Keycloak User Storage SPI for Relational Databases (Keycloak User Federation, supports postgresql, mysql, oracle and mysql)
License: Apache License 2.0
I am getting a strange error when trying to save this custom provider in KeyCloak.
2022-09-15 16:58:41,075 ERROR [org.keycloak.services.error.KeycloakErrorHandler] (executor-thread-5) Uncaught server error: com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of `java.util.ArrayList` (although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('jdbc:postgresql://localhost:5434/testdb')
at [Source: (io.quarkus.vertx.http.runtime.VertxInputStream); line: 1, column: 41] (through reference chain: org.keycloak.representations.idm.ComponentRepresentation["config"]->org.keycloak.common.util.MultivaluedHashMap["url"])
at com.fasterxml.jackson.databind.exc.MismatchedInputException.from(MismatchedInputException.java:63)
at com.fasterxml.jackson.databind.DeserializationContext.reportInputMismatch(DeserializationContext.java:1728)
at com.fasterxml.jackson.databind.DeserializationContext.handleMissingInstantiator(DeserializationContext.java:1353)
at com.fasterxml.jackson.databind.deser.std.StdDeserializer._deserializeFromString(StdDeserializer.java:311)
at com.fasterxml.jackson.databind.deser.std.StringCollectionDeserializer.handleNonArray(StringCollectionDeserializer.java:284)
at com.fasterxml.jackson.databind.deser.std.StringCollectionDeserializer.deserialize(StringCollectionDeserializer.java:192)
at com.fasterxml.jackson.databind.deser.std.StringCollectionDeserializer.deserialize(StringCollectionDeserializer.java:182)
at com.fasterxml.jackson.databind.deser.std.StringCollectionDeserializer.deserialize(StringCollectionDeserializer.java:25)
at com.fasterxml.jackson.databind.deser.std.MapDeserializer._readAndBindStringKeyMap(MapDeserializer.java:609)
at com.fasterxml.jackson.databind.deser.std.MapDeserializer.deserialize(MapDeserializer.java:437)
at com.fasterxml.jackson.databind.deser.std.MapDeserializer.deserialize(MapDeserializer.java:32)
at com.fasterxml.jackson.databind.deser.impl.MethodProperty.deserializeAndSet(MethodProperty.java:129)
at com.fasterxml.jackson.databind.deser.BeanDeserializer.vanillaDeserialize(BeanDeserializer.java:313)
at com.fasterxml.jackson.databind.deser.BeanDeserializer.deserialize(BeanDeserializer.java:176)
at com.fasterxml.jackson.databind.deser.DefaultDeserializationContext.readRootValue(DefaultDeserializationContext.java:323)
at com.fasterxml.jackson.databind.ObjectReader._bind(ObjectReader.java:2025)
at com.fasterxml.jackson.databind.ObjectReader.readValue(ObjectReader.java:1175)
at org.jboss.resteasy.plugins.providers.jackson.ResteasyJackson2Provider.readFrom(ResteasyJackson2Provider.java:193)
at org.jboss.resteasy.core.interception.jaxrs.AbstractReaderInterceptorContext.readFrom(AbstractReaderInterceptorContext.java:101)
at org.jboss.resteasy.core.interception.jaxrs.ServerReaderInterceptorContext.readFrom(ServerReaderInterceptorContext.java:63)
at org.jboss.resteasy.core.interception.jaxrs.AbstractReaderInterceptorContext.proceed(AbstractReaderInterceptorContext.java:80)
at org.jboss.resteasy.core.MessageBodyParameterInjector.inject(MessageBodyParameterInjector.java:213)
at org.jboss.resteasy.core.MethodInjectorImpl.injectArguments(MethodInjectorImpl.java:95)
at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:128)
at org.jboss.resteasy.core.ResourceMethodInvoker.internalInvokeOnTarget(ResourceMethodInvoker.java:660)
at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTargetAfterFilter(ResourceMethodInvoker.java:524)
at org.jboss.resteasy.core.ResourceMethodInvoker.lambda$invokeOnTarget$2(ResourceMethodInvoker.java:474)
at org.jboss.resteasy.core.interception.jaxrs.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:364)
at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:476)
at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:434)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:192)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:152)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:183)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:152)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:183)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:141)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:32)
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:492)
at org.jboss.resteasy.core.SynchronousDispatcher.lambda$invoke$4(SynchronousDispatcher.java:261)
at org.jboss.resteasy.core.SynchronousDispatcher.lambda$preprocess$0(SynchronousDispatcher.java:161)
at org.jboss.resteasy.core.interception.jaxrs.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:364)
at org.jboss.resteasy.core.SynchronousDispatcher.preprocess(SynchronousDispatcher.java:164)
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:247)
at io.quarkus.resteasy.runtime.standalone.RequestDispatcher.service(RequestDispatcher.java:73)
at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler.dispatch(VertxRequestHandler.java:151)
at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler.handle(VertxRequestHandler.java:82)
at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler.handle(VertxRequestHandler.java:42)
at io.vertx.ext.web.impl.RouteState.handleContext(RouteState.java:1212)
at io.vertx.ext.web.impl.RoutingContextImplBase.iterateNext(RoutingContextImplBase.java:163)
at io.vertx.ext.web.impl.RoutingContextImpl.next(RoutingContextImpl.java:141)
at io.quarkus.vertx.http.runtime.StaticResourcesRecorder$2.handle(StaticResourcesRecorder.java:67)
at io.quarkus.vertx.http.runtime.StaticResourcesRecorder$2.handle(StaticResourcesRecorder.java:55)
at io.vertx.ext.web.impl.RouteState.handleContext(RouteState.java:1212)
at io.vertx.ext.web.impl.RoutingContextImplBase.iterateNext(RoutingContextImplBase.java:163)
at io.vertx.ext.web.impl.RoutingContextImpl.next(RoutingContextImpl.java:141)
at io.quarkus.vertx.http.runtime.VertxHttpRecorder$5.handle(VertxHttpRecorder.java:380)
at io.quarkus.vertx.http.runtime.VertxHttpRecorder$5.handle(VertxHttpRecorder.java:358)
at io.vertx.ext.web.impl.RouteState.handleContext(RouteState.java:1212)
at io.vertx.ext.web.impl.RoutingContextImplBase.iterateNext(RoutingContextImplBase.java:163)
at io.vertx.ext.web.impl.RoutingContextImpl.next(RoutingContextImpl.java:141)
at org.keycloak.quarkus.runtime.integration.web.QuarkusRequestFilter.lambda$createBlockingHandler$1(QuarkusRequestFilter.java:90)
at io.vertx.core.impl.ContextImpl.lambda$null$0(ContextImpl.java:159)
at io.vertx.core.impl.AbstractContext.dispatch(AbstractContext.java:100)
at io.vertx.core.impl.ContextImpl.lambda$executeBlocking$1(ContextImpl.java:157)
at io.quarkus.vertx.core.runtime.VertxCoreRecorder$13.runWith(VertxCoreRecorder.java:545)
at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2449)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1478)
at org.jboss.threads.DelegatingRunnable.run(DelegatingRunnable.java:29)
at org.jboss.threads.ThreadLocalResettingRunnable.run(ThreadLocalResettingRunnable.java:29)
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
at java.base/java.lang.Thread.run(Thread.java:833)
Am I doing something wrong?
Thanks
Hello, looks like the module is not working in the new release of Keycloak due to the change the way de deployment is done.
Is there a plan to refactor it and make if works?
I do not see a .ear file to drag to the deployments folder? I see the ear module that has a xml file and that is all....
i try to connect keycloak to existing database with user federation jdbc, my existing db is using pbkdf2-sha256, how i write query to find salt password or how to define salt, round and key length of pbkdf2-sha256 setting
Hi
Im following the readme as im trying to build a POC using an RDS relational database and following the steps in readme copying into /providers and then running the start-dev command I get the below error
bash-5.1$ ./bin/kc.sh start-dev
Updating the configuration and installing your custom providers, if any. Please wait.
2024-03-13 17:17:22,438 INFO [io.qua.dep.QuarkusAugmentor] (main) Quarkus augmentation completed in 8813ms
Unexpected problem occured during version sanity check
Reported exception:
java.lang.AbstractMethodError: Receiver class org.slf4j.impl.JBossSlf4jServiceProvider does not define or inherit an implementation of the resolved method 'abstract java.lang.String getRequesteApiVersion()' of interface org.slf4j.spi.SLF4JServiceProvider.
at org.slf4j.LoggerFactory.versionSanityCheck(LoggerFactory.java:294)
at org.slf4j.LoggerFactory.performInitialization(LoggerFactory.java:141)
at org.slf4j.LoggerFactory.getProvider(LoggerFactory.java:418)
at org.slf4j.LoggerFactory.getILoggerFactory(LoggerFactory.java:404)
at org.slf4j.LoggerFactory.getLogger(LoggerFactory.java:353)
at org.slf4j.LoggerFactory.getLogger(LoggerFactory.java:379)
at org.jgroups.logging.Slf4jLogImpl.(Slf4jLogImpl.java:33)
at org.jgroups.logging.LogFactory.getLog(LogFactory.java:71)
at org.jgroups.conf.XmlConfigurator.(XmlConfigurator.java:25)
at org.infinispan.remoting.transport.jgroups.FileJGroupsChannelConfigurator.(FileJGroupsChannelConfigurator.java:28)
at org.infinispan.remoting.transport.jgroups.BuiltinJGroupsChannelConfigurator.(BuiltinJGroupsChannelConfigurator.java:52)
at org.infinispan.remoting.transport.jgroups.BuiltinJGroupsChannelConfigurator.loadBuiltIn(BuiltinJGroupsChannelConfigurator.java:45)
at org.infinispan.remoting.transport.jgroups.BuiltinJGroupsChannelConfigurator.TCP(BuiltinJGroupsChannelConfigurator.java:20)
at org.infinispan.configuration.parsing.Parser.addJGroupsDefaultStacksIfNeeded(Parser.java:1379)
at org.infinispan.configuration.parsing.Parser.readElement(Parser.java:82)
at org.infinispan.configuration.parsing.ParserRegistry.parseElement(ParserRegistry.java:212)
at org.infinispan.configuration.parsing.ParserRegistry.parse(ParserRegistry.java:195)
at org.infinispan.configuration.parsing.ParserRegistry.parse(ParserRegistry.java:181)
at org.infinispan.configuration.parsing.ParserRegistry.parse(ParserRegistry.java:164)
at org.infinispan.configuration.parsing.ParserRegistry.parse(ParserRegistry.java:138)
at org.keycloak.quarkus.runtime.storage.legacy.infinispan.CacheManagerFactory.startCacheManager(CacheManagerFactory.java:103)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
at java.base/java.lang.Thread.run(Thread.java:840)
2024-03-13 17:17:24,430 WARN [org.infinispan.CONFIG] (keycloak-cache-init) ISPN000569: Unable to persist Infinispan internal caches as no global state enabled
2024-03-13 17:17:24,560 INFO [org.infinispan.CONTAINER] (keycloak-cache-init) ISPN000556: Starting user marshaller 'org.infinispan.jboss.marshalling.core.JBossUserMarshaller'
2024-03-13 17:17:24,696 INFO [org.keycloak.quarkus.runtime.hostname.DefaultHostnameProvider] (main) Hostname settings: Base URL: , Hostname: , Strict HTTPS: false, Path: , Strict BackChannel: false, Admin URL: , Admin: , Port: -1, Proxied: false
2024-03-13 17:17:26,864 WARN [io.quarkus.agroal.runtime.DataSources] (JPA Startup Thread) Datasource enables XA but transaction recovery is not enabled. Please enable transaction recovery by setting quarkus.transaction-manager.enable-recovery=true, otherwise data may be lost if the application is terminated abruptly
2024-03-13 17:17:27,803 INFO [org.keycloak.connections.infinispan.DefaultInfinispanConnectionProviderFactory] (main) Node name: node_91977, Site name: null
2024-03-13 17:17:27,808 INFO [org.keycloak.broker.provider.AbstractIdentityProviderMapper] (main) Registering class org.keycloak.broker.provider.mappersync.ConfigSyncEventListener
2024-03-13 17:17:29,237 ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) ERROR: Failed to start server in (development) mode
2024-03-13 17:17:29,237 ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) ERROR: Unable to start HTTP server
2024-03-13 17:17:29,237 ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) ERROR: io.quarkus.runtime.QuarkusBindException: Port(s) already bound: 8080: Address already in use
2024-03-13 17:17:29,237 ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) ERROR: Port(s) already bound: 8080: Address already in use
2024-03-13 17:17:29,237 ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) For more details run the same command passing the '--verbose' option. Also you can use '--help' to see the details about the usage of the particular command.
Can someone help in this error please?
Hi, I'm having an issue when I try to execute "build command for keycloak 19.0.1.
First, I'm copying all jars to "providers" directory with following command:
buildah copy $buildercontainer company/keycloak/providers/singular_keycloak_database_federation "/opt/keycloak/providers/"
Then I execute build command like this:
buildah run $buildercontainer -- /opt/keycloak/bin/kc.sh "build --health-enabled=true --metrics-enabled=true --db postgres --http-relative-path /auth"
And I'm getting following errors:
ERROR: Failed to run 'build' command.
