Integration Keycloak with Gerrit

1

Hi, I’m beginner in use of Keycloak. I’m trying to use Keycloak to manager de Gerrit access. I found some tutorials, this tutorials have a Json file for import to Keycloak to tab Client. When I import the file, show a error.
image

In logs, show the mensage:
2024-07-25 18:59:24,777 ERROR [org.keycloak.services.error.KeycloakErrorHandler] (executor-thread-26) Uncaught server error: java.lang.RuntimeException: com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException: Unrecognized field “realm” (class org.keycloak.representations.idm.ClientRepresentation), not marked as ignorable (44 known properties: “enabled”, “clientAuthenticatorType”, “redirectUris”, “clientId”, “authenticationFlowBindingOverrides”, “authorizationServicesEnabled”, “name”, “implicitFlowEnabled”, “registeredNodes”, “nodeReRegistrationTimeout”, “publicClient”, “attributes”, “protocol”, “webOrigins”, “protocolMappers”, “id”, “baseUrl”, “surrogateAuthRequired”, “adminUrl”, “fullScopeAllowed”, “frontchannelLogout”, “clientTemplate”, “origin”, “defaultClientScopes”, “directGrantsOnly”, “rootUrl”, “secret”, “useTemplateMappers”, “notBefore”, “useTemplateScope”, “standardFlowEnabled”, “type”, “description”, “directAccessGrantsEnabled”, “alwaysDisplayInConsole”, “useTemplateConfig”, “serviceAccountsEnabled”, “optionalClientScopes”, “consentRequired”, “access”, “bearerOnly”, “registrationAccessToken”, “defaultRoles”, “authorizationSettings”])
at [Source: REDACTED (StreamReadFeature.INCLUDE_SOURCE_IN_LOCATION disabled); line: 3, column: 13] (through reference chain: org.keycloak.representations.idm.ClientRepresentation[“realm”])
at org.keycloak.exportimport.KeycloakClientDescriptionConverter.convertToInternal(KeycloakClientDescriptionConverter.java:46)
at org.keycloak.services.resources.admin.RealmAdminResource.lambda$convertClientDescription$1(RealmAdminResource.java:174)
at java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:197)
at java.base/java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:179)
at java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:197)
at java.base/java.util.HashMap$ValueSpliterator.tryAdvance(HashMap.java:1808)
at java.base/java.util.stream.ReferencePipeline.forEachWithCancel(ReferencePipeline.java:129)
at java.base/java.util.stream.AbstractPipeline.copyIntoWithCancel(AbstractPipeline.java:527)
at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:513)
at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:499)
at java.base/java.util.stream.FindOps$FindOp.evaluateSequential(FindOps.java:150)
at java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
at java.base/java.util.stream.ReferencePipeline.findFirst(ReferencePipeline.java:647)
at org.keycloak.services.resources.admin.RealmAdminResource.convertClientDescription(RealmAdminResource.java:175)
at org.keycloak.services.resources.admin.RealmAdminResource$quarkusrestinvoker$convertClientDescription_1f8814670b643fa72d0d3da3caaba247ec34b3b4.invoke(Unknown Source)
at org.jboss.resteasy.reactive.server.handlers.InvocationHandler.handle(InvocationHandler.java:29)
at io.quarkus.resteasy.reactive.server.runtime.QuarkusResteasyReactiveRequestContext.invokeHandler(QuarkusResteasyReactiveRequestContext.java:141)
at org.jboss.resteasy.reactive.common.core.AbstractResteasyReactiveContext.run(AbstractResteasyReactiveContext.java:147)
at io.quarkus.vertx.core.runtime.VertxCoreRecorder$14.runWith(VertxCoreRecorder.java:582)
at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2513)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1538)
at org.jboss.threads.DelegatingRunnable.run(DelegatingRunnable.java:29)
at org.jboss.threads.ThreadLocalResettingRunnable.run(ThreadLocalResettingRunnable.java:29)
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
at java.base/java.lang.Thread.run(Thread.java:1583)
Caused by: com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException: Unrecognized field “realm” (class org.keycloak.representations.idm.ClientRepresentation), not marked as ignorable (44 known properties: “enabled”, “clientAuthenticatorType”, “redirectUris”, “clientId”, “authenticationFlowBindingOverrides”, “authorizationServicesEnabled”, “name”, “implicitFlowEnabled”, “registeredNodes”, “nodeReRegistrationTimeout”, “publicClient”, “attributes”, “protocol”, “webOrigins”, “protocolMappers”, “id”, “baseUrl”, “surrogateAuthRequired”, “adminUrl”, “fullScopeAllowed”, “frontchannelLogout”, “clientTemplate”, “origin”, “defaultClientScopes”, “directGrantsOnly”, “rootUrl”, “secret”, “useTemplateMappers”, “notBefore”, “useTemplateScope”, “standardFlowEnabled”, “type”, “description”, “directAccessGrantsEnabled”, “alwaysDisplayInConsole”, “useTemplateConfig”, “serviceAccountsEnabled”, “optionalClientScopes”, “consentRequired”, “access”, “bearerOnly”, “registrationAccessToken”, “defaultRoles”, “authorizationSettings”])
at [Source: REDACTED (StreamReadFeature.INCLUDE_SOURCE_IN_LOCATION disabled); line: 3, column: 13] (through reference chain: org.keycloak.representations.idm.ClientRepresentation[“realm”])
at com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException.from(UnrecognizedPropertyException.java:61)
at com.fasterxml.jackson.databind.DeserializationContext.handleUnknownProperty(DeserializationContext.java:1153)
at com.fasterxml.jackson.databind.deser.std.StdDeserializer.handleUnknownProperty(StdDeserializer.java:2241)
at com.fasterxml.jackson.databind.deser.BeanDeserializerBase.handleUnknownProperty(BeanDeserializerBase.java:1793)
at com.fasterxml.jackson.databind.deser.BeanDeserializerBase.handleUnknownVanilla(BeanDeserializerBase.java:1771)
at com.fasterxml.jackson.databind.deser.BeanDeserializer.vanillaDeserialize(BeanDeserializer.java:316)
at com.fasterxml.jackson.databind.deser.BeanDeserializer.deserialize(BeanDeserializer.java:177)
at com.fasterxml.jackson.databind.deser.DefaultDeserializationContext.readRootValue(DefaultDeserializationContext.java:342)
at com.fasterxml.jackson.databind.ObjectMapper._readMapAndClose(ObjectMapper.java:4905)
at com.fasterxml.jackson.databind.ObjectMapper.readValue(ObjectMapper.java:3848)
at com.fasterxml.jackson.databind.ObjectMapper.readValue(ObjectMapper.java:3816)
at org.keycloak.util.JsonSerialization.readValue(JsonSerialization.java:77)
at org.keycloak.exportimport.KeycloakClientDescriptionConverter.convertToInternal(KeycloakClientDescriptionConverter.java:44)
… 24 more

