Jhipster-registry - issue when loading the application - Caused by: java.lang.IllegalArgumentException: Unable to resolve Configuration with the provided Issuer of "http://keycloa-ip-masked:8080/auth/realms/jhipster

[jain6968]

Overview of the issue

Issue with jhipster-registry with below logs

"Caused by: org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'org.springframework.security.config.annotation.web.configuration.OAuth2ClientConfiguration$OAuth2ClientWebMvcSecurityConfiguration': Unsatisfied dependency expressed through method 'setClientRegistrationRepository' parameter 0; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'clientRegistrationRepository' defined in class path resource [org/springframework/boot/autoconfigure/security/oauth2/client/servlet/OAuth2ClientRegistrationRepositoryConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository]: Factory method 'clientRegistrationRepository' threw exception; nested exception is java.lang.IllegalArgumentException: Unable to resolve Configuration with the provided Issuer of "http://keycloak-ip-masked:8080/auth/realms/jhipster"

Motivation for or Use Case

java spring boot micro service deployment on gce (vm). Keycloak is on one vm, and jhipster-registry service on another vm. Keycloak is running fine, and realm is configured.

[mraible]

It looks like your instance of JHipster registry can't connect to http://keycloak-ip-masked:8080/auth/realms/jhipster. Can you reach this endpoint in your browser?

[jain6968]

Hi @mraible, thanks for the reply. Yeah, I am able to connect to the keycloak uri. The uri returns following info,

{"realm":"jhipster","public_key":"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AOFUDFY4SG8bL+nVgxKrWbT0901DRyPYZLGhD62mXrFt........./d","token-service":"http://keycloak.uri.masked:8080/auth/realms/jhipster/protocol/openid-connect","account-service":"http://keycloak.uri.masked:8080/auth/realms/jhipster/account","tokens-not-before":0}

[github-actions[bot]]

This issue is stale because it has been open 30 days with no activity. Our core developers tend to be more verbose on denying. If there is no negative comment, possibly this feature will be accepted. We are accepting PRs :smiley:. Comment or this will be closed in 7 days

[deepu105]

@jain6968 if this is still an issue please ask to reopen

[LuigiDurso]

I solved this issue changing in "realm-config/jhipster-realm.json", the line 29 from "sslRequired": "external" to "sslRequired": "none"

[mraible]

Is this still an issue with the latest 7.9.3 release? If so, can you please create a PR to fix it?

[LuigiDurso]

I've just generated a gateway app with v7.9.3 and i found this issue. Yes, i'll make the PR.

[vishal423]

I solved this issue changing in "realm-config/jhipster-realm.json", the line 29 from "sslRequired": "external" to "sslRequired": "none"

It's purposely done to enforce use of SSL for public facing deployments. We shouldn't change default.

[LuigiDurso]

I solved this issue changing in "realm-config/jhipster-realm.json", the line 29 from "sslRequired": "external" to "sslRequired": "none"

It's purposely done to enforce use of SSL for public facing deployments. We shouldn't change default.

Yes, i changed the param only for development purpose. In production I'll deploy on k8s with SSL enabled.

[pascalgrimaud]

We need to check because in local, everything should work out of the box, without the need to modify something

[vishal423]

Isn't that verified by CI tests?

[pascalgrimaud]

It's related to JHipster Registry + OAuth2, there is no CI for this, only for Gateway + OAuth2

The CI in JHipster Registry project is just a mvn clean verify, as far as I remember

[LuigiDurso]

The issue exists also with gateway app.

[mraible]

I just tested v7.9.3 with jhipster jdl reactive-mf and didn't experience any issues. It redirects to Keycloak just fine after starting the registry, keycloak, and the gateway app.

I have noticed that Chrome tries to force HTTPS, but that's not our fault. You can change the URL to http and everything works.

I'm just working with the Docker image. @jain6968 appears to be trying to connect to Keycloak on a different server. This issue appears to indicate it's unsupported.

If you're running Keycloak on another server with the same keycloak.yml that JHipster ships with, you might need to modify the file to remove the prefix.

# If you want to expose these ports outside your dev PC,
# remove the "127.0.0.1:" prefix
ports:
  - 127.0.0.1:9080:9080
  - 127.0.0.1:9443:9443

[jmcrommen]

Hi, With JHipster v7.8.1, I reproduce:

JHipster ? Which type of application would you like to create? Gateway application ? What is the base name of your application? gateway ? As you are running in a microservice architecture, on which port would like your server to run? It should be unique to avoid port conflicts. 8080 ? What is your default Java package name? com.compagny.gateway ? Which service discovery server do you want to use? JHipster Registry (uses Eureka, provides Spring Cloud Config support and monitoring dashboards) ? Which type of authentication would you like to use? OAuth 2.0 / OIDC Authentication (stateful, works with Keycloak and Okta)

I change with Consul.

@mraible: with jhipster jdl reactive-mfit's Consul and not jhipster-registry

[github-actions[bot]]

This issue is stale because it has been open for too long without any activity. Due to the moving nature of jhipster generated application, bugs can become invalid. If this issue still applies please comment otherwise it will be closed in 7 days

[javagrails]

Unable to resolve Configuration with the provided Issuer of "http://host.docker.internal:9080/realms/realmName" when that url is calling from runnig a project in intelij idea or development purpose not sure what is the problem

[mraible]

Please open a new issue rather than commenting on a closed one. We need steps to reproduce in order to determine if it's a bug.