Docs: server_admin/topics/overview.adoc #29435
Assignees
Labels
area/authentication
Indicates an issue on Authentication area
kind/bug
Categorizes a PR related to a bug
status/triage
team/core-clients
Comments
keycloak-github-bot
bot
added
area/authentication
|
I cannot reproduce this. I have just download 24.0.4, unzipped it, run in develompemnt, activate user registration, logout and click register. The page is correctly shown as expected. Can you please elaborate how we can test this? |
keycloak-github-bot
bot
added
status/auto-expire
and removed
status/triage
action/missing-info
labels
|
Thanks for reporting this issue, but there is insufficient information or lack of steps to reproduce. Please provide additional details, otherwise this issue will be automatically closed within 14 days. |
|
Thanks a lot.
So it has to be related to my own configuration.
Could you please suggest what to check in my configuration?, which could lead to this?
I have reproduced the issue with master realm where I have changed almost nothing.
Please noticed I have enabled preview features, because I need token-exchange for social login. And token exchange needs fine-grained-admin-permissions.
I will proceed to disable those and let you know if the error persist in a few minutes.
Att,
John A. Espinal A.
… On 10/05/2024, at 11:03 AM, Ricardo Martin ***@***.***> wrote:
I cannot reproduce this. I have just download 24.0.4, unzipped it, run in develompemnt, activate user registration, logout and click register. The page is correctly shown as expected. Can you please elaborate how we can test this?
—
Reply to this email directly, view it on GitHub <#29435 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/BCAXCY2JO6YHA56B7MMFDXDZBTOS3AVCNFSM6AAAAABHPXEGBOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCMBUG43DQMZZHA>.
You are receiving this because you authored the thread.
|
keycloak-github-bot
bot
added
status/triage
and removed
status/missing-information
status/auto-expire
labels
|
Many Thanks Ricardo for your answer.
To send you more information I have tried disabling preview features. But the problem persist. This is what I did:
***@***.***:/opt/keycloak-24.0.4/bin# ./kc.sh build --features-disabled="preview"
Updating the configuration and installing your custom providers, if any. Please wait.
2024-05-10 15:36:14,872 WARN [org.key.qua.run.cli.Picocli] (main) The following run time non-cli options were found, but will be ignored during build time: kc.db-url, kc.db-username, kc.db-password, kc.hostname, kc.hostname-admin-url, kc.https-port, kc.https-certificate-file, kc.https-certificate-key-file
2024-05-10 15:36:34,946 WARN [io.qua.dep.ind.IndexWrapper] (build-20) Failed to index org.springframework.core.io.DefaultResourceLoader: Class does not exist in ClassLoader QuarkusClassLoader:Deployment Class Loader: PROD for ***@***.***
2024-05-10 15:36:34,955 WARN [io.qua.dep.ind.IndexWrapper] (build-20) Failed to index org.springframework.core.io.ResourceLoader: Class does not exist in ClassLoader QuarkusClassLoader:Deployment Class Loader: PROD for ***@***.***
2024-05-10 15:36:34,962 WARN [io.qua.dep.ind.IndexWrapper] (build-20) Failed to index org.apache.tools.ant.Task: Class does not exist in ClassLoader QuarkusClassLoader:Deployment Class Loader: PROD for ***@***.***
2024-05-10 15:36:35,052 WARN [io.qua.dep.ind.IndexWrapper] (build-20) Failed to index org.springframework.core.io.Resource: Class does not exist in ClassLoader QuarkusClassLoader:Deployment Class Loader: PROD for ***@***.***
2024-05-10 15:36:35,082 WARN [io.qua.dep.ind.IndexWrapper] (build-20) Failed to index org.apache.activemq.artemis.core.journal.RecordInfo: Class does not exist in ClassLoader QuarkusClassLoader:Deployment Class Loader: PROD for ***@***.***
2024-05-10 15:36:35,083 WARN [io.qua.dep.ind.IndexWrapper] (build-20) Failed to index org.apache.activemq.artemis.core.journal.Journal: Class does not exist in ClassLoader QuarkusClassLoader:Deployment Class Loader: PROD for ***@***.***
2024-05-10 15:36:35,102 WARN [io.qua.dep.ind.IndexWrapper] (build-20) Failed to index io.mashona.logwriting.ArrayStore: Class does not exist in ClassLoader QuarkusClassLoader:Deployment Class Loader: PROD for ***@***.***
2024-05-10 15:36:35,140 WARN [io.qua.dep.ind.IndexWrapper] (build-20) Failed to index jakarta.jms.XAConnection: Class does not exist in ClassLoader QuarkusClassLoader:Deployment Class Loader: PROD for ***@***.***
2024-05-10 15:36:35,150 WARN [io.qua.dep.ind.IndexWrapper] (build-20) Failed to index jakarta.jms.XASession: Class does not exist in ClassLoader QuarkusClassLoader:Deployment Class Loader: PROD for ***@***.***
2024-05-10 15:36:35,150 WARN [io.qua.dep.ind.IndexWrapper] (build-20) Failed to index jakarta.jms.XAConnectionFactory: Class does not exist in ClassLoader QuarkusClassLoader:Deployment Class Loader: PROD for ***@***.***
2024-05-10 15:36:35,562 WARN [io.qua.dep.ind.IndexWrapper] (build-20) Failed to index jakarta.jms.Connection: Class does not exist in ClassLoader QuarkusClassLoader:Deployment Class Loader: PROD for ***@***.***
2024-05-10 15:36:55,775 INFO [io.qua.dep.QuarkusAugmentor] (main) Quarkus augmentation completed in 35220ms
Server configuration updated and persisted. Run the following command to review the configuration:
kc.sh show-config
***@***.***:/opt/keycloak-24.0.4/bin# ./kc.sh show-config
Current Mode: production
Current Configuration:
kc.config.built = true (SysPropConfigSource)
kc.db = mysql (PropertiesConfigSource[source=file:/opt/keycloak-24.0.4/bin/../conf/keycloak.conf])
kc.db-password = ******* (PropertiesConfigSource[source=file:/opt/keycloak-24.0.4/bin/../conf/keycloak.conf])
kc.db-url = jdbc:mysql://192.168.101.4/keycloak24-0-4 (PropertiesConfigSource[source=file:/opt/keycloak-24.0.4/bin/../conf/keycloak.conf])
kc.db-username = keycloak24 (PropertiesConfigSource[source=file:/opt/keycloak-24.0.4/bin/../conf/keycloak.conf])
kc.features-disabled = preview (PersistedConfigSource)
kc.hostname = idtest.itksoluciones.com (PropertiesConfigSource[source=file:/opt/keycloak-24.0.4/bin/../conf/keycloak.conf])
kc.hostname-admin-url = https://idtest.itksoluciones.com:8445 (PropertiesConfigSource[source=file:/opt/keycloak-24.0.4/bin/../conf/keycloak.conf])
kc.https-certificate-file = /opt/keys/STAR.itksoluciones.com.pem (PropertiesConfigSource[source=file:/opt/keycloak-24.0.4/bin/../conf/keycloak.conf])
kc.https-certificate-key-file = /opt/keys/STAR.itksoluciones.com.key (PropertiesConfigSource[source=file:/opt/keycloak-24.0.4/bin/../conf/keycloak.conf])
kc.https-port = 8445 (PropertiesConfigSource[source=file:/opt/keycloak-24.0.4/bin/../conf/keycloak.conf])
kc.log-console-output = default (PropertiesConfigSource[source=jar:file:///opt/keycloak-24.0.4/lib/lib/main/org.keycloak.keycloak-quarkus-server-24.0.4.jar!/META-INF/keycloak.conf])
kc.log-file = ${kc.home.dir:default}${file.separator}data${file.separator}log${file.separator}keycloak.log (PropertiesConfigSource[source=jar:file:///opt/keycloak-24.0.4/lib/lib/main/org.keycloak.keycloak-quarkus-server-24.0.4.jar!/META-INF/keycloak.conf])
kc.optimized = true (PersistedConfigSource)
kc.spi-hostname-default-admin-url = https://idtest.itksoluciones.com:8445 (PropertiesConfigSource[source=file:/opt/keycloak-24.0.4/bin/../conf/keycloak.conf])
kc.spi-hostname-default-hostname = idtest.itksoluciones.com (PropertiesConfigSource[source=file:/opt/keycloak-24.0.4/bin/../conf/keycloak.conf])
kc.version = 24.0.4 (SysPropConfigSource)
***@***.***:/opt/keycloak-24.0.4/bin# ./kc.sh start
Changes detected in configuration. Updating the server image.
The previous optimized build will be overridden with the following build options:
- features-disabled=preview > features-disabled=<unset>
To avoid that, run the 'build' command again and then start the optimized server instance using the '--optimized' flag.
Updating the configuration and installing your custom providers, if any. Please wait.
2024-05-10 15:38:08,373 WARN [io.qua.dep.ind.IndexWrapper] (build-23) Failed to index org.springframework.core.io.DefaultResourceLoader: Class does not exist in ClassLoader QuarkusClassLoader:Deployment Class Loader: PROD for ***@***.***
2024-05-10 15:38:08,379 WARN [io.qua.dep.ind.IndexWrapper] (build-23) Failed to index org.springframework.core.io.ResourceLoader: Class does not exist in ClassLoader QuarkusClassLoader:Deployment Class Loader: PROD for ***@***.***
2024-05-10 15:38:08,387 WARN [io.qua.dep.ind.IndexWrapper] (build-23) Failed to index org.apache.tools.ant.Task: Class does not exist in ClassLoader QuarkusClassLoader:Deployment Class Loader: PROD for ***@***.***
2024-05-10 15:38:08,481 WARN [io.qua.dep.ind.IndexWrapper] (build-23) Failed to index org.springframework.core.io.Resource: Class does not exist in ClassLoader QuarkusClassLoader:Deployment Class Loader: PROD for ***@***.***
2024-05-10 15:38:08,547 WARN [io.qua.dep.ind.IndexWrapper] (build-23) Failed to index jakarta.jms.XAConnection: Class does not exist in ClassLoader QuarkusClassLoader:Deployment Class Loader: PROD for ***@***.***
2024-05-10 15:38:08,548 WARN [io.qua.dep.ind.IndexWrapper] (build-23) Failed to index jakarta.jms.XASession: Class does not exist in ClassLoader QuarkusClassLoader:Deployment Class Loader: PROD for ***@***.***
2024-05-10 15:38:08,549 WARN [io.qua.dep.ind.IndexWrapper] (build-23) Failed to index jakarta.jms.XAConnectionFactory: Class does not exist in ClassLoader QuarkusClassLoader:Deployment Class Loader: PROD for ***@***.***
2024-05-10 15:38:08,559 WARN [io.qua.dep.ind.IndexWrapper] (build-23) Failed to index org.apache.activemq.artemis.core.journal.RecordInfo: Class does not exist in ClassLoader QuarkusClassLoader:Deployment Class Loader: PROD for ***@***.***
2024-05-10 15:38:08,561 WARN [io.qua.dep.ind.IndexWrapper] (build-23) Failed to index org.apache.activemq.artemis.core.journal.Journal: Class does not exist in ClassLoader QuarkusClassLoader:Deployment Class Loader: PROD for ***@***.***
2024-05-10 15:38:08,568 WARN [io.qua.dep.ind.IndexWrapper] (build-23) Failed to index io.mashona.logwriting.ArrayStore: Class does not exist in ClassLoader QuarkusClassLoader:Deployment Class Loader: PROD for ***@***.***
2024-05-10 15:38:08,615 WARN [io.qua.dep.ind.IndexWrapper] (build-23) Failed to index jakarta.jms.Connection: Class does not exist in ClassLoader QuarkusClassLoader:Deployment Class Loader: PROD for ***@***.***
2024-05-10 15:38:21,219 INFO [io.qua.dep.QuarkusAugmentor] (main) Quarkus augmentation completed in 19059ms
Server configuration updated and persisted. Run the following command to review the configuration:
kc.sh show-config
Next time you run the server, just run:
kc.sh start --optimized
2024-05-10 15:38:26,034 INFO [org.keycloak.quarkus.runtime.hostname.DefaultHostnameProvider] (main) Hostname settings: Base URL: <unset>, Hostname: idtest.itksoluciones.com, Strict HTTPS: true, Path: <request>, Strict BackChannel: false, Admin URL: https://idtest.itksoluciones.com:8445, Admin: idtest.itksoluciones.com, Port: -1, Proxied: false
2024-05-10 15:38:27,382 INFO [org.infinispan.CONTAINER] (keycloak-cache-init) ISPN000556: Starting user marshaller 'org.infinispan.jboss.marshalling.core.JBossUserMarshaller'
2024-05-10 15:38:28,482 INFO [org.infinispan.CLUSTER] (keycloak-cache-init) ISPN000088: Unable to use any JGroups configuration mechanisms provided in properties {}. Using default JGroups configuration!
2024-05-10 15:38:29,479 INFO [org.infinispan.CLUSTER] (keycloak-cache-init) ISPN000078: Starting JGroups channel `ISPN`
2024-05-10 15:38:29,493 INFO [org.jgroups.JChannel] (keycloak-cache-init) local_addr: 0fc8d631-4dc2-42f1-bc8d-85fdd4ee27cd, name: easytest-56408
2024-05-10 15:38:29,553 WARN [org.jgroups.protocols.UDP] (keycloak-cache-init) JGRP000015: the send buffer of socket MulticastSocket was set to 1MB, but the OS only allocated 212.99KB
2024-05-10 15:38:29,553 WARN [org.jgroups.protocols.UDP] (keycloak-cache-init) JGRP000015: the receive buffer of socket MulticastSocket was set to 20MB, but the OS only allocated 212.99KB
2024-05-10 15:38:29,554 WARN [org.jgroups.protocols.UDP] (keycloak-cache-init) JGRP000015: the send buffer of socket MulticastSocket was set to 1MB, but the OS only allocated 212.99KB
2024-05-10 15:38:29,554 WARN [org.jgroups.protocols.UDP] (keycloak-cache-init) JGRP000015: the receive buffer of socket MulticastSocket was set to 25MB, but the OS only allocated 212.99KB
2024-05-10 15:38:29,631 INFO [org.jgroups.protocols.FD_SOCK2] (keycloak-cache-init) server listening on *.35272
2024-05-10 15:38:31,652 INFO [org.jgroups.protocols.pbcast.GMS] (keycloak-cache-init) easytest-56408: no members discovered after 2010 ms: creating cluster as coordinator
2024-05-10 15:38:31,686 INFO [org.infinispan.CLUSTER] (keycloak-cache-init) ISPN000094: Received new cluster view for channel ISPN: [easytest-56408|0] (1) [easytest-56408]
2024-05-10 15:38:31,766 INFO [org.infinispan.CLUSTER] (keycloak-cache-init) ISPN000079: Channel `ISPN` local address is `easytest-56408`, physical addresses are `[192.168.106.22:50808]`
2024-05-10 15:38:31,816 WARN [org.infinispan.CONFIG] (keycloak-cache-init) ISPN000569: Unable to persist Infinispan internal caches as no global state enabled
2024-05-10 15:38:33,129 WARN [io.quarkus.agroal.runtime.DataSources] (JPA Startup Thread) Datasource <default> enables XA but transaction recovery is not enabled. Please enable transaction recovery by setting quarkus.transaction-manager.enable-recovery=true, otherwise data may be lost if the application is terminated abruptly
2024-05-10 15:38:36,503 INFO [org.keycloak.broker.provider.AbstractIdentityProviderMapper] (main) Registering class org.keycloak.broker.provider.mappersync.ConfigSyncEventListener
2024-05-10 15:38:40,089 INFO [org.keycloak.connections.infinispan.DefaultInfinispanConnectionProviderFactory] (main) Node name: easytest-56408, Site name: null
2024-05-10 15:38:42,207 INFO [io.quarkus] (main) Keycloak 24.0.4 on JVM (powered by Quarkus 3.8.4) started in 20.527s. Listening on: https://0.0.0.0:8445
2024-05-10 15:38:42,218 INFO [io.quarkus] (main) Profile prod activated.
2024-05-10 15:38:42,219 INFO [io.quarkus] (main) Installed features: [agroal, cdi, hibernate-orm, jdbc-mysql, keycloak, logging-gelf, narayana-jta, reactive-routes, resteasy-reactive, resteasy-reactive-jackson, smallrye-context-propagation, vertx]
2024-05-10 15:39:07,060 WARN [org.keycloak.services] (executor-thread-1) KC-SERVICES0013: Failed authentication: java.lang.NullPointerException: Cannot invoke "org.keycloak.authentication.FormAction.buildPage(org.keycloak.authentication.FormContext, org.keycloak.forms.login.LoginFormsProvider)" because "action" is null
at org.keycloak.authentication.FormAuthenticationFlow.renderForm(FormAuthenticationFlow.java:304)
at org.keycloak.authentication.FormAuthenticationFlow.processFlow(FormAuthenticationFlow.java:285)
at org.keycloak.authentication.DefaultAuthenticationFlow.processSingleFlowExecutionModel(DefaultAuthenticationFlow.java:377)
at org.keycloak.authentication.DefaultAuthenticationFlow.processFlow(DefaultAuthenticationFlow.java:246)
at org.keycloak.authentication.AuthenticationProcessor.authenticateOnly(AuthenticationProcessor.java:1051)
at org.keycloak.authentication.AuthenticationProcessor.authenticate(AuthenticationProcessor.java:892)
at org.keycloak.services.resources.LoginActionsService.processFlow(LoginActionsService.java:367)
at org.keycloak.services.resources.LoginActionsService.processRegistration(LoginActionsService.java:725)
at org.keycloak.services.resources.LoginActionsService.registerRequest(LoginActionsService.java:781)
at org.keycloak.services.resources.LoginActionsService.registerPage(LoginActionsService.java:742)
at org.keycloak.services.resources.LoginActionsService$quarkusrestinvoker$registerPage_4790ee1a00c5ff439df8d9f43fc42809e1831abf.invoke(Unknown Source)
at org.jboss.resteasy.reactive.server.handlers.InvocationHandler.handle(InvocationHandler.java:29)
at io.quarkus.resteasy.reactive.server.runtime.QuarkusResteasyReactiveRequestContext.invokeHandler(QuarkusResteasyReactiveRequestContext.java:141)
at org.jboss.resteasy.reactive.common.core.AbstractResteasyReactiveContext.run(AbstractResteasyReactiveContext.java:147)
at io.quarkus.vertx.core.runtime.VertxCoreRecorder$14.runWith(VertxCoreRecorder.java:582)
at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2513)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1538)
at org.jboss.threads.DelegatingRunnable.run(DelegatingRunnable.java:29)
at org.jboss.threads.ThreadLocalResettingRunnable.run(ThreadLocalResettingRunnable.java:29)
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
at java.base/java.lang.Thread.run(Thread.java:833)
2024-05-10 15:39:07,067 WARN [org.keycloak.events] (executor-thread-1) type="REGISTER_ERROR", realmId="66d84889-94b7-4273-9f5c-cfb5504bde99", clientId="angular-client", userId="null", ipAddress="67.8.27.141", error="invalid_user_credentials", auth_method="openid-connect", auth_type="code", redirect_uri="https://easytest.itksoluciones.com:4200/", code_id="500adeef-4e92-4b93-8d58-084e8f98c0c0"
2024-05-10 15:39:14,645 WARN [org.keycloak.events] (executor-thread-1) type="REGISTER_ERROR", realmId="66d84889-94b7-4273-9f5c-cfb5504bde99", clientId="null", userId="null", ipAddress="67.8.27.141", error="expired_code", restart_after_timeout="true"
2024-05-10 15:39:40,554 WARN [org.keycloak.services] (executor-thread-1) KC-SERVICES0013: Failed authentication: java.lang.NullPointerException: Cannot invoke "org.keycloak.authentication.FormAction.buildPage(org.keycloak.authentication.FormContext, org.keycloak.forms.login.LoginFormsProvider)" because "action" is null
at org.keycloak.authentication.FormAuthenticationFlow.renderForm(FormAuthenticationFlow.java:304)
at org.keycloak.authentication.FormAuthenticationFlow.processFlow(FormAuthenticationFlow.java:285)
at org.keycloak.authentication.DefaultAuthenticationFlow.processSingleFlowExecutionModel(DefaultAuthenticationFlow.java:377)
at org.keycloak.authentication.DefaultAuthenticationFlow.processFlow(DefaultAuthenticationFlow.java:246)
at org.keycloak.authentication.AuthenticationProcessor.authenticateOnly(AuthenticationProcessor.java:1051)
at org.keycloak.authentication.AuthenticationProcessor.authenticate(AuthenticationProcessor.java:892)
at org.keycloak.services.resources.LoginActionsService.processFlow(LoginActionsService.java:367)
at org.keycloak.services.resources.LoginActionsService.processRegistration(LoginActionsService.java:725)
at org.keycloak.services.resources.LoginActionsService.registerRequest(LoginActionsService.java:781)
at org.keycloak.services.resources.LoginActionsService.registerPage(LoginActionsService.java:742)
at org.keycloak.services.resources.LoginActionsService$quarkusrestinvoker$registerPage_4790ee1a00c5ff439df8d9f43fc42809e1831abf.invoke(Unknown Source)
at org.jboss.resteasy.reactive.server.handlers.InvocationHandler.handle(InvocationHandler.java:29)
at io.quarkus.resteasy.reactive.server.runtime.QuarkusResteasyReactiveRequestContext.invokeHandler(QuarkusResteasyReactiveRequestContext.java:141)
at org.jboss.resteasy.reactive.common.core.AbstractResteasyReactiveContext.run(AbstractResteasyReactiveContext.java:147)
at io.quarkus.vertx.core.runtime.VertxCoreRecorder$14.runWith(VertxCoreRecorder.java:582)
at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2513)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1538)
at org.jboss.threads.DelegatingRunnable.run(DelegatingRunnable.java:29)
at org.jboss.threads.ThreadLocalResettingRunnable.run(ThreadLocalResettingRunnable.java:29)
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
at java.base/java.lang.Thread.run(Thread.java:833)
2024-05-10 15:39:40,557 WARN [org.keycloak.events] (executor-thread-1) type="REGISTER_ERROR", realmId="738ea455-d2eb-4784-b0f9-29a1ab536a0d", clientId="security-admin-console", userId="null", ipAddress="67.8.27.141", error="invalid_user_credentials", auth_method="openid-connect", auth_type="code", redirect_uri="https://idtest.itksoluciones.com:8445/admin/master/console/", code_id="b10c8881-2b7d-4d0a-8acb-ab52d0018c8a"
Why clicking on register is trying to authenticate? I am just clicking register, to allow the user to self register, I understand it should not authenticate anything, since NO user and No password has been provided.
Short video with more information: https://vimeo.com/944889499/7047692216?share=copy
Please suggest what else I can send you to try to identify why the problem is happening.
Att,
John A. Espinal A.
… On 10/05/2024, at 11:03 AM, Ricardo Martin ***@***.***> wrote:
I cannot reproduce this. I have just download 24.0.4, unzipped it, run in develompemnt, activate user registration, logout and click register. The page is correctly shown as expected. Can you please elaborate how we can test this?
—
Reply to this email directly, view it on GitHub <#29435 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/BCAXCY2JO6YHA56B7MMFDXDZBTOS3AVCNFSM6AAAAABHPXEGBOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCMBUG43DQMZZHA>.
You are receiving this because you authored the thread.
|
|
It's the other way around. Start with vanilla, do your changes and, when you find the issue, you have the reproducer steps you can share with us. |
|
After more than 16 hours searching I could not find anything.
So this is what I did:
I have production environment running on 22.0.1 with NO problem with Self Registration.
I stopped keycloak 22.0.1
Copy db keycloak22 to Keycloak240004
Downloaded Keycloak24.0.4
Uncompress.
Configure it and run it to migrate the database by
./kc.sh start --spi-connections-liquibase-default-index-creation-threshold=300000
Then the problem was reproduced.
So it seems the migration get the registration BROKEN.
All details in the next recording:
https://vimeo.com/945354228/8ad303f168?share=copy
20240511-MigratingToKeycloak24-MakeAutoRegistrationBroken
vimeo.com
Thanks for any suggestion.
Please notice that tests were done with MASTER REALM so this seems a bug.
P.D. I am migrating because Facebook disable the login with them because we do not have the privacy police before the login screen. I was able to download the login.ftl and template.ftl and do that minor change successfully on the login screen. BUT WHEN I move those two files to 22.0.1 the server GET broken. Could you please indicate where can I find login.ftl and template.ftl for the 22.0.1 version.
Att,
John A. Espinal A.
Gerente.
… On 10/05/2024, at 1:51 PM, Ricardo Martin ***@***.***> wrote:
It's the other way around. Start with vanilla, do your changes and, when you find the issue, you have the reproducer steps you can share with us.
—
Reply to this email directly, view it on GitHub <#29435 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/BCAXCYZPFOUHGQ4PRCWCMU3ZBUCLDAVCNFSM6AAAAABHPXEGBOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCMBVGAZDOOBUGY>.
You are receiving this because you authored the thread.
|
|
Can you please share with us the registration flow you are using in the old version? You can do a partial export of the realm and then just copy the flow you are using for registration. |
|
is this what you mean?
kc.sh export -dir ../export

Please remember that we are reproducing the failure in master realm, master real is generally untouched, I just remember to have changed To allow Self Registration so we can test. All other parameters are with the original defaults. I have been migrating the db since keycloak 19.
Att,
John A.
… On 13/05/2024, at 3:39 AM, Ricardo Martin ***@***.***> wrote:
Can you please share with us the registration flow you are using in the old version? You can do a partial export of the realm and then just copy the flow you are using for registration.
—
Reply to this email directly, view it on GitHub <#29435 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/BCAXCY6VJP6ZYPQFDVLKC4TZCBU4JAVCNFSM6AAAAABHPXEGBOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCMBWHA3DINJWG4>.
You are receiving this because you authored the thread.
|
|
You can just export using the console, select the realm affected, click Realm settings, and in the Action combo, click Partial export (groups, roles and clients not needed). If you have concerns sharing everything we are just interested in authenticationFlows section. I'm just trying to have the same config you have, because the error seems related to a missing form. |
|
I have already shared everything. I have no problem with data privacy because this is testing environment.
Any way I have follow the instructions.
MASTERL


Att,
… On 13/05/2024, at 10:31 AM, Ricardo Martin ***@***.***> wrote:
You can just export using the console, select the realm affected, click Realm settings, and in the Action combo, click Partial export (groups, roles and clients not needed). If you have concerns sharing everything we are just interested in authenticationFlows section. I'm just trying to have the same config you have, because the error seems related to a missing form.
—
Reply to this email directly, view it on GitHub <#29435 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/BCAXCY5RLTLBBAMB2ODU46TZCDFDDAVCNFSM6AAAAABHPXEGBOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCMBXG43DANZRG4>.
You are receiving this because you authored the thread.
|
|
@espinal1976 Please upload the file using github, probably using email attachments doesn't work (at least I don't see anything in your comment). |
|
sure: backauth-realm-export.json Please advice if you got two files. |
|
Hi @espinal1976! I have imported your json export in keycloak 22.0.1 and migrated the DB to 24.0.3 (mariadb) and I cannot reproduce your issue. My feeling is that the problem you are seeing is because the removal of the action You can check if the action is still in your 24 environment checking the registration flow (Authentication -> Flows -> Registration), probably this will fail if the action is still there. In the database you can also do If that's the error please try to remember how you did the upgrade and if it's something we can reproduce. |
|
Ricardo, This info is very valuable.
When I go to Authentication in Master Realm I find:
Registration (Built-in) Registration Flow.
When I click on it I got in the screen:
Network response was not OK.
Press here to refresh and continue
in server log I got:
2024-05-14 10:55:07,908 WARN [org.keycloak.services.resources.admin.AuthenticationManagementResource] (executor-thread-17) Cannot find authentication provider implementation with provider ID 'registration-profile-action'
2024-05-14 10:55:27,210 WARN [org.keycloak.services.resources.admin.AuthenticationManagementResource] (executor-thread-18) Cannot find authentication provider implementation with provider ID 'registration-profile-action'
2024-05-14 10:55:40,575 WARN [org.keycloak.services.resources.admin.AuthenticationManagementResource] (executor-thread-17) Cannot find authentication provider implementation with provider ID 'registration-profile-action'
When I run select * from AUTHENTICATION_EXECUTION where AUTHENTICATOR='registration-profile-action’;
I got two records. I suppose one for the realm Master and the other for the other realm.
How can I proceed to remove this option?
When clicking on the three dots the only option is Duplicate.
Should I stop Keycloak and delete those two records from the database? Please advice.
I do not want to brake anything.
Att,
John A. Espinal A.
Gerente
… On 14/05/2024, at 4:00 AM, Ricardo Martin ***@***.***> wrote:
Hi @espinal1976 <https://github.com/espinal1976>!
I have imported your json export in keycloak 22.0.1 and migrated the DB to 24.0.3 (mariadb) and I cannot reproduce your issue. My feeling is that the problem you are seeing is because the removal of the action registration-profile-action which was done in version 23.0.0. But I tested it and the migration task <https://github.com/keycloak/keycloak/blob/24.0.4/model/storage-private/src/main/java/org/keycloak/migration/migrators/MigrateTo23_0_0.java#L98-L110> is correctly removing that action from the registration, so I don't really know what is happening in your env.
You can check if the action is still in your 24 environment checking the registration flow (Authentication -> Flows -> Registration), probably this will fail if the action is still there. In the database you can also do select * from AUTHENTICATION_EXECUTION where AUTHENTICATOR='registration-profile-action';. If you see a row in the different realms the migration was incorrect (don't know why) and the removed action is still present in them triggering your issue.
If that's the error please try to remember how you did the upgrade and if it's something we can reproduce.
—
Reply to this email directly, view it on GitHub <#29435 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/BCAXCYYX2LHZ5FM6E7LG4LTZCHACFAVCNFSM6AAAAABHPXEGBOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCMBZGUZDQNBSG4>.
You are receiving this because you were mentioned.
|
|
The problem with this is that we don't know how much data is incorrect. You have to check why the upgrade was not executed. The DATABASECHANGELOG contains information about the migration you can check. I would try to migrate again from the previous version until the upgrade is OK. You can try deleting the rows at database level and restart. But you can never be sure that there are not going to be more issues. |
|
Thanks Ricardo.
I still have the production environment in 22.0.1.
I still have testing environment in 22.0.1
I can do full export of this testing environment. I can send you a tar package with all the DB. I can even give you user and password to a copy of the DB, so you can run the upgrade yourself.
Let me know which one could be help more.
Att,
John A. Espinal A.
Gerente
… On 14/05/2024, at 9:14 AM, Ricardo Martin ***@***.***> wrote:
The problem with this is that we don't know how much data is incorrect. You have to check why the upgrade was not executed. The DATABASECHANGELOG contains information about the migration you can check. I would try to migrate again from the previous version until the upgrade is OK.
You can try deleting the rows at database level and restart. But you can never be sure that there are not going to be more issues.
—
Reply to this email directly, view it on GitHub <#29435 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/BCAXCY3F4QBEQ53RJDXMFMTZCIE4HAVCNFSM6AAAAABHPXEGBOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCMJQGIYTCNJQGA>.
You are receiving this because you were mentioned.
|
|
@espinal1976 We are not going to do the upgrade for you. As commented, I uploaded your export in a 22 version, upgraded to 24 and everything worked OK for me. Just try the upgrade again (in another test environment or similar) and check if the step is removed or not from the registration flow. In general, I cannot reproduce your issue. In all my upgrade attempts, the realm was correctly updated and the registration flow didn't have the |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Before reporting an issue
Area
authentication
Describe the bug
File: server_admin/topics/overview.adoc
Clicking on Register on the login screen on Keycloak 24.0.3 and 24.0.4 trows:
We are sorry
Unexpected error when handling authentication request to identity provider.
Version
24.0.4
Regression
Expected behavior
Register link should open a form asking for the username, last name, userid and password.
Actual behavior
Clicking on Register on the login screen on Keycloak 24.0.3 and 24.0.4 trows:
We are sorry
Unexpected error when handling authentication request to identity provider.
On There server log, I got:
2024-05-10 00:13:58,381 WARN [org.keycloak.events] (executor-thread-21) type="REGISTER_ERROR", realmId="738ea455-d2eb-4784-b0f9-29a1ab536a0d", clientId="security-admin-console", userId="null", ipAddress="67.8.27.141", error="invalid_user_credentials", auth_method="openid-connect", auth_type="code", redirect_uri="https://idtest.itksoluciones.com:8445/admin/master/console/", code_id="699267c9-45a0-4dc1-92ec-87880e214fff"
2024-05-10 00:31:00,290 WARN [org.keycloak.services] (executor-thread-21) KC-SERVICES0013: Failed authentication: java.lang.NullPointerException: Cannot invoke "org.keycloak.authentication.FormAction.buildPage(org.keycloak.authentication.FormContext, org.keycloak.forms.login.LoginFormsProvider)" because "action" is null
at org.keycloak.authentication.FormAuthenticationFlow.renderForm(FormAuthenticationFlow.java:304)
at org.keycloak.authentication.FormAuthenticationFlow.processFlow(FormAuthenticationFlow.java:285)
at org.keycloak.authentication.DefaultAuthenticationFlow.processSingleFlowExecutionModel(DefaultAuthenticationFlow.java:377)
at org.keycloak.authentication.DefaultAuthenticationFlow.processFlow(DefaultAuthenticationFlow.java:246)
at org.keycloak.authentication.AuthenticationProcessor.authenticateOnly(AuthenticationProcessor.java:1051)
at org.keycloak.authentication.AuthenticationProcessor.authenticate(AuthenticationProcessor.java:892)
at org.keycloak.services.resources.LoginActionsService.processFlow(LoginActionsService.java:367)
at org.keycloak.services.resources.LoginActionsService.processRegistration(LoginActionsService.java:725)
at org.keycloak.services.resources.LoginActionsService.registerRequest(LoginActionsService.java:781)
at org.keycloak.services.resources.LoginActionsService.registerPage(LoginActionsService.java:742)
at org.keycloak.services.resources.LoginActionsService$quarkusrestinvoker$registerPage_4790ee1a00c5ff439df8d9f43fc42809e1831abf.invoke(Unknown Source)
at org.jboss.resteasy.reactive.server.handlers.InvocationHandler.handle(InvocationHandler.java:29)
at io.quarkus.resteasy.reactive.server.runtime.QuarkusResteasyReactiveRequestContext.invokeHandler(QuarkusResteasyReactiveRequestContext.java:141)
at org.jboss.resteasy.reactive.common.core.AbstractResteasyReactiveContext.run(AbstractResteasyReactiveContext.java:147)
at io.quarkus.vertx.core.runtime.VertxCoreRecorder$14.runWith(VertxCoreRecorder.java:582)
at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2513)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1538)
at org.jboss.threads.DelegatingRunnable.run(DelegatingRunnable.java:29)
at org.jboss.threads.ThreadLocalResettingRunnable.run(ThreadLocalResettingRunnable.java:29)
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
at java.base/java.lang.Thread.run(Thread.java:833)
2024-05-10 00:31:00,292 WARN [org.keycloak.events] (executor-thread-21) type="REGISTER_ERROR", realmId="738ea455-d2eb-4784-b0f9-29a1ab536a0d", clientId="security-admin-console", userId="null", ipAddress="67.8.27.141", error="invalid_user_credentials", auth_method="openid-connect", auth_type="code", redirect_uri="https://idtest.itksoluciones.com:8445/admin/master/console/#/master/realm-settings/login", code_id="e39f91d2-3f4f-403a-b08e-0f1abdff8955"
How to Reproduce?
Download keycloak 24.0.4, run it, the go to Master realm, turn User registration On in Master Realm. the go and clic Register in teh login form.
Anything else?
It was working ok in keycloak 22.0.1
The text was updated successfully, but these errors were encountered: