Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-30682

[8.0.x] - Deployments configured to autmatically register a SAML client fail to boot because of missing keycloak module

XMLWordPrintable

      We're seeing the following issue with EAP 8.0.9 when provisioning with the keycloak-saml-adapter-galleon-pack:

      ERROR [org.jboss.msc.service.fail] (MSC service thread 1-6) MSC000001: Failed to start service org.wildfly.security.security-realm.KeycloakSAMLRealm-1754832414: org.jboss.msc.service.StartException in service org.wildfly.security.security-realm.KeycloakSAMLRealm-1754832414: org.jboss.modules.ModuleNotFoundException: org.keycloak.keycloak-saml-wildfly-elytron-adapter
	at org.wildfly.extension.elytron@21.0.17.Final-redhat-00001//org.wildfly.extension.elytron.CustomComponentDefinition$ComponentAddHandler.createValue(CustomComponentDefinition.java:170)
	at org.wildfly.extension.elytron@21.0.17.Final-redhat-00001//org.wildfly.extension.elytron.CustomComponentDefinition$ComponentAddHandler.lambda$performRuntime$0(CustomComponentDefinition.java:135)
	at org.wildfly.extension.elytron@21.0.17.Final-redhat-00001//org.wildfly.extension.elytron.TrivialService.start(TrivialService.java:61)
	at org.jboss.msc@1.5.1.Final-redhat-00001//org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1617)
	at org.jboss.msc@1.5.1.Final-redhat-00001//org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1580)
	at org.jboss.msc@1.5.1.Final-redhat-00001//org.jboss.msc.service.ServiceControllerImpl$ControllerTask.run(ServiceControllerImpl.java:1438)
	at org.jboss.threads@2.4.0.Final-redhat-00001//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
	at org.jboss.threads@2.4.0.Final-redhat-00001//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1990)
	at org.jboss.threads@2.4.0.Final-redhat-00001//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
	at org.jboss.threads@2.4.0.Final-redhat-00001//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
	at java.base/java.lang.Thread.run(Thread.java:840)
Caused by: org.jboss.modules.ModuleNotFoundException: org.keycloak.keycloak-saml-wildfly-elytron-adapter
	at org.jboss.modules.ModuleLoader.loadModule(ModuleLoader.java:301)
	at org.jboss.modules.Module.getModule(Module.java:690)
	at org.jboss.modules.Module.getModule(Module.java:679)
	at org.wildfly.extension.elytron@21.0.17.Final-redhat-00001//org.wildfly.extension.elytron.ClassLoadingAttributeDefinitions.resolveClassLoader(ClassLoadingAttributeDefinitions.java:60)
	at org.wildfly.extension.elytron@21.0.17.Final-redhat-00001//org.wildfly.extension.elytron.CustomComponentDefinition$ComponentAddHandler.lambda$createValue$1(CustomComponentDefinition.java:147)
	at org.wildfly.extension.elytron@21.0.17.Final-redhat-00001//org.wildfly.extension.elytron.SecurityActions.doPrivileged(SecurityActions.java:39)
	at org.wildfly.extension.elytron@21.0.17.Final-redhat-00001//org.wildfly.extension.elytron.CustomComponentDefinition$ComponentAddHandler.createValue(CustomComponentDefinition.java:147)

      This is cloned from JBEAP-29412, although in the 8.0.z case the server configuration script is looking for the correct module name (org.keycloak.keycloak-saml-wildfly-elytron-adapter), which is not found.

      The original issue description is the following:

      An EAP + RHBK interoperability test running on OpenShift started failing with EAP 8.1.0 Beta CR6, which didn't fail with previous CR4.
      The test is failing because the EAP deployment, which is built via the EAP Maven plugin using the keycloak-saml-adapter-galleon-pack, crashes at boot with the following traces:

      ...
[standalone@embedded /] if (outcome != success) of /subsystem=elytron/custom-realm=KeycloakSAMLRealm-1740064165:read-resource
[standalone@embedded /] /subsystem=elytron/custom-realm=KeycloakSAMLRealm-1740064165:add(class-name=org.keycloak.adapters.saml.elytron.KeycloakSecurityRealm, module=org.keycloak.keycloak-saml-wildfly-elytron-jakarta-adapter)

