Last active
September 7, 2023 08:48
-
-
Save weeix/5d73cfc7c0a6a0190eb134daa2827d37 to your computer and use it in GitHub Desktop.
Keycloak 21.0.0 and later doesn't supports LDAPS connections to Active Directory on Windows Server 2012R2? (Connection reset)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Changes detected in configuration. Updating the server image. | |
Updating the configuration and installing your custom providers, if any. Please wait. | |
2023-08-31 03:55:55,568 INFO [io.quarkus.deployment.QuarkusAugmentor] (main) Quarkus augmentation completed in 8313ms | |
Server configuration updated and persisted. Run the following command to review the configuration: | |
kc.sh show-config | |
Next time you run the server, just run: | |
kc.sh start --optimized | |
2023-08-31 03:55:58,478 INFO [org.keycloak.quarkus.runtime.hostname.DefaultHostnameProvider] (main) Hostname settings: Base URL: <unset>, Hostname: <request>, Strict HTTPS: false, Path: <request>, Strict BackChannel: false, Admin URL: <unset>, Admin: <request>, Port: -1, Proxied: true | |
2023-08-31 03:56:00,681 WARN [io.quarkus.agroal.runtime.DataSources] (main) Datasource <default> enables XA but transaction recovery is not enabled. Please enable transaction recovery by setting quarkus.transaction-manager.enable-recovery=true, otherwise data may be lost if the application is terminated abruptly | |
2023-08-31 03:56:02,138 INFO [org.infinispan.SERVER] (keycloak-cache-init) ISPN005054: Native IOUring transport not available, using NIO instead: io.netty.incubator.channel.uring.IOUring | |
2023-08-31 03:56:02,264 WARN [org.infinispan.PERSISTENCE] (keycloak-cache-init) ISPN000554: jboss-marshalling is deprecated and planned for removal | |
2023-08-31 03:56:02,364 WARN [org.infinispan.CONFIG] (keycloak-cache-init) ISPN000569: Unable to persist Infinispan internal caches as no global state enabled | |
2023-08-31 03:56:02,365 WARN [io.quarkus.vertx.http.runtime.VertxHttpRecorder] (main) The X-Forwarded-* and Forwarded headers will be considered when determining the proxy address. This configuration can cause a security issue as clients can forge requests and send a forwarded header that is not overwritten by the proxy. Please consider use one of these headers just to forward the proxy address in requests. | |
2023-08-31 03:56:02,391 INFO [org.infinispan.CONTAINER] (keycloak-cache-init) ISPN000556: Starting user marshaller 'org.infinispan.jboss.marshalling.core.JBossUserMarshaller' | |
2023-08-31 03:56:03,257 INFO [org.infinispan.CLUSTER] (keycloak-cache-init) ISPN000088: Unable to use any JGroups configuration mechanisms provided in properties {}. Using default JGroups configuration! | |
2023-08-31 03:56:03,495 INFO [org.infinispan.CLUSTER] (keycloak-cache-init) ISPN000078: Starting JGroups channel `ISPN` | |
2023-08-31 03:56:03,506 INFO [org.jgroups.JChannel] (keycloak-cache-init) local_addr: 3ce46af8-2a2c-4b86-8bb3-8b7ab041efbe, name: keycloak-5b85b6dd6b-nrwkp-2005 | |
2023-08-31 03:56:03,520 WARN [org.jgroups.protocols.UDP] (keycloak-cache-init) JGRP000015: the send buffer of socket MulticastSocket was set to 1MB, but the OS only allocated 212.99KB | |
2023-08-31 03:56:03,521 WARN [org.jgroups.protocols.UDP] (keycloak-cache-init) JGRP000015: the receive buffer of socket MulticastSocket was set to 20MB, but the OS only allocated 212.99KB | |
2023-08-31 03:56:03,521 WARN [org.jgroups.protocols.UDP] (keycloak-cache-init) JGRP000015: the send buffer of socket MulticastSocket was set to 1MB, but the OS only allocated 212.99KB | |
2023-08-31 03:56:03,522 WARN [org.jgroups.protocols.UDP] (keycloak-cache-init) JGRP000015: the receive buffer of socket MulticastSocket was set to 25MB, but the OS only allocated 212.99KB | |
2023-08-31 03:56:03,532 INFO [org.jgroups.protocols.FD_SOCK2] (keycloak-cache-init) server listening on *.19878 | |
2023-08-31 03:56:04,765 INFO [org.keycloak.quarkus.runtime.storage.legacy.liquibase.QuarkusJpaUpdaterProvider] (main) Initializing database schema. Using changelog META-INF/jpa-changelog-master.xml | |
2023-08-31 03:56:05,538 INFO [org.jgroups.protocols.pbcast.GMS] (keycloak-cache-init) keycloak-5b85b6dd6b-nrwkp-2005: no members discovered after 2003 ms: creating cluster as coordinator | |
2023-08-31 03:56:05,564 INFO [org.infinispan.CLUSTER] (keycloak-cache-init) ISPN000094: Received new cluster view for channel ISPN: [keycloak-5b85b6dd6b-nrwkp-2005|0] (1) [keycloak-5b85b6dd6b-nrwkp-2005] | |
2023-08-31 03:56:05,580 INFO [org.infinispan.CLUSTER] (keycloak-cache-init) ISPN000079: Channel `ISPN` local address is `keycloak-5b85b6dd6b-nrwkp-2005`, physical addresses are `[10.42.7.105:35414]` | |
2023-08-31 03:56:08,163 INFO [org.keycloak.connections.infinispan.DefaultInfinispanConnectionProviderFactory] (main) Node name: keycloak-5b85b6dd6b-nrwkp-2005, Site name: null | |
2023-08-31 03:56:08,360 INFO [org.keycloak.broker.provider.AbstractIdentityProviderMapper] (main) Registering class org.keycloak.broker.provider.mappersync.ConfigSyncEventListener | |
2023-08-31 03:56:08,384 INFO [org.keycloak.services] (main) KC-SERVICES0050: Initializing master realm | |
2023-08-31 03:56:10,899 INFO [io.quarkus] (main) Keycloak 21.0.0 on JVM (powered by Quarkus 2.13.7.Final) started in 14.943s. Listening on: http://0.0.0.0:8080 | |
2023-08-31 03:56:10,900 INFO [io.quarkus] (main) Profile prod activated. | |
2023-08-31 03:56:10,900 INFO [io.quarkus] (main) Installed features: [agroal, cdi, hibernate-orm, jdbc-h2, jdbc-mariadb, jdbc-mssql, jdbc-mysql, jdbc-oracle, jdbc-postgresql, keycloak, logging-gelf, micrometer, narayana-jta, reactive-routes, resteasy, resteasy-jackson, smallrye-context-propagation, smallrye-health, vertx] | |
2023-08-31 03:56:11,156 INFO [org.keycloak.services] (main) KC-SERVICES0009: Added user 'keycloak' to realm 'master' | |
2023-08-31 03:58:08,960 ERROR [org.keycloak.services] (executor-thread-3) KC-SERVICES0055: Error when authenticating to LDAP: simple bind failed: ad.example.com:636: javax.naming.CommunicationException: simple bind failed: ad.example.com:636 [Root exception is java.net.SocketException: Connection or outbound has closed] | |
at java.naming/com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:219) | |
at java.naming/com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2896) | |
at java.naming/com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:348) | |
at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxFromUrl(LdapCtxFactory.java:229) | |
at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:189) | |
at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:247) | |
at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:154) | |
at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:84) | |
at java.naming/javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:732) | |
at java.naming/javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:305) | |
at java.naming/javax.naming.InitialContext.init(InitialContext.java:236) | |
at java.naming/javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154) | |
at org.keycloak.storage.ldap.idm.store.ldap.LDAPContextManager.createLdapContext(LDAPContextManager.java:83) | |
at org.keycloak.storage.ldap.idm.store.ldap.LDAPContextManager.getLdapContext(LDAPContextManager.java:104) | |
at org.keycloak.services.managers.LDAPServerCapabilitiesManager.testLDAP(LDAPServerCapabilitiesManager.java:99) | |
at org.keycloak.services.resources.admin.TestLdapConnectionResource.testLDAPConnection(TestLdapConnectionResource.java:87) | |
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) | |
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77) | |
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) | |
at java.base/java.lang.reflect.Method.invoke(Method.java:568) | |
at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:170) | |
at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:130) | |
at org.jboss.resteasy.core.ResourceMethodInvoker.internalInvokeOnTarget(ResourceMethodInvoker.java:660) | |
at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTargetAfterFilter(ResourceMethodInvoker.java:524) | |
at org.jboss.resteasy.core.ResourceMethodInvoker.lambda$invokeOnTarget$2(ResourceMethodInvoker.java:474) | |
at org.jboss.resteasy.core.interception.jaxrs.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:364) | |
at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:476) | |
at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:434) | |
at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:192) | |
at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:152) | |
at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:183) | |
at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:152) | |
at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:183) | |
at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:141) | |
at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:32) | |
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:492) | |
at org.jboss.resteasy.core.SynchronousDispatcher.lambda$invoke$4(SynchronousDispatcher.java:261) | |
at org.jboss.resteasy.core.SynchronousDispatcher.lambda$preprocess$0(SynchronousDispatcher.java:161) | |
at org.jboss.resteasy.core.interception.jaxrs.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:364) | |
at org.jboss.resteasy.core.SynchronousDispatcher.preprocess(SynchronousDispatcher.java:164) | |
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:247) | |
at io.quarkus.resteasy.runtime.standalone.RequestDispatcher.service(RequestDispatcher.java:73) | |
at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler.dispatch(VertxRequestHandler.java:151) | |
at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler.handle(VertxRequestHandler.java:82) | |
at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler.handle(VertxRequestHandler.java:42) | |
at io.vertx.ext.web.impl.RouteState.handleContext(RouteState.java:1284) | |
at io.vertx.ext.web.impl.RoutingContextImplBase.iterateNext(RoutingContextImplBase.java:173) | |
at io.vertx.ext.web.impl.RoutingContextImpl.next(RoutingContextImpl.java:140) | |
at io.quarkus.vertx.http.runtime.StaticResourcesRecorder$2.handle(StaticResourcesRecorder.java:84) | |
at io.quarkus.vertx.http.runtime.StaticResourcesRecorder$2.handle(StaticResourcesRecorder.java:71) | |
at io.vertx.ext.web.impl.RouteState.handleContext(RouteState.java:1284) | |
at io.vertx.ext.web.impl.RoutingContextImplBase.iterateNext(RoutingContextImplBase.java:173) | |
at io.vertx.ext.web.impl.RoutingContextImpl.next(RoutingContextImpl.java:140) | |
at io.quarkus.vertx.http.runtime.VertxHttpRecorder$6.handle(VertxHttpRecorder.java:430) | |
at io.quarkus.vertx.http.runtime.VertxHttpRecorder$6.handle(VertxHttpRecorder.java:408) | |
at io.vertx.ext.web.impl.RouteState.handleContext(RouteState.java:1284) | |
at io.vertx.ext.web.impl.RoutingContextImplBase.iterateNext(RoutingContextImplBase.java:173) | |
at io.vertx.ext.web.impl.RoutingContextImpl.next(RoutingContextImpl.java:140) | |
at org.keycloak.quarkus.runtime.integration.web.QuarkusRequestFilter.lambda$createBlockingHandler$0(QuarkusRequestFilter.java:82) | |
at io.quarkus.vertx.core.runtime.VertxCoreRecorder$14.runWith(VertxCoreRecorder.java:576) | |
at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2449) | |
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1478) | |
at org.jboss.threads.DelegatingRunnable.run(DelegatingRunnable.java:29) | |
at org.jboss.threads.ThreadLocalResettingRunnable.run(ThreadLocalResettingRunnable.java:29) | |
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) | |
at java.base/java.lang.Thread.run(Thread.java:833) | |
Caused by: java.net.SocketException: Connection or outbound has closed | |
at java.base/sun.security.ssl.SSLSocketImpl$AppOutputStream.write(SSLSocketImpl.java:1301) | |
at java.base/java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:81) | |
at java.base/java.io.BufferedOutputStream.flush(BufferedOutputStream.java:142) | |
at java.naming/com.sun.jndi.ldap.Connection.writeRequest(Connection.java:415) | |
at java.naming/com.sun.jndi.ldap.Connection.writeRequest(Connection.java:388) | |
at java.naming/com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:359) | |
at java.naming/com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:214) | |
... 65 more | |
2023-08-31 04:01:07,646 ERROR [org.keycloak.services] (executor-thread-3) KC-SERVICES0055: Error when authenticating to LDAP: simple bind failed: ad.example.com:636: javax.naming.CommunicationException: simple bind failed: ad.example.com:636 [Root exception is java.net.SocketException: Connection reset] | |
at java.naming/com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:219) | |
at java.naming/com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2896) | |
at java.naming/com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:348) | |
at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxFromUrl(LdapCtxFactory.java:229) | |
at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:189) | |
at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:247) | |
at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:154) | |
at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:84) | |
at java.naming/javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:732) | |
at java.naming/javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:305) | |
at java.naming/javax.naming.InitialContext.init(InitialContext.java:236) | |
at java.naming/javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154) | |
at org.keycloak.storage.ldap.idm.store.ldap.LDAPContextManager.createLdapContext(LDAPContextManager.java:83) | |
at org.keycloak.storage.ldap.idm.store.ldap.LDAPContextManager.getLdapContext(LDAPContextManager.java:104) | |
at org.keycloak.services.managers.LDAPServerCapabilitiesManager.testLDAP(LDAPServerCapabilitiesManager.java:99) | |
at org.keycloak.services.resources.admin.TestLdapConnectionResource.testLDAPConnection(TestLdapConnectionResource.java:87) | |
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) | |
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77) | |
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) | |
at java.base/java.lang.reflect.Method.invoke(Method.java:568) | |
at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:170) | |
at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:130) | |
at org.jboss.resteasy.core.ResourceMethodInvoker.internalInvokeOnTarget(ResourceMethodInvoker.java:660) | |
at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTargetAfterFilter(ResourceMethodInvoker.java:524) | |
at org.jboss.resteasy.core.ResourceMethodInvoker.lambda$invokeOnTarget$2(ResourceMethodInvoker.java:474) | |
at org.jboss.resteasy.core.interception.jaxrs.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:364) | |
at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:476) | |
at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:434) | |
at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:192) | |
at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:152) | |
at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:183) | |
at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:152) | |
at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:183) | |
at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:141) | |
at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:32) | |
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:492) | |
at org.jboss.resteasy.core.SynchronousDispatcher.lambda$invoke$4(SynchronousDispatcher.java:261) | |
at org.jboss.resteasy.core.SynchronousDispatcher.lambda$preprocess$0(SynchronousDispatcher.java:161) | |
at org.jboss.resteasy.core.interception.jaxrs.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:364) | |
at org.jboss.resteasy.core.SynchronousDispatcher.preprocess(SynchronousDispatcher.java:164) | |
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:247) | |
at io.quarkus.resteasy.runtime.standalone.RequestDispatcher.service(RequestDispatcher.java:73) | |
at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler.dispatch(VertxRequestHandler.java:151) | |
at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler.handle(VertxRequestHandler.java:82) | |
at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler.handle(VertxRequestHandler.java:42) | |
at io.vertx.ext.web.impl.RouteState.handleContext(RouteState.java:1284) | |
at io.vertx.ext.web.impl.RoutingContextImplBase.iterateNext(RoutingContextImplBase.java:173) | |
at io.vertx.ext.web.impl.RoutingContextImpl.next(RoutingContextImpl.java:140) | |
at io.quarkus.vertx.http.runtime.StaticResourcesRecorder$2.handle(StaticResourcesRecorder.java:84) | |
at io.quarkus.vertx.http.runtime.StaticResourcesRecorder$2.handle(StaticResourcesRecorder.java:71) | |
at io.vertx.ext.web.impl.RouteState.handleContext(RouteState.java:1284) | |
at io.vertx.ext.web.impl.RoutingContextImplBase.iterateNext(RoutingContextImplBase.java:173) | |
at io.vertx.ext.web.impl.RoutingContextImpl.next(RoutingContextImpl.java:140) | |
at io.quarkus.vertx.http.runtime.VertxHttpRecorder$6.handle(VertxHttpRecorder.java:430) | |
at io.quarkus.vertx.http.runtime.VertxHttpRecorder$6.handle(VertxHttpRecorder.java:408) | |
at io.vertx.ext.web.impl.RouteState.handleContext(RouteState.java:1284) | |
at io.vertx.ext.web.impl.RoutingContextImplBase.iterateNext(RoutingContextImplBase.java:173) | |
at io.vertx.ext.web.impl.RoutingContextImpl.next(RoutingContextImpl.java:140) | |
at org.keycloak.quarkus.runtime.integration.web.QuarkusRequestFilter.lambda$createBlockingHandler$0(QuarkusRequestFilter.java:82) | |
at io.quarkus.vertx.core.runtime.VertxCoreRecorder$14.runWith(VertxCoreRecorder.java:576) | |
at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2449) | |
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1478) | |
at org.jboss.threads.DelegatingRunnable.run(DelegatingRunnable.java:29) | |
at org.jboss.threads.ThreadLocalResettingRunnable.run(ThreadLocalResettingRunnable.java:29) | |
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) | |
at java.base/java.lang.Thread.run(Thread.java:833) | |
Caused by: java.net.SocketException: Connection reset | |
at java.base/sun.nio.ch.NioSocketImpl.implRead(NioSocketImpl.java:323) | |
at java.base/sun.nio.ch.NioSocketImpl.read(NioSocketImpl.java:350) | |
at java.base/sun.nio.ch.NioSocketImpl$1.read(NioSocketImpl.java:803) | |
at java.base/java.net.Socket$SocketInputStream.read(Socket.java:966) | |
at java.base/sun.security.ssl.SSLSocketInputRecord.read(SSLSocketInputRecord.java:484) | |
at java.base/sun.security.ssl.SSLSocketInputRecord.readHeader(SSLSocketInputRecord.java:478) | |
at java.base/sun.security.ssl.SSLSocketInputRecord.decode(SSLSocketInputRecord.java:160) | |
at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:111) | |
at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1510) | |
at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1425) | |
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:455) | |
at java.base/sun.security.ssl.SSLSocketImpl.ensureNegotiated(SSLSocketImpl.java:925) | |
at java.base/sun.security.ssl.SSLSocketImpl$AppOutputStream.write(SSLSocketImpl.java:1295) | |
at java.base/java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:81) | |
at java.base/java.io.BufferedOutputStream.flush(BufferedOutputStream.java:142) | |
at java.naming/com.sun.jndi.ldap.Connection.writeRequest(Connection.java:415) | |
at java.naming/com.sun.jndi.ldap.Connection.writeRequest(Connection.java:388) | |
at java.naming/com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:359) | |
at java.naming/com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:214) | |
... 65 more | |
2023-08-31 04:01:31,552 ERROR [org.keycloak.services] (executor-thread-3) KC-SERVICES0055: Error when authenticating to LDAP: simple bind failed: ad.example.com:636: javax.naming.CommunicationException: simple bind failed: ad.example.com:636 [Root exception is java.net.SocketException: Connection reset] | |
at java.naming/com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:219) | |
at java.naming/com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2896) | |
at java.naming/com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:348) | |
at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxFromUrl(LdapCtxFactory.java:229) | |
at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:189) | |
at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:247) | |
at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:154) | |
at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:84) | |
at java.naming/javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:732) | |
at java.naming/javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:305) | |
at java.naming/javax.naming.InitialContext.init(InitialContext.java:236) | |
at java.naming/javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154) | |
at org.keycloak.storage.ldap.idm.store.ldap.LDAPContextManager.createLdapContext(LDAPContextManager.java:83) | |
at org.keycloak.storage.ldap.idm.store.ldap.LDAPContextManager.getLdapContext(LDAPContextManager.java:104) | |
at org.keycloak.services.managers.LDAPServerCapabilitiesManager.testLDAP(LDAPServerCapabilitiesManager.java:99) | |
at org.keycloak.services.resources.admin.TestLdapConnectionResource.testLDAPConnection(TestLdapConnectionResource.java:87) | |
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) | |
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77) | |
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) | |
at java.base/java.lang.reflect.Method.invoke(Method.java:568) | |
at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:170) | |
at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:130) | |
at org.jboss.resteasy.core.ResourceMethodInvoker.internalInvokeOnTarget(ResourceMethodInvoker.java:660) | |
at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTargetAfterFilter(ResourceMethodInvoker.java:524) | |
at org.jboss.resteasy.core.ResourceMethodInvoker.lambda$invokeOnTarget$2(ResourceMethodInvoker.java:474) | |
at org.jboss.resteasy.core.interception.jaxrs.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:364) | |
at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:476) | |
at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:434) | |
at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:192) | |
at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:152) | |
at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:183) | |
at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:152) | |
at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:183) | |
at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:141) | |
at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:32) | |
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:492) | |
at org.jboss.resteasy.core.SynchronousDispatcher.lambda$invoke$4(SynchronousDispatcher.java:261) | |
at org.jboss.resteasy.core.SynchronousDispatcher.lambda$preprocess$0(SynchronousDispatcher.java:161) | |
at org.jboss.resteasy.core.interception.jaxrs.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:364) | |
at org.jboss.resteasy.core.SynchronousDispatcher.preprocess(SynchronousDispatcher.java:164) | |
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:247) | |
at io.quarkus.resteasy.runtime.standalone.RequestDispatcher.service(RequestDispatcher.java:73) | |
at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler.dispatch(VertxRequestHandler.java:151) | |
at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler.handle(VertxRequestHandler.java:82) | |
at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler.handle(VertxRequestHandler.java:42) | |
at io.vertx.ext.web.impl.RouteState.handleContext(RouteState.java:1284) | |
at io.vertx.ext.web.impl.RoutingContextImplBase.iterateNext(RoutingContextImplBase.java:173) | |
at io.vertx.ext.web.impl.RoutingContextImpl.next(RoutingContextImpl.java:140) | |
at io.quarkus.vertx.http.runtime.StaticResourcesRecorder$2.handle(StaticResourcesRecorder.java:84) | |
at io.quarkus.vertx.http.runtime.StaticResourcesRecorder$2.handle(StaticResourcesRecorder.java:71) | |
at io.vertx.ext.web.impl.RouteState.handleContext(RouteState.java:1284) | |
at io.vertx.ext.web.impl.RoutingContextImplBase.iterateNext(RoutingContextImplBase.java:173) | |
at io.vertx.ext.web.impl.RoutingContextImpl.next(RoutingContextImpl.java:140) | |
at io.quarkus.vertx.http.runtime.VertxHttpRecorder$6.handle(VertxHttpRecorder.java:430) | |
at io.quarkus.vertx.http.runtime.VertxHttpRecorder$6.handle(VertxHttpRecorder.java:408) | |
at io.vertx.ext.web.impl.RouteState.handleContext(RouteState.java:1284) | |
at io.vertx.ext.web.impl.RoutingContextImplBase.iterateNext(RoutingContextImplBase.java:173) | |
at io.vertx.ext.web.impl.RoutingContextImpl.next(RoutingContextImpl.java:140) | |
at org.keycloak.quarkus.runtime.integration.web.QuarkusRequestFilter.lambda$createBlockingHandler$0(QuarkusRequestFilter.java:82) | |
at io.quarkus.vertx.core.runtime.VertxCoreRecorder$14.runWith(VertxCoreRecorder.java:576) | |
at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2449) | |
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1478) | |
at org.jboss.threads.DelegatingRunnable.run(DelegatingRunnable.java:29) | |
at org.jboss.threads.ThreadLocalResettingRunnable.run(ThreadLocalResettingRunnable.java:29) | |
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) | |
at java.base/java.lang.Thread.run(Thread.java:833) | |
Caused by: java.net.SocketException: Connection reset | |
at java.base/sun.nio.ch.NioSocketImpl.implRead(NioSocketImpl.java:323) | |
at java.base/sun.nio.ch.NioSocketImpl.read(NioSocketImpl.java:350) | |
at java.base/sun.nio.ch.NioSocketImpl$1.read(NioSocketImpl.java:803) | |
at java.base/java.net.Socket$SocketInputStream.read(Socket.java:966) | |
at java.base/sun.security.ssl.SSLSocketInputRecord.read(SSLSocketInputRecord.java:484) | |
at java.base/sun.security.ssl.SSLSocketInputRecord.readHeader(SSLSocketInputRecord.java:478) | |
at java.base/sun.security.ssl.SSLSocketInputRecord.decode(SSLSocketInputRecord.java:160) | |
at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:111) | |
at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1510) | |
at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1425) | |
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:455) | |
at java.base/sun.security.ssl.SSLSocketImpl.ensureNegotiated(SSLSocketImpl.java:925) | |
at java.base/sun.security.ssl.SSLSocketImpl$AppOutputStream.write(SSLSocketImpl.java:1295) | |
at java.base/java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:81) | |
at java.base/java.io.BufferedOutputStream.flush(BufferedOutputStream.java:142) | |
at java.naming/com.sun.jndi.ldap.Connection.writeRequest(Connection.java:415) | |
at java.naming/com.sun.jndi.ldap.Connection.writeRequest(Connection.java:388) | |
at java.naming/com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:359) | |
at java.naming/com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:214) | |
... 65 more | |
2023-08-31 04:05:21,992 ERROR [org.keycloak.services] (executor-thread-3) KC-SERVICES0055: Error when authenticating to LDAP: simple bind failed: ad.example.com:636: javax.naming.CommunicationException: simple bind failed: ad.example.com:636 [Root exception is java.net.SocketException: Connection reset] | |
at java.naming/com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:219) | |
at java.naming/com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2896) | |
at java.naming/com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:348) | |
at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxFromUrl(LdapCtxFactory.java:229) | |
at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:189) | |
at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:247) | |
at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:154) | |
at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:84) | |
at java.naming/javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:732) | |
at java.naming/javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:305) | |
at java.naming/javax.naming.InitialContext.init(InitialContext.java:236) | |
at java.naming/javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154) | |
at org.keycloak.storage.ldap.idm.store.ldap.LDAPContextManager.createLdapContext(LDAPContextManager.java:83) | |
at org.keycloak.storage.ldap.idm.store.ldap.LDAPContextManager.getLdapContext(LDAPContextManager.java:104) | |
at org.keycloak.services.managers.LDAPServerCapabilitiesManager.testLDAP(LDAPServerCapabilitiesManager.java:99) | |
at org.keycloak.services.resources.admin.TestLdapConnectionResource.testLDAPConnection(TestLdapConnectionResource.java:87) | |
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) | |
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77) | |
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) | |
at java.base/java.lang.reflect.Method.invoke(Method.java:568) | |
at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:170) | |
at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:130) | |
at org.jboss.resteasy.core.ResourceMethodInvoker.internalInvokeOnTarget(ResourceMethodInvoker.java:660) | |
at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTargetAfterFilter(ResourceMethodInvoker.java:524) | |
at org.jboss.resteasy.core.ResourceMethodInvoker.lambda$invokeOnTarget$2(ResourceMethodInvoker.java:474) | |
at org.jboss.resteasy.core.interception.jaxrs.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:364) | |
at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:476) | |
at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:434) | |
at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:192) | |
at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:152) | |
at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:183) | |
at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:152) | |
at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:183) | |
at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:141) | |
at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:32) | |
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:492) | |
at org.jboss.resteasy.core.SynchronousDispatcher.lambda$invoke$4(SynchronousDispatcher.java:261) | |
at org.jboss.resteasy.core.SynchronousDispatcher.lambda$preprocess$0(SynchronousDispatcher.java:161) | |
at org.jboss.resteasy.core.interception.jaxrs.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:364) | |
at org.jboss.resteasy.core.SynchronousDispatcher.preprocess(SynchronousDispatcher.java:164) | |
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:247) | |
at io.quarkus.resteasy.runtime.standalone.RequestDispatcher.service(RequestDispatcher.java:73) | |
at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler.dispatch(VertxRequestHandler.java:151) | |
at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler.handle(VertxRequestHandler.java:82) | |
at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler.handle(VertxRequestHandler.java:42) | |
at io.vertx.ext.web.impl.RouteState.handleContext(RouteState.java:1284) | |
at io.vertx.ext.web.impl.RoutingContextImplBase.iterateNext(RoutingContextImplBase.java:173) | |
at io.vertx.ext.web.impl.RoutingContextImpl.next(RoutingContextImpl.java:140) | |
at io.quarkus.vertx.http.runtime.StaticResourcesRecorder$2.handle(StaticResourcesRecorder.java:84) | |
at io.quarkus.vertx.http.runtime.StaticResourcesRecorder$2.handle(StaticResourcesRecorder.java:71) | |
at io.vertx.ext.web.impl.RouteState.handleContext(RouteState.java:1284) | |
at io.vertx.ext.web.impl.RoutingContextImplBase.iterateNext(RoutingContextImplBase.java:173) | |
at io.vertx.ext.web.impl.RoutingContextImpl.next(RoutingContextImpl.java:140) | |
at io.quarkus.vertx.http.runtime.VertxHttpRecorder$6.handle(VertxHttpRecorder.java:430) | |
at io.quarkus.vertx.http.runtime.VertxHttpRecorder$6.handle(VertxHttpRecorder.java:408) | |
at io.vertx.ext.web.impl.RouteState.handleContext(RouteState.java:1284) | |
at io.vertx.ext.web.impl.RoutingContextImplBase.iterateNext(RoutingContextImplBase.java:173) | |
at io.vertx.ext.web.impl.RoutingContextImpl.next(RoutingContextImpl.java:140) | |
at org.keycloak.quarkus.runtime.integration.web.QuarkusRequestFilter.lambda$createBlockingHandler$0(QuarkusRequestFilter.java:82) | |
at io.quarkus.vertx.core.runtime.VertxCoreRecorder$14.runWith(VertxCoreRecorder.java:576) | |
at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2449) | |
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1478) | |
at org.jboss.threads.DelegatingRunnable.run(DelegatingRunnable.java:29) | |
at org.jboss.threads.ThreadLocalResettingRunnable.run(ThreadLocalResettingRunnable.java:29) | |
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) | |
at java.base/java.lang.Thread.run(Thread.java:833) | |
Caused by: java.net.SocketException: Connection reset | |
at java.base/sun.nio.ch.NioSocketImpl.implRead(NioSocketImpl.java:323) | |
at java.base/sun.nio.ch.NioSocketImpl.read(NioSocketImpl.java:350) | |
at java.base/sun.nio.ch.NioSocketImpl$1.read(NioSocketImpl.java:803) | |
at java.base/java.net.Socket$SocketInputStream.read(Socket.java:966) | |
at java.base/sun.security.ssl.SSLSocketInputRecord.read(SSLSocketInputRecord.java:484) | |
at java.base/sun.security.ssl.SSLSocketInputRecord.readHeader(SSLSocketInputRecord.java:478) | |
at java.base/sun.security.ssl.SSLSocketInputRecord.decode(SSLSocketInputRecord.java:160) | |
at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:111) | |
at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1510) | |
at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1425) | |
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:455) | |
at java.base/sun.security.ssl.SSLSocketImpl.ensureNegotiated(SSLSocketImpl.java:925) | |
at java.base/sun.security.ssl.SSLSocketImpl$AppOutputStream.write(SSLSocketImpl.java:1295) | |
at java.base/java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:81) | |
at java.base/java.io.BufferedOutputStream.flush(BufferedOutputStream.java:142) | |
at java.naming/com.sun.jndi.ldap.Connection.writeRequest(Connection.java:415) | |
at java.naming/com.sun.jndi.ldap.Connection.writeRequest(Connection.java:388) | |
at java.naming/com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:359) | |
at java.naming/com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:214) | |
... 65 more | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Changes detected in configuration. Updating the server image. | |
Updating the configuration and installing your custom providers, if any. Please wait. | |
2023-09-07 08:21:35,674 INFO [io.quarkus.deployment.QuarkusAugmentor] (main) Quarkus augmentation completed in 22156ms | |
Server configuration updated and persisted. Run the following command to review the configuration: | |
kc.sh show-config | |
Next time you run the server, just run: | |
kc.sh start --optimized | |
2023-09-07 08:21:42,056 INFO [org.keycloak.quarkus.runtime.hostname.DefaultHostnameProvider] (main) Hostname settings: Base URL: <unset>, Hostname: <request>, Strict HTTPS: false, Path: <request>, Strict BackChannel: false, Admin URL: <unset>, Admin: <request>, Port: -1, Proxied: true | |
2023-09-07 08:21:45,917 WARN [io.quarkus.agroal.runtime.DataSources] (main) Datasource <default> enables XA but transaction recovery is not enabled. Please enable transaction recovery by setting quarkus.transaction-manager.enable-recovery=true, otherwise data may be lost if the application | |
is terminated abruptly | |
2023-09-07 08:21:47,804 WARN [org.infinispan.PERSISTENCE] (keycloak-cache-init) ISPN000554: jboss-marshalling is deprecated and planned for removal | |
2023-09-07 08:21:48,021 INFO [org.infinispan.CONTAINER] (keycloak-cache-init) ISPN000556: Starting user marshaller 'org.infinispan.jboss.marshalling.core.JBossUserMarshaller' | |
2023-09-07 08:21:48,461 INFO [org.infinispan.CLUSTER] (keycloak-cache-init) ISPN000088: Unable to use any JGroups configuration mechanisms provided in properties {}. Using default JGroups configuration! | |
2023-09-07 08:21:48,774 INFO [org.infinispan.CLUSTER] (keycloak-cache-init) ISPN000078: Starting JGroups channel `ISPN` | |
2023-09-07 08:21:48,779 INFO [org.jgroups.JChannel] (keycloak-cache-init) local_addr: 55b57f1c-41d9-4310-906f-3f7fff871e0e, name: keycloak-576f5c7988-t2j5z-23823 | |
2023-09-07 08:21:48,798 WARN [org.jgroups.protocols.UDP] (keycloak-cache-init) JGRP000015: the send buffer of socket MulticastSocket was set to 1MB, but the OS only allocated 212.99KB | |
2023-09-07 08:21:48,798 WARN [org.jgroups.protocols.UDP] (keycloak-cache-init) JGRP000015: the receive buffer of socket MulticastSocket was set to 20MB, but the OS only allocated 212.99KB | |
2023-09-07 08:21:48,799 WARN [org.jgroups.protocols.UDP] (keycloak-cache-init) JGRP000015: the send buffer of socket MulticastSocket was set to 1MB, but the OS only allocated 212.99KB | |
2023-09-07 08:21:48,800 WARN [org.jgroups.protocols.UDP] (keycloak-cache-init) JGRP000015: the receive buffer of socket MulticastSocket was set to 25MB, but the OS only allocated 212.99KB | |
2023-09-07 08:21:48,818 INFO [org.jgroups.protocols.FD_SOCK2] (keycloak-cache-init) server listening on *.33202 | |
2023-09-07 08:21:48,898 WARN [io.quarkus.vertx.http.runtime.VertxHttpRecorder] (main) The X-Forwarded-* and Forwarded headers will be considered | |
when determining the proxy address. This configuration can cause a security issue as clients can forge requests and send a forwarded header that is not overwritten by the proxy. Please consider use one of these headers just to forward the proxy address in requests. | |
2023-09-07 08:21:50,741 INFO [org.keycloak.quarkus.runtime.storage.legacy.liquibase.QuarkusJpaUpdaterProvider] (main) Initializing database schema. Using changelog META-INF/jpa-changelog-master.xml | |
2023-09-07 08:21:50,829 INFO [org.jgroups.protocols.pbcast.GMS] (keycloak-cache-init) keycloak-576f5c7988-t2j5z-23823: no members discovered after 2005 ms: creating cluster as coordinator | |
2023-09-07 08:21:50,853 INFO [org.infinispan.CLUSTER] (keycloak-cache-init) ISPN000094: Received new cluster view for channel ISPN: [keycloak-576f5c7988-t2j5z-23823|0] (1) [keycloak-576f5c7988-t2j5z-23823] | |
2023-09-07 08:21:50,884 INFO [org.infinispan.CLUSTER] (keycloak-cache-init) ISPN000079: Channel `ISPN` local address is `keycloak-576f5c7988-t2j5z-23823`, physical addresses are `[10.42.7.111:48738]` | |
2023-09-07 08:21:50,908 WARN [org.infinispan.CONFIG] (keycloak-cache-init) ISPN000569: Unable to persist Infinispan internal caches as no global | |
state enabled | |
2023-09-07 08:22:02,443 INFO [org.keycloak.connections.infinispan.DefaultInfinispanConnectionProviderFactory] (main) Node name: keycloak-576f5c7988-t2j5z-23823, Site name: null | |
2023-09-07 08:22:02,606 INFO [org.keycloak.broker.provider.AbstractIdentityProviderMapper] (main) Registering class org.keycloak.broker.provider.mappersync.ConfigSyncEventListener | |
2023-09-07 08:22:02,637 INFO [org.keycloak.services] (main) KC-SERVICES0050: Initializing master realm | |
2023-09-07 08:22:05,397 INFO [io.quarkus] (main) Keycloak 999.0.0-SNAPSHOT on JVM (powered by Quarkus 3.2.5.Final) started in 29.366s. Listening | |
on: http://0.0.0.0:8080 | |
2023-09-07 08:22:05,397 INFO [io.quarkus] (main) Profile prod activated. | |
2023-09-07 08:22:05,397 INFO [io.quarkus] (main) Installed features: [agroal, cdi, hibernate-orm, jdbc-h2, jdbc-mariadb, jdbc-mssql, jdbc-mysql, | |
jdbc-oracle, jdbc-postgresql, keycloak, logging-gelf, micrometer, narayana-jta, reactive-routes, resteasy, resteasy-jackson, smallrye-context-propagation, smallrye-health, vertx] | |
2023-09-07 08:22:05,631 INFO [org.keycloak.services] (main) KC-SERVICES0009: Added user 'keycloak' to realm 'master' | |
2023-09-07 08:37:41,270 ERROR [org.keycloak.services] (executor-thread-42) KC-SERVICES0055: Error when authenticating to LDAP: simple bind failed: ad.example.com:636: javax.naming.CommunicationException: simple bind failed: ad.example.com:636 [Root exception is java.net.SocketException: Connection or outbound has closed] | |
at java.naming/com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:219) | |
at java.naming/com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2896) | |
at java.naming/com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:348) | |
at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxFromUrl(LdapCtxFactory.java:229) | |
at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:189) | |
at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:247) | |
at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:154) | |
at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:84) | |
at java.naming/javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:732) | |
at java.naming/javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:305) | |
at java.naming/javax.naming.InitialContext.init(InitialContext.java:236) | |
at java.naming/javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154) | |
at org.keycloak.storage.ldap.idm.store.ldap.LDAPContextManager.createLdapContext(LDAPContextManager.java:80) | |
at org.keycloak.storage.ldap.idm.store.ldap.LDAPContextManager.getLdapContext(LDAPContextManager.java:100) | |
at org.keycloak.services.managers.LDAPServerCapabilitiesManager.testLDAP(LDAPServerCapabilitiesManager.java:139) | |
at org.keycloak.services.resources.admin.TestLdapConnectionResource.testLDAPConnection(TestLdapConnectionResource.java:93) | |
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) | |
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77) | |
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) | |
at java.base/java.lang.reflect.Method.invoke(Method.java:568) | |
at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:154) | |
at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:118) | |
at org.jboss.resteasy.core.ResourceMethodInvoker.internalInvokeOnTarget(ResourceMethodInvoker.java:560) | |
at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTargetAfterFilter(ResourceMethodInvoker.java:452) | |
at org.jboss.resteasy.core.ResourceMethodInvoker.lambda$invokeOnTarget$2(ResourceMethodInvoker.java:413) | |
at org.jboss.resteasy.core.interception.jaxrs.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:321) | |
at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:415) | |
at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:378) | |
at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:174) | |
at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:142) | |
at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:168) | |
at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:142) | |
at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:168) | |
at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:131) | |
at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:33) | |
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:429) | |
at org.jboss.resteasy.core.SynchronousDispatcher.lambda$invoke$4(SynchronousDispatcher.java:240) | |
at org.jboss.resteasy.core.SynchronousDispatcher.lambda$preprocess$0(SynchronousDispatcher.java:154) | |
at org.jboss.resteasy.core.interception.jaxrs.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:321) | |
at org.jboss.resteasy.core.SynchronousDispatcher.preprocess(SynchronousDispatcher.java:157) | |
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:229) | |
at io.quarkus.resteasy.runtime.standalone.RequestDispatcher.service(RequestDispatcher.java:82) | |
at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler.dispatch(VertxRequestHandler.java:147) | |
at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler.handle(VertxRequestHandler.java:84) | |
at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler.handle(VertxRequestHandler.java:44) | |
at io.vertx.ext.web.impl.RouteState.handleContext(RouteState.java:1284) | |
at io.vertx.ext.web.impl.RoutingContextImplBase.iterateNext(RoutingContextImplBase.java:177) | |
at io.vertx.ext.web.impl.RoutingContextImpl.next(RoutingContextImpl.java:141) | |
at io.quarkus.vertx.http.runtime.options.HttpServerCommonHandlers$1.handle(HttpServerCommonHandlers.java:58) | |
at io.quarkus.vertx.http.runtime.options.HttpServerCommonHandlers$1.handle(HttpServerCommonHandlers.java:36) | |
at io.vertx.ext.web.impl.RouteState.handleContext(RouteState.java:1284) | |
at io.vertx.ext.web.impl.RoutingContextImplBase.iterateNext(RoutingContextImplBase.java:177) | |
at io.vertx.ext.web.impl.RoutingContextImpl.next(RoutingContextImpl.java:141) | |
at org.keycloak.quarkus.runtime.integration.web.QuarkusRequestFilter.runBlockingCode(QuarkusRequestFilter.java:121) | |
at org.keycloak.quarkus.runtime.integration.web.QuarkusRequestFilter.lambda$handle$0(QuarkusRequestFilter.java:83) | |
at io.vertx.core.impl.ContextBase.lambda$null$0(ContextBase.java:137) | |
at io.vertx.core.impl.ContextInternal.dispatch(ContextInternal.java:264) | |
at io.vertx.core.impl.ContextBase.lambda$executeBlocking$1(ContextBase.java:135) | |
at io.quarkus.vertx.core.runtime.VertxCoreRecorder$14.runWith(VertxCoreRecorder.java:576) | |
at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2513) | |
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1538) | |
at org.jboss.threads.DelegatingRunnable.run(DelegatingRunnable.java:29) | |
at org.jboss.threads.ThreadLocalResettingRunnable.run(ThreadLocalResettingRunnable.java:29) | |
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) | |
at java.base/java.lang.Thread.run(Thread.java:833) | |
Caused by: java.net.SocketException: Connection or outbound has closed | |
at java.base/sun.security.ssl.SSLSocketImpl$AppOutputStream.write(SSLSocketImpl.java:1301) | |
at java.base/java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:81) | |
at java.base/java.io.BufferedOutputStream.flush(BufferedOutputStream.java:142) | |
at java.naming/com.sun.jndi.ldap.Connection.writeRequest(Connection.java:415) | |
at java.naming/com.sun.jndi.ldap.Connection.writeRequest(Connection.java:388) | |
at java.naming/com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:359) | |
at java.naming/com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:214) | |
... 64 more | |
2023-09-07 08:44:28,821 ERROR [org.keycloak.services] (executor-thread-42) KC-SERVICES0055: Error when authenticating to LDAP: simple bind failed: ad.example.com:636: javax.naming.CommunicationException: simple bind failed: ad.example.com:636 [Root exception is java.net.SocketException: Connection reset] | |
at java.naming/com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:219) | |
at java.naming/com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2896) | |
at java.naming/com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:348) | |
at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxFromUrl(LdapCtxFactory.java:229) | |
at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:189) | |
at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:247) | |
at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:154) | |
at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:84) | |
at java.naming/javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:732) | |
at java.naming/javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:305) | |
at java.naming/javax.naming.InitialContext.init(InitialContext.java:236) | |
at java.naming/javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154) | |
at org.keycloak.storage.ldap.idm.store.ldap.LDAPContextManager.createLdapContext(LDAPContextManager.java:80) | |
at org.keycloak.storage.ldap.idm.store.ldap.LDAPContextManager.getLdapContext(LDAPContextManager.java:100) | |
at org.keycloak.services.managers.LDAPServerCapabilitiesManager.testLDAP(LDAPServerCapabilitiesManager.java:139) | |
at org.keycloak.services.resources.admin.TestLdapConnectionResource.testLDAPConnection(TestLdapConnectionResource.java:93) | |
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) | |
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77) | |
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) | |
at java.base/java.lang.reflect.Method.invoke(Method.java:568) | |
at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:154) | |
at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:118) | |
at org.jboss.resteasy.core.ResourceMethodInvoker.internalInvokeOnTarget(ResourceMethodInvoker.java:560) | |
at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTargetAfterFilter(ResourceMethodInvoker.java:452) | |
at org.jboss.resteasy.core.ResourceMethodInvoker.lambda$invokeOnTarget$2(ResourceMethodInvoker.java:413) | |
at org.jboss.resteasy.core.interception.jaxrs.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:321) | |
at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:415) | |
at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:378) | |
at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:174) | |
at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:142) | |
at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:168) | |
at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:142) | |
at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:168) | |
at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:131) | |
at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:33) | |
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:429) | |
at org.jboss.resteasy.core.SynchronousDispatcher.lambda$invoke$4(SynchronousDispatcher.java:240) | |
at org.jboss.resteasy.core.SynchronousDispatcher.lambda$preprocess$0(SynchronousDispatcher.java:154) | |
at org.jboss.resteasy.core.interception.jaxrs.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:321) | |
at org.jboss.resteasy.core.SynchronousDispatcher.preprocess(SynchronousDispatcher.java:157) | |
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:229) | |
at io.quarkus.resteasy.runtime.standalone.RequestDispatcher.service(RequestDispatcher.java:82) | |
at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler.dispatch(VertxRequestHandler.java:147) | |
at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler.handle(VertxRequestHandler.java:84) | |
at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler.handle(VertxRequestHandler.java:44) | |
at io.vertx.ext.web.impl.RouteState.handleContext(RouteState.java:1284) | |
at io.vertx.ext.web.impl.RoutingContextImplBase.iterateNext(RoutingContextImplBase.java:177) | |
at io.vertx.ext.web.impl.RoutingContextImpl.next(RoutingContextImpl.java:141) | |
at io.quarkus.vertx.http.runtime.options.HttpServerCommonHandlers$1.handle(HttpServerCommonHandlers.java:58) | |
at io.quarkus.vertx.http.runtime.options.HttpServerCommonHandlers$1.handle(HttpServerCommonHandlers.java:36) | |
at io.vertx.ext.web.impl.RouteState.handleContext(RouteState.java:1284) | |
at io.vertx.ext.web.impl.RoutingContextImplBase.iterateNext(RoutingContextImplBase.java:177) | |
at io.vertx.ext.web.impl.RoutingContextImpl.next(RoutingContextImpl.java:141) | |
at org.keycloak.quarkus.runtime.integration.web.QuarkusRequestFilter.runBlockingCode(QuarkusRequestFilter.java:121) | |
at org.keycloak.quarkus.runtime.integration.web.QuarkusRequestFilter.lambda$handle$0(QuarkusRequestFilter.java:83) | |
at io.vertx.core.impl.ContextBase.lambda$null$0(ContextBase.java:137) | |
at io.vertx.core.impl.ContextInternal.dispatch(ContextInternal.java:264) | |
at io.vertx.core.impl.ContextBase.lambda$executeBlocking$1(ContextBase.java:135) | |
at io.quarkus.vertx.core.runtime.VertxCoreRecorder$14.runWith(VertxCoreRecorder.java:576) | |
at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2513) | |
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1538) | |
at org.jboss.threads.DelegatingRunnable.run(DelegatingRunnable.java:29) | |
at org.jboss.threads.ThreadLocalResettingRunnable.run(ThreadLocalResettingRunnable.java:29) | |
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) | |
at java.base/java.lang.Thread.run(Thread.java:833) | |
Caused by: java.net.SocketException: Connection reset | |
at java.base/sun.nio.ch.NioSocketImpl.implRead(NioSocketImpl.java:328) | |
at java.base/sun.nio.ch.NioSocketImpl.read(NioSocketImpl.java:355) | |
at java.base/sun.nio.ch.NioSocketImpl$1.read(NioSocketImpl.java:808) | |
at java.base/java.net.Socket$SocketInputStream.read(Socket.java:966) | |
at java.base/sun.security.ssl.SSLSocketInputRecord.read(SSLSocketInputRecord.java:484) | |
at java.base/sun.security.ssl.SSLSocketInputRecord.readHeader(SSLSocketInputRecord.java:478) | |
at java.base/sun.security.ssl.SSLSocketInputRecord.decode(SSLSocketInputRecord.java:160) | |
at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:111) | |
at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1510) | |
at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1425) | |
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:455) | |
at java.base/sun.security.ssl.SSLSocketImpl.ensureNegotiated(SSLSocketImpl.java:925) | |
at java.base/sun.security.ssl.SSLSocketImpl$AppOutputStream.write(SSLSocketImpl.java:1295) | |
at java.base/java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:81) | |
at java.base/java.io.BufferedOutputStream.flush(BufferedOutputStream.java:142) | |
at java.naming/com.sun.jndi.ldap.Connection.writeRequest(Connection.java:415) | |
at java.naming/com.sun.jndi.ldap.Connection.writeRequest(Connection.java:388) | |
at java.naming/com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:359) | |
at java.naming/com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:214) | |
... 64 more |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
apiVersion: v1 | |
kind: Secret | |
metadata: | |
name: keycloak | |
namespace: keycloak | |
type: Opaque | |
data: | |
KEYCLOAK_ADMIN: a2V5Y2xvYWs= # keycloak | |
KEYCLOAK_ADMIN_PASSWORD: Q2hAbmdlTUUK # Ch@ngeME | |
--- | |
apiVersion: v1 | |
binaryData: # Keystore containing a self-signed CA certificate for the Active Directory | |
server.keystore: <REDACTED> | |
kind: ConfigMap | |
metadata: | |
name: keycloak-truststore | |
namespace: keycloak | |
--- | |
apiVersion: apps/v1 | |
kind: Deployment | |
metadata: | |
name: keycloak | |
namespace: keycloak | |
spec: | |
replicas: 1 | |
selector: | |
matchLabels: | |
app: keycloak | |
template: | |
metadata: | |
labels: | |
app: keycloak | |
spec: | |
containers: | |
- name: keycloak | |
image: quay.io/keycloak/keycloak:21.0.0 | |
args: ["start"] | |
volumeMounts: | |
- name: truststore | |
mountPath: /opt/keycloak/server.keystore | |
subPath: server.keystore | |
env: | |
- name: KC_DB | |
value: postgres | |
- name: KC_DB_URL | |
value: jdbc:postgresql://mydb.mypostgres.svc.cluster.local:5432/keycloak | |
- name: KC_DB_USERNAME | |
valueFrom: | |
secretKeyRef: | |
name: keycloak-owner-user.mydb.credentials.postgresql.acid.zalan.do | |
key: username | |
- name: KC_DB_PASSWORD | |
valueFrom: | |
secretKeyRef: | |
name: keycloak-owner-user.mydb.credentials.postgresql.acid.zalan.do | |
key: password | |
- name: KC_HOSTNAME_STRICT | |
value: "false" | |
- name: KC_PROXY | |
value: edge | |
- name: KC_SPI_TRUSTSTORE_FILE_FILE | |
value: /opt/keycloak/server.keystore | |
- name: KC_SPI_TRUSTSTORE_FILE_PASSWORD | |
value: password | |
- name: KC_SPI_TRUSTSTORE_FILE_HOSTNAME_VERIFICATION_POLICY | |
value: ANY | |
- name: KEYCLOAK_ADMIN | |
valueFrom: | |
secretKeyRef: | |
name: keycloak | |
key: KEYCLOAK_ADMIN | |
- name: KEYCLOAK_ADMIN_PASSWORD | |
valueFrom: | |
secretKeyRef: | |
name: keycloak | |
key: KEYCLOAK_ADMIN_PASSWORD | |
volumes: | |
- name: truststore | |
configMap: | |
name: keycloak-truststore | |
--- | |
apiVersion: v1 | |
kind: Service | |
metadata: | |
name: keycloak-http | |
namespace: keycloak | |
spec: | |
ports: | |
- port: 80 | |
targetPort: 8080 | |
selector : | |
app: keycloak | |
--- | |
apiVersion: networking.k8s.io/v1 | |
kind: Ingress | |
metadata: | |
name: keycloak-ingress | |
namespace: keycloak | |
annotations: | |
cert-manager.io/cluster-issuer: letsencrypt | |
spec: | |
ingressClassName: public-nginx | |
rules : | |
- host: auth.example.com | |
http: | |
paths: | |
- pathType: Prefix | |
path: /js | |
backend: | |
service: | |
name: keycloak-http | |
port: | |
number: 80 | |
- pathType: Prefix | |
path: /realms | |
backend: | |
service: | |
name: keycloak-http | |
port: | |
number: 80 | |
- pathType: Prefix | |
path: /resources | |
backend: | |
service: | |
name: keycloak-http | |
port: | |
number: 80 | |
- pathType: Exact | |
path: /robots.txt | |
backend: | |
service: | |
name: keycloak-http | |
port: | |
number: 80 | |
tls: | |
- hosts: | |
- auth.example.com | |
secretName: auth-tls |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment