wasted so much time trying to get Keycloak installed it is so complicated, the guides needs more work. When i get further i go 2 steps back. Anyway i am trying to configure PostgresSQL but i am having issues with public schemas. This code is so terrible!! Any ideas? Error below
Caused by: org.postgresql.util.PSQLException: ERROR: permission denied for schema public
Position: 14
at org.postgresql.core.v3.QueryExecutorImpl.receiveErrorResponse(QueryExecutorImpl.java:2725)
at org.postgresql.core.v3.QueryExecutorImpl.processResults(QueryExecutorImpl.java:2412)
at org.postgresql.core.v3.QueryExecutorImpl.execute(QueryExecutorImpl.java:371)
at org.postgresql.jdbc.PgStatement.executeInternal(PgStatement.java:502)
at org.postgresql.jdbc.PgStatement.execute(PgStatement.java:419)
at org.postgresql.jdbc.PgStatement.executeWithFlags(PgStatement.java:341)
at org.postgresql.jdbc.PgStatement.executeCachedSql(PgStatement.java:326)
at org.postgresql.jdbc.PgStatement.executeWithFlags(PgStatement.java:302)
at org.postgresql.jdbc.PgStatement.execute(PgStatement.java:297)
at io.agroal.pool.wrapper.StatementWrapper.execute(StatementWrapper.java:220)
at liquibase.executor.jvm.JdbcExecutor$ExecuteStatementCallback.doInStatement(JdbcExecutor.java:464)
... 50 more
2024-06-26 23:24:58,013 INFO [org.infinispan.CLUSTER] (main) ISPN000080: Disconnecting JGroups channel `ISPN`
2024-06-26 23:24:58,024 INFO [com.arjuna.ats.jbossatx] (main) ARJUNA032014: Stopping transaction recovery manager
2024-06-26 23:24:58,071 ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) ERROR: Failed to start server in (production) mode
2024-06-26 23:24:58,072 ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) ERROR: Cannot invoke "org.keycloak.connections.jpa.updater.liquibase.lock.CustomLockService.waitForLock(org.keycloak.models.dblock.DBLockProvider$Namespace)" because "this.lockService" is null
2024-06-26 23:24:58,073 ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) For more details run the same command passing the '--verbose' option. Also you can use '--help' to see the details about the usage of the particular command.
Hi @violetdragon,
I’m sorry you are having difficulties. It looks like your user does not have permission on the scheme you want to work on.
Grant Schema Permissions: Ensure that the user has the necessary permissions (USAGE, CREATE, CONNECT, etc.) on the public schema. You can grant permissions using SQL commands like:
GRANT USAGE ON SCHEMA public TO your_user;
But this seems a bit off. You may want to double-check your JDBC connection URL to ensure it specifies the correct database name, user, and password.
Also would be way more easier to use Keycloak on docker container.
install docker from here (if you don’t already have it.)
Simply clone the repo you want to run, configure the versions you want and get the project up using the command in the repository explanation. It seems like you are new and this way is way easier to setup and experiment on it.
PS: You can get rid of prometheus and grafana they are just monitoring tools but also fun to play with I’d keep it
Thanks for you reply. After altering the database permission, problem is still there.
2024-06-27 01:18:47,218 INFO [com.arjuna.ats.jbossatx] (main) ARJUNA032014: Stopping transaction recovery manager
2024-06-27 01:18:47,267 ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) ERROR: Failed to start server in (development) mode
2024-06-27 01:18:47,267 ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) ERROR: Cannot invoke "org.keycloak.connections.jpa.updater.liquibase.lock.CustomLockService.waitForLock(org.keycloak.models.dblock.DBLockProvider$Namespace)" because "this.lockService" is null
2024-06-27 01:18:47,268 ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) For more details run the same command passing the '--verbose' option. Also you can use '--help' to see the details about the usage of the particular command.
I believe you are missing something while configuring the database. It’s hard to pinpoint the problem for me without having the reproduction and environment info. I strongly suggest you to checkout Configuring the database - Keycloak page.
Also starting keycloak with --verboose would provide more info.
Yeah, just trying to configure the configuration to my needs now.
Database problem resolved by using ALTER DATABASE
socket binding was fixed by stopping and restarting the service.
Currently I am trying to configure to my needs now, however when going to auth.fqdn it redirects me straight to the log in account for realm/master is there any way of changing this ? as I plan on using more than one realm.
I’m not sure if you grasp the usage of Keycloak.
If your Keycloak server is hosted on a server named “auth” within the domain “example.com,” the FQDN would be “auth.example.com.”
It seems like you want to use Keycloak as Multi-tenant.
A realm is essentially a security domain that contains a set of users, credentials, roles, and groups.
Multi-tenancy: Realms allow Keycloak to support multi-tenancy by providing separate spaces for different organizations or applications within the same Keycloak instance.
After you create your tenants you create clients for your tenants/realms
A client in Keycloak represents an application or a service that wants to authenticate and authorize users.
I suggest you to read more on relationship between realm and client. @dasniko explains the subject elegantly in this video https://www.youtube.com/watch?v=ZTFlc-3pG1M and you can find more on his channel about configuration, customization and usage of keycloak.
If this is not the case or if it’s not helpful I’d be happy to try to help if you provide more info about your case.
Correct, subdomain.example.com, what i need is a custom landing page as I plan on having other users & realms. I need to do more research on this as a small ISP in my area and hosting mail / webmail and other services I want to put oAuth in front of them but this is going to take time. I will have a look at the link you attached.
@violetdragon when you create your realms and clients and after you integrate the authentication process with your Keycloak service, it automatically redirects your users to dedicated auth page for your client according to your configuration. Authentication page templates are customizable.
@dasniko’s channel is a gem! use it
Also you can checkout a blog post I write:
It’s not exactly what you are looking for but it may help you to understand at least one way of auth integration.
