instipod / duouniversalkeycloakauthenticator Goto Github PK
View Code? Open in Web Editor NEWKeycloak Authenticator for Duo's new Universal Prompt
License: GNU General Public License v3.0
duouniversalkeycloakauthenticator's People
Contributors
Stargazers
Watchers
Forkers
maflister richard-9000 eupraxialabs nonbinarygeek alfonsoalongi osc scriptjs ansa89 ffroehli concurrent-recursion orangeliberia costenslayer jfyoboue kamara72 schneeweduouniversalkeycloakauthenticator's Issues
HTTP proxy settings
Hi All,
I'm trying to get Keycloak and DuoMFA to work with my internal HTTP proxy.
The following environment variables are set for the Keycloak container:
...
environment:
- KEYCLOAK_ADMIN=admin
- KEYCLOAK_ADMIN_PASSWORD=somepw
- KEYCLOAK_HOSTNAME=somefqdn
- TZ=Europe/Berlin
- HTTP_PROXY=http://fqdnProxy:80
- HTTPS_PROXY=http://fqdnProxy:80
- NO_PROXY=localhost,127.0.0.1
- JAVA_OPTS="-Djava.net.preferIPv4Stack=true -Dhttp.proxyHost=fqdnProxy -Dhttp.proxyPort=80 -Dhttps.proxyHost=fqdnProxy -Dhttps.proxyPort=80 -Dhttp.proxySet=true-Dhttp.nonProxyHosts=*.domain.local|localhost"
From the Keycloak container I'm able to reach the API server:
bash-4.4$ curl https://api-SOMESERVER.duosecurity.com
<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>Duo/1.0</center>
</body>
</html>
The adapter or sdk seems not to pick the proxy settings yet:
[com.instipod.duouniversal.DuoUniversalAuthenticator] (executor-thread-6) Authentication against Duo failed with exception: com.duosecurity.exception.DuoException: connect timed out
Setup:
DuoUniversalKeycloakAuthenticator 1.0.4
Server Version 18.0.0
Java Version 11.0.15
Java VM OpenJDK 64-Bit Server VM
Java VM Version 11.0.15+10-LTS
Operating System Linux 5.14.0-160.el9.x86_64
I took a quick look at Duo's Universal SDK and could not find any options to set a proxy.
How could I possible get the setup to work using a http proxy?
PS: Hope that I just missed out something simple :-)
Best and many thanks in advance,
Tobi
Latest 1.0.7 Release is missing dependencies
When deploying the pre-build 1.0.7 release we get the error below, and looking at the size of the JAR file, could tell it is missing dependencies:
-rw-rw-r-- 1 keycloak keycloak 4848887 Jul 21 20:34 DuoUniversalKeycloakAuthenticator-1.0.6_22.0.1.jar
-rw-rw-r-- 1 keycloak keycloak 15992 Aug 27 12:24 DuoUniversalKeycloakAuthenticator-1.0.7_22.0.1.jar
2023-09-21 13:08:16,687 ERROR [org.keycloak.services.error.KeycloakErrorHandler] (executor-thread-13) Uncaught server error: java.lang.NoClassDefFoundError: com/duosecurity/exception/DuoException
at com.instipod.duouniversal.DuoUniversalAuthenticatorFactory.create(DuoUniversalAuthenticatorFactory.java:82)
at com.instipod.duouniversal.DuoUniversalAuthenticatorFactory.create(DuoUniversalAuthenticatorFactory.java:14)
at org.keycloak.authentication.DefaultAuthenticationFlow.createAuthenticator(DefaultAuthenticationFlow.java:76)
at org.keycloak.authentication.DefaultAuthenticationFlow.isConditionalAuthenticator(DefaultAuthenticationFlow.java:340)
at java.base/java.util.function.Predicate.lambda$negate$1(Predicate.java:80)
at java.base/java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:178)
at java.base/java.util.LinkedList$LLSpliterator.forEachRemaining(LinkedList.java:1242)
at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:509)
at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:499)
at java.base/java.util.stream.ForEachOps$ForEachOp.evaluateSequential(ForEachOps.java:150)
at java.base/java.util.stream.ForEachOps$ForEachOp$OfRef.evaluateSequential(ForEachOps.java:173)
at java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
at java.base/java.util.stream.ReferencePipeline.forEachOrdered(ReferencePipeline.java:601)
at org.keycloak.authentication.DefaultAuthenticationFlow.fillListsOfExecutions(DefaultAuthenticationFlow.java:299)
at org.keycloak.authentication.AuthenticationSelectionResolver.addAllExecutionsFromSubflow(AuthenticationSelectionResolver.java:204)
at org.keycloak.authentication.AuthenticationSelectionResolver.addAllExecutionsFromSubflow(AuthenticationSelectionResolver.java:249)
at org.keycloak.authentication.AuthenticationSelectionResolver.addAllExecutionsFromSubflow(AuthenticationSelectionResolver.java:230)
at org.keycloak.authentication.AuthenticationSelectionResolver.createAuthenticationSelectionList(AuthenticationSelectionResolver.java:76)
at org.keycloak.authentication.DefaultAuthenticationFlow.createAuthenticationSelectionList(DefaultAuthenticationFlow.java:477)
at org.keycloak.authentication.DefaultAuthenticationFlow.processSingleFlowExecutionModel(DefaultAuthenticationFlow.java:403)
at org.keycloak.authentication.DefaultAuthenticationFlow.processFlow(DefaultAuthenticationFlow.java:271)
at org.keycloak.authentication.DefaultAuthenticationFlow.processSingleFlowExecutionModel(DefaultAuthenticationFlow.java:380)
at org.keycloak.authentication.DefaultAuthenticationFlow.processFlow(DefaultAuthenticationFlow.java:249)
at org.keycloak.authentication.AuthenticationProcessor.authenticateOnly(AuthenticationProcessor.java:1026)
at org.keycloak.authentication.AuthenticationProcessor.authenticate(AuthenticationProcessor.java:888)
at org.keycloak.protocol.AuthorizationEndpointBase.handleBrowserAuthenticationRequest(AuthorizationEndpointBase.java:153)
at org.keycloak.protocol.oidc.endpoints.AuthorizationEndpoint.buildAuthorizationCodeAuthorizationResponse(AuthorizationEndpoint.java:356)
at org.keycloak.protocol.oidc.endpoints.AuthorizationEndpoint.process(AuthorizationEndpoint.java:226)
at org.keycloak.protocol.oidc.endpoints.AuthorizationEndpoint.processInRetriableTransaction(AuthorizationEndpoint.java:147)
at org.keycloak.protocol.oidc.endpoints.AuthorizationEndpoint.buildGet(AuthorizationEndpoint.java:119)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:568)
at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:154)
at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:118)
at org.jboss.resteasy.core.ResourceMethodInvoker.internalInvokeOnTarget(ResourceMethodInvoker.java:560)
at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTargetAfterFilter(ResourceMethodInvoker.java:452)
at org.jboss.resteasy.core.ResourceMethodInvoker.lambda$invokeOnTarget$2(ResourceMethodInvoker.java:413)
at org.jboss.resteasy.core.interception.jaxrs.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:321)
at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:415)
at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:378)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:174)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:142)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:168)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:131)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:33)
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:429)
at org.jboss.resteasy.core.SynchronousDispatcher.lambda$invoke$4(SynchronousDispatcher.java:240)
at org.jboss.resteasy.core.SynchronousDispatcher.lambda$preprocess$0(SynchronousDispatcher.java:154)
at org.jboss.resteasy.core.interception.jaxrs.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:321)
at org.jboss.resteasy.core.SynchronousDispatcher.preprocess(SynchronousDispatcher.java:157)
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:229)
at io.quarkus.resteasy.runtime.standalone.RequestDispatcher.service(RequestDispatcher.java:82)
at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler.dispatch(VertxRequestHandler.java:147)
at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler.handle(VertxRequestHandler.java:84)
at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler.handle(VertxRequestHandler.java:44)
at io.vertx.ext.web.impl.RouteState.handleContext(RouteState.java:1284)
at io.vertx.ext.web.impl.RoutingContextImplBase.iterateNext(RoutingContextImplBase.java:177)
at io.vertx.ext.web.impl.RoutingContextImpl.next(RoutingContextImpl.java:141)
at io.quarkus.vertx.http.runtime.options.HttpServerCommonHandlers$1.handle(HttpServerCommonHandlers.java:58)
at io.quarkus.vertx.http.runtime.options.HttpServerCommonHandlers$1.handle(HttpServerCommonHandlers.java:36)
at io.vertx.ext.web.impl.RouteState.handleContext(RouteState.java:1284)
at io.vertx.ext.web.impl.RoutingContextImplBase.iterateNext(RoutingContextImplBase.java:177)
at io.vertx.ext.web.impl.RoutingContextImpl.next(RoutingContextImpl.java:141)
at org.keycloak.quarkus.runtime.integration.web.QuarkusRequestFilter.lambda$createBlockingHandler$0(QuarkusRequestFilter.java:82)
at io.quarkus.vertx.core.runtime.VertxCoreRecorder$14.runWith(VertxCoreRecorder.java:576)
at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2513)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1538)
at org.jboss.threads.DelegatingRunnable.run(DelegatingRunnable.java:29)
at org.jboss.threads.ThreadLocalResettingRunnable.run(ThreadLocalResettingRunnable.java:29)
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
at java.base/java.lang.Thread.run(Thread.java:833)
Caused by: java.lang.ClassNotFoundException: com.duosecurity.exception.DuoException
at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:641)
at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:188)
at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:525)
at io.quarkus.bootstrap.runner.RunnerClassLoader.loadClass(RunnerClassLoader.java:115)
at io.quarkus.bootstrap.runner.RunnerClassLoader.loadClass(RunnerClassLoader.java:65)
... 73 more
Create a maven central deployment
As a user of this library and Keycloak, I would like to be able to pull the library into my project via Maven as a dependency instead of downloading the binaries from github.
I have experience with this, and I can submit a PR if you are interested for the GH workflow and pom.xml changes, but there are some steps that you would need to perform to get it approved to sonatype's maven repository
Authentication against Duo failed
2023-10-18 12:56:26,813 WARN [com.instipod.duouniversal.DuoUniversalAuthenticator] (executor-thread-28) Authentication against Duo failed with exception: com.duosecurity.exception.DuoException: invalid_client
RedirectUrl isn't encoded
In the method of createAuthUrl of the Client-Ojbect the query parameters are not URL-encoded!!
Especially the redirectUri, which is a security risk and doesn't work for me!
maven build example in README.md is not working
[INFO] Changes detected - recompiling the module! :source
[INFO] Compiling 4 source files with javac [debug target 17] to target/classes
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 54.159 s
[INFO] Finished at: 2024-04-25T20:37:22Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-compiler-plugin:3.11.0:compile (default-compile) on project DuoUniversalKeycloakAuthenticator: Fatal error compiling: error: invalid target release: 17 -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException
make: *** [build-duo] Error 1
Building process of keycloak container failed: Command '['make', 'release']' returned non-zero exit status 2.need to put conainer name/tag that uses java17+ for instance
3.9.6-eclipse-temurin-17-alpine
Using the following container build has finished succesfully
Downloaded from central: https://repo.maven.apache.org/maven2/com/github/luben/zstd-jni/1.5.5-2/zstd-jni-1.5.5-2.jar (5.9 MB at 5.2 MB/s)
[INFO] Building jar: /mvn_project/target/DuoUniversalKeycloakAuthenticator-1.0.10_22.0.4-jar-with-dependencies.jar
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 01:30 min
[INFO] Finished at: 2024-04-25T20:42:18Z
[INFO] ------------------------------------------------------------------------
duo/target/DuoUniversalKeycloakAuthenticator-1.0.10_22.0.4-jar-with-dependencies.jar -> image/jar/DuoUniversalKeycloakAuthenticator-1.0.10_22.0.4-jar-with-dependencies.jar
Done building Duo JARConditional 2FA - Not Working
Firstly, thanks for this plugin!
It seems to work great... except when used in a conditional forwarder scenario.
I have configured an Authentication Flow to support 2FA using WebAuthN and Duo, but for some reason it just throws me back to the "Sign in with Security Key" screen rather than processing the flow.
WebAuthn Guide
Keycloak 15.0.2 in Docker
Also, the "display text" does not appear to be showing on the prompt, I am getting placeholders instead ๐ค
"Cannot convert undefined or null to object" in New Admin Console
When attempting to configure the authenticator settings using the new (Keycloak 19.X) admin console, the settings page is not accessible and instead the error "Cannot convert undefined or null to object" is shown.
Is master branch safe to be used in production ?
Hi,
We are using the latest release (september 2022) in production, for now it seems to be working except that only one duo config seems to be supported per realm (aka you can't have multiple auth flow using different integration key).
From what I see, latest commits seems really interesting especially group filtering (we are using role filtering actually).
So do you plan to publish a new stable version or it's safe to build from the master branch ?
Thanks
Security key creation fails
Description
This authenticator introduces an error for security key creation, therefore passkeys can't be used.
Tested against:
DUKA 1.0.7 with keycloak 22.0.5
DUKA 1.0.8-SNAPSHOT with keycloak 23.0.3
To Reproduce
-
create an authentication flow which uses the WebAuthnPasswordless Authenticator
-
go to:
https://<your-domain>/realms/<realm>/account/#/security/signingin -
Set up Security key -> follow setup -> Internal server error
Keycloak log
2023-12-20 13:58:27,275 ERROR [org.keycloak.services.error.KeycloakErrorHandler] (executor-thread-14) Uncaught server error: java.lang.NoSuchMethodError: 'com.fasterxml.jackson.core.io.ContentReference com.fasterxml.jackson.dataformat.cbor.CBORFactory._createContentReference(java.lang.Object, int, int)'
at com.fasterxml.jackson.dataformat.cbor.CBORFactory.createParser(CBORFactory.java:336)
at com.fasterxml.jackson.dataformat.cbor.CBORFactory.createParser(CBORFactory.java:330)
at com.fasterxml.jackson.dataformat.cbor.CBORFactory.createParser(CBORFactory.java:27)
at com.fasterxml.jackson.databind.ObjectMapper.readValue(ObjectMapper.java:3833)
at com.webauthn4j.converter.util.CborConverter.readValue(CborConverter.java:55)
at com.webauthn4j.converter.AttestationObjectConverter.convert(AttestationObjectConverter.java:77)
at com.webauthn4j.WebAuthnRegistrationManager.parse(WebAuthnRegistrationManager.java:183)
at org.keycloak.authentication.requiredactions.WebAuthnRegister.processAction(WebAuthnRegister.java:236)
at org.keycloak.services.resources.LoginActionsService.processRequireAction(LoginActionsService.java:1090)
at org.keycloak.services.resources.LoginActionsService.requiredActionPOST(LoginActionsService.java:1025)
at org.keycloak.services.resources.LoginActionsService$quarkusrestinvoker$requiredActionPOST_677a8efd4e80bfe1b3aa5a0d6fca2043252c9624.invoke(Unknown Source)
at org.jboss.resteasy.reactive.server.handlers.InvocationHandler.handle(InvocationHandler.java:29)
at io.quarkus.resteasy.reactive.server.runtime.QuarkusResteasyReactiveRequestContext.invokeHandler(QuarkusResteasyReactiveRequestContext.java:141)
at org.jboss.resteasy.reactive.common.core.AbstractResteasyReactiveContext.run(AbstractResteasyReactiveContext.java:145)
at io.quarkus.vertx.core.runtime.VertxCoreRecorder$14.runWith(VertxCoreRecorder.java:576)
at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2513)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1538)
at org.jboss.threads.DelegatingRunnable.run(DelegatingRunnable.java:29)
at org.jboss.threads.ThreadLocalResettingRunnable.run(ThreadLocalResettingRunnable.java:29)
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
at java.base/java.lang.Thread.run(Thread.java:840)
certificate_unknown / TLS Errors
We have a working configuration but after some amount of uptime we start seeing certificate_unknown errors in the Keycloak logs and authentication in the browser fails.
The underlying error is Unable to build a CertPath: no PKIXBuilderParameters available
This may be a Keycloak or BounceCastle issue, but the only area where we see an issue when this error occurs is when logging into Keycloak using a flow that has Duo configured. Other flows which use authentication mechanisms that reach out to external sources using TLS still work, so seems limited to the Duo provider.
Restarting the application fixes the issue for some amount of time but seems to reappear daily.
Oct 25 14:30:22 hostname kc.sh[185929]: 2023-10-25 14:30:22,212 INFO [org.bouncycastle.jsse.provider.ProvTlsClient] (executor-thread-302) [client #238 @3e2b2f98] raised fatal(2) certificate_unknown(46) alert: Failed to read record: org.bouncycastle.tls.TlsFatalAlert: certificate_unknown(46)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at org.bouncycastle.jsse.provider.ProvSSLSocketWrap.checkServerTrusted(ProvSSLSocketWrap.java:131)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at org.bouncycastle.jsse.provider.ProvTlsClient$1.notifyServerCertificate(ProvTlsClient.java:377)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at org.bouncycastle.tls.TlsUtils.processServerCertificate(TlsUtils.java:4849)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at org.bouncycastle.tls.TlsClientProtocol.handleServerCertificate(TlsClientProtocol.java:797)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at org.bouncycastle.tls.TlsClientProtocol.receive13ServerCertificate(TlsClientProtocol.java:1596)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at org.bouncycastle.tls.TlsClientProtocol.handle13HandshakeMessage(TlsClientProtocol.java:160)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at org.bouncycastle.tls.TlsClientProtocol.handleHandshakeMessage(TlsClientProtocol.java:366)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at org.bouncycastle.tls.TlsProtocol.processHandshakeQueue(TlsProtocol.java:715)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at org.bouncycastle.tls.TlsProtocol.processRecord(TlsProtocol.java:591)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at org.bouncycastle.tls.RecordStream.readRecord(RecordStream.java:247)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at org.bouncycastle.tls.TlsProtocol.safeReadRecord(TlsProtocol.java:879)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at org.bouncycastle.tls.TlsProtocol.blockForHandshake(TlsProtocol.java:427)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at org.bouncycastle.tls.TlsClientProtocol.connect(TlsClientProtocol.java:88)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at org.bouncycastle.jsse.provider.ProvSSLSocketWrap.startHandshake(ProvSSLSocketWrap.java:608)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at org.bouncycastle.jsse.provider.ProvSSLSocketWrap.startHandshake(ProvSSLSocketWrap.java:584)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at okhttp3.internal.connection.RealConnection.connectTls(RealConnection.java:336)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at okhttp3.internal.connection.RealConnection.establishProtocol(RealConnection.java:300)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at okhttp3.internal.connection.RealConnection.connect(RealConnection.java:185)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at okhttp3.internal.connection.ExchangeFinder.findConnection(ExchangeFinder.java:224)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at okhttp3.internal.connection.ExchangeFinder.findHealthyConnection(ExchangeFinder.java:108)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at okhttp3.internal.connection.ExchangeFinder.find(ExchangeFinder.java:88)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at okhttp3.internal.connection.Transmitter.newExchange(Transmitter.java:169)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.java:41)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:117)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.java:94)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:117)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.java:93)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.java:88)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:117)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at okhttp3.RealCall.getResponseWithInterceptorChain(RealCall.java:229)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at okhttp3.RealCall.execute(RealCall.java:81)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at retrofit2.OkHttpCall.execute(OkHttpCall.java:204)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at com.duosecurity.service.DuoConnector.duoHealthcheck(DuoConnector.java:60)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at com.duosecurity.Client.healthCheck(Client.java:252)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at com.instipod.duouniversal.DuoUniversalAuthenticator.startDuoProcess(DuoUniversalAuthenticator.java:265)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at com.instipod.duouniversal.DuoUniversalAuthenticator.authenticate(DuoUniversalAuthenticator.java:200)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at org.keycloak.authentication.DefaultAuthenticationFlow.processSingleFlowExecutionModel(DefaultAuthenticationFlow.java:445)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at org.keycloak.authentication.DefaultAuthenticationFlow.processFlow(DefaultAuthenticationFlow.java:249)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at org.keycloak.authentication.DefaultAuthenticationFlow.processSingleFlowExecutionModel(DefaultAuthenticationFlow.java:380)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at org.keycloak.authentication.DefaultAuthenticationFlow.continueAuthenticationAfterSuccessfulAction(DefaultAuthenticationFlow.java:181)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at org.keycloak.authentication.DefaultAuthenticationFlow.processAction(DefaultAuthenticationFlow.java:157)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at org.keycloak.authentication.AuthenticationProcessor.authenticationAction(AuthenticationProcessor.java:986)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at org.keycloak.services.resources.LoginActionsService.processFlow(LoginActionsService.java:378)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at org.keycloak.services.resources.LoginActionsService.processAuthentication(LoginActionsService.java:349)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at org.keycloak.services.resources.LoginActionsService.authenticateInternal(LoginActionsService.java:341)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at org.keycloak.services.resources.LoginActionsService.authenticate(LoginActionsService.java:322)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at org.keycloak.services.resources.LoginActionsService.authenticateForm(LoginActionsService.java:406)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at jdk.internal.reflect.GeneratedMethodAccessor751.invoke(Unknown Source)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at java.base/java.lang.reflect.Method.invoke(Method.java:568)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:154)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:118)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at org.jboss.resteasy.core.ResourceMethodInvoker.internalInvokeOnTarget(ResourceMethodInvoker.java:560)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTargetAfterFilter(ResourceMethodInvoker.java:452)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at org.jboss.resteasy.core.ResourceMethodInvoker.lambda$invokeOnTarget$2(ResourceMethodInvoker.java:413)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at org.jboss.resteasy.core.interception.jaxrs.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:321)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:415)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:378)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:174)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:131)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:33)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:429)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at org.jboss.resteasy.core.SynchronousDispatcher.lambda$invoke$4(SynchronousDispatcher.java:240)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at org.jboss.resteasy.core.SynchronousDispatcher.lambda$preprocess$0(SynchronousDispatcher.java:154)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at org.jboss.resteasy.core.interception.jaxrs.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:321)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at org.jboss.resteasy.core.SynchronousDispatcher.preprocess(SynchronousDispatcher.java:157)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:229)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at io.quarkus.resteasy.runtime.standalone.RequestDispatcher.service(RequestDispatcher.java:82)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler.dispatch(VertxRequestHandler.java:147)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler.handle(VertxRequestHandler.java:84)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler.handle(VertxRequestHandler.java:44)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at io.vertx.ext.web.impl.RouteState.handleContext(RouteState.java:1284)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at io.vertx.ext.web.impl.RoutingContextImplBase.iterateNext(RoutingContextImplBase.java:177)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at io.vertx.ext.web.impl.RoutingContextImpl.next(RoutingContextImpl.java:141)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at io.quarkus.vertx.http.runtime.options.HttpServerCommonHandlers$1.handle(HttpServerCommonHandlers.java:58)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at io.quarkus.vertx.http.runtime.options.HttpServerCommonHandlers$1.handle(HttpServerCommonHandlers.java:36)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at io.vertx.ext.web.impl.RouteState.handleContext(RouteState.java:1284)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at io.vertx.ext.web.impl.RoutingContextImplBase.iterateNext(RoutingContextImplBase.java:177)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at io.vertx.ext.web.impl.RoutingContextImpl.next(RoutingContextImpl.java:141)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at org.keycloak.quarkus.runtime.integration.web.QuarkusRequestFilter.lambda$createBlockingHandler$0(QuarkusRequestFilter.java:82)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at io.quarkus.vertx.core.runtime.VertxCoreRecorder$14.runWith(VertxCoreRecorder.java:576)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2513)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1538)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at org.jboss.threads.DelegatingRunnable.run(DelegatingRunnable.java:29)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at org.jboss.threads.ThreadLocalResettingRunnable.run(ThreadLocalResettingRunnable.java:29)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at java.base/java.lang.Thread.run(Thread.java:833)
Oct 25 14:30:22 hostname kc.sh[185929]: Caused by: java.security.cert.CertificateException: Unable to build a CertPath: no PKIXBuilderParameters available
Oct 25 14:30:22 hostname kc.sh[185929]: #011at org.bouncycastle.jsse.provider.ProvX509TrustManager.checkTrusted(ProvX509TrustManager.java:270)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at org.bouncycastle.jsse.provider.ProvX509TrustManager.checkServerTrusted(ProvX509TrustManager.java:182)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at org.bouncycastle.jsse.provider.ProvSSLSocketWrap.checkServerTrusted(ProvSSLSocketWrap.java:127)
Oct 25 14:30:22 hostname kc.sh[185929]: #011... 90 more
Oct 25 14:30:22 hostname kc.sh[185929]: 2023-10-25 14:30:22,213 INFO [org.bouncycastle.jsse.provider.ProvTlsClient] (executor-thread-302) [client #238 @3e2b2f98] disconnected from api-da1c07d8.duosecurity.com:443
Oct 25 14:30:22 hostname kc.sh[185929]: 2023-10-25 14:30:22,213 WARN [com.instipod.duouniversal.DuoUniversalAuthenticator] (executor-thread-302) Authentication against Duo failed with exception: com.duosecurity.exception.DuoException: certificate_unknown(46)
Oct 25 14:30:22 hostname kc.sh[185929]: 2023-10-25 14:30:22,213 WARN [org.keycloak.services] (executor-thread-302) KC-SERVICES0013: Failed authentication: org.keycloak.authentication.AuthenticationFlowException
Oct 25 14:30:22 hostname kc.sh[185929]: #011at org.keycloak.authentication.DefaultAuthenticationFlow.processResult(DefaultAuthenticationFlow.java:496)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at org.keycloak.authentication.DefaultAuthenticationFlow.processSingleFlowExecutionModel(DefaultAuthenticationFlow.java:447)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at org.keycloak.authentication.DefaultAuthenticationFlow.processFlow(DefaultAuthenticationFlow.java:249)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at org.keycloak.authentication.DefaultAuthenticationFlow.processSingleFlowExecutionModel(DefaultAuthenticationFlow.java:380)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at org.keycloak.authentication.DefaultAuthenticationFlow.continueAuthenticationAfterSuccessfulAction(DefaultAuthenticationFlow.java:181)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at org.keycloak.authentication.DefaultAuthenticationFlow.processAction(DefaultAuthenticationFlow.java:157)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at org.keycloak.authentication.AuthenticationProcessor.authenticationAction(AuthenticationProcessor.java:986)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at org.keycloak.services.resources.LoginActionsService.processFlow(LoginActionsService.java:378)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at org.keycloak.services.resources.LoginActionsService.processAuthentication(LoginActionsService.java:349)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at org.keycloak.services.resources.LoginActionsService.authenticateInternal(LoginActionsService.java:341)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at org.keycloak.services.resources.LoginActionsService.authenticate(LoginActionsService.java:322)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at org.keycloak.services.resources.LoginActionsService.authenticateForm(LoginActionsService.java:406)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at jdk.internal.reflect.GeneratedMethodAccessor751.invoke(Unknown Source)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at java.base/java.lang.reflect.Method.invoke(Method.java:568)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:154)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:118)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at org.jboss.resteasy.core.ResourceMethodInvoker.internalInvokeOnTarget(ResourceMethodInvoker.java:560)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTargetAfterFilter(ResourceMethodInvoker.java:452)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at org.jboss.resteasy.core.ResourceMethodInvoker.lambda$invokeOnTarget$2(ResourceMethodInvoker.java:413)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at org.jboss.resteasy.core.interception.jaxrs.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:321)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:415)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:378)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:174)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:131)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:33)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:429)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at org.jboss.resteasy.core.SynchronousDispatcher.lambda$invoke$4(SynchronousDispatcher.java:240)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at org.jboss.resteasy.core.SynchronousDispatcher.lambda$preprocess$0(SynchronousDispatcher.java:154)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at org.jboss.resteasy.core.interception.jaxrs.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:321)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at org.jboss.resteasy.core.SynchronousDispatcher.preprocess(SynchronousDispatcher.java:157)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:229)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at io.quarkus.resteasy.runtime.standalone.RequestDispatcher.service(RequestDispatcher.java:82)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler.dispatch(VertxRequestHandler.java:147)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler.handle(VertxRequestHandler.java:84)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler.handle(VertxRequestHandler.java:44)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at io.vertx.ext.web.impl.RouteState.handleContext(RouteState.java:1284)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at io.vertx.ext.web.impl.RoutingContextImplBase.iterateNext(RoutingContextImplBase.java:177)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at io.vertx.ext.web.impl.RoutingContextImpl.next(RoutingContextImpl.java:141)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at io.quarkus.vertx.http.runtime.options.HttpServerCommonHandlers$1.handle(HttpServerCommonHandlers.java:58)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at io.quarkus.vertx.http.runtime.options.HttpServerCommonHandlers$1.handle(HttpServerCommonHandlers.java:36)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at io.vertx.ext.web.impl.RouteState.handleContext(RouteState.java:1284)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at io.vertx.ext.web.impl.RoutingContextImplBase.iterateNext(RoutingContextImplBase.java:177)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at io.vertx.ext.web.impl.RoutingContextImpl.next(RoutingContextImpl.java:141)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at org.keycloak.quarkus.runtime.integration.web.QuarkusRequestFilter.lambda$createBlockingHandler$0(QuarkusRequestFilter.java:82)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at io.quarkus.vertx.core.runtime.VertxCoreRecorder$14.runWith(VertxCoreRecorder.java:576)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2513)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1538)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at org.jboss.threads.DelegatingRunnable.run(DelegatingRunnable.java:29)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at org.jboss.threads.ThreadLocalResettingRunnable.run(ThreadLocalResettingRunnable.java:29)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
Oct 25 14:30:22 hostname kc.sh[185929]: #011at java.base/java.lang.Thread.run(Thread.java:833)
Oct 25 14:30:22 hostname kc.sh[185929]: 2023-10-25 14:30:22,221 WARN [org.keycloak.events] (executor-thread-302) type=LOGIN_ERROR, realmId=realm, clientId=account-console, userId=null, ipAddress=XX.XX.XX.XX, error=invalid_user_credentials, auth_method=openid-connect, auth_type=code, redirect_uri=https://oururl.com/realms/realm/account/#/, code_id=5b89410d-27e2-4404-a99d-b9abceb2d86c, username=user```
Replacing "17" with "18" in pom.xml causing error in adding JAR extension to keycloak server
Replacing "17" with "18" in pom.xml causing error in adding JAR extension to keycloak server
(The build itself is succesfull though...)
It has been tested with Keycloak 22.x, 23.x and 24.x versions.
cat versions.yaml
old-stable:
os: debian-11
release: r3
app_version: 22.0.4
mvn_version: 3.8.6-eclipse-temurin-18-alpine
stable:
os: debian-12
release: r5
app_version: 23.0.7
mvn_version: 3.8.6-eclipse-temurin-18-alpine
testing:
os: debian-12
release: r3
app_version: 24.0.3
mvn_version: 3.8.6-eclipse-temurin-18-alpineOutput from multi-stage build for duo JAR and keycloak container
33.74 2024-04-30 04:14:40,350 TRACE [org.jboss.threads] (build-8) Thread "Thread[build-8,5,]" exiting
33.74
33.81 ERROR: Failed to run 'build' command.
33.81 ERROR: io.quarkus.builder.BuildException: Build failure: Build failed due to errors
33.81 [error]: Build step org.keycloak.quarkus.deployment.KeycloakProcessor#configureKeycloakSessionFactory threw an exception: java.lang.UnsupportedClassVersionError: com/instipod/duouniversal/getshim/GetShimProviderFactory has been compiled by a more recent version of the Java Runtime (class file version 62.0), this version of the Java Runtime only recognizes class file versions up to 61.0
33.81 at java.base/java.lang.ClassLoader.defineClass1(Native Method)
33.81 at java.base/java.lang.ClassLoader.defineClass(ClassLoader.java:1017)
33.81 at io.quarkus.bootstrap.classloading.QuarkusClassLoader.loadClass(QuarkusClassLoader.java:508)
33.81 at io.quarkus.bootstrap.classloading.QuarkusClassLoader.loadClass(QuarkusClassLoader.java:468)
33.81 at java.base/java.lang.Class.forName0(Native Method)
33.81 at java.base/java.lang.Class.forName(Class.java:467)
33.81 at java.base/java.util.ServiceLoader$LazyClassPathLookupIterator.nextProviderClass(ServiceLoader.java:1217)
33.81 at java.base/java.util.ServiceLoader$LazyClassPathLookupIterator.hasNextService(ServiceLoader.java:1228)
33.81 at java.base/java.util.ServiceLoader$LazyClassPathLookupIterator.hasNext(ServiceLoader.java:1273)
33.81 at java.base/java.util.ServiceLoader$2.hasNext(ServiceLoader.java:1309)
33.81 at java.base/java.util.ServiceLoader$3.hasNext(ServiceLoader.java:1393)
33.81 at org.keycloak.provider.DefaultProviderLoader.load(DefaultProviderLoader.java:60)
33.81 at org.keycloak.provider.ProviderManager.load(ProviderManager.java:93)
33.81 at org.keycloak.quarkus.deployment.KeycloakProcessor.loadFactories(KeycloakProcessor.java:690)
33.81 at org.keycloak.quarkus.deployment.KeycloakProcessor.configureKeycloakSessionFactory(KeycloakProcessor.java:398)
33.81 at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
33.81 at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
33.81 at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
33.81 at java.base/java.lang.reflect.Method.invoke(Method.java:568)
33.81 at io.quarkus.deployment.ExtensionLoader$3.execute(ExtensionLoader.java:849)
33.81 at io.quarkus.builder.BuildContext.run(BuildContext.java:256)
33.81 at org.jboss.threads.ContextHandler$1.runWith(ContextHandler.java:18)
33.81 at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2513)
33.81 at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1538)
33.81 at java.base/java.lang.Thread.run(Thread.java:840)
33.81 at org.jboss.threads.JBossThread.run(JBossThread.java:501)
33.81
33.81 ERROR: Build failure: Build failed due to errors
33.81 [error]: Build step org.keycloak.quarkus.deployment.KeycloakProcessor#configureKeycloakSessionFactory threw an exception: java.lang.UnsupportedClassVersionError: com/instipod/duouniversal/getshim/GetShimProviderFactory has been compiled by a more recent version of the Java Runtime (class file version 62.0), this version of the Java Runtime only recognizes class file versions up to 61.0
33.81 at java.base/java.lang.ClassLoader.defineClass1(Native Method)
33.81 at java.base/java.lang.ClassLoader.defineClass(ClassLoader.java:1017)
33.81 at io.quarkus.bootstrap.classloading.QuarkusClassLoader.loadClass(QuarkusClassLoader.java:508)
33.81 at io.quarkus.bootstrap.classloading.QuarkusClassLoader.loadClass(QuarkusClassLoader.java:468)
33.81 at java.base/java.lang.Class.forName0(Native Method)
33.81 at java.base/java.lang.Class.forName(Class.java:467)
33.81 at java.base/java.util.ServiceLoader$LazyClassPathLookupIterator.nextProviderClass(ServiceLoader.java:1217)
33.81 at java.base/java.util.ServiceLoader$LazyClassPathLookupIterator.hasNextService(ServiceLoader.java:1228)
33.81 at java.base/java.util.ServiceLoader$LazyClassPathLookupIterator.hasNext(ServiceLoader.java:1273)
33.81 at java.base/java.util.ServiceLoader$2.hasNext(ServiceLoader.java:1309)
33.81 at java.base/java.util.ServiceLoader$3.hasNext(ServiceLoader.java:1393)
