Skip to content

Instantly share code, notes, and snippets.

@TyrfingMjolnir

TyrfingMjolnir/ReadMe.md

Last active May 9, 2021 14:19
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save TyrfingMjolnir/d99226078f76cd4760114ff223fbc702 to your computer and use it in GitHub Desktop.
Save TyrfingMjolnir/d99226078f76cd4760114ff223fbc702 to your computer and use it in GitHub Desktop.
Download ZIP
Keycloak in a Joyent SmartOS native zone
Raw
ReadMe.md

This setup worked for me using Joyent SmartOS 2020Q1

May 9th, 2021 This setup worked for me using Joyent SmartOS 2020Q4, the only thing I changed was the version number for postgresql to 12, psqljdbc to 42.2.20, and keycloak to 13.0.0, while OpenJDK was still 11.

( the native zone has 16 GB RAM assigned to it; Java and all ... )

useradd keycloak
groupadd keycloak
pkgin up
pkgin in tidy openjdk11 vim tmux postgresql96 && echo "or postgresql12"
cd /opt/local/
curl -kL https://downloads.jboss.org/keycloak/10.0.2/keycloak-10.0.2.tar.gz | tar -zxvf -
cd keycloak-10.0.2
vim standalone/configuration/standalone.xml
tidy -mi -xml -wrap 0 standalone/configuration/standalone.xml && echo "To make the XML legible in case of having to edit again at a later stage."
mkdir -p /opt/local/keycloak-10.0.2/modules/system/layers/keycloak/org/postgresql/main
cd modules/system/layers/keycloak/org/postgresql/main
curl -kLO https://jdbc.postgresql.org/download/postgresql-42.2.14.jar
echo $( ls -1 ) > module.xml
vim /opt/local/keycloak-10.0.2/modules/system/layers/keycloak/org/postgresql/main/module.xml
tidy -mi -xml -wrap 0 module.xml && echo "To make the XML legible in case of having to edit again at a later stage."
vim /var/pgsql/data/pg_hba.conf
vim /var/pgsql/data/postgresql.conf
/usr/sbin/svcadm enable svc:/pkgsrc/postgresql:default
psql -U postgres

To avoid errors I created the database prior to running keycloak, however keycloak will generate the rest for you as long as the database is already created.

CREATE ROLE keycloak WITH PASSWORD 'secretforuserkeycloak' CREATEDB;
\q
psql -U keycloak
CREATE DATABASE keycloak WITH ENCODING 'UTF8';
ALTER ROLE keycloak NOCREATEDB;

For testing this is how to run keycloak on the command line

/opt/local/keycloak-10.0.2/bin/standalone.sh -b 0.0.0.0

However for production you would like to generate your own SMF manifest

SMF manifest as pr example: https://gist.github.com/siepkes/895aec2886cec8b1c40d42e932c64500

For importing the SMF to the system

cd /lib/svc/manifest/site/
curl -kLo keycloak_service.smf.xml https://gist.githubusercontent.com/siepkes/895aec2886cec8b1c40d42e932c64500/raw/69781c29a96c63f1cdce49030ed7df6d8e9a3f24/gistfile1.txt
tidy -mi -xml -wrap 0 keycloak_service.smf.xml && echo "The fist from siepkes may be more legible on a small screen, however on mine tidy makes the visual aspect better."
vim keycloak_service.smf.xml && echo "Amend to match your setup."
cd /opt/local/
chown -R keycloak:keycloak keycloak-10.0.2
svcadm restart manifest-import
svcadm enable keycloak

Your next step will be to configure a reverse proxy( such as for example nginx ) with SSL pointing to this recently installed keycloak on port 8080 for accounts.domain.tld:443

Printing the open ports

lsof -p
* Displaying port information for all processes..
PID     PROCESS                   IP                        PORT
-----------------------------------------------------------------
977332  /opt/local/bin/postgres   ::                        5432
977332  /opt/local/bin/postgres   0.0.0.0                   5432
977332  /opt/local/bin/postgres   ::1                       57733
977332  /opt/local/bin/postgres   ::1                       57733
977360  /opt/local/bin/postgres   ::1                       57733
977360  /opt/local/bin/postgres   ::1                       57733
977362  /opt/local/bin/postgres   ::1                       57733
977362  /opt/local/bin/postgres   ::1                       57733
977363  /opt/local/bin/postgres   ::1                       57733
977363  /opt/local/bin/postgres   ::1                       57733
977364  /opt/local/bin/postgres   ::1                       57733
977364  /opt/local/bin/postgres   ::1                       57733
977366  /opt/local/bin/postgres   ::1                       57733
977366  /opt/local/bin/postgres   ::1                       57733
977375  /usr/lib/ssh/sshd         ::                        22
977375  /usr/lib/ssh/sshd         0.0.0.0                   22
992330  /opt/local/java/openjdk   0.0.0.0                   8080
992330  /opt/local/java/openjdk   127.0.0.1                 9990
992330  /opt/local/java/openjdk   0.0.0.0                   8443
992330  /opt/local/java/openjdk   127.0.0.1                 58082
992330  /opt/local/java/openjdk   127.0.0.1                 5432
992330  /opt/local/java/openjdk   127.0.0.1                 51326
992330  /opt/local/java/openjdk   127.0.0.1                 5432
992330  /opt/local/java/openjdk   127.0.0.1                 36101
992330  /opt/local/java/openjdk   127.0.0.1                 5432
992333  /opt/local/bin/postgres   ::1                       57733
992333  /opt/local/bin/postgres   ::1                       57733
992333  /opt/local/bin/postgres   127.0.0.1                 5432
992333  /opt/local/bin/postgres   127.0.0.1                 51326
992334  /opt/local/bin/postgres   ::1                       57733
992334  /opt/local/bin/postgres   ::1                       57733
992334  /opt/local/bin/postgres   127.0.0.1                 5432
992334  /opt/local/bin/postgres   127.0.0.1                 36101
992344  /opt/local/bin/postgres   ::1                       57733
992344  /opt/local/bin/postgres   ::1                       57733
992344  /opt/local/bin/postgres   127.0.0.1                 5432
992344  /opt/local/bin/postgres   127.0.0.1                 58082

After configuring keycloak and a reverse proxy you will be able to configure https://accounts.domain.tld for SSO yourself on-prem further reading: https://en.wikipedia.org/wiki/Single_sign-on

Warning

The example was written using the default postgres user in PostgreSQL, do not do this in production.

