I struggle with Keycloak integration on Karaf (4.2.8) and Fuse (7.5.0). I tried integration separately on both of them and no success.
In first case, I install Fuse (7.5.0) and next I add keycloak osgi features:
feature:repo-add mvn:org.keycloak/keycloak-osgi-features/8.0.1/xml/features
feature:install keycloak-jaas
Next, I add keycloak-direct-access.json file to etc with appropriate content. To check the keycloak integration for ssh, I change the org.apache.karaf.shell and set realm to keycloak. But afterwards, I am not able to connect via client.bat using keycloak credentials. it asks for the password (even if I provide the password in the command) and after 2-3 attempts it gives the following error:
No more authentication methods available
Besides of that, when I try to use jaas:realm-manage command to get keycloak user list, if does not work and gives the following error:
Can't get the list of users (no backing engine service found)
In the second case, I install Apache Karaf (4.2.8) and the almost the same steps as above. But there it also fails.
Additionally, I check the following documentation https://github.com/jboss-fuse/karaf-quickstarts/blob/7.x.redhat-7-x/security/keycloak/fuse-keycloak.adoc . Considering that documentation I do all steps right, but for some reason it fails.
For fuse installation, I checked the logs when I tried to connect via client, and I saw the following warning there
2020-02-13 10:06:45,808 | WARN | 56c97]-nio2-thread-1 | o.a.s.s.s.ServerSessionImpl | 185 - org.apache.sshd.core - 1.7.0 | exceptionCaught(ServerSessionImpl[null#/127.0.0.1:65456])[state=Opened] IOException: The specified network name is no longer available.
Any help is appreciated. Thanks in advance,
BR,
Farid
For Fuse 7, the official quickstarts showing how to integrate Pax Web (the web layer in Fuse Karaf, based on pax-http-undertow) with Keycloak (and RH-SSO) are available in this Github repository.
The quickstarts cover scenarios related to OSGi HTTP Service, Whiteboard Service, Camel and CXF.
Additional documentation shows how to configure Keycloak instance and Fuse-Karaf itself, so SSH, JMX and Hawtio connections work with Keycloak.
Related
I am trying to deploy a Springboot based war file on Azure app services and I can see server started in logs but its returning 404 when I try to access website.
Here's what my logs looks like:-
Start up command from app service logs:-
'2022-05-09T22:17:09.766Z INFO - Starting container for site
2022-05-09T22:17:09.766Z INFO - docker run -d -p 80:80 --name testing3_0_315c5bf8 -e WEBSITE_SITE_NAME=testing3 -e WEBSITE_AUTH_ENABLED=False -e WEBSITE_ROLE_INSTANCE_ID=0 -e WEBSITE_HOSTNAME=testing3.azurewebsites.net -e WEBSITE_INSTANCE_ID=192ae7e12efabd86b8f1992c5d0955e31956c2538c35216038ae1c4c72bce58c -e HTTP_LOGGING_ENABLED=1 -e JAVA_TOOL_OPTIONS=-javaagent:/agents/java/applicationinsights-agent-codeless.jar mcr.microsoft.com/azure-app-service/java:8-jre8_191030025800'
Successful starting logs:-
'2022-05-09 22:19:49.960 INFO 123 --- [main] com.case.client : Started testing in 111.231 seconds (JVM running for 138.403)'
I tried to look for it on Stackoverflow and people suggested below things and I tried all of them but nothing is working:
Changing Always On flag to Yes.
Add PORT mapping in config but it didnt help.
Restart app couple of times.
Looks like my request is not reaching my app at all.
Does anyone know what am I doing wrong here?
I had the same issue with Spring Boot 3. This stack overflow article is 8 month old, because of that it's maybe different problem.
I contacted the Microsoft Support because locally my app runs without any problem. Only in combination with an Azure Web App Service, the application always returns HTTP 404. I deployed the application with the IntelliJ Azure plugin, with maven plugin and with Azure pipeline. No matter which way, the server always returns HTTP 404.
We can see the incoming http request in the Azure Web Service logs, but it is not delivered to the deployed application. But the Spring Boot application is up and running. I downgraded to Spring Boot 2.7.7 and the app runs without any problem on Azure App Service.
The Microsoft Support confirmed the problem with Spring Boot 3 and Azure App Service in combination with codeless Application Insights. The issue will be fixed with the next platform update mid Feb 2023.
The support has provided a workaround: manually install the Application Insights SDK (but we didn't test this yet)
There is no official article for this issue. I thought this might be a good place to announce this problem to help other developers.
Hi, I am trying to use single-sign on with keycloak and springboot 2 app
I got local keycloak setup realm and client.
I followed this example : spring-boot-keycloak-tutorial
This works fine, my issue is that I want to implement single sign on. Which means I don't want the user to login using keycloak login page.
If the users are logged in to the network (using Windows machine), and try to access the page, then they should be able to access the application without login because they are valid network users.
I don't seem to find an example on how to setup SSO and pass the credentials directly from windows to keycloak
You can configure your realm to use Kerberos user federation. This will enable SSO using the active directory.
See the official example page
You then need to make sure that your browser to support the SSO.
It turned out that the keycloak-spring-boot-adapter does not work for spring boot 2.0+
I changed my spring version to 1.5.3 instead of 2.0.5 and this solved the problem.
I am not sure if there is an alternative for spring boot 2.0
Currently I'm working on a Spring Boot 2 project where we use Heroku as our Cloud Service. We push our changes to Github and our instance on Heroku cloud gets provisioned and deployed. After participating Javaday in my city, I attended to a speech and got to know about this amazing framework, Keycloak. After some investigation, we have decided using Keycloak as our identity and access management.
From what I understand, we need to start a Keycloak standalone server as explained here https://www.keycloak.org/docs/latest/server_installation/index.html.
But the problem is, we cannot access to filesystem on Heroku instance and thus, cannot extract the Keycloak files and start the server.
I tried to follow these steps https://github.com/yurtsevich/keycloak-swarm-heroku yurtsevich has provided but I noticed that latest version of Keycloak Swarm is not compatible with Spring Boot 2.
Can we start Keycloak server on the same Heroku instance we have? I'm unable to find any solution to this at this moment.
Edit: this button from readme will deploy Keycloak on Heroku with free dynos: https://github.com/sannonaragao/keycloak-heroku
This button deploys the lastest version straight to Heroku.
https://elements.heroku.com/buttons/mieckert/keycloak-heroku
Beware! It deploys at the Performance-M dyno, you must change to free right after if you don't want to pay some use fee.
We can create restful API in spring boot jar file?
1)can we split multiple jar file in Apache server?
2) if we split multiple jar file how will identify which jar contain correct rest APIs
How spring boot jar file will work in server?
For Development Environment
You can configure ports via application.properties or via system properties.
Or with option to jvm --server.port=8081
So, there is no problem to run a few APIs on single machine with different ports.
You don't need Apache Server. Spring Boot has it's own embedded for you. So, you can easily use it.
Let's say you have two APIs.
localhost:8081 (Checkout Service)
localhost:8082 (Payment Service)
Hostname and port - it's your identification for each service.
When you trying to search something in Google.
You browser - it's a client.
And Google's servers - it's a server.
The same here. Checkout Service trying to delegate some job to Payment Service. So, Checkout Service - it's a client. And this client should know the address of Payment Service.
For Production Environment
You should think twice, how you will monitor performance, manage scalability and so on.
I need to do some processing on the endpoint classes before they can be deployed and then deploy them manually. However it seems simply having a class annotated with #ServerEndpoint in my war is enough to deploy the endpoint in Tomcat and when I try to manually deploy later obviously I can't because the URL has been deployed already. Is there any way to disable the autodiscovery of endpoints?
Looking at the source for the version I'm using - 8.0.28, there's no dedicated option. The code deploying the endpoints is in org.apache.tomcat.websocket.server.WsSci. The quickest 'shurest' hack is to put my endpoints into the javax.websocket package. I elected to use their ServerApplicationConfig hook instead which serves my purposes if with some minor issues.