33.81 at org.keycloak.provider.DefaultProviderLoader.load(DefaultProviderLoader.java:60)
33.81 at org.keycloak.provider.ProviderManager.load(ProviderManager.java:93)
33.81 at org.keycloak.quarkus.deployment.KeycloakProcessor.loadFactories(KeycloakProcessor.java:690)
33.81 at org.keycloak.quarkus.deployment.KeycloakProcessor.configureKeycloakSessionFactory(KeycloakProcessor.java:398)
33.81 at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
33.81 at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
33.81 at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
33.81 at java.base/java.lang.reflect.Method.invoke(Method.java:568)
33.81 at io.quarkus.deployment.ExtensionLoader$3.execute(ExtensionLoader.java:849)
33.81 at io.quarkus.builder.BuildContext.run(BuildContext.java:256)
33.81 at org.jboss.threads.ContextHandler$1.runWith(ContextHandler.java:18)
33.81 at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2513)
33.81 at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1538)
33.81 at java.base/java.lang.Thread.run(Thread.java:840)
33.81 at org.jboss.threads.JBossThread.run(JBossThread.java:501)
33.81
33.81 ERROR: com/instipod/duouniversal/getshim/GetShimProviderFactory has been compiled by a more recent version of the Java Runtime (class file version 62.0), this version of the Java Runtime only recognizes class file versions up to 61.0
33.81 For more details run the same command passing the '--verbose' option. Also you can use '--help' to see the details about the usage of the particular command.
------
Dockerfile:11
--------------------
11 | >>> RUN bin/kc.sh build
12 |
13 | FROM bitnami/keycloak:24.0.3
--------------------
ERROR: failed to solve: process "/bin/bash -o errexit -o nounset -o pipefail -c bin/kc.sh build" did not complete successfully: exit code: 1
View build details: docker-desktop://dashboard/build/desktop-linux/desktop-linux/kr6n64lbbnyzjvbdhtfkblevk
make: *** [build] Error 1
Cleaning up...Does this plugin need a truststore from Duo?
Hello,
First of all, thank you for this plugin.
I am trying to use it on Keycloak and I got this error when I try to log in.
keycloak 13:40:01,739 WARN [com.instipod.duouniversal.DuoUniversalAuthenticator] (default task-2) Authentication against Duo failed with exception: com.duosecurity.exception.DuoException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target keycloak 13:40:01,739 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-2) authenticator FAILED: duo-universal keycloak 13:40:01,739 WARN [org.keycloak.services] (default task-2) KC-SERVICES0013: Failed authentication: org.keycloak.authentication.AuthenticationFlowException keycloak at [email protected]//org.keycloak.authentication.DefaultAuthenticationFlow.processResult(DefaultAuthenticationFlow.java:504) keycloak at [email protected]//org.keycloak.authentication.DefaultAuthenticationFlow.processSingleFlowExecutionModel(DefaultAuthenticationFlow.java:455) keycloak at [email protected]//org.keycloak.authentication.DefaultAuthenticationFlow.processFlow(DefaultAuthenticationFlow.java:257) keycloak at [email protected]//org.keycloak.authentication.DefaultAuthenticationFlow.processSingleFlowExecutionModel(DefaultAuthenticationFlow.java:396) keycloak at [email protected]//org.keycloak.authentication.DefaultAuthenticationFlow.continueAuthenticationAfterSuccessfulAction(DefaultAuthenticationFlow.java:189) keycloak at [email protected]//org.keycloak.authentication.DefaultAuthenticationFlow.processAction(DefaultAuthenticationFlow.java:165) keycloak at [email protected]//org.keycloak.authentication.AuthenticationProcessor.authenticationAction(AuthenticationProcessor.java:1002) keycloak at [email protected]//org.keycloak.services.resources.LoginActionsService.processFlow(LoginActionsService.java:321) keycloak at [email protected]//org.keycloak.services.resources.LoginActionsService.processAuthentication(LoginActionsService.java:292) keycloak at [email protected]//org.keycloak.services.resources.LoginActionsService.authenticate(LoginActionsService.java:276) keycloak at [email protected]//org.keycloak.services.resources.LoginActionsService.authenticateForm(LoginActionsService.java:349) keycloak at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) keycloak at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) keycloak at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) keycloak at java.base/java.lang.reflect.Method.invoke(Method.java:566) keycloak at [email protected]//org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:170) keycloak at [email protected]//org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:130) keycloak at [email protected]//org.jboss.resteasy.core.ResourceMethodInvoker.internalInvokeOnTarget(ResourceMethodInvoker.java:660) keycloak at [email protected]//org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTargetAfterFilter(ResourceMethodInvoker.java:524) keycloak at [email protected]//org.jboss.resteasy.core.ResourceMethodInvoker.lambda$invokeOnTarget$2(ResourceMethodInvoker.java:474) keycloak at [email protected]//org.jboss.resteasy.core.interception.jaxrs.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:364) keycloak at [email protected]//org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:476) keycloak at [email protected]//org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:434) keycloak at [email protected]//org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:192) keycloak at [email protected]//org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:141) keycloak at [email protected]//org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:32) keycloak at [email protected]//org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:492) keycloak at [email protected]//org.jboss.resteasy.core.SynchronousDispatcher.lambda$invoke$4(SynchronousDispatcher.java:261) keycloak at [email protected]//org.jboss.resteasy.core.SynchronousDispatcher.lambda$preprocess$0(SynchronousDispatcher.java:161) keycloak at [email protected]//org.jboss.resteasy.core.interception.jaxrs.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:364) keycloak at [email protected]//org.jboss.resteasy.core.SynchronousDispatcher.preprocess(SynchronousDispatcher.java:164) keycloak at [email protected]//org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:247) keycloak at [email protected]//org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:249) keycloak at [email protected]//org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:60) keycloak at [email protected]//org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:55) keycloak at [email protected]//javax.servlet.http.HttpServlet.service(HttpServlet.java:590) keycloak at [email protected]//io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74) keycloak at [email protected]//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129) keycloak at [email protected]//org.keycloak.provider.wildfly.WildFlyRequestFilter.lambda$doFilter$0(WildFlyRequestFilter.java:41) keycloak at [email protected]//org.keycloak.services.filters.AbstractRequestFilter.filter(AbstractRequestFilter.java:43) keycloak at [email protected]//org.keycloak.provider.wildfly.WildFlyRequestFilter.doFilter(WildFlyRequestFilter.java:39) keycloak at [email protected]//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) keycloak at [email protected]//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) keycloak at [email protected]//io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84) keycloak at [email protected]//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) keycloak at [email protected]//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68) keycloak at [email protected]//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) keycloak at [email protected]//org.wildfly.elytron.web.undertow.server.ElytronRunAsHandler.lambda$handleRequest$1(ElytronRunAsHandler.java:68) keycloak at [email protected]//org.wildfly.security.auth.server.FlexibleIdentityAssociation.runAsFunctionEx(FlexibleIdentityAssociation.java:103) keycloak at [email protected]//org.wildfly.security.auth.server.Scoped.runAsFunctionEx(Scoped.java:161) keycloak at [email protected]//org.wildfly.security.auth.server.Scoped.runAs(Scoped.java:73) keycloak at [email protected]//org.wildfly.elytron.web.undertow.server.ElytronRunAsHandler.handleRequest(ElytronRunAsHandler.java:67) keycloak at [email protected]//io.undertow.servlet.handlers.RedirectDirHandler.handleRequest(RedirectDirHandler.java:68) keycloak at [email protected]//io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:117) keycloak at [email protected]//io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57) keycloak at [email protected]//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) keycloak at [email protected]//io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46) keycloak at [email protected]//io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64) keycloak at [email protected]//io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43) keycloak at org.wildfly.security.elytron-web.undertow-server-servlet@1.10.1.Final//org.wildfly.elytron.web.undertow.server.servlet.CleanUpHandler.handleRequest(CleanUpHandler.java:38) keycloak at [email protected]//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) keycloak at [email protected]//org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61) keycloak at [email protected]//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) keycloak at [email protected]//org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68) keycloak at [email protected]//io.undertow.servlet.handlers.SendErrorPageHandler.handleRequest(SendErrorPageHandler.java:52) keycloak at [email protected]//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) keycloak at [email protected]//io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:275) keycloak at [email protected]//io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:79) keycloak at [email protected]//io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:134) keycloak at [email protected]//io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:131) keycloak at [email protected]//io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48) keycloak at [email protected]//io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43) keycloak at [email protected]//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1544) keycloak at [email protected]//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1544) keycloak at [email protected]//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1544) keycloak at [email protected]//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1544) keycloak at [email protected]//io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:255) keycloak at [email protected]//io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:79) keycloak at [email protected]//io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:100) keycloak at [email protected]//io.undertow.server.Connectors.executeRootHandler(Connectors.java:387) keycloak at [email protected]//io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:852) keycloak at [email protected]//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35) keycloak at [email protected]//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1990) keycloak at [email protected]//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486) keycloak at [email protected]//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377) keycloak at [email protected]//org.xnio.XnioWorker$WorkerThreadFactory$1$1.run(XnioWorker.java:1280) keycloak at java.base/java.lang.Thread.run(Thread.java:829)
When I commented out this, it seems working but it goes back to Duo page again and again.
