auth-trust-device-1.0.0.0-SNAPSHOT.jar//com.github.thomasdarimont.keycloak.trustdevice.actions.RegisterTrustedDeviceAction.(RegisterTrustedDeviceAction.java:34)
at deployment.auth-trust-device-1.0.0.0-SNAPSHOT.jar//com.github.thomasdarimont.keycloak.trustdevice.actions.RegisterTrustedDeviceActionFactory.(RegisterTrustedDeviceActionFactory.java:16)
at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:490)
at java.base/java.util.ServiceLoader$ProviderImpl.newInstance(ServiceLoader.java:780)
... 17 more
Caused by: java.lang.ClassNotFoundException: org.owasp.html.HtmlPolicyBuilder from [Module "deployment.auth-trust-device-1.0.0.0-SNAPSHOT.jar" from Service Module Loader]
at org.jboss.modules.ModuleClassLoader.findClass(ModuleClassLoader.java:255)
at org.jboss.modules.ConcurrentClassLoader.performLoadClassUnchecked(ConcurrentClassLoader.java:410)
at org.jboss.modules.ConcurrentClassLoader.performLoadClass(ConcurrentClassLoader.java:398)
at org.jboss.modules.ConcurrentClassLoader.loadClass(ConcurrentClassLoader.java:116)
... 24 more
16:43:05,046 ERROR [org.jboss.as.controller.management-operation] (DeploymentScanner-threads - 2) WFLYCTL0013: Operation ("deploy") failed - address: ([("deployment" => "auth-trust-device-1.0.0.0-SNAPSHOT.jar")]) - failure description: {"WFLYCTL0080: Failed services" => {"jboss.deployment.unit."auth-trust-device-1.0.0.0-SNAPSHOT.jar".POST_MODULE" => "WFLYSRV0153: Failed to process phase POST_MODULE of deployment "auth-trust-device-1.0.0.0-SNAPSHOT.jar"
Caused by: java.util.ServiceConfigurationError: org.keycloak.authentication.RequiredActionFactory: Provider com.github.thomasdarimont.keycloak.trustdevice.actions.RegisterTrustedDeviceActionFactory could not be instantiated
Caused by: java.lang.NoClassDefFoundError: org/owasp/html/HtmlPolicyBuilder
Caused by: java.lang.ClassNotFoundException: org.owasp.html.HtmlPolicyBuilder from [Module "deployment.auth-trust-device-1.0.0.0-SNAPSHOT.jar" from Service Module Loader]"}}
16:43:05,570 INFO [org.jboss.as.server] (DeploymentScanner-threads - 2) WFLYSRV0010: Deployed "auth-trust-device-1.0.0.0-SNAPSHOT.jar" (runtime-name : "auth-trust-device-1.0.0.0-SNAPSHOT.jar")
16:43:05,573 INFO [org.jboss.as.controller] (DeploymentScanner-threads - 2) WFLYCTL0183: Service status report
WFLYCTL0186: Services which failed to start: service jboss.deployment.unit."auth-trust-device-1.0.0.0-SNAPSHOT.jar".POST_MODULE: WFLYSRV0153: Failed to process phase POST_MODULE of deployment "auth-trust-device-1.0.0.0-SNAPSHOT.jar"
Any idea what I'm doing wrong?
p.s. I'm new to Keycloak and maybe I'm doing something wrong. Any help would be welcome.
Thanks Ales
I followed all the steps in https://github.com/thomasdarimont/keycloak-extension-playground/tree/master/auth-require-group-extension, configured with a Copy of Browser.
