Details
-
Bug
-
Resolution: Done
-
Critical
-
7.4.3.GA
Description
In the following scenario on OpenShift:
- JBoss EAP deployed with template eap74-sso-s2i
- RHSSO deployed with template sso75-https
If JBoss EAP has multiple deployments (which is the default in the template: "app-jee-jsp/target,service-jee-jaxrs/target,app-profile-jee-jsp/target,app-profile-saml-jee-jsp/target"), the JBoss EAP POD fails with the following error:
$ oc logs eap-1-k8qtf 2022-02-09 08:09:04 Launching EAP Server INFO Configuring JGroups cluster traffic encryption protocol to SYM_ENCRYPT. INFO Configuring JGroups discovery protocol to dns.DNS_PING INFO Using PicketBox SSL configuration. INFO Obtained auth token from http://172.122.185.222:8080/auth for realm eap-realm /opt/eap/standalone/deployments ~ WARN ERROR: Unable to register openid-connect client for module app-jsp in realm eap-realm on "http://eap-mynamespace.apps.eapqe-024-dryf.eapqe.psi.redhat.com/app-jsp/*","http://eap-mynamespace.apps.eapqe-024-dryf.eapqe.psi.redhat.com:80/app-jsp/*","https://secure-eap-mynamespace.apps.eapqe-024-dryf.eapqe.psi.redhat.com/app-jsp/*","https://secure-eap-mynamespace.apps.eapqe-024-dryf.eapqe.psi.redhat.com:443/app-jsp/*": {"errorMessage":"Client app-jsp already exists"} INFO Configured keycloak subsystem for openid-connect module app-jsp from app-jsp.war WARN ERROR: Unable to register openid-connect client for module app-profile-jsp in realm eap-realm on "http://eap-mynamespace.apps.eapqe-024-dryf.eapqe.psi.redhat.com/app-profile-jsp/*","http://eap-mynamespace.apps.eapqe-024-dryf.eapqe.psi.redhat.com:80/app-profile-jsp/*","https://secure-eap-mynamespace.apps.eapqe-024-dryf.eapqe.psi.redhat.com/app-profile-jsp/*","https://secure-eap-mynamespace.apps.eapqe-024-dryf.eapqe.psi.redhat.com:443/app-profile-jsp/*": {"errorMessage":"Client app-profile-jsp already exists"} INFO Configured keycloak subsystem for openid-connect module app-profile-jsp from app-profile-jsp.war WARN ERROR: Unable to register openid-connect client for module service in realm eap-realm on "http://eap-mynamespace.apps.eapqe-024-dryf.eapqe.psi.redhat.com/service/*","http://eap-mynamespace.apps.eapqe-024-dryf.eapqe.psi.redhat.com:80/service/*","https://secure-eap-mynamespace.apps.eapqe-024-dryf.eapqe.psi.redhat.com/service/*","https://secure-eap-mynamespace.apps.eapqe-024-dryf.eapqe.psi.redhat.com:443/service/*": {"errorMessage":"Client service already exists"} INFO Configured keycloak subsystem for openid-connect module service from service.war ~ sed: -e expression #1, char 989: unterminated `s' command /opt/eap/standalone/deployments ~ Certificate stored in file </opt/eap/standalone/configuration/keycloak.cer> WARN ERROR: Unable to register saml client for module app-profile-saml in realm eap-realm on "http://eap-mynamespace.apps.eapqe-024-dryf.eapqe.psi.redhat.com/app-profile-saml/*","http://eap-mynamespace.apps.eapqe-024-dryf.eapqe.psi.redhat.com:80/app-profile-saml/*","https://secure-eap-mynamespace.apps.eapqe-024-dryf.eapqe.psi.redhat.com/app-profile-saml/*","https://secure-eap-mynamespace.apps.eapqe-024-dryf.eapqe.psi.redhat.com:443/app-profile-saml/*": {"errorMessage":"Client app-profile-saml already exists"} INFO Configured keycloak subsystem for saml module app-profile-saml from app-profile-saml.war ~ sed: -e expression #1, char 989: unterminated `s' command INFO Access log is disabled, ignoring configuration. WARN Configuration of an embedded messaging broker within the appserver is enabled but is not recommended. Support for such a configuration will be removed in a future release. WARN If you are not configuring messaging destinations, to disable configuring an embedded messaging broker set the DISABLE_EMBEDDED_JMS_BROKER environment variable to true. INFO Server started in admin mode, CLI script executed during server boot. INFO Running jboss-eap-7/eap74-openjdk11-runtime-openshift-rhel8 image, version 7.4.3 ========================================================================= JBoss Bootstrap Environment JBOSS_HOME: /opt/eap JAVA: /usr/lib/jvm/java-11/bin/java JAVA_OPTS: -javaagent:"/opt/eap/jboss-modules.jar" -server -Xlog:gc*:file="/opt/eap/standalone/log/gc.log":time,uptimemillis:filecount=5,filesize=3M -Xms128m -Xmx512m -XX:MetaspaceSize=96m -Djava.net.preferIPv4Stack=true -Djboss.modules.system.pkgs=jdk.nashorn.api -Djava.awt.headless=true -XX:+UseParallelOldGC -XX:MinHeapFreeRatio=10 -XX:MaxHeapFreeRatio=20 -XX:GCTimeRatio=4 -XX:AdaptiveSizePolicyWeight=90 -XX:+ExitOnOutOfMemoryError -Djava.security.egd=file:/dev/./urandom --add-exports=java.base/sun.nio.ch=ALL-UNNAMED --add-exports=jdk.unsupported/sun.misc=ALL-UNNAMED --add-exports=jdk.unsupported/sun.reflect=ALL-UNNAMED ========================================================================= 08:09:05,989 INFO [org.jboss.modules] (main) JBoss Modules version 1.12.0.Final-redhat-00001 WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by org.jolokia.util.ClassUtil (jar:file:/usr/share/java/jolokia-jvm-agent/jolokia-jvm.jar!/) to constructor sun.security.x509.X500Name(java.lang.String,java.lang.String,java.lang.String,java.lang.String,java.lang.String,java.lang.String) WARNING: Please consider reporting this to the maintainers of org.jolokia.util.ClassUtil WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release 08:09:06,377 INFO [org.jboss.msc] (main) JBoss MSC version 1.4.12.Final-redhat-00001 08:09:06,383 INFO [org.jboss.threads] (main) JBoss Threads version 2.4.0.Final-redhat-00001 08:09:06,455 INFO [org.jboss.as] (MSC service thread 1-2) WFLYSRV0049: JBoss EAP 7.4.3.GA (WildFly Core 15.0.6.Final-redhat-00003) starting 08:09:06,458 DEBUG [org.jboss.as.config] (MSC service thread 1-2) Configured system properties: [Standalone] = awt.toolkit = sun.awt.X11.XToolkit file.encoding = ANSI_X3.4-1968 file.separator = / java.awt.graphicsenv = sun.awt.X11GraphicsEnvironment java.awt.headless = true java.awt.printerjob = sun.print.PSPrinterJob java.class.path = /opt/eap/jboss-modules.jar java.class.version = 55.0 java.home = /usr/lib/jvm/java-11-openjdk-11.0.13.0.8-4.el8_5.x86_64 java.io.tmpdir = /tmp java.library.path = /usr/java/packages/lib:/usr/lib64:/lib64:/lib:/usr/lib java.net.preferIPv4Stack = true java.runtime.name = OpenJDK Runtime Environment java.runtime.version = 11.0.13+8-LTS java.security.egd = file:/dev/./urandom java.specification.name = Java Platform API Specification java.specification.vendor = Oracle Corporation java.specification.version = 11 java.util.logging.manager = org.jboss.logmanager.LogManager java.vendor = Red Hat, Inc. java.vendor.url = https://www.redhat.com/ java.vendor.url.bug = https://bugzilla.redhat.com/enter_bug.cgi?product=Red%20Hat%20Enterprise%20Linux%208&component=java-11-openjdk java.vendor.version = 18.9 java.version = 11.0.13 java.version.date = 2021-10-19 java.vm.compressedOopsMode = 32-bit java.vm.info = mixed mode, sharing java.vm.name = OpenJDK 64-Bit Server VM java.vm.specification.name = Java Virtual Machine Specification java.vm.specification.vendor = Oracle Corporation java.vm.specification.version = 11 java.vm.vendor = Red Hat, Inc. java.vm.version = 11.0.13+8-LTS javax.management.builder.initial = org.jboss.as.jmx.PluggableMBeanServerBuilder jboss.bind.address = 10.130.4.59 jboss.bind.address.management = 0.0.0.0 jboss.bind.address.private = 10.130.4.59 jboss.home.dir = /opt/eap jboss.host.name = eap-1-k8qtf jboss.messaging.cluster.password = <redacted> jboss.messaging.host = 10.130.4.59 jboss.modules.dir = /opt/eap/modules jboss.modules.system.pkgs = jdk.nashorn.api jboss.node.name = eap-1-k8qtf jboss.qualified.host.name = eap-1-k8qtf jboss.server.base.dir = /opt/eap/standalone jboss.server.config.dir = /opt/eap/standalone/configuration jboss.server.data.dir = /opt/eap/standalone/data jboss.server.deploy.dir = /opt/eap/standalone/data/content jboss.server.log.dir = /opt/eap/standalone/log jboss.server.name = eap-1-k8qtf jboss.server.persist.config = true jboss.server.temp.dir = /opt/eap/standalone/tmp jdk.debug = release line.separator = logging.configuration = file:/opt/eap/standalone/configuration/logging.properties module.path = /opt/eap/modules org.jboss.boot.log.file = /opt/eap/standalone/log/server.log org.jboss.resolver.warning = true org.wildfly.internal.cli.boot.hook.marker.dir = /tmp/cli-boot-reload-marker-1644394145 org.wildfly.internal.cli.boot.hook.script = /tmp/cli-script-1644394144.cli org.wildfly.internal.cli.boot.hook.script.error.file = /tmp/cli-script-error-1644394144.cli org.wildfly.internal.cli.boot.hook.script.output.file = /tmp/cli-script-output-1644394144.cli org.wildfly.internal.cli.boot.hook.script.properties = /tmp/cli-script-property-1644394144.cli org.wildfly.internal.cli.boot.hook.script.warn.file = /tmp/cli-warning-1644394144.log os.arch = amd64 os.name = Linux os.version = 4.18.0-305.30.1.el8_4.x86_64 path.separator = : sun.arch.data.model = 64 sun.boot.library.path = /usr/lib/jvm/java-11-openjdk-11.0.13.0.8-4.el8_5.x86_64/lib sun.cpu.endian = little sun.cpu.isalist = sun.io.unicode.encoding = UnicodeLittle sun.java.command = /opt/eap/jboss-modules.jar -javaagent:/usr/share/java/jolokia-jvm-agent/jolokia-jvm.jar=config=/opt/jboss/container/jolokia/etc/jolokia.properties -mp /opt/eap/modules org.jboss.as.standalone -Djboss.home.dir=/opt/eap -Djboss.server.base.dir=/opt/eap/standalone -c standalone-openshift.xml -bmanagement 0.0.0.0 -Djboss.server.data.dir=/opt/eap/standalone/data -Dwildfly.statistics-enabled=true -b 10.130.4.59 -bprivate 10.130.4.59 -Djboss.node.name=eap-1-k8qtf -Djboss.messaging.host=10.130.4.59 -Djboss.messaging.cluster.password=<redacted> --start-mode=admin-only -Dorg.wildfly.internal.cli.boot.hook.script=/tmp/cli-script-1644394144.cli -Dorg.wildfly.internal.cli.boot.hook.marker.dir=/tmp/cli-boot-reload-marker-1644394145 -Dorg.wildfly.internal.cli.boot.hook.script.properties=/tmp/cli-script-property-1644394144.cli -Dorg.wildfly.internal.cli.boot.hook.script.output.file=/tmp/cli-script-output-1644394144.cli -Dorg.wildfly.internal.cli.boot.hook.script.error.file=/tmp/cli-script-error-1644394144.cli -Dorg.wildfly.internal.cli.boot.hook.script.warn.file=/tmp/cli-warning-1644394144.log sun.java.launcher = SUN_STANDARD sun.jnu.encoding = ANSI_X3.4-1968 sun.management.compiler = HotSpot 64-Bit Tiered Compilers sun.os.patch.level = unknown user.country = US user.dir = /home/jboss user.home = /home/jboss user.language = en user.name = 1000980000 user.timezone = Etc/UTC wildfly.statistics-enabled = true 08:09:06,458 DEBUG [org.jboss.as.config] (MSC service thread 1-2) VM Arguments: -D[Standalone] -javaagent:/opt/eap/jboss-modules.jar -Xlog:gc*:file=/opt/eap/standalone/log/gc.log:time,uptimemillis:filecount=5,filesize=3M -Xms128m -Xmx512m -XX:MetaspaceSize=96m -Djava.net.preferIPv4Stack=true -Djboss.modules.system.pkgs=jdk.nashorn.api -Djava.awt.headless=true -XX:+UseParallelOldGC -XX:MinHeapFreeRatio=10 -XX:MaxHeapFreeRatio=20 -XX:GCTimeRatio=4 -XX:AdaptiveSizePolicyWeight=90 -XX:+ExitOnOutOfMemoryError -Djava.security.egd=file:/dev/./urandom --add-exports=java.base/sun.nio.ch=ALL-UNNAMED --add-exports=jdk.unsupported/sun.misc=ALL-UNNAMED --add-exports=jdk.unsupported/sun.reflect=ALL-UNNAMED -Dorg.jboss.boot.log.file=/opt/eap/standalone/log/server.log -Dlogging.configuration=file:/opt/eap/standalone/configuration/logging.properties 08:09:06,565 INFO [stdout] (JolokiaStart) I> No access restrictor found, access to any MBean is allowed 08:09:06,568 INFO [stdout] (JolokiaStart) Jolokia: Agent started with URL https://10.130.4.59:8778/jolokia/ 08:09:07,103 INFO [org.wildfly.security] (ServerService Thread Pool -- 29) ELY00001: WildFly Elytron version 1.15.9.Final-redhat-00001 08:09:07,350 INFO [org.jboss.as.controller.management-deprecated] (ServerService Thread Pool -- 31) WFLYCTL0033: Extension 'security' is deprecated and may not be supported in future versions 08:09:07,711 INFO [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0039: Creating http management service using socket-binding (management-http) 08:09:07,714 WARN [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0035: No security realm or http server authentication defined for http management service; all access will be unrestricted. 08:09:07,721 INFO [org.xnio] (MSC service thread 1-2) XNIO version 3.8.5.SP1-redhat-00001 08:09:07,725 INFO [org.xnio.nio] (MSC service thread 1-2) XNIO NIO Implementation Version 3.8.5.SP1-redhat-00001 08:09:07,748 INFO [org.jboss.remoting] (MSC service thread 1-2) JBoss Remoting version 5.0.23.SP1-redhat-00001 08:09:07,765 WARN [org.wildfly.extension.elytron] (MSC service thread 1-2) WFLYELY00023: KeyStore file '/opt/eap/standalone/configuration/application.keystore' does not exist. Used blank. 08:09:07,770 WARN [org.wildfly.extension.elytron] (MSC service thread 1-2) WFLYELY01084: KeyStore /opt/eap/standalone/configuration/application.keystore not found, it will be auto generated on first use with a self-signed certificate for host localhost 08:09:07,776 INFO [org.jboss.as.patching] (MSC service thread 1-1) WFLYPAT0050: JBoss EAP cumulative patch ID is: base, one-off patches include: none 08:09:07,855 WARN [org.jboss.as.remoting] (MSC service thread 1-1) ****** All authentication is ANONYMOUS for org.jboss.as.remoting.RemotingHttpUpgradeService 08:09:07,888 INFO [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0212: Resuming server 08:09:07,889 INFO [org.jboss.as] (Controller Boot Thread) WFLYSRV0025: JBoss EAP 7.4.3.GA (WildFly Core 15.0.6.Final-redhat-00003) started in 2165ms - Started 74 of 98 services (38 services are lazy, passive or on-demand) 08:09:07,890 INFO [org.jboss.as] (Controller Boot Thread) WFLYSRV0060: Http management interface listening on http://0.0.0.0:9990/management 08:09:07,890 INFO [org.jboss.as] (Controller Boot Thread) WFLYSRV0054: Admin console is not enabled 08:09:07,891 INFO [org.jboss.as.controller] (Controller Boot Thread) WFLYCTL0472: Checking for presence of marker file indicating that the server has been restarted following execution of the additional commands from the CLI script 08:09:07,891 INFO [org.jboss.as.controller] (Controller Boot Thread) WFLYCTL0474: No marker file found indicating that the server has been restarted following execution of the additional commands from the CLI script 08:09:07,892 INFO [org.jboss.as.controller] (Controller Boot Thread) WFLYCTL0466: Initialised the additional boot CLI script functionality. The CLI commands will be read from /tmp/cli-script-1644394144.cli. The server will be rebooted to normal mode after these have been executed 08:09:07,898 INFO [org.jboss.as.controller] (Controller Boot Thread) WFLYCTL0467: Running the additional commands from the CLI script /tmp/cli-script-1644394144.cli against the server which is running in admin-only mode 08:09:07,899 INFO [org.jboss.as.cli] (Controller Boot Thread) WFLYCLI0001: Processing CLI script /tmp/cli-script-1644394144.cli 08:09:08,369 INFO [org.jboss.as.controller.management-deprecated] (CLI command executor) WFLYCTL0395: Operation add against the resource at address /subsystem=jgroups/stack=tcp/protocol=dns.DNS_PING/property=dns_query is deprecated, and it might be removed in future version. See the the output of the read-operation-description operation to learn more about the deprecation. 08:09:08,369 INFO [org.jboss.as.controller.management-deprecated] (CLI command executor) WFLYCTL0395: Operation add against the resource at address /subsystem=jgroups/stack=tcp/protocol=dns.DNS_PING/property=async_discovery_use_separate_thread_per_request is deprecated, and it might be removed in future version. See the the output of the read-operation-description operation to learn more about the deprecation. 08:09:08,390 INFO [org.jboss.as.controller.management-deprecated] (CLI command executor) WFLYCTL0395: Operation add against the resource at address /subsystem=jgroups/stack=udp/protocol=dns.DNS_PING/property=dns_query is deprecated, and it might be removed in future version. See the the output of the read-operation-description operation to learn more about the deprecation. 08:09:08,391 INFO [org.jboss.as.controller.management-deprecated] (CLI command executor) WFLYCTL0395: Operation add against the resource at address /subsystem=jgroups/stack=udp/protocol=dns.DNS_PING/property=async_discovery_use_separate_thread_per_request is deprecated, and it might be removed in future version. See the the output of the read-operation-description operation to learn more about the deprecation. 08:09:08,425 INFO [org.jboss.as.controller.management-deprecated] (ServerService Thread Pool -- 32) WFLYCTL0028: Attribute 'security-realm' in the resource at address '/subsystem=undertow/server=default-server/https-listener=https' is deprecated, and may be removed in a future version. See the attribute description in the output of the read-resource-description operation to learn more about the deprecation. 08:09:08,752 ERROR [org.jboss.as.cli] (Controller Boot Thread) WFLYCLI0002: Error processing CLI script /tmp/cli-script-1644394144.cli 08:09:08,752 ERROR [org.jboss.as.cli] (Controller Boot Thread) WFLYCLI0004: CLI execution output: 08:09:08,752 ERROR [org.jboss.as.cli] (Controller Boot Thread) [standalone@embedded /] /subsystem=ee/service=default-bindings:write-attribute(name=jms-connection-factory, value="java:jboss/DefaultJMSConnectionFactory") {"outcome" => "success"} [standalone@embedded /] if (outcome == success) of /subsystem=messaging-activemq/server=default:read-resource [standalone@embedded /] batch [standalone@embedded / #] /subsystem=messaging-activemq/server=default:add(journal-pool-files=10, statistics-enabled="${wildfly.messaging-activemq.statistics-enabled:${wildfly.statistics-enabled:false}}") [standalone@embedded / #] /subsystem=messaging-activemq/server=default/http-connector=http-connector:add(socket-binding=http-messaging, endpoint=http-acceptor) [standalone@embedded / #] /subsystem=messaging-activemq/server=default/http-connector=http-connector-throughput:add(socket-binding=http-messaging, endpoint=http-acceptor-throughput, params={"batch-delay"="50"}) [standalone@embedded / #] /subsystem=messaging-activemq/server=default/http-acceptor=http-acceptor:add(http-listener=default) [standalone@embedded / #] /subsystem=messaging-activemq/server=default/http-acceptor=http-acceptor-throughput:add(http-listener=default, params={batch-delay=50,direct-deliver=false}) [standalone@embedded / #] /subsystem=messaging-activemq/server=default/in-vm-connector=in-vm:add(server-id=0, params={"buffer-pooling"="false"}) [standalone@embedded / #] /subsystem=messaging-activemq/server=default/in-vm-acceptor=in-vm:add(server-id=0, params={"buffer-pooling"="false"}) [standalone@embedded / #] /subsystem=messaging-activemq/server=default/jms-queue=ExpiryQueue:add(entries=["java:/jms/queue/ExpiryQueue"]) [standalone@embedded / #] /subsystem=messaging-activemq/server=default/jms-queue=DLQ:add(entries=["java:/jms/queue/DLQ"]) [standalone@embedded / #] /subsystem=messaging-activemq/server=default/connection-factory=InVmConnectionFactory:add(connectors=["in-vm"], entries=["java:/ConnectionFactory"]) [standalone@embedded / #] /subsystem=messaging-activemq/server=default/connection-factory=RemoteConnectionFactory:add(connectors=["http-connector"], entries=["java:jboss/exported/jms/RemoteConnectionFactory"], reconnect-attempts=-1) [standalone@embedded / #] /subsystem=messaging-activemq/server=default/security-setting=#:add() [standalone@embedded / #] /subsystem=messaging-activemq/server=default/security-setting=#/role=guest:add(delete-non-durable-queue=true, create-non-durable-queue=true, consume=true, send=true) [standalone@embedded / #] /subsystem=messaging-activemq/server=default/address-setting=#:add(dead-letter-address=jms.queue.DLQ, expiry-address=jms.queue.ExpiryQueue, max-size-bytes=10485760L, page-size-bytes=2097152, message-counter-history-day-limit=10, redistribution-delay=1000L) [standalone@embedded / #] /subsystem=messaging-activemq/server=default/pooled-connection-factory=activemq-ra:add(transaction=xa, connectors=["in-vm"], entries=["java:/JmsXA java:jboss/DefaultJMSConnectionFactory"]) [standalone@embedded / #] run-batch The batch executed successfully [standalone@embedded /] if (outcome == success) of /socket-binding-group=standard-sockets/socket-binding=messaging:read-resource [standalone@embedded /] if (outcome == success) of /socket-binding-group=standard-sockets/socket-binding=messaging-throughput:read-resource [standalone@embedded /] /socket-binding-group=standard-sockets/socket-binding=messaging:add(port=5445) {"outcome" => "success"} [standalone@embedded /] /socket-binding-group=standard-sockets/socket-binding=messaging-throughput:add(port=5455) {"outcome" => "success"} [standalone@embedded /] if (outcome != success) of /subsystem=ee/service=default-bindings:read-resource [standalone@embedded /] if (outcome == success && result != undefined) of /core-service=management/management-interface=http-interface:read-attribute(name=http-authentication-factory) [standalone@embedded /] if (outcome == success) of /subsystem=elytron:read-resource [standalone@embedded /] /subsystem=elytron/key-store="jgroups.jceks":add(credential-reference={clear-text="xpaasQEpassword"},type="JCEKS",path="/etc/jgroups-encrypt-secret-volume/jgroups.jceks") {"outcome" => "success"} [standalone@embedded /] if (outcome == success) of /subsystem=jgroups/stack="tcp"/protocol="SYM_ENCRYPT":read-resource [standalone@embedded /] if (outcome != success) of /subsystem=jgroups/stack="tcp"/protocol="SYM_ENCRYPT":read-resource [standalone@embedded /] batch [standalone@embedded / #] /subsystem=jgroups/stack=tcp/protocol=SYM_ENCRYPT:add(add-index=4, key-store="jgroups.jceks", key-alias="secret-key", key-credential-reference={clear-text="xpaasQEpassword"}) [standalone@embedded / #] run-batch The batch executed successfully [standalone@embedded /] if (outcome == success) of /subsystem=jgroups/stack="udp"/protocol="SYM_ENCRYPT":read-resource [standalone@embedded /] if (outcome != success) of /subsystem=jgroups/stack="udp"/protocol="SYM_ENCRYPT":read-resource [standalone@embedded /] batch [standalone@embedded / #] /subsystem=jgroups/stack=udp/protocol=SYM_ENCRYPT:add(add-index=4, key-store="jgroups.jceks", key-alias="secret-key", key-credential-reference={clear-text="xpaasQEpassword"}) [standalone@embedded / #] run-batch The batch executed successfully [standalone@embedded /] if (outcome != success) of /subsystem=jgroups:read-resource [standalone@embedded /] if (outcome == success) of /subsystem=jgroups/stack="tcp"/protocol="AUTH":read-resource [standalone@embedded /] if (outcome != success) of /subsystem=jgroups/stack="tcp"/protocol="AUTH":read-resource [standalone@embedded /] batch [standalone@embedded / #] /subsystem=jgroups/stack=tcp/protocol=AUTH:add(add-index=8) [standalone@embedded / #] /subsystem=jgroups/stack=tcp/protocol=AUTH/token=digest:add(algorithm=SHA-512, shared-secret-reference={clear-text=pgDh7TqG}) [standalone@embedded / #] run-batch The batch executed successfully [standalone@embedded /] if (outcome == success) of /subsystem=jgroups/stack="udp"/protocol="AUTH":read-resource [standalone@embedded /] if (outcome != success) of /subsystem=jgroups/stack="udp"/protocol="AUTH":read-resource [standalone@embedded /] batch [standalone@embedded / #] /subsystem=jgroups/stack=udp/protocol=AUTH:add(add-index=8) [standalone@embedded / #] /subsystem=jgroups/stack=udp/protocol=AUTH/token=digest:add(algorithm=SHA-512, shared-secret-reference={clear-text=pgDh7TqG}) [standalone@embedded / #] run-batch The batch executed successfully [standalone@embedded /] if (outcome == success) of /subsystem=jgroups/stack="tcp"/protocol="dns.DNS_PING":read-resource [standalone@embedded /] if (outcome != success) of /subsystem=jgroups/stack="tcp"/protocol="dns.DNS_PING":read-resource [standalone@embedded /] batch [standalone@embedded / #] /subsystem=jgroups/stack=tcp/protocol=dns.DNS_PING:add(add-index=0) [standalone@embedded / #] /subsystem=jgroups/stack=tcp/protocol=dns.DNS_PING/property=dns_query:add(value="eap-ping") [standalone@embedded / #] /subsystem=jgroups/stack=tcp/protocol=dns.DNS_PING/property=async_discovery_use_separate_thread_per_request:add(value=true) [standalone@embedded / #] run-batch The batch executed successfully [standalone@embedded /] if (outcome == success) of /subsystem=jgroups/stack="udp"/protocol="dns.DNS_PING":read-resource [standalone@embedded /] if (outcome != success) of /subsystem=jgroups/stack="udp"/protocol="dns.DNS_PING":read-resource [standalone@embedded /] batch [standalone@embedded / #] /subsystem=jgroups/stack=udp/protocol=dns.DNS_PING:add(add-index=0) [standalone@embedded / #] /subsystem=jgroups/stack=udp/protocol=dns.DNS_PING/property=dns_query:add(value="eap-ping") [standalone@embedded / #] /subsystem=jgroups/stack=udp/protocol=dns.DNS_PING/property=async_discovery_use_separate_thread_per_request:add(value=true) [standalone@embedded / #] run-batch The batch executed successfully [standalone@embedded /] if (outcome != success) of /core-service=management/security-realm=ApplicationRealm:read-resource [standalone@embedded /] if (outcome == success) of /core-service=management/security-realm=ApplicationRealm/server-identity=ssl:read-resource [standalone@embedded /] /core-service=management/security-realm=ApplicationRealm/server-identity=ssl:add(keystore-path="/etc/eap-secret-volume/secure-eap-mynamespace.apps.eapqe-024-dryf.eapqe.psi.redhat.com.keystore", keystore-password="password") { "outcome" => "success", "response-headers" => { "operation-requires-reload" => true, "process-state" => "reload-required" } } [standalone@embedded /] for serverName in /subsystem=undertow:read-children-names(child-type=server) [standalone@embedded /] /subsystem=undertow/server=$serverName/https-listener=https:add(security-realm=ApplicationRealm, socket-binding=https, proxy-address-forwarding=true) { "outcome" => "success", "response-headers" => {"process-state" => "reload-required"} } [standalone@embedded /] if (outcome != success) of /extension=org.keycloak.keycloak-adapter-subsystem:read-resource [standalone@embedded /] /extension=org.keycloak.keycloak-adapter-subsystem:add() { "outcome" => "success", "response-headers" => {"process-state" => "reload-required"} } [standalone@embedded /] /subsystem=keycloak:add { "outcome" => "success", "response-headers" => {"process-state" => "reload-required"} } [standalone@embedded /] /subsystem=keycloak/realm=eap-realm:add(auth-server-url=https://secure-sso-app-mynamespace.apps.eapqe-024-dryf.eapqe.psi.redhat.com/auth,register-node-at-startup=true,register-node-period=600,ssl-required=external,allow-any-hostname=false) { "outcome" => "success", "response-headers" => {"process-state" => "reload-required"} } [standalone@embedded /] /subsystem=keycloak/realm=eap-realm:write-attribute(name=truststore,value=/etc/sso-secret-volume/truststore) { "outcome" => "success", "response-headers" => {"process-state" => "reload-required"} } [standalone@embedded /] /subsystem=keycloak/realm=eap-realm:write-attribute(name=truststore-password,value=password) { "outcome" => "success", "response-headers" => {"process-state" => "reload-required"} } [standalone@embedded /] /subsystem=keycloak/secure-deployment=app-jsp.war:add(enable-basic-auth=true, auth-server-url=https://secure-sso-app-mynamespace.apps.eapqe-024-dryf.eapqe.psi.redhat.com/auth, realm=eap-realm) { "outcome" => "success", "response-headers" => {"process-state" => "reload-required"} } [standalone@embedded /] /subsystem=keycloak/secure-deployment=app-jsp.war:write-attribute(name=resource, value=app-jsp) { "outcome" => "success", "response-headers" => {"process-state" => "reload-required"} } [standalone@embedded /] /subsystem=keycloak/secure-deployment=app-jsp.war/credential=secret:add(value=upXI3uYS) { "outcome" => "success", "response-headers" => {"process-state" => "reload-required"} } [standalone@embedded /] /subsystem=keycloak/secure-deployment=app-jsp.war:write-attribute(name=enable-cors, value=false) { "outcome" => "success", "response-headers" => {"process-state" => "reload-required"} } [standalone@embedded /] /subsystem=keycloak/secure-deployment=app-jsp.war:write-attribute(name=bearer-only, value=false) { "outcome" => "success", "response-headers" => {"process-state" => "reload-required"} } [standalone@embedded /] /subsystem=keycloak/secure-deployment=app-profile-jsp.war:add(enable-basic-auth=true, auth-server-url=https://secure-sso-app-mynamespace.apps.eapqe-024-dryf.eapqe.psi.redhat.com/auth, realm=eap-realm) { "outcome" => "success", "response-headers" => {"process-state" => "reload-required"} } [standalone@embedded /] /subsystem=keycloak/secure-deployment=app-profile-jsp.war:write-attribute(name=resource, value=app-profile-jsp) { "outcome" => "success", "response-headers" => {"process-state" => "reload-required"} } [standalone@embedded /] /subsystem=keycloak/secure-deployment=app-profile-jsp.war/credential=secret:add(value=upXI3uYS) { "outcome" => "success", "response-headers" => {"process-state" => "reload-required"} } [standalone@embedded /] /subsystem=keycloak/secure-deployment=app-profile-jsp.war:write-attribute(name=enable-cors, value=false) { "outcome" => "success", "response-headers" => {"process-state" => "reload-required"} } [standalone@embedded /] /subsystem=keycloak/secure-deployment=app-profile-jsp.war:write-attribute(name=bearer-only, value=false) { "outcome" => "success", "response-headers" => {"process-state" => "reload-required"} } [standalone@embedded /] /subsystem=keycloak/secure-deployment=service.war:add(enable-basic-auth=true, auth-server-url=https://secure-sso-app-mynamespace.apps.eapqe-024-dryf.eapqe.psi.redhat.com/auth, realm=eap-realm) { "outcome" => "success", "response-headers" => {"process-state" => "reload-required"} } [standalone@embedded /] /subsystem=keycloak/secure-deployment=service.war:write-attribute(name=resource, value=service) { "outcome" => "success", "response-headers" => {"process-state" => "reload-required"} } [standalone@embedded /] /subsystem=keycloak/secure-deployment=service.war/credential=secret:add(value=upXI3uYS) { "outcome" => "success", "response-headers" => {"process-state" => "reload-required"} } [standalone@embedded /] /subsystem=keycloak/secure-deployment=service.war:write-attribute(name=enable-cors, value=false) { "outcome" => "success", "response-headers" => {"process-state" => "reload-required"} } [standalone@embedded /] /subsystem=keycloak/secure-deployment=service.war:write-attribute(name=bearer-only, value=false) { "outcome" => "success", "response-headers" => {"process-state" => "reload-required"} } [standalone@embedded /] if (outcome != success) of /extension=org.keycloak.keycloak-saml-adapter-subsystem:read-resource [standalone@embedded /] /extension=org.keycloak.keycloak-saml-adapter-subsystem:add() { "outcome" => "success", "response-headers" => {"process-state" => "reload-required"} } [standalone@embedded /] /subsystem=keycloak-saml:add { "outcome" => "success", "response-headers" => {"process-state" => "reload-required"} } [standalone@embedded /] /subsystem=keycloak-saml/secure-deployment=app-profile-saml.war:add() { "outcome" => "success", "response-headers" => {"process-state" => "reload-required"} } [standalone@embedded /] /subsystem=keycloak-saml/secure-deployment=app-profile-saml.war/SP=app-profile-saml:add(sslPolicy=EXTERNAL) { "outcome" => "success", "response-headers" => {"process-state" => "reload-required"} } [standalone@embedded /] /subsystem=keycloak-saml/secure-deployment=app-profile-saml.war/SP=app-profile-saml/Key=Key:add(signing=true,encryption=true) { "outcome" => "success", "response-headers" => {"process-state" => "reload-required"} } [standalone@embedded /] /subsystem=keycloak-saml/secure-deployment=app-profile-saml.war/SP=app-profile-saml/IDP=idp:add(signatureAlgorithm=RSA_SHA256, signatureCanonicalizationMethod="http://www.w3.org/2001/10/xml-exc-c14n#", SingleSignOnService={signRequest=true,requestBinding=POST, bindingUrl=https://secure-sso-app-mynamespace.apps.eapqe-024-dryf.eapqe.psi.redhat.com/auth/realms/eap-realm/protocol/saml,validateSignature=true}, SingleLogoutService={validateRequestSignature=true,validateResponseSignature=true,signRequest=true, signResponse=true,requestBinding=POST,responseBinding=POST, postBindingUrl=https://secure-sso-app-mynamespace.apps.eapqe-024-dryf.eapqe.psi.redhat.com/auth/realms/eap-realm/protocol/saml, redirectBindingUrl=https://secure-sso-app-mynamespace.apps.eapqe-024-dryf.eapqe.psi.redhat.com/auth/realms/eap-realm/protocol/saml}) { "outcome" => "success", "response-headers" => {"process-state" => "reload-required"} } [standalone@embedded /] /subsystem=keycloak-saml/secure-deployment=app-profile-saml.war/SP=app-profile-saml/IDP=idp/Key=Key:add(signing=true,CertificatePem="MIICoTCCAYkCBgF+3YJ6rDANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDDAllYXAtcmVhbG0wHhcNMjIwMjA5MDgwMjAyWhcNMzIwMjA5MDgwMzQyWjAUMRIwEAYDVQQDDAllYXAtcmVhbG0wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCciM3LI778UGo1TFjMzosCJ20d1GJKqfTN5MjRDqSmhKgCzMgf45r5R/i2WHOTj2OAtNDvjcNZmeJ4OoT3Sokk0InHc3pPu9UNE2O9mpkY62WxLOTpf8oH/M6mMLxguAuFgFM3aqr9FHAkPpB5QUmfLxNgNJNV0tvsIn3YVO7d5Q0Fk58NpD+g3GvWmeYZrE9YHKfETvAiLfb11JYa9XRYVupGd7R5YooeeWoSnFtaUKWIW2JgDvKpwBElmGTUYsQfEwu4tGfLAPccFdFn+qIvyzneXbI3Nr94L/Qg23kb0jApCleD7HfsvbrX2KuyObFECCnVk7t3cXspyxl0Lds1AgMBAAEwDQYJKoZIhvcNAQELBQADggEBAGTwpcW8wI62D76bAIJYI2IS0hcUnEMCnSizEhVLdVU4CyUz3ghbdowOP2TLMe4OmrXhFuC/MHvcxTQF0TorgPkT7MZRgdGv4LcSctL9Qs00Oz5LQtV8ihpZSo33RpC8tTWOGiA5e2yjxFYoNFDKQGz+b5rMBE0KczFJbbE3JBnV7b4vUGNOPDZzKv66syC0EHcLyq1Be+DjWOHk/XZIeUkrH14I58E4/I3Can3/RCY/B2ztKXOJK+tuKyQK3BNn7rqu2KvZmaHwHXU2Znu3B0FbE+pZ3FVw+H8dhogYfhWvUsHbUxTFFup5tQzl+JSIRb2MRsqX3zotmtinUXpYwZM= 08:09:08,755 ERROR [org.jboss.as.controller] (Controller Boot Thread) WFLYCTL0002: Error booting the container: java.lang.RuntimeException: java.lang.IllegalStateException: WFLYCLI0009: Unexpected exception while processing CLI command /subsystem=keycloak-saml/secure-deployment=app-profile-saml.war/SP=app-profile-saml/IDP=idp/Key=Key:add(signing=true,CertificatePem="MIICoTCCAYkCBgF+3YJ6rDANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDDAllYXAtcmVhbG0wHhcNMjIwMjA5MDgwMjAyWhcNMzIwMjA5MDgwMzQyWjAUMRIwEAYDVQQDDAllYXAtcmVhbG0wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCciM3LI778UGo1TFjMzosCJ20d1GJKqfTN5MjRDqSmhKgCzMgf45r5R/i2WHOTj2OAtNDvjcNZmeJ4OoT3Sokk0InHc3pPu9UNE2O9mpkY62WxLOTpf8oH/M6mMLxguAuFgFM3aqr9FHAkPpB5QUmfLxNgNJNV0tvsIn3YVO7d5Q0Fk58NpD+g3GvWmeYZrE9YHKfETvAiLfb11JYa9XRYVupGd7R5YooeeWoSnFtaUKWIW2JgDvKpwBElmGTUYsQfEwu4tGfLAPccFdFn+qIvyzneXbI3Nr94L/Qg23kb0jApCleD7HfsvbrX2KuyObFECCnVk7t3cXspyxl0Lds1AgMBAAEwDQYJKoZIhvcNAQELBQADggEBAGTwpcW8wI62D76bAIJYI2IS0hcUnEMCnSizEhVLdVU4CyUz3ghbdowOP2TLMe4OmrXhFuC/MHvcxTQF0TorgPkT7MZRgdGv4LcSctL9Qs00Oz5LQtV8ihpZSo33RpC8tTWOGiA5e2yjxFYoNFDKQGz+b5rMBE0KczFJbbE3JBnV7b4vUGNOPDZzKv66syC0EHcLyq1Be+DjWOHk/XZIeUkrH14I58E4/I3Can3/RCY/B2ztKXOJK+tuKyQK3BNn7rqu2KvZmaHwHXU2Znu3B0FbE+pZ3FVw+H8dhogYfhWvUsHbUxTFFup5tQzl+JSIRb2MRsqX3zotmtinUXpYwZM= from /tmp/cli-script-1644394144.cli at org.jboss.as.cli@15.0.6.Final-redhat-00003//org.jboss.as.cli.impl.BootScriptInvoker.runCliScript(BootScriptInvoker.java:104) at org.jboss.as.controller@15.0.6.Final-redhat-00003//org.jboss.as.controller.AbstractControllerService$AdditionalBootCliScriptInvocation.executeAdditionalCliScript(AbstractControllerService.java:984) at org.jboss.as.controller@15.0.6.Final-redhat-00003//org.jboss.as.controller.AbstractControllerService$AdditionalBootCliScriptInvocation.invoke(AbstractControllerService.java:966) at org.jboss.as.controller@15.0.6.Final-redhat-00003//org.jboss.as.controller.AbstractControllerService.executeAdditionalCliBootScript(AbstractControllerService.java:767) at org.jboss.as.server@15.0.6.Final-redhat-00003//org.jboss.as.server.ServerService.postBoot(ServerService.java:453) at org.jboss.as.controller@15.0.6.Final-redhat-00003//org.jboss.as.controller.AbstractControllerService$1.run(AbstractControllerService.java:424) at java.base/java.lang.Thread.run(Thread.java:829) Caused by: java.lang.IllegalStateException: WFLYCLI0009: Unexpected exception while processing CLI command /subsystem=keycloak-saml/secure-deployment=app-profile-saml.war/SP=app-profile-saml/IDP=idp/Key=Key:add(signing=true,CertificatePem="MIICoTCCAYkCBgF+3YJ6rDANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDDAllYXAtcmVhbG0wHhcNMjIwMjA5MDgwMjAyWhcNMzIwMjA5MDgwMzQyWjAUMRIwEAYDVQQDDAllYXAtcmVhbG0wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCciM3LI778UGo1TFjMzosCJ20d1GJKqfTN5MjRDqSmhKgCzMgf45r5R/i2WHOTj2OAtNDvjcNZmeJ4OoT3Sokk0InHc3pPu9UNE2O9mpkY62WxLOTpf8oH/M6mMLxguAuFgFM3aqr9FHAkPpB5QUmfLxNgNJNV0tvsIn3YVO7d5Q0Fk58NpD+g3GvWmeYZrE9YHKfETvAiLfb11JYa9XRYVupGd7R5YooeeWoSnFtaUKWIW2JgDvKpwBElmGTUYsQfEwu4tGfLAPccFdFn+qIvyzneXbI3Nr94L/Qg23kb0jApCleD7HfsvbrX2KuyObFECCnVk7t3cXspyxl0Lds1AgMBAAEwDQYJKoZIhvcNAQELBQADggEBAGTwpcW8wI62D76bAIJYI2IS0hcUnEMCnSizEhVLdVU4CyUz3ghbdowOP2TLMe4OmrXhFuC/MHvcxTQF0TorgPkT7MZRgdGv4LcSctL9Qs00Oz5LQtV8ihpZSo33RpC8tTWOGiA5e2yjxFYoNFDKQGz+b5rMBE0KczFJbbE3JBnV7b4vUGNOPDZzKv66syC0EHcLyq1Be+DjWOHk/XZIeUkrH14I58E4/I3Can3/RCY/B2ztKXOJK+tuKyQK3BNn7rqu2KvZmaHwHXU2Znu3B0FbE+pZ3FVw+H8dhogYfhWvUsHbUxTFFup5tQzl+JSIRb2MRsqX3zotmtinUXpYwZM= from /tmp/cli-script-1644394144.cli at org.jboss.as.cli@15.0.6.Final-redhat-00003//org.jboss.as.cli.impl.BootScriptInvoker.processFile(BootScriptInvoker.java:124) at org.jboss.as.cli@15.0.6.Final-redhat-00003//org.jboss.as.cli.impl.BootScriptInvoker.runCliScript(BootScriptInvoker.java:87) ... 6 more Caused by: org.jboss.as.cli.operation.MissingEndCharacterException: The closing '"' is missing. at org.jboss.as.cli@15.0.6.Final-redhat-00003//org.jboss.as.cli.parsing.ErrorCharacterHandler.handle(ErrorCharacterHandler.java:42) at org.jboss.as.cli@15.0.6.Final-redhat-00003//org.jboss.as.cli.parsing.StateParser$ParsingContextImpl.parse(StateParser.java:267) at org.jboss.as.cli@15.0.6.Final-redhat-00003//org.jboss.as.cli.parsing.StateParser.doParse(StateParser.java:150) at org.jboss.as.cli@15.0.6.Final-redhat-00003//org.jboss.as.cli.parsing.StateParser.parseLine(StateParser.java:124) at org.jboss.as.cli@15.0.6.Final-redhat-00003//org.jboss.as.cli.parsing.ParserUtil.parseLine(ParserUtil.java:93) at org.jboss.as.cli@15.0.6.Final-redhat-00003//org.jboss.as.cli.operation.impl.DefaultCallbackHandler.parse(DefaultCallbackHandler.java:123) at org.jboss.as.cli@15.0.6.Final-redhat-00003//org.jboss.as.cli.impl.CommandContextImpl.resetArgs(CommandContextImpl.java:1673) at org.jboss.as.cli@15.0.6.Final-redhat-00003//org.jboss.as.cli.impl.CommandContextImpl.handle(CommandContextImpl.java:859) at org.jboss.as.cli@15.0.6.Final-redhat-00003//org.jboss.as.cli.impl.BootScriptInvoker.processFile(BootScriptInvoker.java:120) ... 7 more