I have been asigned to be the “master of keycloak” in my small company now that the previous “master” has left the company and I am facing a ver weird error when trying to replicate a server.
We have a production (6.01) and a testing (12.02) server running right now. Both servers have been updated in a regular basis from versions as old as 2.1.
Right now we are creating a new environment on aws using fargate and postgres rds.
I have been able to export the realm I have either on testing or production. But when I try to import them in the new database I am getting this error:
“Certificate does not match private key”
I assume it is referencing something about this section:
"org.keycloak.keys.KeyProvider" : [ {
"id" : "4b265aa2-fb3f-4dc9-90fd-40f067f83e3d",
"name" : "rsa",
"providerId" : "rsa",
"subComponents" : { },
"config" : {
"privateKey" : [ "blahblah" ],
"certificate" : [ "blahblah" ],
"priority" : [ "100" ]
}
}
I have been trying with other exports I have and I am able to import them without the error, but I need this keys to be in place for this environment as one of the applications that is going to use it has the certificate in its code and is not mantained anymore.
I assume I am doing something wrong, but after a coupple of days experimenting with different jsons I have any idea left.
I am attaching the full error, just in case…
10:03:42,625 FATAL [org.keycloak.services] (ServerService Thread Pool -- 71) Error during startup: org.keycloak.component.ComponentValidationException: Certificate does not match private key
at org.keycloak.keycloak-services@12.0.2//org.keycloak.keys.ImportedRsaKeyProviderFactory.validateConfiguration(ImportedRsaKeyProviderFactory.java:85)
at org.keycloak.keycloak-model-jpa@12.0.2//org.keycloak.models.jpa.RealmAdapter.importComponentModel(RealmAdapter.java:2073)
at org.keycloak.keycloak-model-jpa@12.0.2//org.keycloak.models.jpa.RealmAdapter.addComponentModel(RealmAdapter.java:2053)
at org.keycloak.keycloak-server-spi-private@12.0.2//org.keycloak.models.utils.DefaultKeyProviders.createProviders(DefaultKeyProviders.java:104)
at org.keycloak.keycloak-server-spi-private@12.0.2//org.keycloak.models.utils.RepresentationToModel.importRealm(RepresentationToModel.java:452)
at org.keycloak.keycloak-services@12.0.2//org.keycloak.services.managers.RealmManager.importRealm(RealmManager.java:558)
at org.keycloak.keycloak-services@12.0.2//org.keycloak.exportimport.util.ImportUtils.importRealm(ImportUtils.java:110)
at org.keycloak.keycloak-services@12.0.2//org.keycloak.exportimport.util.ImportUtils.importRealms(ImportUtils.java:65)
at org.keycloak.keycloak-services@12.0.2//org.keycloak.exportimport.singlefile.SingleFileImportProvider$1.runExportImportTask(SingleFileImportProvider.java:62)
at org.keycloak.keycloak-services@12.0.2//org.keycloak.exportimport.util.ExportImportSessionTask.run(ExportImportSessionTask.java:35)
at org.keycloak.keycloak-server-spi-private@12.0.2//org.keycloak.models.utils.KeycloakModelUtils.runJobInTransaction(KeycloakModelUtils.java:228)
at org.keycloak.keycloak-services@12.0.2//org.keycloak.exportimport.singlefile.SingleFileImportProvider.importModel(SingleFileImportProvider.java:58)
at org.keycloak.keycloak-services@12.0.2//org.keycloak.exportimport.ExportImportManager.runImport(ExportImportManager.java:87)
at org.keycloak.keycloak-services@12.0.2//org.keycloak.services.resources.KeycloakApplication.migrateAndBootstrap(KeycloakApplication.java:219)
at org.keycloak.keycloak-services@12.0.2//org.keycloak.services.resources.KeycloakApplication$1.run(KeycloakApplication.java:138)
at org.keycloak.keycloak-server-spi-private@12.0.2//org.keycloak.models.utils.KeycloakModelUtils.runJobInTransaction(KeycloakModelUtils.java:228)
at org.keycloak.keycloak-services@12.0.2//org.keycloak.services.resources.KeycloakApplication.startup(KeycloakApplication.java:129)
at org.keycloak.keycloak-wildfly-extensions@12.0.2//org.keycloak.provider.wildfly.WildflyPlatform.onStartup(WildflyPlatform.java:29)
at org.keycloak.keycloak-services@12.0.2//org.keycloak.services.resources.KeycloakApplication.<init>(KeycloakApplication.java:115)
at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:490)
at org.jboss.resteasy.resteasy-jaxrs@3.13.2.Final//org.jboss.resteasy.core.ConstructorInjectorImpl.construct(ConstructorInjectorImpl.java:152)
at org.jboss.resteasy.resteasy-jaxrs@3.13.2.Final//org.jboss.resteasy.spi.ResteasyProviderFactory.createProviderInstance(ResteasyProviderFactory.java:2815)
at org.jboss.resteasy.resteasy-jaxrs@3.13.2.Final//org.jboss.resteasy.spi.ResteasyDeployment.createApplication(ResteasyDeployment.java:371)
at org.jboss.resteasy.resteasy-jaxrs@3.13.2.Final//org.jboss.resteasy.spi.ResteasyDeployment.startInternal(ResteasyDeployment.java:283)
at org.jboss.resteasy.resteasy-jaxrs@3.13.2.Final//org.jboss.resteasy.spi.ResteasyDeployment.start(ResteasyDeployment.java:93)
at org.jboss.resteasy.resteasy-jaxrs@3.13.2.Final//org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.init(ServletContainerDispatcher.java:140)
at org.jboss.resteasy.resteasy-jaxrs@3.13.2.Final//org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.init(HttpServletDispatcher.java:42)
at io.undertow.servlet@2.2.2.Final//io.undertow.servlet.core.LifecyleInterceptorInvocation.proceed(LifecyleInterceptorInvocation.java:117)
at org.wildfly.extension.undertow@21.0.2.Final//org.wildfly.extension.undertow.security.RunAsLifecycleInterceptor.init(RunAsLifecycleInterceptor.java:78)
at io.undertow.servlet@2.2.2.Final//io.undertow.servlet.core.LifecyleInterceptorInvocation.proceed(LifecyleInterceptorInvocation.java:103)
at io.undertow.servlet@2.2.2.Final//io.undertow.servlet.core.ManagedServlet$DefaultInstanceStrategy.start(ManagedServlet.java:305)
at io.undertow.servlet@2.2.2.Final//io.undertow.servlet.core.ManagedServlet.createServlet(ManagedServlet.java:145)
at io.undertow.servlet@2.2.2.Final//io.undertow.servlet.core.DeploymentManagerImpl$2.call(DeploymentManagerImpl.java:588)
at io.undertow.servlet@2.2.2.Final//io.undertow.servlet.core.DeploymentManagerImpl$2.call(DeploymentManagerImpl.java:559)
at io.undertow.servlet@2.2.2.Final//io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:42)
at io.undertow.servlet@2.2.2.Final//io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
at org.wildfly.extension.undertow@21.0.2.Final//org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)
at org.wildfly.extension.undertow@21.0.2.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530)
at org.wildfly.extension.undertow@21.0.2.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530)
at org.wildfly.extension.undertow@21.0.2.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530)
at org.wildfly.extension.undertow@21.0.2.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530)
at io.undertow.servlet@2.2.2.Final//io.undertow.servlet.core.DeploymentManagerImpl.start(DeploymentManagerImpl.java:601)
at org.wildfly.extension.undertow@21.0.2.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentService.startContext(UndertowDeploymentService.java:97)
at org.wildfly.extension.undertow@21.0.2.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentService$1.run(UndertowDeploymentService.java:78)
at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at org.jboss.threads@2.4.0.Final//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
at org.jboss.threads@2.4.0.Final//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1990)
at org.jboss.threads@2.4.0.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
at org.jboss.threads@2.4.0.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
at java.base/java.lang.Thread.run(Thread.java:834)
at org.jboss.threads@2.4.0.Final//org.jboss.threads.JBossThread.run(JBossThread.java:513)
I have resolved ir removing the certificate from the exported realm json.
I suppose it has something to do with the fact that it is autogenerated.