[0m[31m15:09:30,029 ERROR [org.jboss.as.controller] (Controller Boot Thread) WFLYCTL0002: Error booting the container: java.lang.RuntimeException: java.lang.IllegalStateException: WFLYCLI0009: Unexpected exception while processing CLI command end-if from /tmp/cli-script-1740064165.cli
	at org.jboss.as.cli@27.0.1.Final-redhat-00003//org.jboss.as.cli.impl.BootScriptInvoker.runCliScript(BootScriptInvoker.java:93)
	at org.jboss.as.controller@27.0.1.Final-redhat-00003//org.jboss.as.controller.AbstractControllerService$AdditionalBootCliScriptInvocation.executeAdditionalCliScript(AbstractControllerService.java:889)
	at org.jboss.as.controller@27.0.1.Final-redhat-00003//org.jboss.as.controller.AbstractControllerService$AdditionalBootCliScriptInvocation.invoke(AbstractControllerService.java:870)
	at org.jboss.as.controller@27.0.1.Final-redhat-00003//org.jboss.as.controller.AbstractControllerService.executeAdditionalCliBootScript(AbstractControllerService.java:671)
	at org.jboss.as.server@27.0.1.Final-redhat-00003//org.jboss.as.server.ServerService.postBoot(ServerService.java:453)
	at org.jboss.as.controller@27.0.1.Final-redhat-00003//org.jboss.as.controller.AbstractControllerService$1.run(AbstractControllerService.java:366)
	at java.base/java.lang.Thread.run(Thread.java:1583)
Caused by: java.lang.IllegalStateException: WFLYCLI0009: Unexpected exception while processing CLI command end-if from /tmp/cli-script-1740064165.cli
	at org.jboss.as.cli@27.0.1.Final-redhat-00003//org.jboss.as.cli.impl.BootScriptInvoker.processFile(BootScriptInvoker.java:113)
	at org.jboss.as.cli@27.0.1.Final-redhat-00003//org.jboss.as.cli.impl.BootScriptInvoker.runCliScript(BootScriptInvoker.java:76)
	... 6 more
Caused by: org.jboss.as.cli.CommandLineException: {
    "outcome" => "failed",
    "failure-description" => {"WFLYCTL0080: Failed services" => {"org.wildfly.security.security-realm.KeycloakSAMLRealm-1740064165" => "org.jboss.modules.ModuleNotFoundException: org.keycloak.keycloak-saml-wildfly-elytron-jakarta-adapter
    Caused by: org.jboss.modules.ModuleNotFoundException: org.keycloak.keycloak-saml-wildfly-elytron-jakarta-adapter"}},
    "rolled-back" => true
...

      The OpenShift deployment is performed via Helm Charts, and the following variables are set for the `.deployment` section:

      • SSO_USERNAME
      • SSO_PASSWORD

      which should enable the SAML client to be created automatically.
      With respect to this, the relevant bit is the first line, where the CLI script that should add the SAML configuration to the server, is mentioning a module which is no longer in the distributed Maven repository, i.e. module=org.keycloak.keycloak-saml-wildfly-elytron-jakarta-adapter:

      $ unzip -l jboss-eap-8.1.0.Beta-CR6.1-merged-maven-repository.zip | grep keycloak-saml-wildfly-elytron
        0  02-18-2025 07:28   jboss-eap-8.1.0.Beta-CR6.1-merged-maven-repository/maven-repository/org/keycloak/keycloak-saml-wildfly-elytron-adapter/
        0  02-18-2025 07:28   jboss-eap-8.1.0.Beta-CR6.1-merged-maven-repository/maven-repository/org/keycloak/keycloak-saml-wildfly-elytron-adapter/26.0.9.redhat-00003/

        1. 8.0.z-keycloak-module-error.log
          24 kB

              jdenise@redhat.com Jean Francois Denise
              fburzigo@redhat.com Fabio Burzigotti
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated: