Trouble getting custom authentication script deployed - Docker 19.0.2

Hi all

I have a question to the feature “scripts” - I have enabled the feature in my Dockerfile and when I build it I found in logs “INFO [org.keycloak.common.Profile] (build-38) Preview feature enabled: scripts”

In the new Admin-GUI under enabled Feature I can see the Feature “scripts” is enabled.

But when I clone a Authentication Flow and want to add a “Authenticator Execution” I can not found in the provider List “Script” - not in the new or old admin GUI.

What I’ve done wrong?

Scripts have to be deployed to the server’s file system, packaged in a jar file:
https://www.keycloak.org/docs/latest/server_development/index.html#_script_providers
Then the authenticator appears with its name (the one you gave it in the keycloak-scripts.json file) in the provider list.

Hi @mbonn

get it.

Now I try to build a script - or better first want to import a script that I think was working with other - and used the Script here: https://keycloak.discourse.group/t/trouble-getting-custom-authentication-script-deployed/15664

Jar looks like:
jar tf my-role-based-authenticator.jar

  • META-INF/
  • META-INF/MANIFEST.MF
  • META-INF/keycloak-scripts.json
  • my-role-based-authenticator.js

I linked it in docker-container to providers and set the user (key cloak:keycloak). Than I also rebuild the image (./kc.sh build).

But can not found the the script on providers (nor under Server Information > Providers)

Could it be the script is not connect?
Or any other clever hint from you? :wink:

PS on “bin/kc.sh show-config” I can see:

kc.provider.file.my-role-based-authenticator.jar.last-modified = 1663758669402 (PersistedConfigSource)

So think in general the script should loaded.

Do you have any error or warning entires in your logs?
What is the content of keycloak-scripts.json?
Do you run a JDK version different from 11? (Script engine has to be manually added on newer Java versions…)?
Have you tried a maximal simple authenticator (just doing a context.success() within the authenticate(…) method)?
Or tried a primitive JS token mapper? Is that working?
If you try without docker on a bare metal setup, is it working then?

My failure -
I use a Dockerfile and build a custom docker Image.
When I import a script and rebuild it will affect in this.
When I import a script with the Dockerfile and build my container than it works.

Yeah, everything is so much easier with docker…