But when I try to login, I got the follow error:
KeyCloak: 11.0.3 running in K8s
01:13:27,149 WARN [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-21) REQUIRED and ALTERNATIVE elements at same level! Those alternative executions will be ignored: [auth-cookie, identity-provider-redirector, null]
01:13:27,166 WARN [org.keycloak.services] (default task-21) KC-SERVICES0013: Failed authentication: java.lang.NullPointerException
at deployment.auth-require-group-extension.jar//com.github.thomasdarimont.keycloak.auth.requiregroup.RequireGroupAuthenticator.isMemberOfGroup(RequireGroupAuthenticator.java:47)
at deployment.auth-require-group-extension.jar//com.github.thomasdarimont.keycloak.auth.requiregroup.RequireGroupAuthenticator.authenticate(RequireGroupAuthenticator.java:29)
at [email protected]//org.keycloak.authentication.DefaultAuthenticationFlow.processSingleFlowExecutionModel(DefaultAuthenticationFlow.java:443)
at [email protected]//org.keycloak.authentication.DefaultAuthenticationFlow.processFlow(DefaultAuthenticationFlow.java:252)
at [email protected]//org.keycloak.authentication.AuthenticationProcessor.authenticateOnly(AuthenticationProcessor.java:978)
at [email protected]//org.keycloak.authentication.AuthenticationProcessor.authenticate(AuthenticationProcessor.java:840)
at [email protected]//org.keycloak.protocol.AuthorizationEndpointBase.handleBrowserAuthenticationRequest(AuthorizationEndpointBase.java:151)
at [email protected]//org.keycloak.protocol.oidc.endpoints.AuthorizationEndpoint.buildAuthorizationCodeAuthorizationResponse(AuthorizationEndpoint.java:481)
at [email protected]//org.keycloak.protocol.oidc.endpoints.AuthorizationEndpoint.process(AuthorizationEndpoint.java:177)
at [email protected]//org.keycloak.protocol.oidc.endpoints.AuthorizationEndpoint.buildGet(AuthorizationEndpoint.java:116)
at jdk.internal.reflect.GeneratedMethodAccessor722.invoke(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at [email protected]//org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:138)
at [email protected]//org.jboss.resteasy.core.ResourceMethodInvoker.internalInvokeOnTarget(ResourceMethodInvoker.java:543)
at [email protected]//org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTargetAfterFilter(ResourceMethodInvoker.java:432)
at [email protected]//org.jboss.resteasy.core.ResourceMethodInvoker.lambda$invokeOnTarget$0(ResourceMethodInvoker.java:393)
at [email protected]//org.jboss.resteasy.core.interception.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:358)
at [email protected]//org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:395)
at [email protected]//org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:364)
at [email protected]//org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:150)
at [email protected]//org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:110)
at [email protected]//org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:141)
at [email protected]//org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:104)
at [email protected]//org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:440)
at [email protected]//org.jboss.resteasy.core.SynchronousDispatcher.lambda$invoke$4(SynchronousDispatcher.java:229)
at [email protected]//org.jboss.resteasy.core.SynchronousDispatcher.lambda$preprocess$0(SynchronousDispatcher.java:135)
at [email protected]//org.jboss.resteasy.core.interception.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:358)
at [email protected]//org.jboss.resteasy.core.SynchronousDispatcher.preprocess(SynchronousDispatcher.java:138)
at [email protected]//org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:215)
at [email protected]//org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:245)
at [email protected]//org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:61)
at [email protected]//org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
at [email protected]//javax.servlet.http.HttpServlet.service(HttpServlet.java:590)
at [email protected]//io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74)
at [email protected]//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
at [email protected]//org.keycloak.provider.wildfly.WildFlyRequestFilter.lambda$doFilter$0(WildFlyRequestFilter.java:41)
at [email protected]//org.keycloak.services.filters.AbstractRequestFilter.filter(AbstractRequestFilter.java:43)
at [email protected]//org.keycloak.provider.wildfly.WildFlyRequestFilter.doFilter(WildFlyRequestFilter.java:39)
at [email protected]//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
at [email protected]//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
at [email protected]//io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
at [email protected]//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
at [email protected]//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
at [email protected]//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
at [email protected]//org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
at [email protected]//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at [email protected]//io.undertow.servlet.handlers.RedirectDirHandler.handleRequest(RedirectDirHandler.java:68)
at [email protected]//io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:132)
at [email protected]//io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
at [email protected]//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at [email protected]//io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
at [email protected]//io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
at [email protected]//io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
at [email protected]//io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
at [email protected]//io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
at [email protected]//io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
at [email protected]//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at [email protected]//org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
at [email protected]//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at [email protected]//org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68)
at [email protected]//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at [email protected]//io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:269)
at [email protected]//io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:78)
at [email protected]//io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:133)
at [email protected]//io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:130)
at [email protected]//io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
at [email protected]//io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
at [email protected]//org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)
at [email protected]//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530)
at [email protected]//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530)
at [email protected]//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530)
at [email protected]//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530)
at [email protected]//io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:249)
at [email protected]//io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:78)
at [email protected]//io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:99)
at [email protected]//io.undertow.server.Connectors.executeRootHandler(Connectors.java:370)
at [email protected]//io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:830)
at [email protected]//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
at [email protected]//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982)
at [email protected]//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
at [email protected]//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
at java.base/java.lang.Thread.run(Thread.java:834)
I can successfully build and execute keycloak-extension-playground
but when accessing http://localhost:8081/auth an exception is thrown.