Thank you for your help in advance.
P.S.: If I need a certificate for truststore, how can I get it?
Add an AuthnContextClassRef ?
Hi
I don't really know if I am hitting the right place but we implemented your provider and it's working great.
But on some saml client it lacks of AuthnContextClassRef information saying that the session was created using a valid SecondFactor
I honnestly don't know if it is a keycloak feature or dependent of your provider.
Thanks
Invalid redirect URI
I am getting an error": "invalid_grant", "error_description": "Invalid redirect URI https://{My IP and Port}/realms/{My realm}/login-actions/authenticate?client_id=security-admin-console&tab_id=XGWgZba-EpI'
Have you seen this before?
Thank you
WebAuthN Fails when Duo Provider is added
We are implementing hardware keys and are using an existing instance of Keycloak that is integrated with Duo using this authenticator. When we try to register or use existing WebAuthN key we receive an internal server error in the browser and the stack trace below.
Tested with Keycloak 22.0.5 and 23.0.5 and receive the same error. We have created new flows that do not include Duo and associated all of our clients with that flow, but the error is still present and prevents the WebAuthN completing. When we remove the Duo provider JAR WebAuthN works without issue.
Jan 31 12:05:28 host kc.sh[357014]: 2024-01-31 12:05:28,318 ERROR [org.keycloak.services.error.KeycloakErrorHandler] (executor-thread-3) Uncaught server error: java.lang.NoSuchMethodError: 'com.fasterxml.jackson.core.io.ContentReference com.fasterxml.jackson.dataformat.cbor.CBORFactory._createContentReference(java.lang.Object, int, int)'
Jan 31 12:05:28 host kc.sh[357014]: #011at com.fasterxml.jackson.dataformat.cbor.CBORFactory.createParser(CBORFactory.java:336)
Jan 31 12:05:28 host kc.sh[357014]: #011at com.fasterxml.jackson.dataformat.cbor.CBORFactory.createParser(CBORFactory.java:330)
Jan 31 12:05:28 host kc.sh[357014]: #011at com.fasterxml.jackson.dataformat.cbor.CBORFactory.createParser(CBORFactory.java:27)
Jan 31 12:05:28 host kc.sh[357014]: #011at com.fasterxml.jackson.databind.ObjectMapper.readValue(ObjectMapper.java:3833)
Jan 31 12:05:28 host kc.sh[357014]: #011at com.webauthn4j.converter.util.CborConverter.readValue(CborConverter.java:55)
Jan 31 12:05:28 host kc.sh[357014]: #011at org.keycloak.credential.CredentialPublicKeyConverter.convertToEntityAttribute(CredentialPublicKeyConverter.java:38)
Jan 31 12:05:28 host kc.sh[357014]: #011at org.keycloak.credential.WebAuthnCredentialProvider.getCredentialInputFromCredentialModel(WebAuthnCredentialProvider.java:154)
Jan 31 12:05:28 host kc.sh[357014]: #011at java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:197)
Jan 31 12:05:28 host kc.sh[357014]: #011at java.base/java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:179)
Jan 31 12:05:28 host kc.sh[357014]: #011at java.base/java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1625)
Jan 31 12:05:28 host kc.sh[357014]: #011at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:509)
Jan 31 12:05:28 host kc.sh[357014]: #011at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:499)
Jan 31 12:05:28 host kc.sh[357014]: #011at java.base/java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:921)
Jan 31 12:05:28 host kc.sh[357014]: #011at java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
Jan 31 12:05:28 host kc.sh[357014]: #011at java.base/java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:682)
Jan 31 12:05:28 host kc.sh[357014]: #011at org.keycloak.credential.WebAuthnCredentialProvider.getWebAuthnCredentialModelList(WebAuthnCredentialProvider.java:278)
Jan 31 12:05:28 host kc.sh[357014]: #011at org.keycloak.credential.WebAuthnCredentialProvider.isValid(WebAuthnCredentialProvider.java:188)
Jan 31 12:05:28 host kc.sh[357014]: #011at org.keycloak.credential.LegacyUserCredentialManager.lambda$validate$11(LegacyUserCredentialManager.java:255)
Jan 31 12:05:28 host kc.sh[357014]: #011at java.base/java.util.Collection.removeIf(Collection.java:576)
Jan 31 12:05:28 host kc.sh[357014]: #011at org.keycloak.credential.LegacyUserCredentialManager.validate(LegacyUserCredentialManager.java:255)
Jan 31 12:05:28 host kc.sh[357014]: #011at org.keycloak.credential.LegacyUserCredentialManager.lambda$isValid$0(LegacyUserCredentialManager.java:76)
Jan 31 12:05:28 host kc.sh[357014]: #011at java.base/java.util.stream.ForEachOps$ForEachOp$OfRef.accept(ForEachOps.java:183)
Jan 31 12:05:28 host kc.sh[357014]: #011at java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:197)
Jan 31 12:05:28 host kc.sh[357014]: #011at java.base/java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:179)
Jan 31 12:05:28 host kc.sh[357014]: #011at java.base/java.util.HashMap$ValueSpliterator.forEachRemaining(HashMap.java:1779)
Jan 31 12:05:28 host kc.sh[357014]: #011at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:509)
Jan 31 12:05:28 host kc.sh[357014]: #011at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:499)
Jan 31 12:05:28 host kc.sh[357014]: #011at java.base/java.util.stream.ForEachOps$ForEachOp.evaluateSequential(ForEachOps.java:150)
Jan 31 12:05:28 host kc.sh[357014]: #011at java.base/java.util.stream.ForEachOps$ForEachOp$OfRef.evaluateSequential(ForEachOps.java:173)
Jan 31 12:05:28 host kc.sh[357014]: #011at java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
Jan 31 12:05:28 host kc.sh[357014]: #011at java.base/java.util.stream.ReferencePipeline.forEach(ReferencePipeline.java:596)
Jan 31 12:05:28 host kc.sh[357014]: #011at org.keycloak.credential.LegacyUserCredentialManager.isValid(LegacyUserCredentialManager.java:76)
Jan 31 12:05:28 host kc.sh[357014]: #011at org.keycloak.models.SubjectCredentialManager.isValid(SubjectCredentialManager.java:45)
Jan 31 12:05:28 host kc.sh[357014]: #011at org.keycloak.authentication.authenticators.browser.WebAuthnAuthenticator.action(WebAuthnAuthenticator.java:217)
Jan 31 12:05:28 host kc.sh[357014]: #011at org.keycloak.authentication.DefaultAuthenticationFlow.processAction(DefaultAuthenticationFlow.java:154)
Jan 31 12:05:28 host kc.sh[357014]: #011at org.keycloak.authentication.AuthenticationProcessor.authenticationAction(AuthenticationProcessor.java:988)
Jan 31 12:05:28 host kc.sh[357014]: #011at org.keycloak.services.resources.LoginActionsService.processFlow(LoginActionsService.java:362)
Jan 31 12:05:28 host kc.sh[357014]: #011at org.keycloak.services.resources.LoginActionsService.processAuthentication(LoginActionsService.java:333)
Jan 31 12:05:28 host kc.sh[357014]: #011at org.keycloak.services.resources.LoginActionsService.authenticate(LoginActionsService.java:325)
Jan 31 12:05:28 host kc.sh[357014]: #011at org.keycloak.services.resources.LoginActionsService.authenticateForm(LoginActionsService.java:390)
Jan 31 12:05:28 host kc.sh[357014]: #011at org.keycloak.services.resources.LoginActionsService$quarkusrestinvoker$authenticateForm_32b8e198ac3110abd1d5774e83a4cf87858129f4.invoke(Unknown Source)
Jan 31 12:05:28 host kc.sh[357014]: #011at org.jboss.resteasy.reactive.server.handlers.InvocationHandler.handle(InvocationHandler.java:29)