Legend

&& echo is used for comments.

Thanks to https://github.com/skobba for mentioning this possibility and for walking me through an example he already had for linux, tweaks by Skobba and I.

Raw
keycloak_service.smf.xml
<?xml version='1.0'?>
<!DOCTYPE service_bundle SYSTEM '/usr/share/lib/xml/dtd/service_bundle.dtd.1'>
<!-- Based on: https://gist.githubusercontent.com/siepkes/895aec2886cec8b1c40d42e932c64500/raw/69781c29a96c63f1cdce49030ed7df6d8e9a3f24/gistfile1.txt -->
<service_bundle type='manifest' name='keycloak'>
<service name='network/keycloak' type='service' version='1'>
<create_default_instance enabled='false' />
<single_instance />
<dependency name='fs' grouping='require_all' restart_on='none' type='service'>
<service_fmri value='svc:/system/filesystem/minimal' />
</dependency>
<dependency name='network_initial' grouping='optional_all' restart_on='none' type='service'>
<service_fmri value='svc:/network/routing-setup:default' />
<service_fmri value='svc:/network/initial:default' />
</dependency>
<dependency name='network_ipfilter' grouping='optional_all' restart_on='none' type='service'>
<service_fmri value='svc:/network/ipfilter:default' />
</dependency>
<!-- Use a timeout of '0' because Keycloak (Wildfly) doesn't detach itself from the console. -->
<exec_method type='method' name='start' exec='/opt/local/keycloak-10.0.2/bin/standalone.sh -b 0.0.0.0' timeout_seconds='0'>
<method_context working_directory="/opt/local/keycloak-10.0.2">
<!-- Allow keycloak to use the privileged ports (TCP 80 and 443 for HTTP and HTTPS). -->
<method_credential user='keycloak' group='keycloak' privileges='basic,net_privaddr' />
<method_environment>
<envvar name="JAVA_HOME" value="/opt/local/java/openjdk11" />
</method_environment>
</method_context>
</exec_method>
<exec_method type='method' name='refresh' exec=':kill -HUP' timeout_seconds='0'></exec_method>
<!-- Sending an interrupt signal (SIGINT) gracefully stops Keycloak (Wildfly). -->
<exec_method type='method' name='stop' exec=':kill -INT' timeout_seconds='60'></exec_method>
<!-- keycloak does not detach from the console (ie. does not daemonize). -->
<property_group name='startd' type='framework'>
<propval name='duration' type='astring' value='child' />
</property_group>
<stability value='Unstable' />
<template>
<common_name>
<loctext xml:lang='C'>Keycloak (running on Wildfly)</loctext>
</common_name>
</template>
</service>
</service_bundle>
Raw
log
=========================================================================
JBoss Bootstrap Environment
JBOSS_HOME: /opt/local/keycloak-10.0.2
JAVA: java
JAVA_OPTS: -server -Xms64m -Xmx512m -XX:MetaspaceSize=96M -XX:MaxMetaspaceSize=256m -Djava.net.preferIPv4Stack=true -Djboss.modules.system.pkgs=org.jboss.byteman -Djava.awt.headless=true --add-exports=java.base/sun.nio.ch=ALL-UNNAMED --add-exports=jdk.unsupported/sun.misc=ALL-UNNAMED --add-exports=jdk.unsupported/sun.reflect=ALL-UNNAMED
=========================================================================
21:12:43,720 INFO [org.jboss.modules] (main) JBoss Modules version 1.10.0.Final
21:12:44,638 INFO [org.jboss.msc] (main) JBoss MSC version 1.4.11.Final
21:12:44,662 INFO [org.jboss.threads] (main) JBoss Threads version 2.3.3.Final
21:12:44,881 INFO [org.jboss.as] (MSC service thread 1-1) WFLYSRV0049: Keycloak 10.0.2 (WildFly Core 11.1.1.Final) starting
21:12:46,422 INFO [org.wildfly.security] (ServerService Thread Pool -- 20) ELY00001: WildFly Elytron version 1.11.4.Final
21:12:47,357 INFO [org.jboss.as.controller.management-deprecated] (Controller Boot Thread) WFLYCTL0028: Attribute 'security-realm' in the resource at address '/core-service=management/management-interface=http-interface' is deprecated, and may be removed in a future version. See the attribute description in the output of the read-resource-description operation to learn more about the deprecation.
21:12:47,395 INFO [org.jboss.as.controller.management-deprecated] (ServerService Thread Pool -- 25) WFLYCTL0028: Attribute 'security-realm' in the resource at address '/subsystem=undertow/server=default-server/https-listener=https' is deprecated, and may be removed in a future version. See the attribute description in the output of the read-resource-description operation to learn more about the deprecation.
21:12:47,656 INFO [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0039: Creating http management service using socket-binding (management-http)
21:12:47,689 INFO [org.xnio] (MSC service thread 1-5) XNIO version 3.7.7.Final
21:12:47,704 INFO [org.xnio.nio] (MSC service thread 1-5) XNIO NIO Implementation Version 3.7.7.Final
21:12:47,746 WARN [org.jboss.as.txn] (ServerService Thread Pool -- 49) WFLYTX0013: The node-identifier attribute on the /subsystem=transactions is set to the default value. This is a danger for environments running multiple servers. Please make sure the attribute value is unique.
21:12:47,793 INFO [org.wildfly.extension.io] (ServerService Thread Pool -- 36) WFLYIO001: Worker 'default' has auto-configured to 24 IO threads with 192 max task threads based on your 12 available processors
21:12:47,798 INFO [org.jboss.as.security] (ServerService Thread Pool -- 48) WFLYSEC0002: Activating Security Subsystem
21:12:47,798 INFO [org.jboss.as.jaxrs] (ServerService Thread Pool -- 38) WFLYRS0016: RESTEasy version 3.11.2.Final
21:12:47,797 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 37) WFLYCLINF0001: Activating Infinispan subsystem.
21:12:47,797 INFO [org.wildfly.extension.microprofile.config.smallrye._private] (ServerService Thread Pool -- 51) WFLYCONF0001: Activating WildFly MicroProfile Config Subsystem
21:12:47,805 INFO [org.jboss.as.naming] (ServerService Thread Pool -- 43) WFLYNAM0001: Activating Naming Subsystem
21:12:47,816 INFO [org.jboss.as.security] (MSC service thread 1-8) WFLYSEC0001: Current PicketBox version=5.0.3.Final
21:12:47,823 INFO [org.wildfly.extension.microprofile.health.smallrye] (ServerService Thread Pool -- 52) WFLYHEALTH0001: Activating Eclipse MicroProfile Health Subsystem
21:12:47,825 INFO [org.wildfly.extension.microprofile.metrics.smallrye] (ServerService Thread Pool -- 53) WFLYMETRICS0001: Activating Eclipse MicroProfile Metrics Subsystem
21:12:47,833 INFO [org.wildfly.extension.undertow] (MSC service thread 1-7) WFLYUT0003: Undertow 2.1.0.Final starting
21:12:47,866 WARN [org.wildfly.clustering.web.undertow] (ServerService Thread Pool -- 54) WFLYCLWEBUT0007: No routing provider found for default-server; using legacy provider based on static configuration
21:12:47,883 INFO [org.jboss.as.connector] (MSC service thread 1-5) WFLYJCA0009: Starting JCA Subsystem (WildFly/IronJacamar 1.4.20.Final)
21:12:47,977 INFO [org.jboss.as.connector.subsystems.datasources] (ServerService Thread Pool -- 32) WFLYJCA0004: Deploying JDBC-compliant driver class org.h2.Driver (version 1.4)
21:12:47,999 INFO [org.jboss.as.connector.deployers.jdbc] (MSC service thread 1-5) WFLYJCA0018: Started Driver service with driver-name = h2
21:12:48,003 INFO [org.jboss.as.mail.extension] (MSC service thread 1-5) WFLYMAIL0001: Bound mail session [java:jboss/mail/Default]
21:12:48,016 INFO [org.jboss.as.naming] (MSC service thread 1-5) WFLYNAM0003: Starting Naming Service
21:12:48,033 INFO [org.jboss.remoting] (MSC service thread 1-4) JBoss Remoting version 5.0.17.Final
21:12:48,040 INFO [org.jboss.as.connector.subsystems.datasources] (ServerService Thread Pool -- 32) WFLYJCA0005: Deploying non-JDBC-compliant driver class org.postgresql.Driver (version 42.2)
21:12:48,115 INFO [org.jboss.as.connector.deployers.jdbc] (MSC service thread 1-5) WFLYJCA0018: Started Driver service with driver-name = postgresql
21:12:48,119 INFO [org.wildfly.extension.undertow] (ServerService Thread Pool -- 54) WFLYUT0014: Creating file handler for path '/opt/local/keycloak-10.0.2/welcome-content' with options [directory-listing: 'false', follow-symlink: 'false', case-sensitive: 'true', safe-symlink-paths: '[]']
21:12:48,173 INFO [org.wildfly.extension.undertow] (MSC service thread 1-8) WFLYUT0012: Started server default-server.
21:12:48,179 INFO [org.wildfly.extension.undertow] (MSC service thread 1-8) WFLYUT0018: Host default-host starting
21:12:48,294 INFO [org.jboss.as.ejb3] (MSC service thread 1-3) WFLYEJB0482: Strict pool mdb-strict-max-pool is using a max instance size of 48 (per class), which is derived from the number of CPUs on this host.
21:12:48,294 INFO [org.jboss.as.ejb3] (MSC service thread 1-4) WFLYEJB0481: Strict pool slsb-strict-max-pool is using a max instance size of 192 (per class), which is derived from thread worker pool sizing.
21:12:48,321 INFO [org.wildfly.extension.undertow] (MSC service thread 1-8) WFLYUT0006: Undertow HTTP listener default listening on 0.0.0.0:8080
21:12:48,804 INFO [org.jboss.as.ejb3] (MSC service thread 1-8) WFLYEJB0493: EJB subsystem suspension complete
21:12:48,951 INFO [org.jboss.as.connector.subsystems.datasources] (MSC service thread 1-3) WFLYJCA0001: Bound data source [java:jboss/datasources/KeycloakDS]
21:12:48,951 INFO [org.jboss.as.connector.subsystems.datasources] (MSC service thread 1-1) WFLYJCA0001: Bound data source [java:jboss/datasources/ExampleDS]
21:12:49,315 INFO [org.jboss.as.patching] (MSC service thread 1-3) WFLYPAT0050: Keycloak cumulative patch ID is: base, one-off patches include: none
21:12:49,345 WARN [org.jboss.as.domain.management.security] (MSC service thread 1-4) WFLYDM0111: Keystore /opt/local/keycloak-10.0.2/standalone/configuration/application.keystore not found, it will be auto generated on first use with a self signed certificate for host localhost
21:12:49,353 INFO [org.jboss.as.server.deployment.scanner] (MSC service thread 1-7) WFLYDS0013: Started FileSystemDeploymentService for directory /opt/local/keycloak-10.0.2/standalone/deployments
21:12:49,404 INFO [org.jboss.as.server.deployment] (MSC service thread 1-4) WFLYSRV0027: Starting deployment of "keycloak-server.war" (runtime-name: "keycloak-server.war")
21:12:49,522 INFO [org.wildfly.extension.undertow] (MSC service thread 1-6) WFLYUT0006: Undertow HTTPS listener https listening on 0.0.0.0:8443
21:12:50,495 INFO [org.infinispan.factories.GlobalComponentRegistry] (MSC service thread 1-5) ISPN000128: Infinispan version: Infinispan 'Infinity Minus ONE +2' 9.4.18.Final
21:12:51,102 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 67) WFLYCLINF0002: Started actionTokens cache from keycloak container
21:12:51,110 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 62) WFLYCLINF0002: Started authenticationSessions cache from keycloak container
21:12:51,109 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 66) WFLYCLINF0002: Started work cache from keycloak container
21:12:51,110 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 58) WFLYCLINF0002: Started authorization cache from keycloak container
21:12:51,102 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 63) WFLYCLINF0002: Started clientSessions cache from keycloak container
21:12:51,102 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 65) WFLYCLINF0002: Started loginFailures cache from keycloak container
21:12:51,102 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 61) WFLYCLINF0002: Started users cache from keycloak container
21:12:51,109 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 60) WFLYCLINF0002: Started offlineSessions cache from keycloak container
21:12:51,109 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 57) WFLYCLINF0002: Started realms cache from keycloak container
21:12:51,109 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 59) WFLYCLINF0002: Started sessions cache from keycloak container
21:12:51,110 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 64) WFLYCLINF0002: Started offlineClientSessions cache from keycloak container
21:12:51,110 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 56) WFLYCLINF0002: Started keys cache from keycloak container
21:12:51,184 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 68) WFLYCLINF0002: Started client-mappings cache from ejb container
21:12:51,359 WARN [org.jboss.as.server.deployment] (MSC service thread 1-1) WFLYSRV0273: Excluded subsystem webservices via jboss-deployment-structure.xml does not exist.