ERROR: io.quarkus.builder.BuildException: Build failure: Build failed due to errors
[error]: Build step io.quarkus.deployment.index.ApplicationArchiveBuildStep#build threw an exception: java.lang.RuntimeException: Failed to process /opt/keycloak/lib/../providers/oraclepki-19.3.0.0.jar
at io.quarkus.deployment.index.ApplicationArchiveBuildStep$2.apply(ApplicationArchiveBuildStep.java:315)
at io.quarkus.deployment.index.ApplicationArchiveBuildStep$2.apply(ApplicationArchiveBuildStep.java:309)
at java.base/java.util.HashMap.computeIfAbsent(HashMap.java:1134)
at io.quarkus.deployment.index.ApplicationArchiveBuildStep.handleJarPath(ApplicationArchiveBuildStep.java:309)
at io.quarkus.deployment.index.ApplicationArchiveBuildStep.createApplicationArchive(ApplicationArchiveBuildStep.java:213)
at io.quarkus.deployment.index.ApplicationArchiveBuildStep.scanForOtherIndexes(ApplicationArchiveBuildStep.java:154)
at io.quarkus.deployment.index.ApplicationArchiveBuildStep.build(ApplicationArchiveBuildStep.java:105)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at io.quarkus.deployment.ExtensionLoader$2.execute(ExtensionLoader.java:882)
at io.quarkus.builder.BuildContext.run(BuildContext.java:277)
at org.jboss.threads.ContextHandler$1.runWith(ContextHandler.java:18)
at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2449)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:[147]
at java.base/java.lang.Thread.run(Thread.java:829)
at org.jboss.threads.JBossThread.run(JBossThread.java:501)
Caused by: java.io.FileNotFoundException: /opt/keycloak/lib/../providers/oraclepki-19.3.0.0.jar (Too many open files)
at java.base/java.io.RandomAccessFile.open0(Native Method)
at java.base/java.io.RandomAccessFile.open(RandomAccessFile.java:345)
at java.base/java.io.RandomAccessFile.(RandomAccessFile.java:259)
at java.base/java.io.RandomAccessFile.(RandomAccessFile.java:214)
at java.base/java.util.zip.ZipFile$Source.(ZipFile.java:1305)
at java.base/java.util.zip.ZipFile$Source.get(ZipFile.java:1271)
at java.base/java.util.zip.ZipFile$CleanableResource.(ZipFile.java:733)
at java.base/java.util.zip.ZipFile$CleanableResource.get(ZipFile.java:850)
at java.base/java.util.zip.ZipFile.(ZipFile.java:248)
at java.base/java.util.zip.ZipFile.(ZipFile.java:177)
at java.base/java.util.jar.JarFile.(JarFile.java:350)
at java.base/java.util.jar.JarFile.(JarFile.java:321)
at java.base/java.util.jar.JarFile.(JarFile.java:287)
at io.quarkus.deployment.index.IndexingUtil.indexJar(IndexingUtil.java:73)
at io.quarkus.deployment.index.IndexingUtil.indexJar(IndexingUtil.java:56)
at io.quarkus.deployment.index.ApplicationArchiveBuildStep$2.apply(ApplicationArchiveBuildStep.java:313)
... 17 more
ERROR: Build failure: Build failed due to errors
[error]: Build step io.quarkus.deployment.index.ApplicationArchiveBuildStep#build threw an exception: java.lang.RuntimeException: Failed to process /opt/keycloak/lib/../providers/oraclepki-19.3.0.0.jar
at io.quarkus.deployment.index.ApplicationArchiveBuildStep$2.apply(ApplicationArchiveBuildStep.java:315)
at io.quarkus.deployment.index.ApplicationArchiveBuildStep$2.apply(ApplicationArchiveBuildStep.java:309)
at java.base/java.util.HashMap.computeIfAbsent(HashMap.java:1134)
at io.quarkus.deployment.index.ApplicationArchiveBuildStep.handleJarPath(ApplicationArchiveBuildStep.java:309)
at io.quarkus.deployment.index.ApplicationArchiveBuildStep.createApplicationArchive(ApplicationArchiveBuildStep.java:213)
at io.quarkus.deployment.index.ApplicationArchiveBuildStep.scanForOtherIndexes(ApplicationArchiveBuildStep.java:[154]
at io.quarkus.deployment.index.ApplicationArchiveBuildStep.build(ApplicationArchiveBuildStep.java:105)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at io.quarkus.deployment.ExtensionLoader$2.execute(ExtensionLoader.java:882)
at io.quarkus.builder.BuildContext.run(BuildContext.java:277)
at org.jboss.threads.ContextHandler$1.runWith(ContextHandler.java:18)
at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2449)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1478)
at java.base/java.lang.Thread.run(Thread.java:829)
at org.jboss.threads.JBossThread.run(JBossThread.java:501)
Caused by: java.io.FileNotFoundException: /opt/keycloak/lib/../providers/oraclepki-19.3.0.0.jar (Too many open files)
at java.base/java.io.RandomAccessFile.open0(Native Method)
at java.base/java.io.RandomAccessFile.open(RandomAccessFile.java:345)
at java.base/java.io.RandomAccessFile.(RandomAccessFile.java:259)
at java.base/java.io.RandomAccessFile.(RandomAccessFile.java:214)
at java.base/java.util.zip.ZipFile$Source.(ZipFile.java:1305)
at java.base/java.util.zip.ZipFile$Source.get(ZipFile.java:1271)
at java.base/java.util.zip.ZipFile$CleanableResource.(ZipFile.java:733)
at java.base/java.util.zip.ZipFile$CleanableResource.get(ZipFile.java:850)
at java.base/java.util.zip.ZipFile.(ZipFile.java:248)
at java.base/java.util.zip.ZipFile.(ZipFile.java:[177]
at java.base/java.util.jar.JarFile.(JarFile.java:350)
at java.base/java.util.jar.JarFile.(JarFile.java:321)
at java.base/java.util.jar.JarFile.(JarFile.java:287)
at io.quarkus.deployment.index.IndexingUtil.indexJar(IndexingUtil.java:73)
at io.quarkus.deployment.index.IndexingUtil.indexJar(IndexingUtil.java:56)
at io.quarkus.deployment.index.ApplicationArchiveBuildStep$2.apply(ApplicationArchiveBuildStep.java:313)
... 17 more
ERROR: Failed to process /opt/keycloak/lib/../providers/oraclepki-19.3.0.0.jar
ERROR: /opt/keycloak/lib/../providers/oraclepki-19.3.0.0.jar (Too many open files)
I don't know what is the issue here. How can I solve it?
Singular keycloak database federation is not working on keycloak docker image quay.io/keycloak/keycloak:22.0
We cannot fetch the users from mysql ! We can confirm that we can connect to it . But whenever we pull, it is saying that sync in progress.
I will reproduce the issue again and let me show u with logs and screenshots.
sorry for this naive question. I am not sure how to define the query for findBySearchTerm. Currently I am doing something like the following, but I guess it should be more powerful? Thank you in advance.
select id, username, email, first_name as "firstName",last_name as "lastName" from auth_user where username like (?)
I tried adding the jdbc driver for db2, but in the federation setup it refuses to connect to the db.
I'm new and exploring thanks :))
Is there a posibility wo work with 'default required user actions'?
For example, when a new user is created in the external db, that this user must set up OTP at the first login in keycloak?
I have already tried to set it up, but 'required user actions' is not created for newly imported users.
However, when i create a user in keycloak, that user gets the 'required user actions' for OTP.
Hi, first of all thanks for your work. It looks like Keycloak v19 is not supported. When I try to add new User Federation just unknown error is returned:
User federation provider could not be created: unknown_error
Log (with many other messages):
keycloak | 2022-08-08T12:37:45.090310671Z 2022-08-08 12:37:45,089 ERROR [org.keycloak.services.error.KeycloakErrorHandler] (executor-thread-27) Uncaught server error: java.lang.NullPointerException
keycloak | 2022-08-08T12:37:45.090348970Z at java.base/java.util.concurrent.ConcurrentHashMap.get(ConcurrentHashMap.java:936)
Just wanted to ask if there was a specific vulnerability or issue with using SQL server versions before 2012?
We have a legacy database that we've not upgraded yet and might need to use this against that database. JTDS seems to support SQL Server 2008R2, so just curious if there was a specific reason for 2012+ or was that all that was available for testing?
Thanks!
Hello,
I'm currently working on a project for keycloak utilizing sigular-keycloak-database-federation. I'll explain the setup.
I have user federation setup in a single realm - I'll call it users-apps. Inside this realm is User federation setup to our postgres database. I also have a saml IdP setup to site https://samltest.id for testing. Of the testing users, 1 user exists in our user federation. And here is the problem with that setup... on checking in user federation, the user is found, however it does not let the user in, why? Error is username or password error. Two problems there - one I don't have valid hash or bcrypt in database, there are values in our database, but on doing queries, or taking the users password from idp and crypt as bcrypt to see if there is a match, there is no match.
So the first question I have with this is, can singular-keycloak-database-federation be configured to skip checking password crypt in keycloak? I would like to avoid this error happening... is it possible. Is this related to first login flow or authentication flow in general? Is there a flow that could be established to say check user existing but not confirm the valid password set when login at IdP?
2022-11-06T18:12:43.747638906Z 2022-11-06 18:12:43,747 WARN [org.keycloak.events] (executor-thread-4207) type=IDENTITY_PROVIDER_FIRST_LOGIN_ERROR, realmId=unified-realm, clientId=e62216a7-5af9-4a25-8326-43e78e207703, userId=null, ipAddress=172.21.0.1, error=invalid_user_credentials, identity_provider=samltest.id, auth_method=openid-connect, redirect_uri=http://openid-connect-client3.mykdm.dev.local:3001/cb, identity_provider_identity=rick, code_id=eca55026-39d1-4c24-b8f5-38fcdc28dc26, authSessionParentId=eca55026-39d1-4c24-b8f5-38fcdc28dc26, authSessionTabId=ajUbfcsbtJQ
The user above doesn't exist in our database - therefore invalid username/password is correct error.
2022-11-06T18:11:22.372738086Z 2022-11-06 18:11:22,372 WARN [org.keycloak.events] (executor-thread-4190) type=IDENTITY_PROVIDER_FIRST_LOGIN_ERROR, realmId=unified-realm, clientId=63ce37f4-6473-4c88-8d7f-29430675bb56, userId=null, ipAddress=172.21.0.1, error=invalid_user_credentials, identity_provider=samltest.id, auth_method=openid-connect, redirect_uri=http://openid-connect-client3.mykdm.dev.local:3001/cb, identity_provider_identity=morty, code_id=a6e4e304-2c27-4e08-94d2-dd3896f5f44d, authSessionParentId=a6e4e304-2c27-4e08-94d2-dd3896f5f44d, authSessionTabId=y7vTsN0CkY8
This user above "DOES" exist in our database - however on keycloak check of password - it fails.
Another point with setup - in federation - I have explicit blanked out the section of hash_pwd return from database - there is no value there. However looking directly at the user in keycloak and seeing the credentials:
Supported User Storage Credential Types
Type | Provided By
password | kdm-postgres-dev
Supported User Storage Credential Types
Type Provided By
password kdm-postgres-dev
Which it isn't because its blank.
Any help on this would be greatly appreciated. I would like to figure out how I can get the IdP user through to client application without checking the stored password? if possible.
Thanks
Ryan
Hi there,
First of all, thank you so much for creating such a wonderful library for keycloak and sharing it. I have been using this for a while now with keycloak 18 but when I updated it to keycloak 20.0.1, I am getting error when I am searching for any user from keycloak users search page. Here is the error I am getting in keycloak logs. Would be nice to get a fix for this.
2022-12-12 17:03:24,289 INFO [com.zaxxer.hikari.HikariDataSource] (executor-thread-14) SINGULAR-USER-PROVIDER-test12-12-2022 17:03:24 - Starting... 2022-12-12 17:03:24,490 INFO [com.zaxxer.hikari.HikariDataSource] (executor-thread-14) SINGULAR-USER-PROVIDER-test12-12-2022 17:03:24 - Start completed. 2022-12-12 17:03:24,491 ERROR [io.quarkus.vertx.http.runtime.QuarkusErrorHandler] (executor-thread-14) HTTP Request to /admin/realms/master/admin-ui-brute-force-user?briefRepresentation=true&first=0&max=11&search=test failed, error id: d47109e6-ff54-4abe-aa24-b574321e0cab-2: java.lang.AbstractMethodError: Receiver class org.opensingular.dbuserprovider.DBUserStorageProvider does not define or inherit an implementation of the resolved method 'abstract java.util.stream.Stream searchForUserStream(org.keycloak.models.RealmModel, java.lang.String, java.lang.Integer, java.lang.Integer)' of interface org.keycloak.storage.user.UserQueryProvider. at org.keycloak.storage.UserStorageManager.lambda$searchForUserStream$24(UserStorageManager.java:443) at org.keycloak.storage.UserStorageManager.lambda$query$10(UserStorageManager.java:254) at java.base/java.util.stream.ReferencePipeline$7$1.accept(ReferencePipeline.java:271) at java.base/java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:177) at java.base/java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:177) at java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:195) at java.base/java.util.ArrayList.forEach(ArrayList.java:1541) at java.base/java.util.stream.SortedOps$RefSortingSink.end(SortedOps.java:395) at java.base/java.util.stream.Sink$ChainedReference.end(Sink.java:258) at java.base/java.util.stream.Sink$ChainedReference.end(Sink.java:258) at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:485) at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:474) at java.base/java.util.stream.StreamSpliterators$WrappingSpliterator.forEachRemaining(StreamSpliterators.java:312) at java.base/java.util.stream.Streams$ConcatSpliterator.forEachRemaining(Streams.java:735) at java.base/java.util.stream.Streams$ConcatSpliterator.forEachRemaining(Streams.java:734) at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:484) at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:474) at java.base/java.util.stream.ForEachOps$ForEachOp.evaluateSequential(ForEachOps.java:150) at java.base/java.util.stream.ForEachOps$ForEachOp$OfRef.evaluateSequential(ForEachOps.java:173) at java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234) at java.base/java.util.stream.ReferencePipeline.forEachOrdered(ReferencePipeline.java:502) at com.fasterxml.jackson.datatype.jdk8.StreamSerializer.serialize(StreamSerializer.java:71) at com.fasterxml.jackson.datatype.jdk8.StreamSerializer.serialize(StreamSerializer.java:15) at com.fasterxml.jackson.databind.ser.DefaultSerializerProvider._serialize(DefaultSerializerProvider.java:480) at com.fasterxml.jackson.databind.ser.DefaultSerializerProvider.serializeValue(DefaultSerializerProvider.java:400) at com.fasterxml.jackson.databind.ObjectWriter$Prefetch.serialize(ObjectWriter.java:1514) at com.fasterxml.jackson.databind.ObjectWriter.writeValue(ObjectWriter.java:1007) at org.jboss.resteasy.plugins.providers.jackson.ResteasyJackson2Provider.writeTo(ResteasyJackson2Provider.java:345) at org.jboss.resteasy.core.interception.jaxrs.ServerWriterInterceptorContext.lambda$writeTo$1(ServerWriterInterceptorContext.java:79) at io.quarkus.resteasy.runtime.standalone.VertxHttpRequest$VertxExecutionContext.executeBlockingIo(VertxHttpRequest.java:251) at org.jboss.resteasy.core.interception.jaxrs.ServerWriterInterceptorContext.writeTo(ServerWriterInterceptorContext.java:79) at org.jboss.resteasy.core.interception.jaxrs.AbstractWriterInterceptorContext.syncProceed(AbstractWriterInterceptorContext.java:245) at org.jboss.resteasy.core.interception.jaxrs.AbstractWriterInterceptorContext.proceed(AbstractWriterInterceptorContext.java:224) at org.keycloak.quarkus.runtime.integration.jaxrs.TransactionalResponseInterceptor.aroundWriteTo(TransactionalResponseInterceptor.java:41) at org.jboss.resteasy.core.interception.jaxrs.AbstractWriterInterceptorContext.syncProceed(AbstractWriterInterceptorContext.java:254) at org.jboss.resteasy.core.interception.jaxrs.AbstractWriterInterceptorContext.getStarted(AbstractWriterInterceptorContext.java:170) at org.jboss.resteasy.core.interception.jaxrs.ServerWriterInterceptorContext.lambda$getStarted$0(ServerWriterInterceptorContext.java:73) at org.jboss.resteasy.core.interception.jaxrs.ServerWriterInterceptorContext.aroundWriteTo(ServerWriterInterceptorContext.java:93) at org.jboss.resteasy.core.interception.jaxrs.ServerWriterInterceptorContext.getStarted(ServerWriterInterceptorContext.java:73) at org.jboss.resteasy.core.ServerResponseWriter.lambda$writeNomapResponse$3(ServerResponseWriter.java:163) at org.jboss.resteasy.core.interception.jaxrs.ContainerResponseContextImpl.filter(ContainerResponseContextImpl.java:410) at org.jboss.resteasy.core.ServerResponseWriter.executeFilters(ServerResponseWriter.java:252) at org.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:101) at org.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:74) at org.jboss.resteasy.core.SynchronousDispatcher.writeResponse(SynchronousDispatcher.java:594) at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:524) at org.jboss.resteasy.core.SynchronousDispatcher.lambda$invoke$4(SynchronousDispatcher.java:261) at org.jboss.resteasy.core.SynchronousDispatcher.lambda$preprocess$0(SynchronousDispatcher.java:161) at org.jboss.resteasy.core.interception.jaxrs.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:364) at org.jboss.resteasy.core.SynchronousDispatcher.preprocess(SynchronousDispatcher.java:164) at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:247) at io.quarkus.resteasy.runtime.standalone.RequestDispatcher.service(RequestDispatcher.java:73) at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler.dispatch(VertxRequestHandler.java:151) at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler.handle(VertxRequestHandler.java:82) at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler.handle(VertxRequestHandler.java:42) at io.vertx.ext.web.impl.RouteState.handleContext(RouteState.java:1284) at io.vertx.ext.web.impl.RoutingContextImplBase.iterateNext(RoutingContextImplBase.java:173) at io.vertx.ext.web.impl.RoutingContextImpl.next(RoutingContextImpl.java:140) at io.quarkus.vertx.http.runtime.StaticResourcesRecorder$2.handle(StaticResourcesRecorder.java:84) at io.quarkus.vertx.http.runtime.StaticResourcesRecorder$2.handle(StaticResourcesRecorder.java:71) at io.vertx.ext.web.impl.RouteState.handleContext(RouteState.java:1284) at io.vertx.ext.web.impl.RoutingContextImplBase.iterateNext(RoutingContextImplBase.java:173) at io.vertx.ext.web.impl.RoutingContextImpl.next(RoutingContextImpl.java:140) at io.quarkus.vertx.http.runtime.VertxHttpRecorder$6.handle(VertxHttpRecorder.java:430) at io.quarkus.vertx.http.runtime.VertxHttpRecorder$6.handle(VertxHttpRecorder.java:408) at io.vertx.ext.web.impl.RouteState.handleContext(RouteState.java:1284) at io.vertx.ext.web.impl.RoutingContextImplBase.iterateNext(RoutingContextImplBase.java:173) at io.vertx.ext.web.impl.RoutingContextImpl.next(RoutingContextImpl.java:140) at org.keycloak.quarkus.runtime.integration.web.QuarkusRequestFilter.lambda$createBlockingHandler$0(QuarkusRequestFilter.java:82) at io.quarkus.vertx.core.runtime.VertxCoreRecorder$14.runWith(VertxCoreRecorder.java:564) at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2449) at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1478) at org.jboss.threads.DelegatingRunnable.run(DelegatingRunnable.java:29) at org.jboss.threads.ThreadLocalResettingRunnable.run(ThreadLocalResettingRunnable.java:29) at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) at java.base/java.lang.Thread.run(Thread.java:829)
Hello. I'm using MSSQL configurations in multiple realms. Whenever I save one configuration (i.e. change the destination table), it changes it in all realms so that the users are the same in each realm. Expected behaviour was that unique connections using this federation from different realms would show unique sets of users from different tables.
2023-04-26 09:58:14,771 ERROR [org.keycloak.services.error.KeycloakErrorHandler] (executor-thread-4) Uncaught server error: com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of java.util.ArrayList (although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('jdbc:jtds:sqlserver://server-name/database_name;instance=instance_name')
at [Source: (io.quarkus.vertx.http.runtime.VertxInputStream); line: 1, column: 30] (through reference chain: org.keycloak.representations.idm.ComponentRepresentation["config"]->org.keycloak.common.util.MultivaluedHashMap["url"])
at com.fasterxml.jackson.databind.exc.MismatchedInputException.from(MismatchedInputException.java:63)
at com.fasterxml.jackson.databind.DeserializationContext.reportInputMismatch(DeserializationContext.java:1728)
at com.fasterxml.jackson.databind.DeserializationContext.handleMissingInstantiator(DeserializationContext.java:1353)
at com.fasterxml.jackson.databind.deser.std.StdDeserializer._deserializeFromString(StdDeserializer.java:311)
at com.fasterxml.jackson.databind.deser.std.StringCollectionDeserializer.handleNonArray(StringCollectionDeserializer.java:284)
at com.fasterxml.jackson.databind.deser.std.StringCollectionDeserializer.deserialize(StringCollectionDeserializer.java:192)
at com.fasterxml.jackson.databind.deser.std.StringCollectionDeserializer.deserialize(StringCollectionDeserializer.java:182)
at com.fasterxml.jackson.databind.deser.std.StringCollectionDeserializer.deserialize(StringCollectionDeserializer.java:25)
at com.fasterxml.jackson.databind.deser.std.MapDeserializer._readAndBindStringKeyMap(MapDeserializer.java:609)
at com.fasterxml.jackson.databind.deser.std.MapDeserializer.deserialize(MapDeserializer.java:437)
at com.fasterxml.jackson.databind.deser.std.MapDeserializer.deserialize(MapDeserializer.java:32)
at com.fasterxml.jackson.databind.deser.impl.MethodProperty.deserializeAndSet(MethodProperty.java:129)
at com.fasterxml.jackson.databind.deser.BeanDeserializer.vanillaDeserialize(BeanDeserializer.java:313)
at com.fasterxml.jackson.databind.deser.BeanDeserializer.deserialize(BeanDeserializer.java:176)
at com.fasterxml.jackson.databind.deser.DefaultDeserializationContext.readRootValue(DefaultDeserializationContext.java:323)
at com.fasterxml.jackson.databind.ObjectReader._bind(ObjectReader.java:2025)
at com.fasterxml.jackson.databind.ObjectReader.readValue(ObjectReader.java:1175)
at org.jboss.resteasy.plugins.providers.jackson.ResteasyJackson2Provider.readFrom(ResteasyJackson2Provider.java:193)
at org.jboss.resteasy.core.interception.jaxrs.AbstractReaderInterceptorContext.readFrom(AbstractReaderInterceptorContext.java:101)
at org.jboss.resteasy.core.interception.jaxrs.ServerReaderInterceptorContext.readFrom(ServerReaderInterceptorContext.java:63)
at org.jboss.resteasy.core.interception.jaxrs.AbstractReaderInterceptorContext.proceed(AbstractReaderInterceptorContext.java:80)
at org.jboss.resteasy.core.MessageBodyParameterInjector.inject(MessageBodyParameterInjector.java:213)
at org.jboss.resteasy.core.MethodInjectorImpl.injectArguments(MethodInjectorImpl.java:95)
at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:128)
at org.jboss.resteasy.core.ResourceMethodInvoker.internalInvokeOnTarget(ResourceMethodInvoker.java:660)
at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTargetAfterFilter(ResourceMethodInvoker.java:524)
at org.jboss.resteasy.core.ResourceMethodInvoker.lambda$invokeOnTarget$2(ResourceMethodInvoker.java:474)
at org.jboss.resteasy.core.interception.jaxrs.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:364)
at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:476)
at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:434)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:192)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:152)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:183)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:152)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:183)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:141)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:32)
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:492)
at org.jboss.resteasy.core.SynchronousDispatcher.lambda$invoke$4(SynchronousDispatcher.java:261)
at org.jboss.resteasy.core.SynchronousDispatcher.lambda$preprocess$0(SynchronousDispatcher.java:161)
at org.jboss.resteasy.core.interception.jaxrs.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:364)
at org.jboss.resteasy.core.SynchronousDispatcher.preprocess(SynchronousDispatcher.java:164)
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:247)
at io.quarkus.resteasy.runtime.standalone.RequestDispatcher.service(RequestDispatcher.java:73)
at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler.dispatch(VertxRequestHandler.java:151)
at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler.handle(VertxRequestHandler.java:82)
at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler.handle(VertxRequestHandler.java:42)
at io.vertx.ext.web.impl.RouteState.handleContext(RouteState.java:1212)
at io.vertx.ext.web.impl.RoutingContextImplBase.iterateNext(RoutingContextImplBase.java:163)
at io.vertx.ext.web.impl.RoutingContextImpl.next(RoutingContextImpl.java:141)
at io.quarkus.vertx.http.runtime.StaticResourcesRecorder$2.handle(StaticResourcesRecorder.java:67)
at io.quarkus.vertx.http.runtime.StaticResourcesRecorder$2.handle(StaticResourcesRecorder.java:55)
at io.vertx.ext.web.impl.RouteState.handleContext(RouteState.java:1212)
at io.vertx.ext.web.impl.RoutingContextImplBase.iterateNext(RoutingContextImplBase.java:163)
at io.vertx.ext.web.impl.RoutingContextImpl.next(RoutingContextImpl.java:141)
at io.quarkus.vertx.http.runtime.VertxHttpRecorder$5.handle(VertxHttpRecorder.java:380)
at io.quarkus.vertx.http.runtime.VertxHttpRecorder$5.handle(VertxHttpRecorder.java:358)
at io.vertx.ext.web.impl.RouteState.handleContext(RouteState.java:1212)
at io.vertx.ext.web.impl.RoutingContextImplBase.iterateNext(RoutingContextImplBase.java:163)
at io.vertx.ext.web.impl.RoutingContextImpl.next(RoutingContextImpl.java:141)
at org.keycloak.quarkus.runtime.integration.web.QuarkusRequestFilter.lambda$createBlockingHandler$1(QuarkusRequestFilter.java:90)
at io.vertx.core.impl.ContextImpl.lambda$null$0(ContextImpl.java:159)
at io.vertx.core.impl.AbstractContext.dispatch(AbstractContext.java:100)
at io.vertx.core.impl.ContextImpl.lambda$executeBlocking$1(ContextImpl.java:157)
at io.quarkus.vertx.core.runtime.VertxCoreRecorder$13.runWith(VertxCoreRecorder.java:545)
at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2449)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1478)
at org.jboss.threads.DelegatingRunnable.run(DelegatingRunnable.java:29)
at org.jboss.threads.ThreadLocalResettingRunnable.run(ThreadLocalResettingRunnable.java:29)
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
at java.base/java.lang.Thread.run(Thread.java:829)
The server is running and the same configuration of singular-db-provider into other instalation (not dockerized) works well.
2022-11-28 14:52:09,103 ERROR [com.zaxxer.hikari.pool.HikariPool] (executor-thread-38) SINGULAR-USER-PROVIDER-singular-db-user-provider28-11-2022 14:51:32 - Exception during pool initialization.: java.sql.SQLException: Login timed out
Thanks
2023-07-19 19:30:49,390 ERROR [org.keycloak.services.error.KeycloakErrorHandler] (executor-thread-6) Uncaught server error: java.lang.AbstractMethodError: Receiver class org.opensingular.dbuserprovider.DBUserStorageProvider does not define or inherit an implementation of the resolved method 'abstract org.keycloak.models.UserModel getUserByUsername(org.keycloak.models.RealmModel, java.lang.String)' of interface org.keycloak.storage.user.UserLookupProvider.
at org.keycloak.storage.UserStorageManager.lambda$getUserByUsername$16(UserStorageManager.java:334)
at org.keycloak.utils.ServicesUtils.lambda$timeBoundOne$1(ServicesUtils.java:84)
at java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:197)
at java.base/java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:179)
at java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:197)
at java.base/java.util.stream.SortedOps$RefSortingSink.end(SortedOps.java:400)
at java.base/java.util.stream.Sink$ChainedReference.end(Sink.java:258)
at java.base/java.util.stream.Sink$ChainedReference.end(Sink.java:258)
at java.base/java.util.stream.AbstractPipeline.copyIntoWithCancel(AbstractPipeline.java:528)
at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:513)
at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:499)
at java.base/java.util.stream.FindOps$FindOp.evaluateSequential(FindOps.java:150)
at java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
at java.base/java.util.stream.ReferencePipeline.findFirst(ReferencePipeline.java:647)
at org.keycloak.storage.UserStorageManager.getUserByUsername(UserStorageManager.java:334)
at org.keycloak.models.cache.infinispan.UserCacheSession.getUserByUsername(UserCacheSession.java:269)
at org.keycloak.models.utils.KeycloakModelUtils.findUserByNameOrEmail(KeycloakModelUtils.java:248)
at org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator.getUserFromForm(AbstractUsernameFormAuthenticator.java:188)
at org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator.getUser(AbstractUsernameFormAuthenticator.java:167)
at org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator.validateUserAndPassword(AbstractUsernameFormAuthenticator.java:148)
at org.keycloak.authentication.authenticators.browser.UsernamePasswordForm.validateForm(UsernamePasswordForm.java:55)
at org.keycloak.authentication.authenticators.browser.UsernamePasswordForm.action(UsernamePasswordForm.java:48)
at org.keycloak.authentication.DefaultAuthenticationFlow.processAction(DefaultAuthenticationFlow.java:154)
at org.keycloak.authentication.AuthenticationProcessor.authenticationAction(AuthenticationProcessor.java:986)
at org.keycloak.services.resources.LoginActionsService.processFlow(LoginActionsService.java:323)
at org.keycloak.services.resources.LoginActionsService.processAuthentication(LoginActionsService.java:294)
at org.keycloak.services.resources.LoginActionsService.authenticateInternal(LoginActionsService.java:286)
at org.keycloak.services.resources.LoginActionsService.access$100(LoginActionsService.java:111)
at org.keycloak.services.resources.LoginActionsService$1.runInternal(LoginActionsService.java:266)
at org.keycloak.common.util.ResponseSessionTask.run(ResponseSessionTask.java:67)
at org.keycloak.common.util.ResponseSessionTask.run(ResponseSessionTask.java:44)
at org.keycloak.models.utils.KeycloakModelUtils.runJobInRetriableTransaction(KeycloakModelUtils.java:299)
at org.keycloak.services.resources.LoginActionsService.authenticate(LoginActionsService.java:259)
at org.keycloak.services.resources.LoginActionsService.authenticateForm(LoginActionsService.java:351)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:568)
at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:170)
at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:130)
at org.jboss.resteasy.core.ResourceMethodInvoker.internalInvokeOnTarget(ResourceMethodInvoker.java:660)
at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTargetAfterFilter(ResourceMethodInvoker.java:524)
at org.jboss.resteasy.core.ResourceMethodInvoker.lambda$invokeOnTarget$2(ResourceMethodInvoker.java:474)
at org.jboss.resteasy.core.interception.jaxrs.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:364)
at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:476)
at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:434)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:192)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:141)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:32)
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:492)
at org.jboss.resteasy.core.SynchronousDispatcher.lambda$invoke$4(SynchronousDispatcher.java:261)
at org.jboss.resteasy.core.SynchronousDispatcher.lambda$preprocess$0(SynchronousDispatcher.java:161)
at org.jboss.resteasy.core.interception.jaxrs.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:364)
at org.jboss.resteasy.core.SynchronousDispatcher.preprocess(SynchronousDispatcher.java:164)
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:247)
at io.quarkus.resteasy.runtime.standalone.RequestDispatcher.service(RequestDispatcher.java:73)
at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler.dispatch(VertxRequestHandler.java:151)
at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler.handle(VertxRequestHandler.java:82)
at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler.handle(VertxRequestHandler.java:42)
at io.vertx.ext.web.impl.RouteState.handleContext(RouteState.java:1284)
at io.vertx.ext.web.impl.RoutingContextImplBase.iterateNext(RoutingContextImplBase.java:173)
at io.vertx.ext.web.impl.RoutingContextImpl.next(RoutingContextImpl.java:140)
at io.quarkus.vertx.http.runtime.StaticResourcesRecorder$2.handle(StaticResourcesRecorder.java:84)
at io.quarkus.vertx.http.runtime.StaticResourcesRecorder$2.handle(StaticResourcesRecorder.java:71)
at io.vertx.ext.web.impl.RouteState.handleContext(RouteState.java:1284)
at io.vertx.ext.web.impl.RoutingContextImplBase.iterateNext(RoutingContextImplBase.java:173)
at io.vertx.ext.web.impl.RoutingContextImpl.next(RoutingContextImpl.java:140)
at io.quarkus.vertx.http.runtime.VertxHttpRecorder$6.handle(VertxHttpRecorder.java:430)
at io.quarkus.vertx.http.runtime.VertxHttpRecorder$6.handle(VertxHttpRecorder.java:408)
at io.vertx.ext.web.impl.RouteState.handleContext(RouteState.java:1284)
at io.vertx.ext.web.impl.RoutingContextImplBase.iterateNext(RoutingContextImplBase.java:173)
at io.vertx.ext.web.impl.RoutingContextImpl.next(RoutingContextImpl.java:140)
at org.keycloak.quarkus.runtime.integration.web.QuarkusRequestFilter.lambda$createBlockingHandler$0(QuarkusRequestFilter.java:82)
at io.quarkus.vertx.core.runtime.VertxCoreRecorder$14.runWith(VertxCoreRecorder.java:576)
at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2449)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1478)
at org.jboss.threads.DelegatingRunnable.run(DelegatingRunnable.java:29)
at org.jboss.threads.ThreadLocalResettingRunnable.run(ThreadLocalResettingRunnable.java:29)
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
at java.base/java.lang.Thread.run(Thread.java:833)
Hello, I was going to ask this here, if it is even possible to use this extension. The client application has web-constraints/auth-constraints roles-names in place for resources of the application. Those Roles are currently stored in database and can be selected with SQL query. In looking at singular-keycloak-database-federation it does say in the sql query help sections that you can pull those attributes:
Select to query all users you must return at least: "id". "username", "email" (optional), "firstName" (optional), "lastName" (optional). Any other parameter can be mapped by aliases to a realm scope
The select I have written as an example is:
select u.user_id as "id", u.user_name as "username", u.email_addr as "email", substr(u.full_name, 1, instr(u.full_name, ' ')-1) as "firstName", substr(u.full_name, instr(u.full_name, ' ')+1) as "lastName", r.role_name as "Roles"
from MY_USER u left outer join my_user_role ur on ur.user_id = u.user_id left outer join my_role r on r.role_id = ur.role_id where u.active_ind = 'Y' order by u.user_id
On inspection of a user searched for: the Roles are mapped to the user in the user's attributes section.
The issue is, how do I then pull those Roles as either realm_access.roles or realm_access.${client_id}.roles?
Is this the best way to handle roles from a database? Is there another extension that should be used?
When attempting to add a provider using this SPI in version 19.0.2 Keycloak shows "User federation provider could not be created: unknown_error"
With Keycloak 20 there is an exception:
keycloak | 2022-12-05T13:38:17.904952866Z 2022-12-05 13:38:17,903 ERROR [org.keycloak.services.error.KeycloakErrorHandler] (executor-thread-11) Uncaught server error: java.lang.AbstractMethodError: Receiver class org.opensingular.dbuserprovider.DBUserStorageProvider does not define or inherit an implementation of the resolved method 'abstract org.keycloak.models.UserModel getUserByUsername(org.keycloak.models.RealmModel, java.lang.String)' of interface org.keycloak.storage.user.UserLookupProvider.
There is a change:
public UserModel getUserByUsername(String username, RealmModel realm) {
should be (RealmModel as first argument - see https://github.com/keycloak/keycloak/blob/59ccae76cbff6ffef6cc8286b557d6fea93a2aa4/server-spi/src/main/java/org/keycloak/storage/user/UserLookupProvider.java#L58):
UserModel getUserByUsername(RealmModel realm, String username);
But yes, in documentation there is still (see https://www.keycloak.org/docs/latest/server_development/#userlookupprovider-implementation):
public UserModel getUserByUsername(String username, RealmModel realm) {
Same change have other methods in that interface. It was already deprecated in version 19.
I am using PostgreSQL and has this string:
select account_id AS id, username, email, firstname, lastname, created AS cpf, firstname || ' ' || lastname AS fullname from account where account_id::text = ?
The id, username and email is mapped fine. But firstname, lastname and created is not ?
Hi there, Thank you so much for such a great project. I am using this provider to connect PostgrSQL database with large user database. Found few issue in this but major one is that it fetches only 18 users from the pg database and the pagination to fetch more users doesn't work. Could you provide instructions to use search feature. Thanks
Hello, I'm trying to have a user attribute I have named Roles. From the saml IdP we pull in roles or role and place the value in user_storage under Roles. I also have singular-keycloak-database-federation in use to pull values into keycloak, including what my company uses as application roles. Here is where my problem lies... On initiating connection to IdP from application, I log in, and then I'm redirected back to my application. I have a testing application that displays the information of the openid user_information, token, etc ( openid-connect-client ). Anyways, the problem I'm having is the values from the IdP and the DB are not merged together. For the IdP the value returned shows values separated in json array. However the values from the database, because of multivalued are shown as a long string of "roles" separated by ## values. Example:
"roles": [
"Role1",
"Role2##Role3##Role4##Role5",
"Role6"
]
What I was expecting was:
"roles": [
"Role1",
"Role2",
"Role3",
"Role4",
"Role5",
"Role6"
]
Is this an issue with keycloak 20? Is this something I have done wrong/incorrect? Please advise.
Hi. I am using keycloak server with django + postgresql DB. I am able to connect with the database but the password hashing algorithm used by Django is PBKDF2 with a SHA256 hash. I would like to add this feature. I am an amateur when it comes to spring boot and keycloak. Can you guys please elaborate upon the following issues:
Hi,
we have found issues with keycloak 19, once installed and working :
25 12:07:24,689 ERROR [org.keycloak.services.error.KeycloakErrorHandler] (executor-thread-5) Uncaught server error: com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of java.util.ArrayList (although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('jdbc:jtds:sqlserver://server-name/database_name;instance=instance_name')
at [Source: (io.quarkus.vertx.http.runtime.VertxInputStream); line: 1, column: 45] (through reference chain: org.keycloak.representations.idm.ComponentRepresentation["config"]->org.keycloak.common.util.MultivaluedHashMap["url"])
at com.fasterxml.jackson.databind.exc.MismatchedInputException.from(MismatchedInputException.java:63)
at com.fasterxml.jackson.databind.DeserializationContext.reportInputMismatch(DeserializationContext.java:1728)
It happens when saving information into Add singular-db-user-provider provider option.
Regards
I am having trouble finding out how to install this in KeyCloak. Am I missing something from the doumentation?
Hello,
Was working with keycloak 18 previously and this provider/extension was working perfect! However, I have now switch my dev setup to keycloak 19.0.3 ( latest ) and have placed the jar packages in /opt/keycloak/providers under keycloak 19.0.3. On running start-dev, I see under user federation the singular-keycloak-database-federation. I go to try and setup 1 to either postgres or oracle and on placing the same parameters within it, on hitting save I get a "unknown_error" displayed from keycloak 19.0.3.
Is this provider/extension compatible with 19.0.3? Should I be compiling the extension with keycloak 19.0.3 set in pom.xml ( out of the box/git pull keycloak version is set to 17.0.1
Please advise
Hi there!
I was able to implement your federation SPI and everything went fine connecting to a remote MySql instance and retrieving the users stored there.
I've only one question, are the users supposed to be copied locally in the Keycloak database? I've replaced the H2 default database with a Mysql one and I can see the users in the FEDERATED_USER table, but when I try to login I keep getting "user not found error".
Is there something I'm missing with the authentication?
There are 2 realms:
After updating one realm's User federation settings, another one's users password becomes 'admin'
does anyone else have the problem with the message: Synchronization ignored as it's already in progress?
Keycloak version: 20.0.3
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.