We have a working setup with WildFly 26 with HAL (management console) protected through Keycloak 16.
We are using KC adapters, not WF native OIDC adapter.
Now we are trying to upgrade KC to 22, but KC dropped support to bearer only clients.
Requests to management interface returns 401 status code, and following logs on WF:
DEBUG [org.keycloak.adapters.PreAuthActionsHandler] (management task-3) adminRequest http://localhost:9990/management
TRACE [org.keycloak.adapters.RequestAuthenticator] (management task-3) --> authenticate()
TRACE [org.keycloak.adapters.RequestAuthenticator] (management task-3) try bearer
DEBUG [org.keycloak.adapters.BearerTokenRequestAuthenticator] (management task-3) Authorization header not present
TRACE [org.keycloak.adapters.RequestAuthenticator] (management task-3) try query parameter auth
DEBUG [org.keycloak.adapters.QueryParameterTokenRequestAuthenticator] (management task-3) Token is not present in query
DEBUG [org.keycloak.adapters.RequestAuthenticator] (management task-3) NOT_ATTEMPTED: bearer only
Found some topics about messing with client setup, but all tests result in same error
Any clue on solving this?
Thanks!
The problem is a breaking change on KC 22, KC has removed deprecated promise api:
Legacy Promise API removed With this release, we have removed the legacy Promise API methods from the Keycloak JS adapter. This means that calling .success() and .error() on promises returned from the adapter is no longer possible.
You can workaround this building a custom HAL and changing it on WF, or building a custom KC.
Our choice was to build a custom KC, as it is just 1 point of changes. We added back removed promise api on keycloak.js:
This is what needs to be restored:
function Keycloak (config) {
/*...*/
p.promise.success = function(callback) {
this.then(function handleSuccess(value) {
callback(value);
});
return this;
}
p.promise.error = function(callback) {
this.catch(function handleError(error) {
callback(error);
});
return this;
}
/*...*/
}