I have created a wildfly container (wildfly 25.0.1 and keycloak 15.0.2) with the keycloak as subsystem. I have also a running keycloak container. Trying to deploy a simple jakarta app (build as war via maven and upload it into the wildfly) with a web.xml as follow leads to the following error:
{"WFLYCTL0080: Failed services" => {"jboss.deployment.unit.\"demo1-1.0-
SNAPSHOT.war\".undertow-deployment" => "java.lang.RuntimeException:
java.lang.IllegalStateException: The required mechanism 'KEYCLOAK' is not available
in mechanisms [BASIC, CLIENT_CERT, DIGEST, FORM] from the HttpAuthenticationFactory.
Caused by: java.lang.RuntimeException: java.lang.IllegalStateException: The
required mechanism 'KEYCLOAK' is not available in mechanisms [BASIC, CLIENT_CERT,
DIGEST, FORM] from the HttpAuthenticationFactory.
Caused by: java.lang.IllegalStateException: The required mechanism 'KEYCLOAK' is
not available in mechanisms [BASIC, CLIENT_CERT, DIGEST, FORM] from the
HttpAuthenticationFactory."}}
My web.xml under WEB-INF:
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
<module-name>demo</module-name>
<security-constraint>
<web-resource-collection>
<web-resource-name>Application</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>KEYCLOAK</auth-method>
<realm-name>my-auth</realm-name>
</login-config>
<security-role>
<role-name>user</role-name>
</security-role>
</web-app>
My wildfly docker file:
FROM jboss/wildfly:25.0.0.Final
ENV KEYCLOAK_VERSION 15.0.2
ENV WILDFLY_HOME /opt/jboss/wildfly
RUN cd $WILDFLY_HOME && curl -LO https://github.com/keycloak/keycloak/releases/download/${KEYCLOAK_VERSION}/keycloak-oidc-wildfly-adapter-${KEYCLOAK_VERSION}.tar.gz \
&& tar -xzvf keycloak-oidc-wildfly-adapter-${KEYCLOAK_VERSION}.tar.gz \
&& rm keycloak-oidc-wildfly-adapter-${KEYCLOAK_VERSION}.tar.gz \
&& bin/jboss-cli.sh --file=bin/adapter-elytron-install-offline.cli \
# Admin-User anlegen
&& bin/add-user.sh admin admin1234 --silent \
# Zu Vermeidung von Fehlermeldungen beim Start
&& rm -r standalone/configuration/standalone_xml_history/current/
CMD ["/opt/jboss/wildfly/bin/standalone.sh", "-b", "0.0.0.0", "-bmanagement", "0.0.0.0"]
EXPOSE 8285
EXPOSE 9992
Openning the wildfly in browser -> confguration ->subsystem shows me that the keycloak is there. I can see in thestandalone.xml file of wildfly container the following has been set:
<http-authentication-factory name="keycloak-http-authentication" security-domain="KeycloakDomain" http-server-mechanism-factory="keycloak-http-server-mechanism-factory">
<mechanism-configuration>
<mechanism mechanism-name="KEYCLOAK">
<mechanism-realm realm-name="KeycloakOIDCRealm" realm-mapper="keycloak-oidc-realm-mapper"/>
</mechanism>
</mechanism-configuration>
</http-authentication-factory>
The app has keyclaock.json in WEB-INF as well. Any Idea how to fix this?
Keycloak has deprecated the Wildfly-Adapter in Favour of the built in Elytron OIDC-Authenticator. https://www.keycloak.org/2021/12/keycloak-1510-released
You can check whether that meets your requirements, or stick with Wildfly 24 for now.
See https://wildfly-security.github.io/wildfly-elytron/blog/securing-wildfly-apps-openid-connect/ for more infos about using the built in authentication with Elytron.