Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-16000

ELY23025: Must set 'auth-server-url' or 'provider-url' only on redeploy

XMLWordPrintable

    • Hide

      Setup Elytron with Keycloak using the new OIDC subsystem and register the secure deployment using the standalone.xml file (instead of WEB-INF/json).  For reference, here is a piece of concern with the standalone.xml:

       

      <subsystem xmlns="urn:wildfly:elytron-oidc-client:1.0">
      <provider name="keycloak">
      <provider-url>http://localhost:8081/auth/realms/test-realm</provider-url>
      <ssl-required>external</ssl-required>
      <enable-cors>true</enable-cors>
      </provider>
      <secure-deployment name="myapp.war">
      <provider>keycloak</provider>
      <client-id>myapp</client-id>
      <credential name="secret" secret="test-secret"/>
      </secure-deployment>

      Show
      Setup Elytron with Keycloak using the new OIDC subsystem and register the secure deployment using the standalone.xml file (instead of WEB-INF/json).  For reference, here is a piece of concern with the standalone.xml:   <subsystem xmlns="urn:wildfly:elytron-oidc-client:1.0"> <provider name="keycloak"> <provider-url> http://localhost:8081/auth/realms/test-realm </provider-url> <ssl-required>external</ssl-required> <enable-cors>true</enable-cors> </provider> <secure-deployment name="myapp.war"> <provider>keycloak</provider> <client-id>myapp</client-id> <credential name="secret" secret="test-secret"/> </secure-deployment>
    • Workaround Exists
    • Hide

      There are a few different ways to work around the problem:

      1) Use auth-server-url and realm instead of provider.

      OR

      2) Move the provider configuration into the secure-deployment configuration, e.g.,

      <subsystem xmlns="urn:wildfly:elytron-oidc-client:1.0">
    <secure-deployment name="myapp.war">
        <provider-url>http://localhost:8081/auth/realms/test-realm</provider-url>
        <ssl-required>external</ssl-required>
        <enable-cors>true</enable-cors>
        <client-id>myapp</client-id>
        <credential name="secret" secret="test-secret"/>
</secure-deployment>

      OR

      3) Instead of adding configuration in the elytron-oidc-client subsystem, an oidc.json file can be included with the deployment instead (for example, see https://wildfly-security.github.io/wildfly-elytron/blog/securing-wildfly-apps-openid-connect/).

      Show
      There are a few different ways to work around the problem: 1) Use auth-server-url and realm instead of provider . OR 2) Move the provider configuration into the secure-deployment configuration, e.g., <subsystem xmlns= "urn:wildfly:elytron-oidc-client:1.0" > <secure-deployment name= "myapp.war" > <provider-url>http: //localhost:8081/auth/realms/test-realm</provider-url> <ssl-required>external</ssl-required> <enable-cors> true </enable-cors> <client-id>myapp</client-id> <credential name= "secret" secret= "test-secret" /> </secure-deployment> OR 3) Instead of adding configuration in the elytron-oidc-client subsystem, an oidc.json file can be included with the deployment instead (for example, see https://wildfly-security.github.io/wildfly-elytron/blog/securing-wildfly-apps-openid-connect/ ).

      Upon redeploying my application I get the following error:

      java.lang.RuntimeException: ELY23025: Must set 'auth-server-url' or 'provider-url'

       

      If I completely stop Wildfly 26.0.1.Final and restart it, then the application deploys and works fine.  The problem is if I do a redeploy an application (override the war file in the deployments directory) Wildfly seems to forget about the Elytron configuration in the standalone.xml file.

              fjuma1@redhat.com Farah Juma
              slominskir Ryan Slominski (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: