Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-9310

Removing custom required action provider corrupts the Realm model

    Details

    • Type: Bug
    • Status: Open (View Workflow)
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 4.0.0.Beta3, 4.4.0.Final
    • Fix Version/s: None
    • Component/s: None
    • Labels:
    • Environment:

      Keycloak/Wildfly running with file system based DB.
      OS: Linux 3.10.0-693.21.1.el7.x86_64

    • Steps to Reproduce:
      Hide
      1. We were implementing a Custom required action provider and we deployed it via SPI framework.
      2. Login into the Realm Admin console
      3. go to Authentication > Required Actions
      4. click on the Register button and register the newly deployed action provider
      5. logout
      6. delete your JAR from deployments folder (deleting the custom required action provider SPI)
      7. Try to login again and you'll get the error bellow
      8. Try to delete the realm either via REST or via the kcadm.sh , server hangs so it needs to be restarted

      The error is:
      We're sorry...
      Unexpected error when handling authentication request to identity provider.

      « Back to Application

      Show
      We were implementing a Custom required action provider and we deployed it via SPI framework. Login into the Realm Admin console go to Authentication > Required Actions click on the Register button and register the newly deployed action provider logout delete your JAR from deployments folder (deleting the custom required action provider SPI) Try to login again and you'll get the error bellow Try to delete the realm either via REST or via the kcadm.sh , server hangs so it needs to be restarted The error is: We're sorry... Unexpected error when handling authentication request to identity provider. « Back to Application
    • Docs QE Status:
      NEW
    • QE Status:
      NEW

      Description

      See steps to reproduce.
      The I guess the problem is that once registered, a required action provider is stored in the Realm model, which leads to another problem - how to delete custom required action providers from the realm configuration. I guess, if the SPI jar has been removed from the deployment folder ... this should automatically try to remove it from all Realms' models.

      This is a stacktrace from the server.log:
      2019-01-10 14:53:51,248 WARN [org.keycloak.services] (default task-77) KC-SERVICES0013: Failed authentication: java.lang.RuntimeException: Unable to find factory for Required Action: Update_MDM_Password did you forget to declare it in a META-INF/services file?
      at org.keycloak.services.managers.AuthenticationManager.evaluateRequiredActionTriggers(AuthenticationManager.java:1082)
      at org.keycloak.services.managers.AuthenticationManager.nextRequiredAction(AuthenticationManager.java:857)
      at org.keycloak.authentication.AuthenticationProcessor.nextRequiredAction(AuthenticationProcessor.java:1013)
      at org.keycloak.authentication.AuthenticationProcessor.authenticationComplete(AuthenticationProcessor.java:1001)
      at org.keycloak.authentication.AuthenticationProcessor.authenticate(AuthenticationProcessor.java:781)
      at org.keycloak.protocol.AuthorizationEndpointBase.handleBrowserAuthenticationRequest(AuthorizationEndpointBase.java:141)
      at org.keycloak.protocol.oidc.endpoints.AuthorizationEndpoint.buildAuthorizationCodeAuthorizationResponse(AuthorizationEndpoint.java:409)
      at org.keycloak.protocol.oidc.endpoints.AuthorizationEndpoint.process(AuthorizationEndpoint.java:152)
      at org.keycloak.protocol.oidc.endpoints.AuthorizationEndpoint.buildGet(AuthorizationEndpoint.java:108)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      at java.lang.reflect.Method.invoke(Method.java:498)
      at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:140)
      at org.jboss.resteasy.core.ResourceMethodInvoker.internalInvokeOnTarget(ResourceMethodInvoker.java:510)
      ....

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                gkgeorgiev Georgi Georgiev
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated: