Using KeyCloak as the Teiid JDBC LoginModule
jstrathern Feb 18, 2015 11:43 AMHello Teiid Community,
I am trying to use JBoss KeyCloak as the LoginModule for Teiid through JDBC, but experiencing issues with Teiid not knowing how to authenticate. I am trying to connect using the Teiid MS SQL Server Translator, with login users and passwords i know are authenticated through KeyCloak and/ the database.
For details, firstly the KeyCloak security domain is defined in standalone-dsds.xml:
<security-domain name="keycloak"> <authentication> <login-module code="org.keycloak.adapters.jboss.KeycloakLoginModule" flag="required" module="org.keycloak.keycloak-jboss-adapter-core"/> </authentication> </security-domain>
Above is the method defined to create the security domain, with the additional module defined for the login-module. I added this as a response to similar issues on this forum where users encountered the same authentication issue, but it did not resolve the issue.
After this, i also ensure i defined the KeyCloak module for Teiid-JDBC:
<subsystem xmlns="urn:jboss:domain:teiid:1.0"> ... <transport name="jdbc" socket-binding="teiid-jdbc" protocol="teiid"> <authentication security-domain="keycloak"/> </transport> ...
However, as a result, whenever i try to connect with JDBC, i get the follow stack trace:
Caused by: org.teiid.net.ConnectionException: TEIID50072 The username "admin" and/or password and/or payload token could not be authenticated by any membership domain. at org.teiid.net.socket.SocketServerConnection.selectServerInstance(SocketServerConnection.java:139) at org.teiid.net.socket.SocketServerConnection.<init>(SocketServerConnection.java:92) at org.teiid.net.socket.SocketServerConnectionFactory.getConnection(SocketServerConnectionFactory.java:312) at org.teiid.jdbc.SocketProfile.connect(SocketProfile.java:54) ... 11 more Caused by: org.teiid.client.security.LogonException: TEIID50072 The username "admin" and/or password and/or payload token could not be authenticated by any membership domain. at org.teiid.transport.LogonImpl.logon(LogonImpl.java:149) at org.teiid.transport.LogonImpl.logon(LogonImpl.java:117) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at org.teiid.transport.ServerWorkItem.run(ServerWorkItem.java:87) at org.teiid.dqp.internal.process.DQPWorkContext.runInContext(DQPWorkContext.java:274) at org.teiid.transport.SocketClientInstance.processMessagePacket(SocketClientInstance.java:207) at org.teiid.transport.SocketClientInstance.receivedMessage(SocketClientInstance.java:193) at org.teiid.transport.SSLAwareChannelHandler.messageReceived(SSLAwareChannelHandler.java:212) at org.jboss.netty.channel.SimpleChannelHandler.handleUpstream(SimpleChannelHandler.java:88) at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:560) at org.jboss.netty.channel.DefaultChannelPipeline$DefaultChannelHandlerContext.sendUpstream(DefaultChannelPipeline.java:787) at org.jboss.netty.handler.stream.ChunkedWriteHandler.handleUpstream(ChunkedWriteHandler.java:142) at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:560) at org.jboss.netty.channel.DefaultChannelPipeline$DefaultChannelHandlerContext.sendUpstream(DefaultChannelPipeline.java:787) at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:296) at org.jboss.netty.handler.codec.frame.FrameDecoder.unfoldAndFireMessageReceived(FrameDecoder.java:462) at org.jboss.netty.handler.codec.frame.FrameDecoder.callDecode(FrameDecoder.java:443) at org.jboss.netty.handler.codec.frame.FrameDecoder.messageReceived(FrameDecoder.java:303) at org.jboss.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:70) at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:560) at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:555) at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:268) at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:255) at org.jboss.netty.channel.socket.nio.NioWorker.read(NioWorker.java:88) at org.jboss.netty.channel.socket.nio.AbstractNioWorker.process(AbstractNioWorker.java:107) at org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSelector.java:312) at org.jboss.netty.channel.socket.nio.AbstractNioWorker.run(AbstractNioWorker.java:88) at org.jboss.netty.channel.socket.nio.NioWorker.run(NioWorker.java:178) at org.jboss.netty.util.ThreadRenamingRunnable.run(ThreadRenamingRunnable.java:108) at org.jboss.netty.util.internal.DeadLockProofWorker$1.run(DeadLockProofWorker.java:42) at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at java.lang.Thread.run(Unknown Source) Caused by: javax.security.auth.login.LoginException: TEIID50072 The username "admin" and/or password and/or payload token could not be authenticated by any membership domain. at org.teiid.jboss.JBossSessionService.authenticate(JBossSessionService.java:74) at org.teiid.services.SessionServiceImpl.createSession(SessionServiceImpl.java:170) at org.teiid.transport.LogonImpl.logon(LogonImpl.java:134) ... 35 more
What changes can I make to allow Teiid to use the KeyCloak LoginModule? As far as i can tell with the stack trace, it doesnt appear to be hitting the KeyCLoak LoginModule code, instead experiencing issues in Teiid code.
Thanks,
Joe