I need help with using keycloak in an Errai app. I am getting an error about "unknown authentication method" for "KEYCLOAK" ? I have the keycloak-appliance running (on a different port though), and the Errai app has a with KEYCLOAK in the web.xml file inside WEB-INF When I run the Errai app with mvn gwt:run, I get : RuntimeException caused by "Unknown authentication mechanism KEYCLOAK". I have no idea how to go around this issue .
Keycloak Unknown authentication mechanism
11.5k Views Asked by Odili Charles Opute At
3
There are 3 best solutions below
2
On
Just wanted to add a little more detail to @cfsnyder's answer. In order for your application server to recognize a definition in the web.xml that looks like this:
<login-config>
<auth-method>KEYCLOAK</auth-method>
<realm-name>internal</realm-name>
</login-config>
you'll need to tell jboss (in this instance) how to interpret that particular auth method. At the time of my answer, this is in section 8.2 of the Keycloak docs.
First, download the keycloak adapter (remember, this is not the same as the Keycloak Server). Next, unzip the download in the wildfly home directory. With your application server running, just use the following command to install the Keycloak configuration into the appropriate files:
jboss-cli.sh -c --file=adapter-install.cli
When this script completes, your configuration file will have the new entry added to accommodate the KEYCLOAK entry in your web.xml. The script will add something like this to either a domain.xml or standalone.xml:
<security-domain name="keycloak">
<authentication>
<login-module code="org.keycloak.adapters.jboss.KeycloakLoginModule" flag="required"/>
</authentication>
</security-domain>
Once you have the Keycloak module files provided by the adapter + the security domain configuration to link the KEYCLOAK method to the appropriate LoginModule, you should be all set.
0
On
To add to @josh-cain's answer, you might also need following additions in your domain.xml or standalone.xml:
To <extensions></extensions>, add:
<extension module="org.keycloak.keycloak-adapter-subsystem"/>
To <profile></profile>, add:
<subsystem xmlns="urn:jboss:domain:keycloak:1.1"/>
The adapter installation cli scripts can fail for various reasons so you might need to add these entries manually.
You will need to install and configure the Wildfly adapter in order for your Errai app to recognize the "KEYCLOAK" authentication method. See section 7.2 of the Keycloak documentation.