I'm using Java 11.0.15. I've ran mvn install
on my Keycloak 18.0.0
project successfully and also the keycloak-admin-ui
admin-theme
with 18.0.0
. This is Windows 10
.
I've tried using Java 11.0.14
as there are mentions of 11.0.15
causing errors like this.
I can't see what I've missed in the instructions.
What could be causing this?
16:03:58,110 ERROR XNIO-1 task-1 [io.undertow.request] UT005071: Undertow request failed HttpServerExchange{ GET /auth}
java.io.IOError: java.io.FileNotFoundException: Invalid file path
at org.xnio.channels.Channels$4.run(Channels.java:1103)
at org.xnio.channels.Channels$4.run(Channels.java:1093)
at java.base/java.security.AccessController.doPrivileged(Native Method)
at org.xnio.channels.Channels.<clinit>(Channels.java:1093)
at io.undertow.servlet.spec.ServletOutputStreamImpl.close(ServletOutputStreamImpl.java:628)
at io.undertow.servlet.spec.HttpServletResponseImpl.closeStreamAndWriter(HttpServletResponseImpl.java:498)
at io.undertow.servlet.spec.HttpServletResponseImpl.responseDone(HttpServletResponseImpl.java:587)
at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:334)
at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:79)
at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:134)
at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:131)
at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:255)
at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:79)
at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:100)
at io.undertow.server.Connectors.executeRootHandler(Connectors.java:387)
at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:852)
at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1348)
at org.xnio.XnioWorker$WorkerThreadFactory$1$1.run(XnioWorker.java:1280)
at java.base/java.lang.Thread.run(Thread.java:829)
Caused by: java.io.FileNotFoundException: Invalid file path
at java.base/java.io.FileOutputStream.<init>(FileOutputStream.java:231)
at java.base/java.io.FileOutputStream.<init>(FileOutputStream.java:126)
at org.xnio.channels.Channels$4.run(Channels.java:1098)
... 23 more
16:03:59,355 ERROR XNIO-1 task-1 [io.undertow.request] UT005071: Undertow request failed HttpServerExchange{ GET /auth}
java.lang.NoClassDefFoundError: Could not initialize class org.xnio.channels.Channels
at io.undertow.servlet.spec.ServletOutputStreamImpl.close(ServletOutputStreamImpl.java:628)
at io.undertow.servlet.spec.HttpServletResponseImpl.closeStreamAndWriter(HttpServletResponseImpl.java:498)
at io.undertow.servlet.spec.HttpServletResponseImpl.responseDone(HttpServletResponseImpl.java:587)
at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:334)
at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:79)
at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:134)
at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:131)
at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:255)
at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:79)
at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:100)
at io.undertow.server.Connectors.executeRootHandler(Connectors.java:387)
at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:852)
at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
at org.xnio.XnioWorker$WorkerThreadFactory$1$1.run(XnioWorker.java:1280)
at java.base/java.lang.Thread.run(Thread.java:829)
thank you for all the extensions.
I'm currently using the dynamic idp redirector extension which is great but I would also like the email to be retrieved from the "remember me" cookie if it is set instead of the form.
Do I need to create my own extension or is that already implemented somewhere ?
I have tried different things like the "script" execution in keycloak, I can retrieve the email but I'm not sure what I have to do next to make the extension work. Set the user in the "context" by looking for users with this email ?
Authentication flow could be either :
Username form
Dynamic IDP Redirector
OR
Remember me Cookie
Dynamic IDP Redirector
I am running Keycloak 11.0.2 with the require-group-extension deployed. I am using the below authentication flow (started as a copy from the Broser Flow).
This flow is allowing users in even when the do not have the configured required group. The Keycloak logs show the following that appears to be at the root of the issue....
[0m๏ฟฝ[33m20:05:46,239 WARN [org.keycloak.services] (default task-42) KC-SERVICES0013: Failed authentication: java.lang.NullPointerException
at deployment.auth-require-group-extension-1.0.0.0-SNAPSHOT.jar//com.github.thomasdarimont.keycloak.auth.requiregroup.RequireGroupAuthenticator.isMemberOfGroup(RequireGroupAuthenticator.java:47)
at deployment.auth-require-group-extension-1.0.0.0-SNAPSHOT.jar//com.github.thomasdarimont.keycloak.auth.requiregroup.RequireGroupAuthenticator.authenticate(RequireGroupAuthenticator.java:29)
at [email protected]//org.keycloak.authentication.DefaultAuthenticationFlow.processSingleFlowExecutionModel(DefaultAuthenticationFlow.java:443)
....
What am I missing or doing incorrectly please?
TIA!
Is this repo abandoned?
$ mvn compile
[INFO] Scanning for projects...
[INFO]
[INFO] --------< com.github.thomasdarimont.keycloak:auth-backup-codes >--------
[INFO] Building auth-backup-codes 1.0.0.0-SNAPSHOT
[INFO] --------------------------------[ jar ]---------------------------------
[WARNING] The artifact org.apache.commons:commons-io:jar:1.3.2 has been relocated to commons-io:commons-io:jar:1.3.2: https://issues.sonatype.org/browse/MVNCENTRAL-244
[INFO]
[INFO] --- maven-resources-plugin:2.6:resources (default-resources) @ auth-backup-codes ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 10 resources
[INFO]
[INFO] --- maven-compiler-plugin:3.1:compile (default-compile) @ auth-backup-codes ---
[INFO] Changes detected - recompiling the module!
[INFO] Compiling 10 source files to keycloak-extension-playground/auth-backup-codes/target/classes
[INFO] -------------------------------------------------------------
[WARNING] COMPILATION WARNING :
[INFO] -------------------------------------------------------------
[WARNING] keycloak-extension-playground/auth-backup-codes/src/main/java/com/github/thomasdarimont/keycloak/backupcodes/BackupCodeGenerator.java: keycloak-extension-playground/auth-backup-codes/src/main/java/com/github/thomasdarimont/keycloak/backupcodes/BackupCodeGenerator.java uses or overrides a deprecated API.
[WARNING] keycloak-extension-playground/auth-backup-codes/src/main/java/com/github/thomasdarimont/keycloak/backupcodes/BackupCodeGenerator.java: Recompile with -Xlint:deprecation for details.
[INFO] 2 warnings
[INFO] -------------------------------------------------------------
[INFO] -------------------------------------------------------------
[ERROR] COMPILATION ERROR :
[INFO] -------------------------------------------------------------
[ERROR] keycloak-extension-playground/auth-backup-codes/src/main/java/com/github/thomasdarimont/keycloak/backupcodes/action/GenerateBackupCodeAction.java:[158,25] incompatible types: java.util.List<java.lang.Object> cannot be converted to java.util.List<org.keycloak.credential.CredentialModel>
[ERROR] keycloak-extension-playground/auth-backup-codes/src/main/java/com/github/thomasdarimont/keycloak/backupcodes/credentials/BackupCodeCredentialProviderFactory.java:[10,8] com.github.thomasdarimont.keycloak.backupcodes.credentials.BackupCodeCredentialProviderFactory is not abstract and does not override abstract method close() in org.keycloak.provider.ProviderFactory
[ERROR] keycloak-extension-playground/auth-backup-codes/src/main/java/com/github/thomasdarimont/keycloak/backupcodes/credentials/BackupCodeCredentialProvider.java:[25,8] com.github.thomasdarimont.keycloak.backupcodes.credentials.BackupCodeCredentialProvider is not abstract and does not override abstract method close() in org.keycloak.provider.Provider
[ERROR] keycloak-extension-playground/auth-backup-codes/src/main/java/com/github/thomasdarimont/keycloak/backupcodes/credentials/BackupCodeCredentialProvider.java:[55,25] incompatible types: java.util.List<java.lang.Object> cannot be converted to java.util.List<org.keycloak.credential.CredentialModel>
[INFO] 4 errors
[INFO] -------------------------------------------------------------
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 1.268 s
[INFO] Finished at: 2022-01-07T10:24:27-06:00
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-compiler-plugin:3.1:compile (default-compile) on project auth-backup-codes: Compilation failure: Compilation failure:
[ERROR] keycloak-extension-playground/auth-backup-codes/src/main/java/com/github/thomasdarimont/keycloak/backupcodes/action/GenerateBackupCodeAction.java:[158,25] incompatible types: java.util.List<java.lang.Object> cannot be converted to java.util.List<org.keycloak.credential.CredentialModel>
