Keycloak Unknown authentication mechanism

Asked 2/12, 2014 at 15:53 Answered 3/1, 2020 at 14:27

I need help with using keycloak in an Errai app. I am getting an error about "unknown authentication method" for "KEYCLOAK" ? I have the keycloak-appliance running (on a different port though), and the Errai app has a with KEYCLOAK in the web.xml file inside WEB-INF When I run the Errai app with mvn gwt:run, I get : RuntimeException caused by "Unknown authentication mechanism KEYCLOAK". I have no idea how to go around this issue .

Benita answered 2/12, 2014 at 15:53 Comment(1)

Btw, if you are only starting to implement your application consider using Spring Security adapter - you will be able to create war file which will work both on JBoss and Tomcat for example, without installing extra adapter to server. – Rotgut 2/6, 2016 at 9:27

Just wanted to add a little more detail to @cfsnyder's answer. In order for your application server to recognize a definition in the web.xml that looks like this:

<login-config>
    <auth-method>KEYCLOAK</auth-method>
    <realm-name>internal</realm-name>
</login-config>

you'll need to tell jboss (in this instance) how to interpret that particular auth method. At the time of my answer, this is in section 8.2 of the Keycloak docs.

First, download the keycloak adapter (remember, this is not the same as the Keycloak Server). Next, unzip the download in the wildfly home directory. With your application server running, just use the following command to install the Keycloak configuration into the appropriate files:

jboss-cli.sh -c --file=adapter-install.cli

When this script completes, your configuration file will have the new entry added to accommodate the KEYCLOAK entry in your web.xml. The script will add something like this to either a domain.xml or standalone.xml:

            <security-domain name="keycloak">
                <authentication>
                    <login-module code="org.keycloak.adapters.jboss.KeycloakLoginModule" flag="required"/>
                </authentication>
            </security-domain>

Once you have the Keycloak module files provided by the adapter + the security domain configuration to link the KEYCLOAK method to the appropriate LoginModule, you should be all set.

Football answered 21/12, 2015 at 16:53 Comment(2)

The download link just redirects to the site's main page. – Vestry 27/6, 2019 at 9:27

one final step -- after running cli - do restart the wildfly :) – Ison 12/12, 2020 at 17:27

You will need to install and configure the Wildfly adapter in order for your Errai app to recognize the "KEYCLOAK" authentication method. See section 7.2 of the Keycloak documentation.

Avifauna answered 24/1, 2015 at 16:28 Comment(1)

@freedev thanks for pointing that out. cfsnyder could you please modify? – Queridas 25/7, 2016 at 22:57

To add to @josh-cain's answer, you might also need following additions in your domain.xml or standalone.xml:

To <extensions></extensions>, add:

   <extension module="org.keycloak.keycloak-adapter-subsystem"/>

To <profile></profile>, add:

   <subsystem xmlns="urn:jboss:domain:keycloak:1.1"/>

The adapter installation cli scripts can fail for various reasons so you might need to add these entries manually.

Icarian answered 3/1, 2020 at 14:27 Comment(0)

Recommended topics

Hot tags