Jan 31 12:05:28 host kc.sh[357014]: #011at io.quarkus.resteasy.reactive.server.runtime.QuarkusResteasyReactiveRequestContext.invokeHandler(QuarkusResteasyReactiveRequestContext.java:141)
Jan 31 12:05:28 host kc.sh[357014]: #011at org.jboss.resteasy.reactive.common.core.AbstractResteasyReactiveContext.run(AbstractResteasyReactiveContext.java:145)
Jan 31 12:05:28 host kc.sh[357014]: #011at io.quarkus.vertx.core.runtime.VertxCoreRecorder$14.runWith(VertxCoreRecorder.java:576)
Jan 31 12:05:28 host kc.sh[357014]: #011at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2513)
Jan 31 12:05:28 host kc.sh[357014]: #011at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1538)
Jan 31 12:05:28 host kc.sh[357014]: #011at org.jboss.threads.DelegatingRunnable.run(DelegatingRunnable.java:29)
Jan 31 12:05:28 host kc.sh[357014]: #011at org.jboss.threads.ThreadLocalResettingRunnable.run(ThreadLocalResettingRunnable.java:29)
Jan 31 12:05:28 host kc.sh[357014]: #011at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
Jan 31 12:05:28 host kc.sh[357014]: #011at java.base/java.lang.Thread.run(Thread.java:840)
Duo keeps sending push notification over and over and doesn't proceed after update to 1.0.4
Hi,
I recently updated from 1.0.3 to 1.0.4 but now i can't login using the push notification.
I am using the keycloak:latest_2208.0.0 docker image and when i try to login i see the following log:
2022-12-14 12:36:59.241692+00:00WARNING: An illegal reflective access operation has occurred 2022-12-14 12:36:59.241738+00:00WARNING: Illegal reflective access by retrofit2.Platform (file:/opt/keycloak/lib/../providers/DuoUniversalKeycloakAuthenticator-jar-with-dependencies-1.0.4.jar) to constructor java.lang.invoke.MethodHandles$Lookup(java.lang.Class,int) 2022-12-14 12:36:59.241759+00:00WARNING: Please consider reporting this to the maintainers of retrofit2.Platform 2022-12-14 12:36:59.241765+00:00WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations 2022-12-14 12:36:59.241777+00:00WARNING: All illegal access operations will be denied in a future release 2022-12-14 12:37:07.959043+00:002022-12-14 12:37:07,958 WARN [com.instipod.duouniversal.DuoUniversalAuthenticator] (executor-thread-11) There was a problem exchanging the Duo token. Returning start page. 2022-12-14 12:37:52.009390+00:002022-12-14 12:37:52,009 WARN [com.instipod.duouniversal.DuoUniversalAuthenticator] (executor-thread-11) There was a problem exchanging the Duo token. Returning start page. 2022-12-14 12:37:58.081778+00:002022-12-14 12:37:58,081 WARN [com.instipod.duouniversal.DuoUniversalAuthenticator] (executor-thread-11) There was a problem exchanging the Duo token. Returning start page.
the last line keeps repeating for every push.
Authenticator break WebAuthn Support with Keycloak 24.0.x
Issue:
I cannot register a new Security Key when I have this authenticator in place.
I tried creating a new container without this provider and Security registering is working again.
So something strange with dependencies is going on here.
I really like this authenticator, but still need for some users the webauthn security key possibility.
Exception:
2024-03-30 10:04:06,892 ERROR [org.keycloak.services.error.KeycloakErrorHandler] (executor-thread-2) Uncaught server error: java.lang.NoSuchMethodError: 'void com.fasterxml.jackson.core.io.IOContext.close()'
at com.fasterxml.jackson.dataformat.cbor.CBORParser.close(CBORParser.java:703)
at com.fasterxml.jackson.databind.ObjectMapper._readMapAndClose(ObjectMapper.java:4833)
at com.fasterxml.jackson.databind.ObjectMapper.readValue(ObjectMapper.java:3809)
at com.webauthn4j.converter.util.CborConverter.readValue(CborConverter.java:65)
at com.webauthn4j.converter.AttestedCredentialDataConverter.convertToCredentialPublicKey(AttestedCredentialDataConverter.java:133)
at com.webauthn4j.converter.AttestedCredentialDataConverter.convert(AttestedCredentialDataConverter.java:95)
at com.webauthn4j.converter.AuthenticatorDataConverter.convert(AuthenticatorDataConverter.java:123)
at com.webauthn4j.converter.jackson.deserializer.cbor.AuthenticatorDataDeserializer.deserialize(AuthenticatorDataDeserializer.java:52)
at com.webauthn4j.converter.jackson.deserializer.cbor.AuthenticatorDataDeserializer.deserialize(AuthenticatorDataDeserializer.java:34)
at com.fasterxml.jackson.databind.deser.SettableBeanProperty.deserialize(SettableBeanProperty.java:545)
at com.fasterxml.jackson.databind.deser.BeanDeserializer._deserializeWithErrorWrapping(BeanDeserializer.java:570)
at com.fasterxml.jackson.databind.deser.BeanDeserializer.deserializeUsingPropertyBasedWithExternalTypeId(BeanDeserializer.java:1049)
at com.fasterxml.jackson.databind.deser.BeanDeserializer.deserializeWithExternalTypeId(BeanDeserializer.java:947)
at com.fasterxml.jackson.databind.deser.BeanDeserializer.deserializeFromObject(BeanDeserializer.java:350)
at com.fasterxml.jackson.databind.deser.BeanDeserializer.deserialize(BeanDeserializer.java:185)
at com.fasterxml.jackson.databind.deser.DefaultDeserializationContext.readRootValue(DefaultDeserializationContext.java:323)
at com.fasterxml.jackson.databind.ObjectMapper._readMapAndClose(ObjectMapper.java:4825)
at com.fasterxml.jackson.databind.ObjectMapper.readValue(ObjectMapper.java:3833)
at com.webauthn4j.converter.util.CborConverter.readValue(CborConverter.java:55)
at com.webauthn4j.converter.AttestationObjectConverter.convert(AttestationObjectConverter.java:77)
at com.webauthn4j.WebAuthnRegistrationManager.parse(WebAuthnRegistrationManager.java:183)
at org.keycloak.authentication.requiredactions.WebAuthnRegister.processAction(WebAuthnRegister.java:236)
at org.keycloak.services.resources.LoginActionsService.processRequireAction(LoginActionsService.java:1116)
at org.keycloak.services.resources.LoginActionsService.requiredActionPOST(LoginActionsService.java:1051)
at org.keycloak.services.resources.LoginActionsService$quarkusrestinvoker$requiredActionPOST_677a8efd4e80bfe1b3aa5a0d6fca2043252c9624.invoke(Unknown Source)
at org.jboss.resteasy.reactive.server.handlers.InvocationHandler.handle(InvocationHandler.java:29)
at io.quarkus.resteasy.reactive.server.runtime.QuarkusResteasyReactiveRequestContext.invokeHandler(QuarkusResteasyReactiveRequestContext.java:141)
at org.jboss.resteasy.reactive.common.core.AbstractResteasyReactiveContext.run(AbstractResteasyReactiveContext.java:147)
at io.quarkus.vertx.core.runtime.VertxCoreRecorder$14.runWith(VertxCoreRecorder.java:582)
at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2513)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1538)
at org.jboss.threads.DelegatingRunnable.run(DelegatingRunnable.java:29)
at org.jboss.threads.ThreadLocalResettingRunnable.run(ThreadLocalResettingRunnable.java:29)
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
at java.base/java.lang.Thread.run(Thread.java:840)
Suppressed: java.lang.NoSuchMethodError: 'void com.fasterxml.jackson.core.io.IOContext.close()'
at com.fasterxml.jackson.dataformat.cbor.CBORParser.close(CBORParser.java:703)
at com.fasterxml.jackson.databind.ObjectMapper._readMapAndClose(ObjectMapper.java:4833)
... 18 more
WARNING: An illegal reflective access operation has occurred
When using with 18.0.0, it works as expected, but the following is logged.