[ERROR] keycloak-extension-playground/auth-backup-codes/src/main/java/com/github/thomasdarimont/keycloak/backupcodes/credentials/BackupCodeCredentialProviderFactory.java:[10,8] com.github.thomasdarimont.keycloak.backupcodes.credentials.BackupCodeCredentialProviderFactory is not abstract and does not override abstract method close() in org.keycloak.provider.ProviderFactory
[ERROR] keycloak-extension-playground/auth-backup-codes/src/main/java/com/github/thomasdarimont/keycloak/backupcodes/credentials/BackupCodeCredentialProvider.java:[25,8] com.github.thomasdarimont.keycloak.backupcodes.credentials.BackupCodeCredentialProvider is not abstract and does not override abstract method close() in org.keycloak.provider.Provider
[ERROR] keycloak-extension-playground/auth-backup-codes/src/main/java/com/github/thomasdarimont/keycloak/backupcodes/credentials/BackupCodeCredentialProvider.java:[55,25] incompatible types: java.util.List<java.lang.Object> cannot be converted to java.util.List<org.keycloak.credential.CredentialModel>
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
I am trying to find the specific requirements or configurations for FaceAuth. However, I have yet been unsuccessful. I am sure that we need to bind a new Authentication Flow customized with FaceAuth configurations as I saw it up and running in @thomasdarimont's tweet. I would appreciate it if you provide a more detailed explanation for that.
Hey,
I am trying to develop plugins using intellj jetbrains. However I cannot get it to properly parse all imports.
I've downloaded and compiled keycloak successfully in a directory at the same level as 'keycloak-extension-playground'.
I tried adding this folder as a external library in my IDEA, which didn't work. Is there something else I have to do so that I can get it to properly find all the keycloak classes?
Thank you
I'm assuming that you'd use the ForgotUsernameAuthenticator like the standard forgot password / reset credentials flow in Keycloak, but I don't see an example of its use. My question is how do you create a link and put it somewhere in a form, that would direct the user to that step in the flow? The /login-actions/...
links seem to be Keycloak specific, and you can't add arbitrary links that go to a different execution in a flow. In any case, just wondering if you thought how this would be deployed in an authentication flow. Thanks!
Following the readme and starting a:
mvn clean install -DskipTests
leads to the error
[ERROR] Failed to execute goal on project integration-arquillian-util
Could not resolve dependencies for project ork.keycloak.testsuite:integration-arquillian-util:15.0.2
Anyone experiencing same issue?
Hello,
I'm trying to use your 'auth require role'-extension to add the require-role check to a direct-grant-flow.
When the user owns the required role, the flow returns the correct token.
But if the user doesn't own the required role, I'm getting a 500 from the token endpoint.
I would like to get a 401.
As far as I understand, the extension is meant to be used for browser-flows.
Can this be updated for usage with direct grant flow?
What would I need to put in the authenticate()-Method for the case the role ist missing?
@Override
public void authenticate(AuthenticationFlowContext context) {
AuthenticatorConfigModel configModel = context.getAuthenticatorConfig();
String roleName = configModel.getConfig().get(RequireRoleAuthenticatorFactory.ROLE);
RealmModel realm = context.getRealm();
UserModel user = context.getUser();
if (userHasRole(realm, user, roleName)) {
context.success();
return;
}
LOG.debugf("Access denied because of missing role. realm=%s username=%s role=%s", realm.getName(), user.getUsername(), roleName);
context.getEvent().user(user);
context.getEvent().error(Errors.NOT_ALLOWED);
// the following doesn't work for direct-grant-flow: it returns a 500
context.forkWithErrorMessage(new FormMessage(Messages.NO_ACCESS));
}
Kind Regards,
Christian
I'm trying to setup you DynamicIdpRedirectAuthenticator as https://issues.redhat.com/browse/KEYCLOAK-1515 is not done yet.
My Authentication flow is the following:
Current problem is that it's not executed if it's an Alternative, only if Required. I've attached a break point and the constructor is called, but the authorize method is not. Can you give me some hints what I'm doing wrong?
I think it's related with this:
/**
* This method creates the list of authenticators that is presented to the user. For a required execution, this is
* only the credentials associated to the authenticator, and for an alternative execution, this is all other alternative
* executions in the flow, including the credentials.
* <p>
* In both cases, the credentials take precedence, with the order selected by the user (or his administrator).
*
* @param model The current execution model
* @return an ordered list of the authentication selection options to present the user.
*/
private List<AuthenticationSelectionOption> createAuthenticationSelectionList(AuthenticationExecutionModel model) {
return AuthenticationSelectionResolver.createAuthenticationSelectionList(processor, model);
}
so password takes precedence over DynamicIdpRedirectAuthenticator, but not 100% sure.
I just want to share an issue that I encountered while tinkering on this project on WSL2
Basically, after setting up the launch configuration for VScode, debugging the KeycloakPlaygroundServer
runs on default http://localhost:8081. This is accessible via curl
on WSL2, but not accessible on a browser running from the Windows host machine.
Since the KeycloakPlaygroundServer
piggybacks on the KeycloakServer
testsuite on Keycloak, editing the host
from localhost
to 0.0.0.0
should fix the issue here.
public static class KeycloakServerConfig {
private String host = "0.0.0.0"; // This should fix the issue with WSL2
private int port = 8081;
Then recompile and reinstall Keycloak using Maven like so:
mvn clean install -DskipTests
SPI Correctly builded, deployed.
Registration flow configured and registration.ftl changed following the README.md
I register a new user.
If I check the "Attributes" tab in the user detail I can't find the attribute terms_accepted.
This code runs without errors.
I have added two debug row
Map<String,List<String>> Attributes = context.getUser().getAttributes();
LOG.debugf("\n\n\n\n\n Attributes after " + Attributes);
before and after the row
context.getUser().setSingleAttribute(TERMS_ACCEPTED_ATTRIBUTE, String.valueOf(System.currentTimeMillis()));
This way:
Map<String,List<String>> Attributes = context.getUser().getAttributes();
LOG.debugf("\n\n\n\n\n Attributes after " + Attributes);
context.getUser().setSingleAttribute(TERMS_ACCEPTED_ATTRIBUTE, String.valueOf(System.currentTimeMillis()));
Map<String,List<String>> Attributes2 = context.getUser().getAttributes();
LOG.debugf("\n\n\n\n\n Attributes after " + Attributes2);
I obtain in my log:
Attributes before {firstName=[David], lastName=[Lippi], acceptMarketing=[1], acceptTerms=[1], email=[[email protected]], username=[[email protected]]}
Attributes after {terms_accepted=[1650562125788], firstName=[David], lastName=[Lippi], acceptMarketing=[1], acceptTerms=[1], email=[[email protected]], username=[[email protected]]}
terms_accepted is present!
But in the admin area:
term_accepted is missing
In the DB terms_accepted is missing...
What's is wrong?
Dear team,
Can you please help me out with customizing access tokens in Keycloak ?
In my context, the Authorization Server needs to cryptographically generate a token based on the requested attributes its private key and the public key of the introspection server. To be clear, its not a signature, but a more complicated crypto mechanism. The result should be a bearer token. For this purpose, I would like to implement a back-end engine which is in charge of this computation.
Thank you,
Hoan
Hello thank you for your wonderful examples,
I am facing an issue while trying the dynamic-email-code-auth-extension.
keycloak_1 | Caused by: org.keycloak.email.EmailException: Failed to template plain text email. keycloak_1 | at [email protected]//org.keycloak.email.freemarker.FreeMarkerEmailTemplateProvider.processTemplate(FreeMarkerEmailTemplateProvider.java:221) keycloak_1 | ... 84 more keycloak_1 | Caused by: org.keycloak.theme.FreeMarkerException: Failed to process template text/code-email.ftl keycloak_1 | at [email protected]//org.keycloak.theme.FreeMarkerUtil.processTemplate(FreeMarkerUtil.java:71) keycloak_1 | at [email protected]//org.keycloak.email.freemarker.FreeMarkerEmailTemplateProvider.processTemplate(FreeMarkerEmailTemplateProvider.java:219) keycloak_1 | ... 84 more keycloak_1 | Caused by: freemarker.template.TemplateNotFoundException: Template not found for name "text/code-email.ftl". keycloak_1 | The name was interpreted by this TemplateLoader: org.keycloak.theme.FreeMarkerUtil$ThemeTemplateLoader@112de407. keycloak_1 | at [email protected]//freemarker.template.Configuration.getTemplate(Configuration.java:2883) keycloak_1 | at [email protected]//freemarker.template.Configuration.getTemplate(Configuration.java:2703)
I didn't understand wht you mean by : // Don't forget to add the welcome-email.ftl (html and text) template to your
// theme.
emailProvider.send("emailCodeSubject", subjectParams, "code-email.ftl", mailBodyAttributes);
Thank you.
First, thanks @thomasdarimont for this work, I have been using a few of your extensions for quite some time and they always worked great.
I upgraded my test Keycloak instance to v18.0.2 and realized the auth-require-role-extension stopped working. On 16.1.1, same code, same jar, same config, worked great.
This the error I am getting on Keycloak 18 (Quarkus):
2022-10-06 16:03:19,477 WARN [org.keycloak.authentication.DefaultAuthenticationFlow] (executor-thread-0) REQUIRED and ALTERNATIVE elements at same level! Those alternative executions will be ignored: [auth-cookie, identity-provider-redirector, null]
2022-10-06 16:03:19,481 WARN [org.keycloak.services] (executor-thread-0) KC-SERVICES0013: Failed authentication: java.lang.NullPointerException
at com.github.thomasdarimont.keycloak.auth.requiregroup.RequireRoleAuthenticator.userHasRole(RequireRoleAuthenticator.java:51)
at com.github.thomasdarimont.keycloak.auth.requiregroup.RequireRoleAuthenticator.authenticate(RequireRoleAuthenticator.java:33)
at org.keycloak.authentication.DefaultAuthenticationFlow.processSingleFlowExecutionModel(DefaultAuthenticationFlow.java:460)
at org.keycloak.authentication.DefaultAuthenticationFlow.processFlow(DefaultAuthenticationFlow.java:264)
at org.keycloak.authentication.AuthenticationProcessor.authenticateOnly(AuthenticationProcessor.java:1030)
at org.keycloak.authentication.AuthenticationProcessor.authenticate(AuthenticationProcessor.java:892)
at org.keycloak.protocol.AuthorizationEndpointBase.handleBrowserAuthenticationRequest(AuthorizationEndpointBase.java:151)
at org.keycloak.protocol.oidc.endpoints.AuthorizationEndpoint.buildAuthorizationCodeAuthorizationResponse(AuthorizationEndpoint.java:338)
at org.keycloak.protocol.oidc.endpoints.AuthorizationEndpoint.process(AuthorizationEndpoint.java:194)
at org.keycloak.protocol.oidc.endpoints.AuthorizationEndpoint.buildGet(AuthorizationEndpoint.java:112)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:170)
at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:130)
at org.jboss.resteasy.core.ResourceMethodInvoker.internalInvokeOnTarget(ResourceMethodInvoker.java:660)
at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTargetAfterFilter(ResourceMethodInvoker.java:524)
at org.jboss.resteasy.core.ResourceMethodInvoker.lambda$invokeOnTarget$2(ResourceMethodInvoker.java:474)
at org.jboss.resteasy.core.interception.jaxrs.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:364)
at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:476)
at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:434)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:192)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:152)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:183)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:141)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:32)
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:492)
at org.jboss.resteasy.core.SynchronousDispatcher.lambda$invoke$4(SynchronousDispatcher.java:261)
at org.jboss.resteasy.core.SynchronousDispatcher.lambda$preprocess$0(SynchronousDispatcher.java:161)
at org.jboss.resteasy.core.interception.jaxrs.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:364)
at org.jboss.resteasy.core.SynchronousDispatcher.preprocess(SynchronousDispatcher.java:164)
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:247)
at io.quarkus.resteasy.runtime.standalone.RequestDispatcher.service(RequestDispatcher.java:73)
at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler.dispatch(VertxRequestHandler.java:151)
at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler.handle(VertxRequestHandler.java:82)
at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler.handle(VertxRequestHandler.java:42)
at io.vertx.ext.web.impl.RouteState.handleContext(RouteState.java:1212)
at io.vertx.ext.web.impl.RoutingContextImplBase.iterateNext(RoutingContextImplBase.java:163)
at io.vertx.ext.web.impl.RoutingContextWrapper.next(RoutingContextWrapper.java:201)
at io.quarkus.vertx.http.runtime.StaticResourcesRecorder$2.handle(StaticResourcesRecorder.java:67)
at io.quarkus.vertx.http.runtime.StaticResourcesRecorder$2.handle(StaticResourcesRecorder.java:55)
at io.vertx.ext.web.impl.RouteState.handleContext(RouteState.java:1212)
at io.vertx.ext.web.impl.RoutingContextImplBase.iterateNext(RoutingContextImplBase.java:163)
at io.vertx.ext.web.impl.RoutingContextWrapper.next(RoutingContextWrapper.java:201)
at io.quarkus.vertx.http.runtime.VertxHttpRecorder$5.handle(VertxHttpRecorder.java:380)
at io.quarkus.vertx.http.runtime.VertxHttpRecorder$5.handle(VertxHttpRecorder.java:358)
at io.vertx.ext.web.impl.RouteState.handleContext(RouteState.java:1212)
at io.vertx.ext.web.impl.RoutingContextImplBase.iterateNext(RoutingContextImplBase.java:163)
at io.vertx.ext.web.impl.RoutingContextWrapper.next(RoutingContextWrapper.java:201)
at org.keycloak.quarkus.runtime.integration.web.QuarkusRequestFilter.lambda$createBlockingHandler$1(QuarkusRequestFilter.java:71)
at io.vertx.core.impl.ContextImpl.lambda$null$0(ContextImpl.java:159)
at io.vertx.core.impl.AbstractContext.dispatch(AbstractContext.java:100)
at io.vertx.core.impl.ContextImpl.lambda$executeBlocking$1(ContextImpl.java:157)
at io.quarkus.vertx.core.runtime.VertxCoreRecorder$13.runWith(VertxCoreRecorder.java:543)
at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2449)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1478)
at org.jboss.threads.DelegatingRunnable.run(DelegatingRunnable.java:29)
at org.jboss.threads.ThreadLocalResettingRunnable.run(ThreadLocalResettingRunnable.java:29)
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
at java.base/java.lang.Thread.run(Thread.java:829)
And this is the extension configuration (same I used to have on Keycloak 16 and prior):
And the authentication flow I am using for testing, cloned from Browser (again same it used to work on Keycloak 16 and prior):
I've also tried building the latest version of the code against 18.0.2 but it did not work either.
Any ideas how to fix this? Is someone else experiencing the same issue?
Thanks.
Hello,
I'm working on a use case where is let the user choose between OTP based sms and based email.
I created a flow containing three execution (username/pwd + sms authentication + email code form).
is there a way to add alternative option on requirement for email code form execution, (see screenshot below).
Thanks in advance.
With the current implementation of auth-require-role-extension
only those roles assigned to users are taken into account. If the user belongs to a group that has a role assigned, this role is not evaluated, therefore the extension denies user access.
I took a look at the code I think this should be fairly simple to implement. I will summit a PR later today.
hi,
I'm trying to build an extension that sends an email when a user deletes their own account or when the account is deleted by an admin. Your provisioning event listener example looks very helpful to achieve that.
However, I found that when retrieving the user with getUserById()
in either the onEvent(AdminEvent)
(in the case of an administrator deleting the account) or the onEvent(Event) handler (when a user deletes their own account) the user is already null:
// admin deletes user account:
public void onEvent(AdminEvent adminEvent, boolean b) {
if (ResourceType.USER.equals(adminEvent.getResourceType()) &&
OperationType.DELETE.equals(adminEvent.getOperationType())){
RealmModel realm = session.realms().getRealm(adminEvent.getRealmId());
UserModel user = session.users().getUserById(adminEvent.getResourcePath()
.substring("users/".length()), realm); <---- NullPointerException
(...)
// user deletes their account:
public void onEvent(Event event) {
if (EventType.DELETE_ACCOUNT.equals(event.getType())) {
logger.log(Logger.Level.INFO, "Delete user ID: " + event.getUserId(); <---- this works
RealmModel realm = this.realmProvider.getRealm(event.getRealmId());
UserModel user = this.session.users().getUserById(event.getUserId(), realm);
logger.log(Logger.Level.INFO, "Delete user with email: " + user.getEmail(); <---- NullPointerException
(...)
... so this won't work for the USER DELETE event.
I wonder if there's a way around this?
Any pointers welcome :)
Luthien
(using Keycloak v. 12.0.4)
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.