search

ceskaexpedice / kramerius

System Kramerius
GNU General Public License v3.0
45 stars 26 forks source link

Selhává načtení konfigurace pro Keycloak #959

Closed Sanqui closed 1 year ago

Sanqui commented 1 year ago

Zdravím,

Dle instrukcí jsem v aplikaci Keycloak vytvořil realm kramerius, vyexportoval ho do formátu JSON (podle návodu), a uložil ho do ~/.kramerius4/keycloak.json.

Nyní selhává spuštění jádra s následující chybou:

27-May-2023 19:48:16.190 SEVERE [main] org.apache.catalina.core.StandardContext.filterStart Exception starting filter [keyclocaksupport]
        java.lang.RuntimeException: com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException: Unrecognized field "id" (class org.keycloak.representations.adapters.config.AdapterConfig), not marked as ignorable (45 known properties: "ssl-required", "connection-timeout-millis", "register-node-period", "redirect-rewrite-rules", "turn-off-change-session-id-on-login", "truststore", "client-key-password", "socket-timeout-millis", "token-store", "resource", "realm", "proxy-url", "disable-trust-manager", "connection-ttl-millis", "bearer-only", "autodetect-bearer-only", "truststore-password", "use-resource-role-mappings", "client-keystore", "confidential-port", "enable-pkce", "auth-server-url", "verify-token-audience", "cors-allowed-methods", "public-client", "expose-token", "token-minimum-time-to-live", "min-time-between-jwks-requests", "ignore-oauth-query-parameter", "adapter-state-cookie-path", "cors-max-age", "enable-cors", "allow-any-hostname", "realm-public-key", "credentials", "principal-attribute", "cors-allowed-headers", "always-refresh-token", "policy-enforcer", "public-key-cache-ttl", "connection-pool-size", "client-keystore-password", "enable-basic-auth", "cors-exposed-headers", "register-node-at-startup" [truncated]])
 at [Source: (FileInputStream); line: 2, column: 10] (through reference chain: org.keycloak.representations.adapters.config.AdapterConfig["id"])
                at org.keycloak.adapters.KeycloakDeploymentBuilder.loadAdapterConfig(KeycloakDeploymentBuilder.java:197)
                at org.keycloak.adapters.KeycloakDeploymentBuilder.build(KeycloakDeploymentBuilder.java:186)
                at cz.incad.kramerius.keycloak.KrameriusKeycloakFilter.createKeycloakDeploymentFrom(KrameriusKeycloakFilter.java:113)
                at cz.incad.kramerius.keycloak.KrameriusKeycloakFilter.init(KrameriusKeycloakFilter.java:95)
                at org.apache.catalina.core.ApplicationFilterConfig.initFilter(ApplicationFilterConfig.java:272)
                at org.apache.catalina.core.ApplicationFilterConfig.getFilter(ApplicationFilterConfig.java:253)
                at org.apache.catalina.core.ApplicationFilterConfig.<init>(ApplicationFilterConfig.java:102)
                at org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:4609)
                at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5248)
                at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
                at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:726)
                at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:698)
                at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:696)
                at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:1023)
                at org.apache.catalina.startup.HostConfig$DeployWar.run(HostConfig.java:1910)
                at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:539)
                at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
                at org.apache.tomcat.util.threads.InlineExecutorService.execute(InlineExecutorService.java:75)
                at java.base/java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorService.java:123)
                at org.apache.catalina.startup.HostConfig.deployWARs(HostConfig.java:824)
                at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:474)
                at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1617)
                at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:318)
                at org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:123)
                at org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:423)
                at org.apache.catalina.util.LifecycleBase.setState(LifecycleBase.java:366)
                at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:943)
                at org.apache.catalina.core.StandardHost.startInternal(StandardHost.java:835)
                at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
                at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1393)
                at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1383)
                at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
                at org.apache.tomcat.util.threads.InlineExecutorService.execute(InlineExecutorService.java:75)
                at java.base/java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorService.java:145)
                at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:916)
                at org.apache.catalina.core.StandardEngine.startInternal(StandardEngine.java:265)
                at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
                at org.apache.catalina.core.StandardService.startInternal(StandardService.java:430)
                at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
                at org.apache.catalina.core.StandardServer.startInternal(StandardServer.java:930)
                at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
                at org.apache.catalina.startup.Catalina.start(Catalina.java:772)
                at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
                at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
                at java.base/java.lang.reflect.Method.invoke(Method.java:568)
                at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:347)
                at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:478)
        Caused by: com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException: Unrecognized field "id" (class org.keycloak.representations.adapters.config.AdapterConfig), not marked as ignorable (45 known properties: "ssl-required", "connection-timeout-millis", "register-node-period", "redirect-rewrite-rules", "turn-off-change-session-id-on-login", "truststore", "client-key-password", "socket-timeout-millis", "token-store", "resource", "realm", "proxy-url", "disable-trust-manager", "connection-ttl-millis", "bearer-only", "autodetect-bearer-only", "truststore-password", "use-resource-role-mappings", "client-keystore", "confidential-port", "enable-pkce", "auth-server-url", "verify-token-audience", "cors-allowed-methods", "public-client", "expose-token", "token-minimum-time-to-live", "min-time-between-jwks-requests", "ignore-oauth-query-parameter", "adapter-state-cookie-path", "cors-max-age", "enable-cors", "allow-any-hostname", "realm-public-key", "credentials", "principal-attribute", "cors-allowed-headers", "always-refresh-token", "policy-enforcer", "public-key-cache-ttl", "connection-pool-size", "client-keystore-password", "enable-basic-auth", "cors-exposed-headers", "register-node-at-startup" [truncated]])
 at [Source: (FileInputStream); line: 2, column: 10] (through reference chain: org.keycloak.representations.adapters.config.AdapterConfig["id"])
                at com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException.from(UnrecognizedPropertyException.java:61)
                at com.fasterxml.jackson.databind.DeserializationContext.handleUnknownProperty(DeserializationContext.java:1132)
                at com.fasterxml.jackson.databind.deser.std.StdDeserializer.handleUnknownProperty(StdDeserializer.java:2202)
                at com.fasterxml.jackson.databind.deser.BeanDeserializerBase.handleUnknownProperty(BeanDeserializerBase.java:1705)
                at com.fasterxml.jackson.databind.deser.BeanDeserializerBase.handleUnknownVanilla(BeanDeserializerBase.java:1683)
                at com.fasterxml.jackson.databind.deser.BeanDeserializer.vanillaDeserialize(BeanDeserializer.java:320)
                at com.fasterxml.jackson.databind.deser.BeanDeserializer.deserialize(BeanDeserializer.java:177)
                at com.fasterxml.jackson.databind.deser.DefaultDeserializationContext.readRootValue(DefaultDeserializationContext.java:323)
                at com.fasterxml.jackson.databind.ObjectMapper._readMapAndClose(ObjectMapper.java:4730)
                at com.fasterxml.jackson.databind.ObjectMapper.readValue(ObjectMapper.java:3714)
                at org.keycloak.adapters.KeycloakDeploymentBuilder.loadAdapterConfig(KeycloakDeploymentBuilder.java:195)
                ... 47 more

Soubor keycloak.json začíná následovně:

{
  "id": "2dcf67ab-d459-4f25-895a-ba265a0ae9da",
  "realm": "kramerius",
  "notBefore": 0,
  "defaultSignatureAlgorithm": "RS256",
  "revokeRefreshToken": false,
  "refreshTokenMaxReuse": 0,
  "accessTokenLifespan": 300,
  "accessTokenLifespanForImplicitFlow": 900,
  "ssoSessionIdleTimeout": 1800,
  "ssoSessionMaxLifespan": 36000,
  "ssoSessionIdleTimeoutRememberMe": 0,
  "ssoSessionMaxLifespanRememberMe": 0,
  "offlineSessionIdleTimeout": 2592000,
  "offlineSessionMaxLifespanEnabled": false,
...

Vzhledem k tomu, že JSON soubor má klíče v camelCase zatímco chyba očekává kebab-case hodnoty hádám, že jsem vyexportoval jiný JSON server, než Kramerius očekává. Prosím o radu, jak správně vyexportovat JSON realmu pro Krameria.

Používám verzi Keycloak 20.0.3 a Kramerius 7.0.23.

vlahoda commented 1 year ago

V navodu na wiki byla chybna formulace, neexportuje se cely realm, ale jen konfiguracni soubor toho klienta krameriusClient, opravil jsem to takto: Konfiguraci klienta je nutno exportovat ve formátu Keycloak OIDC JSON (kontextové menu Action -> Download adaptor configs).

Pro ilustraci, soubor keycloak.json obsahuje napr. toto:

{
  "realm": "kramerius",
  "auth-server-url": "https://openid.server.com/auth/",
  "ssl-required": "external",
  "resource": "krameriusClient",
  "public-client": true,
  "verify-token-audience": true,
  "use-resource-role-mappings": true,
  "confidential-port": 0
}