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by retrofit2.Platform (file:/opt/keycloak/lib/../providers/DuoUniversalAuthenticator-1.0.3.jar) to constructor java.lang.invoke.MethodHandles$Lookup(java.lang.Class,int)
WARNING: Please consider reporting this to the maintainers of retrofit2.Platform
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
Tried out on Keycloak.X 17. ALMOST working
The plugin seemed to get me as far as approving the DUO push, but Keycloak dumps me back to "An Internal Error has occured"
Here's the output at the log for the error.
keycloak_1 | WARNING: Illegal reflective access by retrofit2.Platform (file:/opt/keycloak/lib/../providers/DuoUniversalKeycloakAuthenticator.jar) to constructor java.lang.invoke.MethodHandles$Lookup(java.lang.Class,int)
keycloak_1 | WARNING: Please consider reporting this to the maintainers of retrofit2.Platform
keycloak_1 | WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
keycloak_1 | WARNING: All illegal access operations will be denied in a future release
keycloak_1 | 2022-02-13 15:44:53,914 ERROR [org.keycloak.services.error.KeycloakErrorHandler] (executor-thread-23) Uncaught server error: java.lang.NoSuchMethodError: 'org.jboss.resteasy.spi.ResteasyUriInfo org.jboss.resteasy.spi.HttpRequest.getUri()'
keycloak_1 | at com.instipod.duouniversal.DuoUniversalAuthenticator.authenticate(DuoUniversalAuthenticator.java:140)
keycloak_1 | at org.keycloak.authentication.DefaultAuthenticationFlow.processSingleFlowExecutionModel(DefaultAuthenticationFlow.java:453)
keycloak_1 | at org.keycloak.authentication.DefaultAuthenticationFlow.processFlow(DefaultAuthenticationFlow.java:257)
keycloak_1 | at org.keycloak.authentication.DefaultAuthenticationFlow.processSingleFlowExecutionModel(DefaultAuthenticationFlow.java:396)
keycloak_1 | at org.keycloak.authentication.DefaultAuthenticationFlow.processFlow(DefaultAuthenticationFlow.java:280)
keycloak_1 | at org.keycloak.authentication.AuthenticationProcessor.authenticateOnly(AuthenticationProcessor.java:1042)
keycloak_1 | at org.keycloak.authentication.AuthenticationProcessor.authenticate(AuthenticationProcessor.java:904)
keycloak_1 | at org.keycloak.services.resources.LoginActionsService.processFlow(LoginActionsService.java:323)
keycloak_1 | at org.keycloak.services.resources.LoginActionsService.processAuthentication(LoginActionsService.java:292)
keycloak_1 | at org.keycloak.services.resources.LoginActionsService.authenticate(LoginActionsService.java:276)
keycloak_1 | at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
keycloak_1 | at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
keycloak_1 | at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
keycloak_1 | at java.base/java.lang.reflect.Method.invoke(Method.java:566)
keycloak_1 | at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:170)
keycloak_1 | at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:130)
keycloak_1 | at org.jboss.resteasy.core.ResourceMethodInvoker.internalInvokeOnTarget(ResourceMethodInvoker.java:660)
keycloak_1 | at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTargetAfterFilter(ResourceMethodInvoker.java:524)
keycloak_1 | at org.jboss.resteasy.core.ResourceMethodInvoker.lambda$invokeOnTarget$2(ResourceMethodInvoker.java:474)
keycloak_1 | at org.jboss.resteasy.core.interception.jaxrs.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:364)
keycloak_1 | at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:476)
keycloak_1 | at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:434)
keycloak_1 | at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:192)
keycloak_1 | at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:141)
keycloak_1 | at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:32)
keycloak_1 | at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:492)
keycloak_1 | at org.jboss.resteasy.core.SynchronousDispatcher.lambda$invoke$4(SynchronousDispatcher.java:261)
keycloak_1 | at org.jboss.resteasy.core.SynchronousDispatcher.lambda$preprocess$0(SynchronousDispatcher.java:161)
keycloak_1 | at org.jboss.resteasy.core.interception.jaxrs.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:364)
keycloak_1 | at org.jboss.resteasy.core.SynchronousDispatcher.preprocess(SynchronousDispatcher.java:164)
keycloak_1 | at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:247)
keycloak_1 | at io.quarkus.resteasy.runtime.standalone.RequestDispatcher.service(RequestDispatcher.java:73)
keycloak_1 | at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler.dispatch(VertxRequestHandler.java:151)
keycloak_1 | at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler.handle(VertxRequestHandler.java:82)
keycloak_1 | at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler.handle(VertxRequestHandler.java:42)
keycloak_1 | at io.vertx.ext.web.impl.RouteState.handleContext(RouteState.java:1212)
keycloak_1 | at io.vertx.ext.web.impl.RoutingContextImplBase.iterateNext(RoutingContextImplBase.java:163)
keycloak_1 | at io.vertx.ext.web.impl.RoutingContextImpl.next(RoutingContextImpl.java:141)
keycloak_1 | at io.quarkus.vertx.http.runtime.StaticResourcesRecorder$2.handle(StaticResourcesRecorder.java:67)
keycloak_1 | at io.quarkus.vertx.http.runtime.StaticResourcesRecorder$2.handle(StaticResourcesRecorder.java:55)
keycloak_1 | at io.vertx.ext.web.impl.RouteState.handleContext(RouteState.java:1212)
keycloak_1 | at io.vertx.ext.web.impl.RoutingContextImplBase.iterateNext(RoutingContextImplBase.java:163)
keycloak_1 | at io.vertx.ext.web.impl.RoutingContextImpl.next(RoutingContextImpl.java:141)
keycloak_1 | at io.quarkus.vertx.http.runtime.VertxHttpRecorder$5.handle(VertxHttpRecorder.java:362)
keycloak_1 | at io.quarkus.vertx.http.runtime.VertxHttpRecorder$5.handle(VertxHttpRecorder.java:340)
keycloak_1 | at io.vertx.ext.web.impl.RouteState.handleContext(RouteState.java:1212)
keycloak_1 | at io.vertx.ext.web.impl.RoutingContextImplBase.iterateNext(RoutingContextImplBase.java:163)
keycloak_1 | at io.vertx.ext.web.impl.RoutingContextImpl.next(RoutingContextImpl.java:141)
keycloak_1 | at org.keycloak.quarkus.runtime.integration.web.QuarkusRequestFilter.lambda$createBlockingHandler$1(QuarkusRequestFilter.java:66)
keycloak_1 | at io.vertx.core.impl.ContextImpl.lambda$null$0(ContextImpl.java:159)
keycloak_1 | at io.vertx.core.impl.AbstractContext.dispatch(AbstractContext.java:100)
keycloak_1 | at io.vertx.core.impl.ContextImpl.lambda$executeBlocking$1(ContextImpl.java:157)
keycloak_1 | at io.quarkus.vertx.core.runtime.VertxCoreRecorder$13.runWith(VertxCoreRecorder.java:543)
keycloak_1 | at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2449)
keycloak_1 | at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1478)
keycloak_1 | at org.jboss.threads.DelegatingRunnable.run(DelegatingRunnable.java:29)
keycloak_1 | at org.jboss.threads.ThreadLocalResettingRunnable.run(ThreadLocalResettingRunnable.java:29)
keycloak_1 | at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
keycloak_1 | at java.base/java.lang.Thread.run(Thread.java:829)
keycloak_1 |
keycloak_1 | 2022-02-13 15:44:54,307 WARN [io.agroal.pool] (executor-thread-23) Datasource '<default>': JDBC resources leaked: 1 ResultSet(s) and 1 Statement(s)````
Let me know if there's anything I can provide to help out!
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.