Open Jack-Hazelden-Blackdot opened 4 days ago
@Jack-Hazelden-Blackdot Can you also provide information on how you are configuring the ext-event-http
listener (i.e. what realm attributes you are setting, and how)? We'll try to reproduce.
The code the exception points to seems to indicate that the internal Map
of providers kept by the DefaultKeycloakSession
implementation is somehow getting changed while it is looping through the providers to call close
. That's strange because we don't make any changes (nor do I think we can) to that Map
.
@xgp For the realm attribute configuration of the ext-event-http
listener we set the _providerConfig.ext-event-http
with the targetUri
to our auditing service endpoint (http://audit:8080/keycloak
) as part of the bootstrapping by calling the Keycloak API - this service is stood up using docker run in the same network. Example of the code:
private async Task AddProviderConfigurationAsync(string auditEventServiceName)
{
await _realmsAdminApi.PutAsync(_realm, new RealmRepresentation
{
Attributes = new Dictionary<string, string>()
{
{"_providerConfig.ext-event-http", $"{{\"targetUri\":\"{auditEventServiceName}\"}}"}
}
});
}
The logs from the audit service indicate that Keycloak is able to connect and push events through:
[11:59:58 INF] Application started. Press Ctrl+C to shut down. [11:59:58 INF] Hosting environment: CucumberCi [11:59:58 INF] Content root path: /app [12:01:26 INF] Request starting HTTP/1.1 POST http://audit:8080/keycloak - application/json 514 [12:01:26 INF] Request starting HTTP/1.1 POST http://audit:8080/keycloak - application/json 514 [12:01:26 WRN] Failed to determine the https port for redirect. [12:01:26 INF] Executing endpoint 'HTTP: POST /keycloak' [12:01:26 INF] Executing endpoint 'HTTP: POST /keycloak' [12:01:26 INF] Setting HTTP status code 200. [12:01:26 INF] Setting HTTP status code 200. [12:01:26 INF] Executed endpoint 'HTTP: POST /keycloak' [12:01:26 INF] Executed endpoint 'HTTP: POST /keycloak' [12:01:26 INF] HTTP POST /keycloak responded 200 in 36.8933 ms [12:01:26 INF] HTTP POST /keycloak responded 200 in 29.3713 ms [12:01:26 INF] Request finished HTTP/1.1 POST http://audit:8080/keycloak - 200 0 null 122.9871ms [12:01:26 INF] Request finished HTTP/1.1 POST http://audit:8080/keycloak - 200 0 null 123.1193ms
Upon enabling the Keycloak Events plugin we see errors consistently raised in our tests when setting up the realms for our testing environment causing them to fail with a
java.util.ConcurrentModificationException
in the logs.All instances of the error appear to be when
Keycloak.Net.KeycloakClient
in our backend requests an access token fromPOST http://keycloak:8080/realms/tests/protocol/openid-connect/token
as part of the authentication flow causing Keycloak to return a 500. Note that prior to enabling the Keycloak Events plugin this did not occur, and disabling it allows the tests to pass with no issues.For our test runs we stand up Keycloak using docker compose in Github Actions and configure it to use the
jboss-logging
andext-event-http
event listeners via a bootstrapper - we then stand up our backend using docker run on the same network where it hits the Keycloak endpoints. Section of the docker compose configuring Keycloak:Versions used and logs are below - any assistance is greatly appreciated. Let me know if any additional information is required. Quite possibly related to https://github.com/p2-inc/keycloak-events/issues/73
Keycloak version: 25.0.1 Keycloak Events plugin version: 0.32 Keycloak.Net.Core version: 1.0.26 Keycloak.AuthServices.Authentication version: 2.5.1
From our backend logs calling Keycloak:
From the Keycloak logs at the same point in time: