Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dev Services for Keycloak: Client and users aren't created #46207

Open
nicolasduminil opened this issue Feb 11, 2025 · 4 comments
Open

Dev Services for Keycloak: Client and users aren't created #46207

nicolasduminil opened this issue Feb 11, 2025 · 4 comments
Labels
area/devservices area/keycloak kind/bug Something isn't working

Comments

@nicolasduminil
Copy link

Describe the bug

The documentation states:

%dev.quarkus.keycloak.devservices.users.duke=dukePassword
%dev.quarkus.keycloak.devservices.roles.duke=reader
%dev.quarkus.keycloak.devservices.users.john=johnPassword
%dev.quarkus.keycloak.devservices.roles.john=reader,writer

This configuration creates two users: * duke with a dukePassword password and a reader role * john with a johnPassword password and reader and writer roles
...
To customize the client ID and secret, you can use the quarkus.oidc.client-id and quarkus.oidc.credentials.secret properties.

However, using the mentioned properties, the associated users, password and client isn't created in the Keycloak dev instance.

Expected behavior

Expecting than running Keycloak in dev mode and connecting as admin, to find the mentioned usesr and client created in the given realm.

Actual behavior

Neither the user, nor the client is created.

How to Reproduce?

Step to reproduce:

  1. Go to the security-keycloak-authorization-quickstart in Quarkus Quick Starts.
  2. Modify the file src/main/resources/application.properties to add the following lines:
%dev.quarkus.keycloak.devservices.users.duke=dukePassword
%dev.quarkus.keycloak.devservices.roles.duke=reader
%dev.quarkus.keycloak.devservices.users.john=johnPassword
%dev.quarkus.keycloak.devservices.roles.john=reader,writer
  1. Run in dev mode: mvn quarkus:dev
  2. Wait for the Keycloak server to start
  3. Type d
  4. In the DEV UI, click on Keycloak Admin link in the OpenID Connect pane.
  5. Log to Keycloak as admin/admin.
  6. Select the quarkus realm.
  7. Click on Clients
  8. Observe that the client having backend-service as an ID doesn't exist.
  9. Click on Users
  10. Observe that there aren't any users named Duke and John.
  11. Click on Realm roles.
  12. Observe that there aren't any roles reader and writer.

Output of uname -a or ver

Linux nicolas-XPS-15-9570 6.8.0-52-generic #53-Ubuntu SMP PREEMPT_DYNAMIC Sat Jan 11 00:06:25 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Output of java -version

java version "21.0.3" 2024-04-16 LTS Java(TM) SE Runtime Environment (build 21.0.3+7-LTS-152) Java HotSpot(TM) 64-Bit Server VM (build 21.0.3+7-LTS-152, mixed mode, sharing)

Quarkus version or git rev

3.17

Build tool (ie. output of mvnw --version or gradlew --version)

Apache Maven 3.9.5 (57804ffe001d7215b5e7bcb531cf83df38f93546) Maven home: /opt/apache-maven-3.9.5 Java version: 21.0.3, vendor: Oracle Corporation, runtime: /usr/lib/jvm/jdk-21-oracle-x64 Default locale: en_US, platform encoding: UTF-8 OS name: "linux", version: "6.8.0-52-generic", arch: "amd64", family: "unix"

Additional information

N/A
@nicolasduminil nicolasduminil added the kind/bug Something isn't working label Feb 11, 2025
@quarkus-bot quarkus-bot
Copy link

quarkus-bot bot commented Feb 11, 2025

/cc @geoand (devservices), @pedroigor (keycloak), @sberyozkin (keycloak)

@nicolasduminil
Copy link
Author

nicolasduminil commented Feb 12, 2025
edited
Loading

Have added the following property to application.properties file:

quarkus.keycloak.devservices.realm-path=my-realm.json

Where my-realm.json is located in src/test/resources. Running mvn quarkus:dev and looking in the Keycloak log file, I'm seeing this:

 Changes detected in configuration. Updating the server image.
 Updating the configuration and installing your custom providers, if any. Please wait.
 2025-02-12 14:33:03,783 INFO  [io.qua.dep.QuarkusAugmentor] (main) Quarkus augmentation completed in 6071ms
 Server configuration updated and persisted. Run the following command to review the configuration:

        kc.sh show-config

 Next time you run the server, just run:

        kc.sh start --http-enabled=true --hostname-strict=false --spi-user-profile-declarative-user-profile-config-file=/opt/  keycloak/upconfig.json --optimized

 2025-02-12 14:33:07,149 INFO  [org.infinispan.CONTAINER] (ForkJoinPool.commonPool-worker-1) ISPN000556: Starting  user marshaller 'org.infinispan.jboss.marshalling.core.JBossUserMarshaller'
 2025-02-12 14:33:07,457 WARN  [org.jgroups.stack.Configurator] (ForkJoinPool.commonPool-worker-1) JGRP000014: ThreadPool.thread_dumps_threshold has been deprecated: ignored
 2025-02-12 14:33:07,466 INFO  [org.infinispan.CLUSTER] (ForkJoinPool.commonPool-worker-1) ISPN000078: Starting JGroups channel `ISPN` with stack `udp`
 2025-02-12 14:33:07,468 INFO  [org.jgroups.JChannel] (ForkJoinPool.commonPool-worker-1) local_addr: 095bf75c-e44f-4e9f-bc4d-a809a7320264, name: 1a904b4f860e-29982
 2025-02-12 14:33:07,472 WARN  [org.jgroups.protocols.UDP] (ForkJoinPool.commonPool-worker-1) JGRP000015: the send buffer of socket MulticastSocket was set to 1MB, but the OS only allocated 212.99KB
 2025-02-12 14:33:07,472 WARN  [org.jgroups.protocols.UDP] (ForkJoinPool.commonPool-worker-1) JGRP000015: the receive buffer of socket MulticastSocket was set to 20MB, but the OS only allocated 212.99KB
 2025-02-12 14:33:07,473 WARN  [org.jgroups.protocols.UDP] (ForkJoinPool.commonPool-worker-1) JGRP000015: the send buffer of socket MulticastSocket was set to 1MB, but the OS only allocated 212.99KB
 2025-02-12 14:33:07,473 WARN  [org.jgroups.protocols.UDP] (ForkJoinPool.commonPool-worker-1) JGRP000015: the receive buffer of socket MulticastSocket was set to 25MB, but the OS only allocated 212.99KB
 2025-02-12 14:33:07,478 INFO  [org.jgroups.protocols.FD_SOCK2] (ForkJoinPool.commonPool-worker-1) server listening on *.27203
 2025-02-12 14:33:07,720 INFO  [org.keycloak.broker.provider.AbstractIdentityProviderMapper] (main) Registering class org.keycloak.broker.provider.mappersync.ConfigSyncEventListener
 2025-02-12 14:33:08,352 INFO  [org.keycloak.quarkus.runtime.storage.legacy.liquibase.QuarkusJpaUpdaterProvider] (main) Initializing database schema. Using changelog META-INF/jpa-changelog-master.xml
 2025-02-12 14:33:09,482 INFO  [org.jgroups.protocols.pbcast.GMS] (ForkJoinPool.commonPool-worker-1) 1a904b4f860e-29982: no members discovered after 2002 ms: creating cluster as coordinator
 2025-02-12 14:33:09,489 INFO  [org.infinispan.CLUSTER] (ForkJoinPool.commonPool-worker-1) ISPN000094: Received new cluster view for channel ISPN: [1a904b4f860e-29982|0] (1) [1a904b4f860e-29982]
 2025-02-12 14:33:09,540 INFO  [org.infinispan.CLUSTER] (ForkJoinPool.commonPool-worker-1) ISPN000079: Channel `ISPN` local address is `1a904b4f860e-29982`, physical addresses are `[172.17.0.4:42739]`

 UPDATE SUMMARY
 Run:                        134
 Previously run:               0
 Filtered out:                 0
 -------------------------------
 Total change sets:          134

 2025-02-12 14:33:10,493 INFO  [org.keycloak.connections.infinispan.DefaultInfinispanConnectionProviderFactory] (main) Node name: 1a904b4f860e-29982, Site name: null
 2025-02-12 14:33:10,641 INFO  [org.keycloak.services] (main) KC-SERVICES0050: Initializing master realm
 2025-02-12 14:33:12,107 INFO  [org.keycloak.services] (main) KC-SERVICES0009: Added user 'admin' to realm 'master'
 2025-02-12 14:33:12,173 INFO  [io.quarkus] (main) Keycloak 25.0.6 on JVM (powered by Quarkus 3.8.5) started in 8.267s.   Listening on: http://0.0.0.0:8080. Management interface listening on http://0.0.0.0:9000.
 2025-02-12 14:33:12,173 INFO  [io.quarkus] (main) Profile prod activated. 
 2025-02-12 14:33:12,174 INFO  [io.quarkus] (main) Installed features: [agroal, cdi, hibernate-orm, jdbc-h2, keycloak, logging-gelf, narayana-jta, reactive-routes, resteasy-reactive, resteasy-reactive-jackson, smallrye-context-propagation, vertx]

I'm not seeing any trace showing that the realm definition file is loaded. Running the kc.sh show-config, as suggested, displays:

Current Mode: production
Current Configuration:
    kc.config.built =  true (SysPropConfigSource)
    kc.db =  dev-file (Persisted)
    kc.log-console-output =  default (classpath keycloak.conf)
    kc.run.in.container =  true (ENV)
    kc.version =  25.0.6 (SysPropConfigSource)

@sberyozkin
Copy link
Member

@nicolasduminil Adding client and users option is only there to support basic cases where no actual realms with the user definitions are available, so instead of default alice and bob one could register fred which is probably not very useful...

As far as loading custom realms is concerned, it works well to the best of my knowledge, we have a lot of tests using custom realms, if it does not then it would make sense to create another issue as it is not really related to this issue

@nicolasduminil
Copy link
Author

@sberyozkin

Adding client and users option is only there to support basic cases where no actual realms with the user definitions are available, so instead of default alice and bob one could register.

These basic cases don't work, as explained.

... it works well to the best of my knowledge, we have a lot of tests using custom realms ...

Actually it doesn't, as you can notice by reproducing the issue, as documented, using your own test (Quick Starts).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/devservices area/keycloak kind/bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sberyozkin @nicolasduminil