Search code examples
javakeycloakkeycloak-services

IllegalStateException: Could not find ScriptEngine for script

I recently migrated from Keycloak 12 to Keycloak 21.0.1 After migration the script based authentication is getting failed because I am getting the ScriptEngine as null for the mimetype text/javascript.

ScriptEngine engineByMimeType = new ScriptEngineManager().getEngineByMimeType(script.getMimeType()); // getting it as null mime type is 'text/javascript'

Keycloak Code: https://github.com/keycloak/keycloak/blob/21.0.2/services/src/main/java/org/keycloak/scripting/DefaultScriptingProvider.java#L145

This was working fine in the keycloak version 12.

Error Log:

\[org.keycloak.services\] (executor-thread-0) KC-SERVICES0013: Failed authentication: java.lang.IllegalStateException: Could not find ScriptEngine for script: Script{...}
at org.keycloak.scripting.DefaultScriptingProvider.getPreparedScriptEngine(DefaultScriptingProvider.java:114)
at org.keycloak.scripting.DefaultScriptingProvider.prepareEvaluatableScript(DefaultScriptingProvider.java:74)
at org.keycloak.scripting.DefaultScriptingProvider.prepareInvocableScript(DefaultScriptingProvider.java:55)
at org.keycloak.authentication.authenticators.browser.ScriptBasedAuthenticator.getInvocableScriptAdapter(ScriptBasedAuthenticator.java:164)
at org.keycloak.authentication.authenticators.browser.ScriptBasedAuthenticator.tryInvoke(ScriptBasedAuthenticator.java:120)
at org.keycloak.authentication.authenticators.browser.ScriptBasedAuthenticator.authenticate(ScriptBasedAuthenticator.java:103)
...
Solution

  • Thanks, @Elliott Frisch, My java release version was 11, Adding Nashorn Core fixed the issue.

        <dependencies>
        <dependency>
            <groupId>org.openjdk.nashorn</groupId>
            <artifactId>nashorn-core</artifactId>
            <version>15.4</version>
        </dependency>
    </dependencies>

    <build>
        <plugins>
            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-dependency-plugin</artifactId>
                <executions>
                    <execution>
                        <id>copy-dependencies-quarkus</id>
                        <phase>package</phase>
                        <goals>
                            <goal>copy-dependencies</goal>
                        </goals>
                        <configuration>
                            <outputDirectory>${project.build.directory}/keycloak-server-extras/providers</outputDirectory>
                            <includeArtifactIds>nashorn-core,asm,asm-util,asm-commons</includeArtifactIds>
                        </configuration>
                    </execution>
                </executions>
            </plugin>
        </plugins>
    </build>

    And moved dependencies to /opt/keycloak/providers

    COPY providers/target/keycloak-server-extras/providers/* /opt/keycloak/providers/

    Reference: https://www.keycloak.org/docs/latest/server_development/index.html#deploy-the-script-jar