I am trying to upgrade my Docker based Nextcloud + Keycloak instance from Keycloak 15.x to 19.0.1
What I did:
- Installed 19.0.1 image (Keycloak + dedicated DB) parallel to to 15.x
- Old DB dump → new DB import
- Login to 19.0.1 console is fine, all users and clients exist in new environment
- Remove the /auth/ section from the ‘oidc_login_provider_url’ and ‘oidc_login_logout_url’ strings in Nextcloud settings
- Delete oidc plugin cache as per Keyclock X redirect page not found · Issue #169 · pulsejet/nextcloud-oidc-login · GitHub
- Restart Nextcloud app
- Get error below:
keycloak-app2 | 2022-09-06 07:47:49,832 WARN [org.keycloak.events] (executor-thread-16) type=LOGIN_ERROR, realmId=Senak, clientId=Nextcloud, userId=null, ipAddress=144.24.162.14, error=invalid_user_credentials, auth_method=openid-connect, auth_type=code, response_type=code, redirect_uri=https://cloud.mydomain.com/apps/oidc_login/oidc, code_id=1c8ace9d-6fb0-402a-b75b-03c84f489867, response_mode=query, authSessionParentId=1c8ace9d-6fb0-402a-b75b-03c84f489867, authSessionTabId=riu6EqVgnP4
keycloak-app2 | 2022-09-06 07:47:50,712 WARN [org.keycloak.services] (executor-thread-16) KC-SERVICES0013: Failed authentication: java.lang.RuntimeException: Unable to find factory for AuthenticatorFactory: auth-script-based did you forget to declare it in a META-INF/services file?
keycloak-app2 | at org.keycloak.authentication.DefaultAuthenticationFlow.getAuthenticatorFactory(DefaultAuthenticationFlow.java:347)
keycloak-app2 | at org.keycloak.authentication.DefaultAuthenticationFlow.isConditionalAuthenticator(DefaultAuthenticationFlow.java:341)
keycloak-app2 | at java.base/java.util.function.Predicate.lambda$negate$1(Predicate.java:80)
keycloak-app2 | at java.base/java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:176)
keycloak-app2 | at java.base/java.util.LinkedList$LLSpliterator.forEachRemaining(LinkedList.java:1239)
keycloak-app2 | at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:484)
keycloak-app2 | at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:474)
keycloak-app2 | at java.base/java.util.stream.ForEachOps$ForEachOp.evaluateSequential(ForEachOps.java:150)
keycloak-app2 | at java.base/java.util.stream.ForEachOps$ForEachOp$OfRef.evaluateSequential(ForEachOps.java:173)
keycloak-app2 | at java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
keycloak-app2 | at java.base/java.util.stream.ReferencePipeline.forEachOrdered(ReferencePipeline.java:502)
keycloak-app2 | at org.keycloak.authentication.DefaultAuthenticationFlow.fillListsOfExecutions(DefaultAuthenticationFlow.java:300)
keycloak-app2 | at org.keycloak.authentication.AuthenticationSelectionResolver.addAllExecutionsFromSubflow(AuthenticationSelectionResolver.java:204)
keycloak-app2 | at org.keycloak.authentication.AuthenticationSelectionResolver.addAllExecutionsFromSubflow(AuthenticationSelectionResolver.java:249)
keycloak-app2 | at org.keycloak.authentication.AuthenticationSelectionResolver.createAuthenticationSelectionList(AuthenticationSelectionResolver.java:76)
keycloak-app2 | at org.keycloak.authentication.DefaultAuthenticationFlow.createAuthenticationSelectionList(DefaultAuthenticationFlow.java:478)
keycloak-app2 | at org.keycloak.authentication.DefaultAuthenticationFlow.processSingleFlowExecutionModel(DefaultAuthenticationFlow.java:404)
keycloak-app2 | at org.keycloak.authentication.DefaultAuthenticationFlow.processFlow(DefaultAuthenticationFlow.java:272)
keycloak-app2 | at org.keycloak.authentication.AuthenticationProcessor.authenticateOnly(AuthenticationProcessor.java:1017)
keycloak-app2 | at org.keycloak.authentication.AuthenticationProcessor.authenticate(AuthenticationProcessor.java:879)
keycloak-app2 | at org.keycloak.protocol.AuthorizationEndpointBase.handleBrowserAuthenticationRequest(AuthorizationEndpointBase.java:151)
keycloak-app2 | at org.keycloak.protocol.oidc.endpoints.AuthorizationEndpoint.buildAuthorizationCodeAuthorizationResponse(AuthorizationEndpoint.java:338)
keycloak-app2 | at org.keycloak.protocol.oidc.endpoints.AuthorizationEndpoint.process(AuthorizationEndpoint.java:194)
keycloak-app2 | at org.keycloak.protocol.oidc.endpoints.AuthorizationEndpoint.buildGet(AuthorizationEndpoint.java:112)
keycloak-app2 | at jdk.internal.reflect.GeneratedMethodAccessor156.invoke(Unknown Source)
keycloak-app2 | at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
keycloak-app2 | at java.base/java.lang.reflect.Method.invoke(Method.java:566)
keycloak-app2 | at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:170)
keycloak-app2 | at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:130)
keycloak-app2 | at org.jboss.resteasy.core.ResourceMethodInvoker.internalInvokeOnTarget(ResourceMethodInvoker.java:660)
keycloak-app2 | at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTargetAfterFilter(ResourceMethodInvoker.java:524)
keycloak-app2 | at org.jboss.resteasy.core.ResourceMethodInvoker.lambda$invokeOnTarget$2(ResourceMethodInvoker.java:474)
keycloak-app2 | at org.jboss.resteasy.core.interception.jaxrs.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:364)
keycloak-app2 | at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:476)
keycloak-app2 | at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:434)
keycloak-app2 | at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:192)
keycloak-app2 | at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:152)
keycloak-app2 | at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:183)
keycloak-app2 | at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:141)
keycloak-app2 | at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:32)
keycloak-app2 | at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:492)
keycloak-app2 | at org.jboss.resteasy.core.SynchronousDispatcher.lambda$invoke$4(SynchronousDispatcher.java:261)
keycloak-app2 | at org.jboss.resteasy.core.SynchronousDispatcher.lambda$preprocess$0(SynchronousDispatcher.java:161)
keycloak-app2 | at org.jboss.resteasy.core.interception.jaxrs.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:364)
keycloak-app2 | at org.jboss.resteasy.core.SynchronousDispatcher.preprocess(SynchronousDispatcher.java:164)
keycloak-app2 | at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:247)
keycloak-app2 | at io.quarkus.resteasy.runtime.standalone.RequestDispatcher.service(RequestDispatcher.java:73)
keycloak-app2 | at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler.dispatch(VertxRequestHandler.java:151)
keycloak-app2 | at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler.handle(VertxRequestHandler.java:82)
keycloak-app2 | at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler.handle(VertxRequestHandler.java:42)
keycloak-app2 | at io.vertx.ext.web.impl.RouteState.handleContext(RouteState.java:1212)
keycloak-app2 | at io.vertx.ext.web.impl.RoutingContextImplBase.iterateNext(RoutingContextImplBase.java:163)
keycloak-app2 | at io.vertx.ext.web.impl.RoutingContextImpl.next(RoutingContextImpl.java:141)
keycloak-app2 | at io.quarkus.vertx.http.runtime.StaticResourcesRecorder$2.handle(StaticResourcesRecorder.java:67)
keycloak-app2 | at io.quarkus.vertx.http.runtime.StaticResourcesRecorder$2.handle(StaticResourcesRecorder.java:55)
keycloak-app2 | at io.vertx.ext.web.impl.RouteState.handleContext(RouteState.java:1212)
keycloak-app2 | at io.vertx.ext.web.impl.RoutingContextImplBase.iterateNext(RoutingContextImplBase.java:163)
keycloak-app2 | at io.vertx.ext.web.impl.RoutingContextImpl.next(RoutingContextImpl.java:141)
keycloak-app2 | at io.quarkus.vertx.http.runtime.VertxHttpRecorder$5.handle(VertxHttpRecorder.java:380)
keycloak-app2 | at io.quarkus.vertx.http.runtime.VertxHttpRecorder$5.handle(VertxHttpRecorder.java:358)
keycloak-app2 | at io.vertx.ext.web.impl.RouteState.handleContext(RouteState.java:1212)
keycloak-app2 | at io.vertx.ext.web.impl.RoutingContextImplBase.iterateNext(RoutingContextImplBase.java:163)
keycloak-app2 | at io.vertx.ext.web.impl.RoutingContextImpl.next(RoutingContextImpl.java:141)
keycloak-app2 | at org.keycloak.quarkus.runtime.integration.web.QuarkusRequestFilter.lambda$createBlockingHandler$1(QuarkusRequestFilter.java:90)
keycloak-app2 | at io.vertx.core.impl.ContextImpl.lambda$null$0(ContextImpl.java:159)
keycloak-app2 | at io.vertx.core.impl.AbstractContext.dispatch(AbstractContext.java:100)
keycloak-app2 | at io.vertx.core.impl.ContextImpl.lambda$executeBlocking$1(ContextImpl.java:157)
keycloak-app2 | at io.quarkus.vertx.core.runtime.VertxCoreRecorder$13.runWith(VertxCoreRecorder.java:545)
keycloak-app2 | at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2449)
keycloak-app2 | at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1478)
keycloak-app2 | at org.jboss.threads.DelegatingRunnable.run(DelegatingRunnable.java:29)
keycloak-app2 | at org.jboss.threads.ThreadLocalResettingRunnable.run(ThreadLocalResettingRunnable.java:29)
keycloak-app2 | at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
keycloak-app2 | at java.base/java.lang.Thread.run(Thread.java:829)
keycloak-app2 |
I can move back and forth between KC15 and 19, reverting/applying steps 4 - 7, and reliably get to the error above.
This error
“Unable to find factory for AuthenticatorFactory: auth-script-based did you forget to declare it in a META-INF/services file?”
seems to be the root cause but I have no idea what it’s trying to tell me? Can anyone point me in the right direction to fix or further troubleshoot this one?
By the way, I use the same setup (Docker+Nextcloud+OpenId-Plugin+KC19) running fine for a different installation (fresh install, not an upgrade) so this error looks to be related to the upgrade.