21:12:52,308 INFO [org.keycloak.services] (ServerService Thread Pool -- 57) KC-SERVICES0001: Loading config from standalone.xml or domain.xml
21:12:52,568 INFO [org.keycloak.url.DefaultHostnameProviderFactory] (ServerService Thread Pool -- 57) Frontend: <request>, Admin: <frontend>, Backend: <request>
21:12:53,562 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 57) WFLYCLINF0002: Started realmRevisions cache from keycloak container
21:12:53,589 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 57) WFLYCLINF0002: Started userRevisions cache from keycloak container
21:12:53,621 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 57) WFLYCLINF0002: Started authorizationRevisions cache from keycloak container
21:12:53,625 INFO [org.keycloak.connections.infinispan.DefaultInfinispanConnectionProviderFactory] (ServerService Thread Pool -- 57) Node name: node_697777, Site name: null
21:12:57,363 INFO [org.hibernate.jpa.internal.util.LogHelper] (ServerService Thread Pool -- 57) HHH000204: Processing PersistenceUnitInfo [
name: keycloak-default
...]
21:12:57,445 INFO [org.hibernate.Version] (ServerService Thread Pool -- 57) HHH000412: Hibernate Core {5.3.15.Final}
21:12:57,448 INFO [org.hibernate.cfg.Environment] (ServerService Thread Pool -- 57) HHH000206: hibernate.properties not found
21:12:57,626 INFO [org.hibernate.annotations.common.Version] (ServerService Thread Pool -- 57) HCANN000001: Hibernate Commons Annotations {5.0.5.Final}
21:12:58,056 INFO [org.hibernate.dialect.Dialect] (ServerService Thread Pool -- 57) HHH000400: Using dialect: org.hibernate.dialect.PostgreSQL95Dialect
21:12:58,223 INFO [org.hibernate.engine.jdbc.env.internal.LobCreatorBuilderImpl] (ServerService Thread Pool -- 57) HHH000424: Disabling contextual LOB creation as createClob() method threw error : java.lang.reflect.InvocationTargetException
21:12:58,237 INFO [org.hibernate.type.BasicTypeRegistry] (ServerService Thread Pool -- 57) HHH000270: Type registration [java.util.UUID] overrides previous : org.hibernate.type.UUIDBinaryType@6ec2a27b
21:12:58,250 INFO [org.hibernate.envers.boot.internal.EnversServiceImpl] (ServerService Thread Pool -- 57) Envers integration enabled? : true
21:12:59,076 INFO [org.hibernate.orm.beans] (ServerService Thread Pool -- 57) HHH10005002: No explicit CDI BeanManager reference was passed to Hibernate, but CDI is available on the Hibernate ClassLoader.
21:12:59,172 INFO [org.hibernate.validator.internal.util.Version] (ServerService Thread Pool -- 57) HV000001: Hibernate Validator 6.0.18.Final
21:13:01,212 INFO [org.hibernate.hql.internal.QueryTranslatorFactoryInitiator] (ServerService Thread Pool -- 57) HHH000397: Using ASTQueryTranslatorFactory
21:13:02,448 INFO [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 57) RESTEASY002225: Deploying javax.ws.rs.core.Application: class org.keycloak.services.resources.KeycloakApplication
21:13:02,450 INFO [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 57) RESTEASY002200: Adding class resource org.keycloak.services.resources.ThemeResource from Application class org.keycloak.services.resources.KeycloakApplication
21:13:02,451 INFO [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 57) RESTEASY002205: Adding provider class org.keycloak.services.filters.KeycloakSecurityHeadersFilter from Application class org.keycloak.services.resources.KeycloakApplication
21:13:02,451 INFO [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 57) RESTEASY002205: Adding provider class org.keycloak.services.filters.KeycloakTransactionCommitter from Application class org.keycloak.services.resources.KeycloakApplication
21:13:02,451 INFO [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 57) RESTEASY002205: Adding provider class org.keycloak.services.error.KeycloakErrorHandler from Application class org.keycloak.services.resources.KeycloakApplication
21:13:02,451 INFO [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 57) RESTEASY002200: Adding class resource org.keycloak.services.resources.JsResource from Application class org.keycloak.services.resources.KeycloakApplication
21:13:02,452 INFO [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 57) RESTEASY002220: Adding singleton resource org.keycloak.services.resources.RobotsResource from Application class org.keycloak.services.resources.KeycloakApplication
21:13:02,452 INFO [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 57) RESTEASY002220: Adding singleton resource org.keycloak.services.resources.admin.AdminRoot from Application class org.keycloak.services.resources.KeycloakApplication
21:13:02,452 INFO [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 57) RESTEASY002220: Adding singleton resource org.keycloak.services.resources.RealmsResource from Application class org.keycloak.services.resources.KeycloakApplication
21:13:02,452 INFO [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 57) RESTEASY002220: Adding singleton resource org.keycloak.services.resources.WelcomeResource from Application class org.keycloak.services.resources.KeycloakApplication
21:13:02,452 INFO [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 57) RESTEASY002210: Adding provider singleton org.keycloak.services.util.ObjectMapperResolver from Application class org.keycloak.services.resources.KeycloakApplication
21:13:02,592 INFO [org.wildfly.extension.undertow] (ServerService Thread Pool -- 57) WFLYUT0021: Registered web context: '/auth' for server 'default-server'
21:13:02,684 INFO [org.jboss.as.server] (ServerService Thread Pool -- 55) WFLYSRV0010: Deployed "keycloak-server.war" (runtime-name : "keycloak-server.war")
21:13:02,735 INFO [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0212: Resuming server
21:13:02,738 INFO [org.jboss.as] (Controller Boot Thread) WFLYSRV0060: Http management interface listening on http://127.0.0.1:9990/management
21:13:02,738 INFO [org.jboss.as] (Controller Boot Thread) WFLYSRV0051: Admin console listening on http://127.0.0.1:9990
21:13:02,738 INFO [org.jboss.as] (Controller Boot Thread) WFLYSRV0025: Keycloak 10.0.2 (WildFly Core 11.1.1.Final) started in 19699ms - Started 592 of 890 services (606 services are lazy, passive or on-demand)
Raw
module.xml
<?xml version="1.0"?>
<module xmlns="urn:jboss:module:1.3" name="org.postgresql">
<resources>
<resource-root path="postgresql-42.2.14.jar" />
</resources>
<dependencies>
<module name="javax.api" />
<module name="javax.transaction.api" />
</dependencies>
</module>
Raw
ssh_config
Host keycloakzone
Hostname 10.10.10.10
LocalForward 8080 localhost:8080
LocalForward 8443 localhost:8443
LocalForward 9990 localhost:9990
User keycloak
Raw
standalone.xml
<?xml version='1.0' encoding='utf-8'?>
<server xmlns="urn:jboss:domain:10.0">
<extensions>
<extension module="org.jboss.as.clustering.infinispan" />
<extension module="org.jboss.as.connector" />
<extension module="org.jboss.as.deployment-scanner" />
<extension module="org.jboss.as.ee" />
<extension module="org.jboss.as.ejb3" />
<extension module="org.jboss.as.jaxrs" />
<extension module="org.jboss.as.jmx" />
<extension module="org.jboss.as.jpa" />
<extension module="org.jboss.as.logging" />
<extension module="org.jboss.as.mail" />
<extension module="org.jboss.as.naming" />
<extension module="org.jboss.as.remoting" />
<extension module="org.jboss.as.security" />
<extension module="org.jboss.as.transactions" />
<extension module="org.jboss.as.weld" />
<extension module="org.keycloak.keycloak-server-subsystem" />
<extension module="org.wildfly.extension.bean-validation" />
<extension module="org.wildfly.extension.core-management" />
<extension module="org.wildfly.extension.elytron" />
<extension module="org.wildfly.extension.io" />
<extension module="org.wildfly.extension.microprofile.config-smallrye" />
<extension module="org.wildfly.extension.microprofile.health-smallrye" />
<extension module="org.wildfly.extension.microprofile.metrics-smallrye" />
<extension module="org.wildfly.extension.request-controller" />
<extension module="org.wildfly.extension.security.manager" />
<extension module="org.wildfly.extension.undertow" />
</extensions>
<management>
<security-realms>
<security-realm name="ManagementRealm">
<authentication>
<local default-user="$local" skip-group-loading="true" />
<properties path="mgmt-users.properties" relative-to="jboss.server.config.dir" />
</authentication>
<authorization map-groups-to-roles="false">
<properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir" />
</authorization>
</security-realm>
<security-realm name="ApplicationRealm">
<server-identities>
<ssl>
<keystore path="application.keystore" relative-to="jboss.server.config.dir" keystore-password="password" alias="server" key-password="password" generate-self-signed-certificate-host="localhost" />
</ssl>
</server-identities>
<authentication>
<local default-user="$local" allowed-users="*" skip-group-loading="true" />
<properties path="application-users.properties" relative-to="jboss.server.config.dir" />
</authentication>
<authorization>
<properties path="application-roles.properties" relative-to="jboss.server.config.dir" />
</authorization>
</security-realm>
</security-realms>
<audit-log>
<formatters>
<json-formatter name="json-formatter" />
</formatters>
<handlers>
<file-handler name="file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.server.data.dir" />
</handlers>
<logger log-boot="true" log-read-only="false" enabled="false">
<handlers>
<handler name="file" />
</handlers>
</logger>
</audit-log>
<management-interfaces>
<http-interface security-realm="ManagementRealm">
<http-upgrade enabled="true" />
<socket-binding http="management-http" />
</http-interface>
</management-interfaces>
<access-control provider="simple">
<role-mapping>
<role name="SuperUser">
<include>
<user name="$local" />
</include>
</role>
</role-mapping>
</access-control>
</management>
<profile>
<subsystem xmlns="urn:jboss:domain:logging:8.0">
<console-handler name="CONSOLE">
<level name="INFO" />
<formatter>
<named-formatter name="COLOR-PATTERN" />
</formatter>
</console-handler>
<periodic-rotating-file-handler name="FILE" autoflush="true">
<formatter>
<named-formatter name="PATTERN" />
</formatter>
<file relative-to="jboss.server.log.dir" path="server.log" />
<suffix value=".yyyy-MM-dd" />
<append value="true" />
</periodic-rotating-file-handler>
<logger category="com.arjuna">
<level name="WARN" />
</logger>
<logger category="io.jaegertracing.Configuration">
<level name="WARN" />
</logger>
<logger category="org.jboss.as.config">
<level name="DEBUG" />
</logger>
<logger category="sun.rmi">
<level name="WARN" />
</logger>
<root-logger>
<level name="INFO" />
<handlers>
<handler name="CONSOLE" />
<handler name="FILE" />
</handlers>
</root-logger>
<formatter name="PATTERN">
<pattern-formatter pattern="%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n" />
</formatter>
<formatter name="COLOR-PATTERN">
<pattern-formatter pattern="%K{level}%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n" />
</formatter>
</subsystem>
<subsystem xmlns="urn:jboss:domain:bean-validation:1.0" />
<subsystem xmlns="urn:jboss:domain:core-management:1.0" />
<subsystem xmlns="urn:jboss:domain:datasources:5.0">
<datasources>
<datasource jndi-name="java:jboss/datasources/ExampleDS" pool-name="ExampleDS" enabled="true" use-java-context="true" statistics-enabled="${wildfly.datasources.statistics-enabled:${wildfly.statistics-enabled:false}}">
<connection-url>jdbc:h2:mem:test;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE</connection-url>
<driver>h2</driver>
<security>
<user-name>sa</user-name>
<password>sa</password>
</security>
</datasource>
<datasource jndi-name="java:jboss/datasources/KeycloakDS" pool-name="KeycloakDS" enabled="true" use-java-context="true">
<!-- https://www.keycloak.org/docs/4.8/server_installation/#modify-the-keycloak-datasource -->
<connection-url>jdbc:postgresql://localhost/keycloak</connection-url>
<driver>postgresql</driver>
<pool>
<max-pool-size>20</max-pool-size>
</pool>
<security>
<user-name>keycloak</user-name>
<password>secretforuserkeycloak</password>
</security>
</datasource>
<drivers>
<driver name="h2" module="com.h2database.h2">
<xa-datasource-class>org.h2.jdbcx.JdbcDataSource</xa-datasource-class>
</driver>
<driver name="postgresql" module="org.postgresql">
<xa-datasource-class>org.postgresql.xa.PGXADataSource</xa-datasource-class>
</driver>
</drivers>
</datasources>
</subsystem>
<subsystem xmlns="urn:jboss:domain:deployment-scanner:2.0">
<deployment-scanner path="deployments" relative-to="jboss.server.base.dir" scan-interval="5000" runtime-failure-causes-rollback="${jboss.deployment.scanner.rollback.on.failure:false}" />
</subsystem>
<subsystem xmlns="urn:jboss:domain:ee:5.0">
<spec-descriptor-property-replacement>false</spec-descriptor-property-replacement>
<concurrent>
<context-services>
<context-service name="default" jndi-name="java:jboss/ee/concurrency/context/default" use-transaction-setup-provider="true" />
</context-services>
<managed-thread-factories>
<managed-thread-factory name="default" jndi-name="java:jboss/ee/concurrency/factory/default" context-service="default" />
</managed-thread-factories>
<managed-executor-services>
<managed-executor-service name="default" jndi-name="java:jboss/ee/concurrency/executor/default" context-service="default" hung-task-threshold="60000" keepalive-time="5000" />
</managed-executor-services>
<managed-scheduled-executor-services>
<managed-scheduled-executor-service name="default" jndi-name="java:jboss/ee/concurrency/scheduler/default" context-service="default" hung-task-threshold="60000" keepalive-time="3000" />
</managed-scheduled-executor-services>
</concurrent>
<default-bindings context-service="java:jboss/ee/concurrency/context/default" datasource="java:jboss/datasources/ExampleDS" managed-executor-service="java:jboss/ee/concurrency/executor/default" managed-scheduled-executor-service="java:jboss/ee/concurrency/scheduler/default" managed-thread-factory="java:jboss/ee/concurrency/factory/default" />
</subsystem>
<subsystem xmlns="urn:jboss:domain:ejb3:6.0">
<session-bean>
<stateless>
<bean-instance-pool-ref pool-name="slsb-strict-max-pool" />
</stateless>
<stateful default-access-timeout="5000" cache-ref="simple" passivation-disabled-cache-ref="simple" />
<singleton default-access-timeout="5000" />
</session-bean>
<pools>
<bean-instance-pools>
<strict-max-pool name="mdb-strict-max-pool" derive-size="from-cpu-count" instance-acquisition-timeout="5" instance-acquisition-timeout-unit="MINUTES" />
<strict-max-pool name="slsb-strict-max-pool" derive-size="from-worker-pools" instance-acquisition-timeout="5" instance-acquisition-timeout-unit="MINUTES" />
</bean-instance-pools>
</pools>
<caches>
<cache name="simple" />
<cache name="distributable" passivation-store-ref="infinispan" aliases="passivating clustered" />
</caches>
<passivation-stores>
<passivation-store name="infinispan" cache-container="ejb" max-size="10000" />
</passivation-stores>
<async thread-pool-name="default" />
<timer-service thread-pool-name="default" default-data-store="default-file-store">
<data-stores>
<file-data-store name="default-file-store" path="timer-service-data" relative-to="jboss.server.data.dir" />
</data-stores>
</timer-service>
<remote connector-ref="http-remoting-connector" thread-pool-name="default">
<channel-creation-options>
<option name="MAX_OUTBOUND_MESSAGES" value="1234" type="remoting" />
</channel-creation-options>
</remote>
<thread-pools>
<thread-pool name="default">
<max-threads count="10" />
<keepalive-time time="60" unit="seconds" />
</thread-pool>
</thread-pools>
<default-security-domain value="other" />
<default-missing-method-permissions-deny-access value="true" />
<statistics enabled="${wildfly.ejb3.statistics-enabled:${wildfly.statistics-enabled:false}}" />
<log-system-exceptions value="true" />
</subsystem>
<subsystem xmlns="urn:jboss:domain:io:3.0">
<worker name="default" />
<buffer-pool name="default" />
</subsystem>
<subsystem xmlns="urn:jboss:domain:infinispan:9.0">
<cache-container name="keycloak">
<local-cache name="realms">
<object-memory size="10000" />
</local-cache>
<local-cache name="users">
<object-memory size="10000" />
</local-cache>
<local-cache name="sessions" />
<local-cache name="authenticationSessions" />
<local-cache name="offlineSessions" />
<local-cache name="clientSessions" />
<local-cache name="offlineClientSessions" />
<local-cache name="loginFailures" />
<local-cache name="work" />
<local-cache name="authorization">
<object-memory size="10000" />
</local-cache>
<local-cache name="keys">
<object-memory size="1000" />
<expiration max-idle="3600000" />
</local-cache>
<local-cache name="actionTokens">
<object-memory size="-1" />
<expiration max-idle="-1" interval="300000" />
</local-cache>
</cache-container>
<cache-container name="server" default-cache="default" module="org.wildfly.clustering.server">
<local-cache name="default">
<transaction mode="BATCH" />
</local-cache>
</cache-container>
<cache-container name="web" default-cache="passivation" module="org.wildfly.clustering.web.infinispan">
<local-cache name="passivation">
<locking isolation="REPEATABLE_READ" />
<transaction mode="BATCH" />
<file-store passivation="true" purge="false" />
</local-cache>
<local-cache name="sso">
<locking isolation="REPEATABLE_READ" />
<transaction mode="BATCH" />
</local-cache>
<local-cache name="routing" />
</cache-container>
<cache-container name="ejb" aliases="sfsb" default-cache="passivation" module="org.wildfly.clustering.ejb.infinispan">
<local-cache name="passivation">
<locking isolation="REPEATABLE_READ" />
<transaction mode="BATCH" />
<file-store passivation="true" purge="false" />
</local-cache>
</cache-container>
<cache-container name="hibernate" module="org.infinispan.hibernate-cache">
<local-cache name="entity">
<object-memory size="10000" />
<expiration max-idle="100000" />
</local-cache>
<local-cache name="local-query">
<object-memory size="10000" />
<expiration max-idle="100000" />
</local-cache>
<local-cache name="timestamps" />
</cache-container>
</subsystem>
<subsystem xmlns="urn:jboss:domain:jaxrs:2.0" />
<subsystem xmlns="urn:jboss:domain:jca:5.0">
<archive-validation enabled="true" fail-on-error="true" fail-on-warn="false" />
<bean-validation enabled="true" />
<default-workmanager>
<short-running-threads>
<core-threads count="50" />
<queue-length count="50" />
<max-threads count="50" />
<keepalive-time time="10" unit="seconds" />
</short-running-threads>
<long-running-threads>
<core-threads count="50" />
<queue-length count="50" />
<max-threads count="50" />
<keepalive-time time="10" unit="seconds" />
</long-running-threads>
</default-workmanager>
<cached-connection-manager />
</subsystem>
<subsystem xmlns="urn:jboss:domain:jmx:1.3">
<expose-resolved-model />
<expose-expression-model />
<remoting-connector />
</subsystem>
<subsystem xmlns="urn:jboss:domain:jpa:1.1">
<jpa default-datasource="" default-extended-persistence-inheritance="DEEP" />
</subsystem>
<subsystem xmlns="urn:jboss:domain:mail:3.0">
<mail-session name="default" jndi-name="java:jboss/mail/Default">
<smtp-server outbound-socket-binding-ref="mail-smtp" />
</mail-session>
</subsystem>
<subsystem xmlns="urn:jboss:domain:naming:2.0">
<remote-naming />
</subsystem>
<subsystem xmlns="urn:jboss:domain:remoting:4.0">
<http-connector name="http-remoting-connector" connector-ref="default" security-realm="ApplicationRealm" />
</subsystem>
<subsystem xmlns="urn:jboss:domain:request-controller:1.0" />
<subsystem xmlns="urn:jboss:domain:security-manager:1.0">
<deployment-permissions>
<maximum-set>
<permission class="java.security.AllPermission" />
</maximum-set>
</deployment-permissions>
</subsystem>
<subsystem xmlns="urn:wildfly:elytron:9.0" final-providers="combined-providers" disallowed-providers="OracleUcrypto">
<providers>
<aggregate-providers name="combined-providers">
<providers name="elytron" />
<providers name="openssl" />
</aggregate-providers>
<provider-loader name="elytron" module="org.wildfly.security.elytron" />
<provider-loader name="openssl" module="org.wildfly.openssl" />
</providers>
<audit-logging>
<file-audit-log name="local-audit" path="audit.log" relative-to="jboss.server.log.dir" format="JSON" />
</audit-logging>
<security-domains>
<security-domain name="ApplicationDomain" default-realm="ApplicationRealm" permission-mapper="default-permission-mapper">
<realm name="ApplicationRealm" role-decoder="groups-to-roles" />
<realm name="local" />
</security-domain>
<security-domain name="ManagementDomain" default-realm="ManagementRealm" permission-mapper="default-permission-mapper">
<realm name="ManagementRealm" role-decoder="groups-to-roles" />
<realm name="local" role-mapper="super-user-mapper" />
</security-domain>
</security-domains>
<security-realms>
<identity-realm name="local" identity="$local" />
<properties-realm name="ApplicationRealm">
<users-properties path="application-users.properties" relative-to="jboss.server.config.dir" digest-realm-name="ApplicationRealm" />
<groups-properties path="application-roles.properties" relative-to="jboss.server.config.dir" />
</properties-realm>
<properties-realm name="ManagementRealm">
<users-properties path="mgmt-users.properties" relative-to="jboss.server.config.dir" digest-realm-name="ManagementRealm" />
<groups-properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir" />
</properties-realm>
</security-realms>
<mappers>
<simple-permission-mapper name="default-permission-mapper" mapping-mode="first">
<permission-mapping>
<principal name="anonymous" />
<permission-set name="default-permissions" />
</permission-mapping>
<permission-mapping match-all="true">
<permission-set name="login-permission" />
<permission-set name="default-permissions" />
</permission-mapping>
</simple-permission-mapper>
<constant-realm-mapper name="local" realm-name="local" />
<simple-role-decoder name="groups-to-roles" attribute="groups" />
<constant-role-mapper name="super-user-mapper">
<role name="SuperUser" />
</constant-role-mapper>
</mappers>
<permission-sets>
<permission-set name="login-permission">
<permission class-name="org.wildfly.security.auth.permission.LoginPermission" />
</permission-set>
<permission-set name="default-permissions">
<permission class-name="org.wildfly.extension.batch.jberet.deployment.BatchPermission" module="org.wildfly.extension.batch.jberet" target-name="*" />
<permission class-name="org.wildfly.transaction.client.RemoteTransactionPermission" module="org.wildfly.transaction.client" />
<permission class-name="org.jboss.ejb.client.RemoteEJBPermission" module="org.jboss.ejb-client" />
</permission-set>
</permission-sets>
<http>
<http-authentication-factory name="management-http-authentication" security-domain="ManagementDomain" http-server-mechanism-factory="global">
<mechanism-configuration>
<mechanism mechanism-name="DIGEST">
<mechanism-realm realm-name="ManagementRealm" />
</mechanism>
</mechanism-configuration>
</http-authentication-factory>
<provider-http-server-mechanism-factory name="global" />
</http>
<sasl>
<sasl-authentication-factory name="application-sasl-authentication" sasl-server-factory="configured" security-domain="ApplicationDomain">
<mechanism-configuration>
<mechanism mechanism-name="JBOSS-LOCAL-USER" realm-mapper="local" />
<mechanism mechanism-name="DIGEST-MD5">
<mechanism-realm realm-name="ApplicationRealm" />
</mechanism>
</mechanism-configuration>
</sasl-authentication-factory>
<sasl-authentication-factory name="management-sasl-authentication" sasl-server-factory="configured" security-domain="ManagementDomain">
<mechanism-configuration>
<mechanism mechanism-name="JBOSS-LOCAL-USER" realm-mapper="local" />
<mechanism mechanism-name="DIGEST-MD5">
<mechanism-realm realm-name="ManagementRealm" />
</mechanism>
</mechanism-configuration>
</sasl-authentication-factory>
<configurable-sasl-server-factory name="configured" sasl-server-factory="elytron">
<properties>
<property name="wildfly.sasl.local-user.default-user" value="$local" />
</properties>
</configurable-sasl-server-factory>
<mechanism-provider-filtering-sasl-server-factory name="elytron" sasl-server-factory="global">
<filters>
<filter provider-name="WildFlyElytron" />
</filters>
</mechanism-provider-filtering-sasl-server-factory>
<provider-sasl-server-factory name="global" />
</sasl>
</subsystem>
<subsystem xmlns="urn:jboss:domain:security:2.0">
<security-domains>
<security-domain name="other" cache-type="default">
<authentication>
<login-module code="Remoting" flag="optional">
<module-option name="password-stacking" value="useFirstPass" />
</login-module>
<login-module code="RealmDirect" flag="required">
<module-option name="password-stacking" value="useFirstPass" />
</login-module>
</authentication>
</security-domain>
<security-domain name="jboss-web-policy" cache-type="default">
<authorization>
<policy-module code="Delegating" flag="required" />
</authorization>
</security-domain>
<security-domain name="jaspitest" cache-type="default">
<authentication-jaspi>
<login-module-stack name="dummy">
<login-module code="Dummy" flag="optional" />
</login-module-stack>
<auth-module code="Dummy" />
</authentication-jaspi>
</security-domain>
<security-domain name="jboss-ejb-policy" cache-type="default">
<authorization>
<policy-module code="Delegating" flag="required" />
</authorization>
</security-domain>
</security-domains>
</subsystem>
<subsystem xmlns="urn:jboss:domain:transactions:5.0">
<core-environment node-identifier="${jboss.tx.node.id:1}">
<process-id>
<uuid />
</process-id>
</core-environment>
<recovery-environment socket-binding="txn-recovery-environment" status-socket-binding="txn-status-manager" />
<coordinator-environment statistics-enabled="${wildfly.transactions.statistics-enabled:${wildfly.statistics-enabled:false}}" />
<object-store path="tx-object-store" relative-to="jboss.server.data.dir" />
</subsystem>
<subsystem xmlns="urn:jboss:domain:weld:4.0" />
<subsystem xmlns="urn:wildfly:microprofile-config-smallrye:1.0" />
<subsystem xmlns="urn:wildfly:microprofile-health-smallrye:2.0" security-enabled="false" empty-liveness-checks-status="${env.MP_HEALTH_EMPTY_LIVENESS_CHECKS_STATUS:UP}" empty-readiness-checks-status="${env.MP_HEALTH_EMPTY_READINESS_CHECKS_STATUS:UP}" />
<subsystem xmlns="urn:wildfly:microprofile-metrics-smallrye:2.0" security-enabled="false" exposed-subsystems="*" prefix="${wildfly.metrics.prefix:wildfly}" />
<subsystem xmlns="urn:jboss:domain:undertow:10.0" default-server="default-server" default-virtual-host="default-host" default-servlet-container="default" default-security-domain="other" statistics-enabled="${wildfly.undertow.statistics-enabled:${wildfly.statistics-enabled:false}}">
<buffer-cache name="default" />
<server name="default-server">
<http-listener name="default" socket-binding="http" redirect-socket="https" enable-http2="true" />
<https-listener name="https" socket-binding="https" security-realm="ApplicationRealm" enable-http2="true" />
<host name="default-host" alias="localhost">
<location name="/" handler="welcome-content" />
<http-invoker security-realm="ApplicationRealm" />
</host>
</server>
<servlet-container name="default">
<jsp-config />
<websockets />
</servlet-container>
<handlers>
<file name="welcome-content" path="${jboss.home.dir}/welcome-content" />
</handlers>
</subsystem>
<subsystem xmlns="urn:jboss:domain:keycloak-server:1.1">
<web-context>auth</web-context>
<providers>
<provider>classpath:${jboss.home.dir}/providers/*</provider>
</providers>
<master-realm-name>master</master-realm-name>
<scheduled-task-interval>900</scheduled-task-interval>
<theme>
<staticMaxAge>2592000</staticMaxAge>
<cacheThemes>true</cacheThemes>
<cacheTemplates>true</cacheTemplates>
<dir>${jboss.home.dir}/themes</dir>
</theme>
<spi name="eventsStore">
<provider name="jpa" enabled="true">
<properties>
<property name="exclude-events" value="[&quot;REFRESH_TOKEN&quot;]" />
</properties>
</provider>
</spi>
<spi name="userCache">
<provider name="default" enabled="true" />
</spi>
<spi name="userSessionPersister">
<default-provider>jpa</default-provider>
</spi>
<spi name="timer">
<default-provider>basic</default-provider>
</spi>
<spi name="connectionsHttpClient">
<provider name="default" enabled="true" />
</spi>
<spi name="connectionsJpa">
<provider name="default" enabled="true">
<properties>
<property name="dataSource" value="java:jboss/datasources/KeycloakDS" />
<property name="initializeEmpty" value="true" />
<property name="migrationStrategy" value="update" />
<property name="migrationExport" value="${jboss.home.dir}/keycloak-database-update.sql" />
</properties>
</provider>
</spi>
<spi name="realmCache">
<provider name="default" enabled="true" />
</spi>
<spi name="connectionsInfinispan">
<default-provider>default</default-provider>
<provider name="default" enabled="true">
<properties>
<property name="cacheContainer" value="java:jboss/infinispan/container/keycloak" />
</properties>
</provider>
</spi>
<spi name="jta-lookup">
<default-provider>${keycloak.jta.lookup.provider:jboss}</default-provider>
<provider name="jboss" enabled="true" />
</spi>
<spi name="publicKeyStorage">
<provider name="infinispan" enabled="true">
<properties>
<property name="minTimeBetweenRequests" value="10" />
</properties>
</provider>
</spi>
<spi name="x509cert-lookup">
<default-provider>${keycloak.x509cert.lookup.provider:default}</default-provider>
<provider name="default" enabled="true" />
</spi>
<spi name="hostname">
<default-provider>default</default-provider>
<provider name="default" enabled="true">
<properties>
<property name="frontendUrl" value="${keycloak.frontendUrl:}" />
<property name="forceBackendUrlToFrontendUrl" value="false" />
</properties>
</provider>
</spi>
</subsystem>
</profile>
<interfaces>
<interface name="management">
<inet-address value="${jboss.bind.address.management:127.0.0.1}" />
</interface>
<interface name="public">
<inet-address value="${jboss.bind.address:127.0.0.1}" />
</interface>
</interfaces>
<socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
<socket-binding name="ajp" port="${jboss.ajp.port:8009}" />
<socket-binding name="http" port="${jboss.http.port:8080}" />
<socket-binding name="https" port="${jboss.https.port:8443}" />
<socket-binding name="management-http" interface="management" port="${jboss.management.http.port:9990}" />
<socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9993}" />
<socket-binding name="txn-recovery-environment" port="4712" />
<socket-binding name="txn-status-manager" port="4713" />
<outbound-socket-binding name="mail-smtp">
<remote-destination host="localhost" port="25" />
</outbound-socket-binding>
</socket-binding-group>
</server>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment