search

keycloak / keycloak

Open Source Identity and Access Management For Modern Applications and Services
https://www.keycloak.org
Apache License 2.0
23.44k stars 6.77k forks source link

Keycloak 26.0.0 fails to start ERROR: Session not bound to a realm #33637

Closed ajaiswal595 closed 3 weeks ago

ajaiswal595 commented 1 month ago

Before reporting an issue

Area

core

Describe the bug

When I start keycloak 26.0.0 it fails with an error 

    kc.sh show-config

Next time you run the server, just run:

    kc.sh start --https-key-store-file=keycloak-26.0.0/certs/keystore.ks --https-trust-store-file=keycloak-26.0.0/certs/truststore.ks --http-enabled=false --http-port=5553 --https-port=5555 --hostname-strict=false --hostname=A02YKJRE1VZG --https-key-store-type=JKS --https-trust-store-type=JKS --https-trust-store-type=JKS --vault-file=/Users/ajaykumarjaiswal/.mytest/certificates/mytest-keystore.p12 --log-level=INFO --log=console,file --log-file=../data/log/server.log --cache=local --log-console-format='%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n' --log-file-format='%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n' --spi-theme-welcome-theme=mytest.v2 --optimized

'2024-10-07 16:52:42,791 WARN [org.keycloak.quarkus.runtime.cli.Picocli] (main) The following run time options were found, but will be ignored during build time: kc.spi-realm-restapi-extension-mytest-identity-provider-vault-password, kc.spi-admin-realm, kc.spi-hostname-v2-hostname-strict, kc.spi-vault-keystore-pass, kc.spi-hostname-v2-hostname, kc.spi-realm-restapi-extension-mytest-auth-provider-vault-password, kc.spi-realm-restapi-extension-mytest-auth-provider-vault-keystore, kc.spi-vault-keystore-file, kc.spi-realm-restapi-extension-mytest-identity-provider-vault-keystore, kc.spi-theme-welcome-theme

''2024-10-07 16:52:42,791 WARN [org.keycloak.quarkus.runtime.cli.Picocli] (main) The following used options or option values are DEPRECATED and will be removed or their behaviour changed in a future release:

2024-10-07 16:26:31,796 ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) ERROR: Failed to start server in (production) mode ''2024-10-07 16:26:31,796 ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) ERROR: Session not bound to a realm

class MyProviderFactory implements RealmResourceProviderFactory, ProviderEventListener {

@Override
    public void onEvent(ProviderEvent event) {
        if (event instanceof PostMigrationEvent postMigrationEvent) {
            KeycloakModelUtils.runJobInTransaction(postMigrationEvent.getFactory(), new MyCustomProvider());
        }
    }
    ...
    ...
}

class MyCustomProvider extends implements KeycloakSessionTask
{

 @Override
    public void run(KeycloakSession session) {
        session.getProvider(DatastoreProvider.class).realms().getRealmsStream().forEach(this::migrateRealmComponents);
    }

private void migrateRealmComponents(RealmModel realm) {
        realm.getIdentityProvidersStream()
}
...
...
...
}

it breaks here

image

Version

26.0.0

Regression

Expected behavior

It should start seamless

Actual behavior

It's failing to start

How to Reproduce?

dfsfsdf

Anything else?

26.0.0 is latest , And this error is not there on internet as of now.

sschu commented 1 month ago

This is not easily reproducible as it contains some parameters/files specific to your environment. Can you please try to transform this into a minimal example that I can reproduce locally?

shawkins commented 1 month ago

2024-10-07 16:52:42,791 WARN [org.keycloak.quarkus.runtime.cli.Picocli] (main) The following run time options were found, but will be ignored during build time: kc.spi-realm-restapi-extension-mytest-identity-provider-vault-password

Will be addressed by https://github.com/keycloak/keycloak/issues/33638 - it is not related to any other issues that you are seeing. It also should only be emitted on a non-optimized start, so if you are running different commands than the ones shown, please include them.

024-10-07 16:52:42,791 WARN [org.keycloak.quarkus.runtime.cli.Picocli] (main) The following used options or option values are DEPRECATED and will be removed or their behaviour changed in a future release:

  • legacy-observability-interface

This should only be emitted if legacy-observability-interface is used as an option - which is not shown in the command given. Again, if you are running different commands than the ones shown, please include them.

ajaiswal595 commented 1 month ago

This is not easily reproducible as it contains some parameters/files specific to your environment. Can you please try to transform this into a minimal example that I can reproduce locally?

It breaks in my provider

class MyProviderFactory implements RealmResourceProviderFactory, ProviderEventListener {

@Override
    public void onEvent(ProviderEvent event) {
        if (event instanceof PostMigrationEvent postMigrationEvent) {
            KeycloakModelUtils.runJobInTransaction(postMigrationEvent.getFactory(), new MyCustomProvider());
        }
    }
    ...
    ...
}

class MyCustomProvider extends implements KeycloakSessionTask
{

 @Override
    public void run(KeycloakSession session) {
        session.getProvider(DatastoreProvider.class).realms().getRealmsStream().forEach(this::migrateRealmComponents);
    }

private void migrateRealmComponents(RealmModel realm) {
        realm.getIdentityProvidersStream()
}
...
...
...
}
image
ajaiswal595 commented 1 month ago

2024-10-07 16:52:42,791 WARN [org.keycloak.quarkus.runtime.cli.Picocli] (main) The following run time options were found, but will be ignored during build time: kc.spi-realm-restapi-extension-mytest-identity-provider-vault-password

Will be addressed by #33638 - it is not related to any other issues that you are seeing. It also should only be emitted on a non-optimized start, so if you are running different commands than the ones shown, please include them.

024-10-07 16:52:42,791 WARN [org.keycloak.quarkus.runtime.cli.Picocli] (main) The following used options or option values are DEPRECATED and will be removed or their behaviour changed in a future release:

  • legacy-observability-interface

This should only be emitted if legacy-observability-interface is used as an option - which is not shown in the command given. Again, if you are running different commands than the ones shown, please include them.

can you please check https://github.com/keycloak/keycloak/issues/33637#issuecomment-2396802897

ajaiswal595 commented 1 month ago

I updated the description and comments.

stianst commented 1 month ago

Please update the description to provide a better detail of what the problem is. I think perhaps reading through it you have a custom provider of sorts, and it's causing some issues. We also need steps to reproduce, but here you've simply written dfsfsdf.

~missing-info

keycloak-github-bot[bot] commented 1 month ago

Thanks for reporting this issue, but there is insufficient information or lack of steps to reproduce.

Please provide additional details, otherwise this issue will be automatically closed within 14 days.

akoyl commented 1 month ago

I have the same issue with v26.0.0 2024-10-12 15:36:53,836 ERROR [org.keycloak.services.error.KeycloakErrorHandler] (executor-thread-39) Uncaught server error: java.lang.IllegalArgumentException: Session not bound to a realm at org.keycloak.models.cache.infinispan.organization.InfinispanOrganizationProvider.getRealm(InfinispanOrganizationProvider.java:336) at org.keycloak.models.cache.infinispan.organization.InfinispanOrganizationProvider.count(InfinispanOrganizationProvider.java:289) at org.keycloak.storage.UserStorageManager.isReadOnlyOrganizationMember(UserStorageManager.java:943) at org.keycloak.storage.UserStorageManager.importValidation(UserStorageManager.java:117) at org.keycloak.storage.UserStorageManager.getUserById(UserStorageManager.java:389) at org.keycloak.models.cache.infinispan.UserCacheSession.getUserById(UserCacheSession.java:222) at com.invio.keycloak.even.listener.InvioUserEventListenerProviderFactory$1$1.lambda$commitImpl$0(InvioUserEventListenerProviderFactory.java:70) at org.keycloak.models.utils.KeycloakModelUtils.lambda$runJobInTransaction$1(KeycloakModelUtils.java:263) at org.keycloak.models.utils.KeycloakModelUtils.runJobInTransactionWithResult(KeycloakModelUtils.java:392) at org.keycloak.models.utils.KeycloakModelUtils.runJobInTransaction(KeycloakModelUtils.java:262) at com.invio.keycloak.even.listener.InvioUserEventListenerProviderFactory$1$1.commitImpl(InvioUserEventListenerProviderFactory.java:65) at org.keycloak.models.AbstractKeycloakTransaction.commit(AbstractKeycloakTransaction.java:46) at org.keycloak.services.DefaultKeycloakTransactionManager.commit(DefaultKeycloakTransactionManager.java:146) at org.keycloak.services.DefaultKeycloakSession.closeTransactionManager(DefaultKeycloakSession.java:414) at org.keycloak.services.DefaultKeycloakSession.close(DefaultKeycloakSession.java:379) at org.keycloak.models.KeycloakBeanProducer_ProducerMethod_getKeycloakSession_XoSEUTXOsE3bpqXlGMAykCiECUM_ClientProxy.close(Unknown Source) at org.keycloak.quarkus.runtime.transaction.TransactionalSessionHandler.close(TransactionalSessionHandler.java:60) at org.keycloak.quarkus.runtime.integration.jaxrs.CloseSessionFilter.closeSession(CloseSessionFilter.java:67) at org.keycloak.quarkus.runtime.integration.jaxrs.CloseSessionFilter.filter(CloseSessionFilter.java:63) at org.jboss.resteasy.reactive.server.handlers.ResourceResponseFilterHandler.handle(ResourceResponseFilterHandler.java:25) at io.quarkus.resteasy.reactive.server.runtime.QuarkusResteasyReactiveRequestContext.invokeHandler(QuarkusResteasyReactiveRequestContext.java:150) at org.jboss.resteasy.reactive.common.core.AbstractResteasyReactiveContext.run(AbstractResteasyReactiveContext.java:147) at io.quarkus.vertx.core.runtime.VertxCoreRecorder$14.runWith(VertxCoreRecorder.java:635) at org.jboss.threads.EnhancedQueueExecutor$Task.doRunWith(EnhancedQueueExecutor.java:2516) at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2495) at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1521) at org.jboss.threads.DelegatingRunnable.run(DelegatingRunnable.java:11) at org.jboss.threads.ThreadLocalResettingRunnable.run(ThreadLocalResettingRunnable.java:11) at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) at java.base/java.lang.Thread.run(Thread.java:1583)

It breaks in my provider :

         void userAdded(String realmId, String clientId, String userId) {
            session
                  .getTransactionManager()
                  .enlistAfterCompletion(
                        new AbstractKeycloakTransaction() {
                           @Override
                           protected void commitImpl() {
                              KeycloakModelUtils.runJobInTransaction(
                                    factory,
                                    (s) -> {
                                       RealmModel realm = s.realms().getRealm(realmId);
               ------------->          UserModel user = s.users().getUserById(realm, userId);      <------------ HERE
                                       getUserChangedHandler().onUserAdded(s, realm, user, clientId);
                                    });
                           }
                           .......................................
                        });
         }
keycloak-github-bot[bot] commented 3 weeks ago

Due to lack of updates in the last 14 days this issue will be automatically closed.

ajaiswal595 commented 3 weeks ago

@akoyl

Have you got the solution?

akoyl commented 3 weeks ago

@ajaiswal595

No, not yet. I've tried many different things, but nothing worked. I'm getting this error when trying to get UserModel e.g. UserModel user = session.users().getUserById(realm, userId);

Tha same code works on v25.0.6

forwardmeasure commented 2 weeks ago

I can confirm that this bug has been fixed in 26.0.2. It was present in 26.0.0 and 26.0.1.

Kavalinaveen commented 1 week ago

I tried with version 26.0.2 i am getting the same issue and with latest keycloak also same issue 2024-11-05T23:46:11.242+05:30 INFO 119660 --- [ream--701245566] tc.keycloak/keycloak:latest : STDOUT: 2024-11-05 18:16:11,240 WARN [io.agroal.pool] (main) Datasource '': JDBC resources leaked: 1 ResultSet(s) and 0 Statement(s) 2024-11-05T23:46:11.844+05:30 INFO 119660 --- [ream--701245566] tc.keycloak/keycloak:latest : STDOUT: 2024-11-05 18:16:11,842 INFO [org.keycloak.connections.infinispan.DefaultInfinispanConnectionProviderFactory] (main) Node name: node_626611, Site name: null 2024-11-05T23:46:12.027+05:30 INFO 119660 --- [ream--701245566] tc.keycloak/keycloak:latest : STDOUT: 2024-11-05 18:16:12,026 INFO [org.keycloak.broker.provider.AbstractIdentityProviderMapper] (main) Registering class org.keycloak.broker.provider.mappersync.ConfigSyncEventListener 2024-11-05T23:46:12.118+05:30 INFO 119660 --- [ream--701245566] tc.keycloak/keycloak:latest : STDOUT: 2024-11-05 18:16:12,116 INFO [org.keycloak.exportimport.dir.DirImportProvider] (main) Importing from directory /opt/keycloak/bin/../data/import 2024-11-05T23:46:12.127+05:30 INFO 119660 --- [ream--701245566] tc.keycloak/keycloak:latest : STDOUT: 2024-11-05 18:16:12,125 INFO [org.keycloak.services] (main) KC-SERVICES0050: Initializing master realm 2024-11-05T23:46:14.617+05:30 INFO 119660 --- [ream--701245566] tc.keycloak/keycloak:latest : STDOUT: 2024-11-05 18:16:14,615 INFO [org.keycloak.services] (main) KC-SERVICES0030: Full model import requested. Strategy: OVERWRITE_EXISTING 2024-11-05T23:46:20.512+05:30 INFO 119660 --- [ream--701245566] tc.keycloak/keycloak:latest : STDOUT: 2024-11-05 18:16:20,511 INFO [org.keycloak.exportimport.util.ImportUtils] (main) Realm 'voltacabs' imported 2024-11-05T23:46:20.701+05:30 INFO 119660 --- [ream--701245566] tc.keycloak/keycloak:latest : STDOUT: 2024-11-05 18:16:20,700 WARN [io.agroal.pool] (main) Datasource '': JDBC resources leaked: 1 ResultSet(s) and 0 Statement(s) 2024-11-05T23:46:20.723+05:30 INFO 119660 --- [ream--701245566] tc.keycloak/keycloak:latest : STDOUT: 2024-11-05 18:16:20,722 INFO [com.arjuna.ats.jbossatx] (main) ARJUNA032014: Stopping transaction recovery manager 2024-11-05T23:46:20.839+05:30 INFO 119660 --- [ream--701245566] tc.keycloak/keycloak:latest : STDOUT: 2024-11-05 18:16:20,838 ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) ERROR: Failed to start server in (development) mode 2024-11-05T23:46:20.840+05:30 INFO 119660 --- [ream--701245566] tc.keycloak/keycloak:latest : STDOUT: 2024-11-05 18:16:20,839 ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) ERROR: Session not bound to a realm 2024-11-05T23:46:20.840+05:30 INFO 119660 --- [ream--701245566] tc.keycloak/keycloak:latest : STDOUT: 2024-11-05 18:16:20,839 ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) For more details run the same command passing the '--verbose' option. Also you can use '--help' to see the details about the usage of the particular command. 2024-11-05T23:47:35.174+05:30 ERROR 119660 --- [ main] tc.keycloak/keycloak:latest : Could not start container

dnk commented 6 days ago

in my case it was caused by "organization" feature which enabled since Keycloak 26. error is gone after disabling "organization" feature.

org.keycloak.models.cache.infinispan.organization.InfinispanOrganizationProvider.getRealm(InfinispanOrganizationProvider.java:336) at org.keycloak.models.cache.infinispan.organization.InfinispanOrganizationProvider.count(InfinispanOrganizationProvider.java:289) at org.keycloak.storage.UserStorageManager.isReadOnlyOrganizationMember(UserStorageManager.java:943) at org.keycloak.storage.UserStorageManager.importValidation(UserStorageManager.java:117) at org.keycloak.storage.UserStorageManager.getUserById(UserStorageManager.java:389) ...