0

I am trying to use keycloak in my app. Im running keycloak on docker and using wildfly 20 as application server. I use this scrypt to start keycloak.

version: '3'

services:
  keycloak:
      image: quay.io/keycloak/keycloak:10.0.1
      container_name: keycloak
      environment:
        DB_VENDOR: postgres
        DB_ADDR: host.docker.internal
        DB_USER: keycloak
        DB_PASSWORD: test
        KEYCLOAK_USER: admin
        KEYCLOAK_PASSWORD: test
      ports:
        - 8079:8080
        - 8443:8443

Then I added this snippet to my standalone.xml

<subsystem xmlns="urn:jboss:domain:keycloak:1.1">
       <secure-deployment name="pato-ejb.war">
          <realm>pato</realm>
          <auth-server-url>http://localhost:8079/auth</auth-server-url>
          <ssl-required>external</ssl-required>
          <resource>pato</resource>
          <credential name="secret">password</credential>
       </secure-deployment>
    </subsystem>

And security settings to my web.xml

<security-constraint>
        <web-resource-collection>
            <web-resource-name></web-resource-name>
            <description>Protects all resources</description>
            <url-pattern>*</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <role-name>admin</role-name>
        </auth-constraint>
    </security-constraint>
    <security-role>
        <role-name>admin</role-name>
    </security-role>
    <login-config>
        <auth-method>KEYCLOAK</auth-method>
        <realm-name>pato</realm-name>
    </login-config>

    <security-constraint>
        <web-resource-collection>
            <web-resource-name>user/</web-resource-name>
            <url-pattern>/user/*</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <role-name>user</role-name>
        </auth-constraint>
    </security-constraint>
    <security-role>
        <role-name>user</role-name>
    </security-role>

And finaly I added keycloak jars to jboss folder with jars

When I started standalone.bat I immediately got this error

11:41:14,220 ERROR [org.jboss.as.controller] (Controller Boot Thread)

OPVDX001: Validation error in standalone.xml -----------------------------------
|
|  521: </subsystem>
|  522: <subsystem xmlns="urn:jboss:domain:weld:4.0"/>
|  523: <subsystem xmlns="urn:jboss:domain:keycloak:1.1">
|       ^^^^ Unexpected element '{urn:jboss:domain:keycloak:1.1}subsystem'
|
|  524:    <secure-deployment name="pato-ejb.war">
|  525:       <realm>pato</realm>
|  526:       <auth-server-url>http://localhost:8079/auth</auth-server-url>
|
| The primary underlying error message was:
| > ParseError at [row,col]:[523,9]
| > Message: Unexpected element '{urn:jboss:domain:keycloak:1.1}subsystem'
|
|-------------------------------------------------------------------------------

11:41:14,223 ERROR [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0055: Caught exception during boot: org.jboss.as.controller.persistence.ConfigurationPersistenceException: WFLYCTL0085: Failed to parse configuration
        at org.jboss.as.controller@12.0.1.Final//org.jboss.as.controller.persistence.XmlConfigurationPersister.load(XmlConfigurationPersister.java:143)
        at org.jboss.as.server@12.0.1.Final//org.jboss.as.server.ServerService.boot(ServerService.java:395)
        at org.jboss.as.controller@12.0.1.Final//org.jboss.as.controller.AbstractControllerService$1.run(AbstractControllerService.java:416)
        at java.base/java.lang.Thread.run(Thread.java:834)

11:41:14,227 FATAL [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0056: Server boot has failed in an unrecoverable manner; exiting. See previous messages for details.
SiekMi
  • 13
  • 4

1 Answers1

1

In the Keycloak Downloads you'll see a section for the "Client Adapters". This is a .zip or.tar.gz file that you extract into the Wildfly directory. While you have the .jar files you need, you're missing all of the module.xml files. Open up the current version and you'll see the files you need. Additionally, there are installation files that make changes to your standalone.xml to enable Keycloak. The current hierarchy looks something like:

.
├── bin
│   ├── adapter-elytron-install.cli
│   ├── adapter-elytron-install-offline.cli
│   ├── adapter-install.cli
│   └── adapter-install-offline.cli
├── docs
│   └── licenses-keycloak
│       ├── licenses.css
│       ├── licenses.html
│       ├── licenses.xml
│       ├── licenses.xsl
│       ├── org.keycloak,keycloak-adapter-core,12.0.1,Apache Software License 2.0.txt
│       ├── org.keycloak,keycloak-adapter-spi,12.0.1,Apache Software License 2.0.txt
│       ├── org.keycloak,keycloak-authz-client,12.0.1,Apache Software License 2.0.txt
│       ├── org.keycloak,keycloak-common,12.0.1,Apache Software License 2.0.txt
│       ├── org.keycloak,keycloak-core,12.0.1,Apache Software License 2.0.txt
│       ├── org.keycloak,keycloak-jboss-adapter-core,12.0.1,Apache Software License 2.0.txt
│       ├── org.keycloak,keycloak-undertow-adapter,12.0.1,Apache Software License 2.0.txt
│       ├── org.keycloak,keycloak-undertow-adapter-spi,12.0.1,Apache Software License 2.0.txt
│       ├── org.keycloak,keycloak-wildfly-adapter,12.0.1,Apache Software License 2.0.txt
│       ├── org.keycloak,keycloak-wildfly-elytron-oidc-adapter,12.0.1,Apache Software License 2.0.txt
│       └── org.keycloak,keycloak-wildfly-subsystem,12.0.1,Apache Software License 2.0.txt
└── modules
    └── system
        └── add-ons
            └── keycloak
                └── org
                    └── keycloak
                        ├── keycloak-adapter-core
                        │   └── main
                        │       ├── keycloak-adapter-core-12.0.1.jar
                        │       └── module.xml
                        ├── keycloak-adapter-spi
                        │   └── main
                        │       ├── keycloak-adapter-spi-12.0.1.jar
                        │       ├── keycloak-undertow-adapter-spi-12.0.1.jar
                        │       └── module.xml
                        ├── keycloak-adapter-subsystem
                        │   └── main
                        │       └── module.xml
                        ├── keycloak-authz-client
                        │   └── main
                        │       ├── keycloak-authz-client-12.0.1.jar
                        │       └── module.xml
                        ├── keycloak-common
                        │   └── main
                        │       ├── keycloak-common-12.0.1.jar
                        │       └── module.xml
                        ├── keycloak-core
                        │   └── main
                        │       ├── keycloak-core-12.0.1.jar
                        │       └── module.xml
                        ├── keycloak-jboss-adapter-core
                        │   └── main
                        │       ├── keycloak-jboss-adapter-core-12.0.1.jar
                        │       └── module.xml
                        ├── keycloak-undertow-adapter
                        │   └── main
                        │       ├── keycloak-undertow-adapter-12.0.1.jar
                        │       └── module.xml
                        ├── keycloak-wildfly-adapter
                        │   └── main
                        │       ├── keycloak-wildfly-adapter-12.0.1.jar
                        │       └── module.xml
                        ├── keycloak-wildfly-elytron-oidc-adapter
                        │   └── main
                        │       ├── keycloak-wildfly-elytron-oidc-adapter-12.0.1.jar
                        │       └── module.xml
                        └── keycloak-wildfly-subsystem
                            └── main
                                ├── keycloak-wildfly-subsystem-12.0.1.jar
                                └── module.xml

I'd encourage you to install Keycloak in a local environment, outside of Docker to get a feel for how this all fits together. These steps walk you through the process but basically you extract the files to the Wildfly home directory and run the appropriate script in the bin directory.

stdunbar
  • 16,263
  • 11
  • 31
  • 53