-
Bug
-
Resolution: Won't Do
-
Major
-
None
-
2.2.x
-
False
-
False
-
Release Notes
-
+
-
Keycloak 15.0.2 throw a Fatal error on start time when is trying to initialize the realms
11:47:13,459 INFO [org.keycloak.services] (ServerService Thread Pool -- 68) KC-SERVICES0050: Initializing master realm 11:47:14,848 FATAL [org.keycloak.services] (ServerService Thread Pool -- 68) Error during startup: org.keycloak.component.ComponentValidationException: Failed to generate keys at org.keycloak.keycloak-services@15.0.2//org.keycloak.keys.GeneratedRsaKeyProviderFactory.generateKeys(GeneratedRsaKeyProviderFactory.java:123) at org.keycloak.keycloak-services@15.0.2//org.keycloak.keys.GeneratedRsaKeyProviderFactory.validateConfiguration(GeneratedRsaKeyProviderFactory.java:103) at org.keycloak.keycloak-model-jpa@15.0.2//org.keycloak.models.jpa.RealmAdapter.importComponentModel(RealmAdapter.java:2020) at org.keycloak.keycloak-model-jpa@15.0.2//org.keycloak.models.jpa.RealmAdapter.addComponentModel(RealmAdapter.java:2000) at org.keycloak.keycloak-server-spi-private@15.0.2//org.keycloak.models.utils.DefaultKeyProviders.createRsaKeyProvider(DefaultKeyProviders.java:56) at org.keycloak.keycloak-server-spi-private@15.0.2//org.keycloak.models.utils.DefaultKeyProviders.createProviders(DefaultKeyProviders.java:36) at org.keycloak.keycloak-services@15.0.2//org.keycloak.services.managers.ApplianceBootstrap.createMasterRealm(ApplianceBootstrap.java:90) at org.keycloak.keycloak-services@15.0.2//org.keycloak.services.resources.KeycloakApplication$3.run(KeycloakApplication.java:201) at org.keycloak.keycloak-server-spi-private@15.0.2//org.keycloak.models.utils.KeycloakModelUtils.runJobInTransaction(KeycloakModelUtils.java:250) at org.keycloak.keycloak-services@15.0.2//org.keycloak.services.resources.KeycloakApplication.bootstrap(KeycloakApplication.java:172) at org.keycloak.keycloak-services@15.0.2//org.keycloak.services.resources.KeycloakApplication$1.run(KeycloakApplication.java:136) at org.keycloak.keycloak-server-spi-private@15.0.2//org.keycloak.models.utils.KeycloakModelUtils.runJobInTransaction(KeycloakModelUtils.java:250) at org.keycloak.keycloak-services@15.0.2//org.keycloak.services.resources.KeycloakApplication.startup(KeycloakApplication.java:128) at org.keycloak.keycloak-wildfly-extensions@15.0.2//org.keycloak.provider.wildfly.WildflyPlatform.onStartup(WildflyPlatform.java:36) at org.keycloak.keycloak-services@15.0.2//org.keycloak.services.resources.KeycloakApplication.<init>(KeycloakApplication.java:114) at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
We only are able to reproduce this behavior over RHEL8.5 + FIPS enabled
Reproducer:
Over a RHEL8.5 with FIPS enabled launch a Keycloak docker container:
docker run quay.io/keycloak/keycloak:15.0.2
IF you run an integration test over Quarkus you will get the following:
java.lang.RuntimeException: PBKDF2 algorithm not found
You could reproduce it by running the following scenarios over RHEL8.5 + FIPS
git clone https://github.com/quarkus-qe/quarkus-test-suite.git
mvn clean verify -Dall-modules -pl security/keycloak-authz-classic
- is documented by
-
QUARKUS-1619 Document known issues for 2.2.5
-
- Closed
-
- is related to
-
ISPN-13638 Infinispan server 13.0 fails to initialize credentials on RHEL 8.5 + FIPS
-
- Closed
-