2024-07-25 18:59:24,809 ERROR [org.keycloak.services.error.KeycloakErrorHandler] (executor-thread-26) Uncaught server error: java.lang.RuntimeException: com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException: Unrecognized field “realm” (class org.keycloak.representations.idm.ClientRepresentation), not marked as ignorable (44 known properties: “enabled”, “clientAuthenticatorType”, “redirectUris”, “clientId”, “authenticationFlowBindingOverrides”, “authorizationServicesEnabled”, “name”, “implicitFlowEnabled”, “registeredNodes”, “nodeReRegistrationTimeout”, “publicClient”, “attributes”, “protocol”, “webOrigins”, “protocolMappers”, “id”, “baseUrl”, “surrogateAuthRequired”, “adminUrl”, “fullScopeAllowed”, “frontchannelLogout”, “clientTemplate”, “origin”, “defaultClientScopes”, “directGrantsOnly”, “rootUrl”, “secret”, “useTemplateMappers”, “notBefore”, “useTemplateScope”, “standardFlowEnabled”, “type”, “description”, “directAccessGrantsEnabled”, “alwaysDisplayInConsole”, “useTemplateConfig”, “serviceAccountsEnabled”, “optionalClientScopes”, “consentRequired”, “access”, “bearerOnly”, “registrationAccessToken”, “defaultRoles”, “authorizationSettings”])
at [Source: REDACTED (StreamReadFeature.INCLUDE_SOURCE_IN_LOCATION disabled); line: 3, column: 13] (through reference chain: org.keycloak.representations.idm.ClientRepresentation[“realm”])
at org.keycloak.exportimport.KeycloakClientDescriptionConverter.convertToInternal(KeycloakClientDescriptionConverter.java:46)
at org.keycloak.services.resources.admin.RealmAdminResource.lambda$convertClientDescription$1(RealmAdminResource.java:174)
at java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:197)
at java.base/java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:179)
at java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:197)
at java.base/java.util.HashMap$ValueSpliterator.tryAdvance(HashMap.java:1808)
at java.base/java.util.stream.ReferencePipeline.forEachWithCancel(ReferencePipeline.java:129)
at java.base/java.util.stream.AbstractPipeline.copyIntoWithCancel(AbstractPipeline.java:527)
at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:513)
at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:499)
at java.base/java.util.stream.FindOps$FindOp.evaluateSequential(FindOps.java:150)
at java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
at java.base/java.util.stream.ReferencePipeline.findFirst(ReferencePipeline.java:647)
at org.keycloak.services.resources.admin.RealmAdminResource.convertClientDescription(RealmAdminResource.java:175)
at org.keycloak.services.resources.admin.RealmAdminResource$quarkusrestinvoker$convertClientDescription_1f8814670b643fa72d0d3da3caaba247ec34b3b4.invoke(Unknown Source)
at org.jboss.resteasy.reactive.server.handlers.InvocationHandler.handle(InvocationHandler.java:29)
at io.quarkus.resteasy.reactive.server.runtime.QuarkusResteasyReactiveRequestContext.invokeHandler(QuarkusResteasyReactiveRequestContext.java:141)
at org.jboss.resteasy.reactive.common.core.AbstractResteasyReactiveContext.run(AbstractResteasyReactiveContext.java:147)
at io.quarkus.vertx.core.runtime.VertxCoreRecorder$14.runWith(VertxCoreRecorder.java:582)
at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2513)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1538)
at org.jboss.threads.DelegatingRunnable.run(DelegatingRunnable.java:29)
at org.jboss.threads.ThreadLocalResettingRunnable.run(ThreadLocalResettingRunnable.java:29)
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
at java.base/java.lang.Thread.run(Thread.java:1583)
Caused by: com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException: Unrecognized field “realm” (class org.keycloak.representations.idm.ClientRepresentation), not marked as ignorable (44 known properties: “enabled”, “clientAuthenticatorType”, “redirectUris”, “clientId”, “authenticationFlowBindingOverrides”, “authorizationServicesEnabled”, “name”, “implicitFlowEnabled”, “registeredNodes”, “nodeReRegistrationTimeout”, “publicClient”, “attributes”, “protocol”, “webOrigins”, “protocolMappers”, “id”, “baseUrl”, “surrogateAuthRequired”, “adminUrl”, “fullScopeAllowed”, “frontchannelLogout”, “clientTemplate”, “origin”, “defaultClientScopes”, “directGrantsOnly”, “rootUrl”, “secret”, “useTemplateMappers”, “notBefore”, “useTemplateScope”, “standardFlowEnabled”, “type”, “description”, “directAccessGrantsEnabled”, “alwaysDisplayInConsole”, “useTemplateConfig”, “serviceAccountsEnabled”, “optionalClientScopes”, “consentRequired”, “access”, “bearerOnly”, “registrationAccessToken”, “defaultRoles”, “authorizationSettings”])
at [Source: REDACTED (StreamReadFeature.INCLUDE_SOURCE_IN_LOCATION disabled); line: 3, column: 13] (through reference chain: org.keycloak.representations.idm.ClientRepresentation[“realm”])
at com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException.from(UnrecognizedPropertyException.java:61)
at com.fasterxml.jackson.databind.DeserializationContext.handleUnknownProperty(DeserializationContext.java:1153)
at com.fasterxml.jackson.databind.deser.std.StdDeserializer.handleUnknownProperty(StdDeserializer.java:2241)
at com.fasterxml.jackson.databind.deser.BeanDeserializerBase.handleUnknownProperty(BeanDeserializerBase.java:1793)
at com.fasterxml.jackson.databind.deser.BeanDeserializerBase.handleUnknownVanilla(BeanDeserializerBase.java:1771)
at com.fasterxml.jackson.databind.deser.BeanDeserializer.vanillaDeserialize(BeanDeserializer.java:316)
at com.fasterxml.jackson.databind.deser.BeanDeserializer.deserialize(BeanDeserializer.java:177)
at com.fasterxml.jackson.databind.deser.DefaultDeserializationContext.readRootValue(DefaultDeserializationContext.java:342)
at com.fasterxml.jackson.databind.ObjectMapper._readMapAndClose(ObjectMapper.java:4905)
at com.fasterxml.jackson.databind.ObjectMapper.readValue(ObjectMapper.java:3848)
at com.fasterxml.jackson.databind.ObjectMapper.readValue(ObjectMapper.java:3816)
at org.keycloak.util.JsonSerialization.readValue(JsonSerialization.java:77)
at org.keycloak.exportimport.KeycloakClientDescriptionConverter.convertToInternal(KeycloakClientDescriptionConverter.java:44)
… 24 more

Can someone help-me about this?
Sorry about my english, becouse i’m learning yet.

2

Hi @ThiagoCits

Do you have Gerrit deployed on your localhost? If yes, can you share the steps on how to deploy Gerrit on localhost? Also, can you share the steps on how you deployed Keycloak Server on your localhost?

I’ll try to reproduce the issue and work on it on my computer once you share the steps on how did you deploy Gerrit and Keycloak Server.

3

Hi.
I deployed on docker in different vms.
I use the for deploy keycloak this docker-compose file.

version: '3.1'

services:

  mysql:
    image: mysql
    ports:
      - 3306:3306
    command: --default-authentication-plugin=mysql_native_password
    restart: always
    environment:
      MYSQL_ROOT_PASSWORD: password_db
      MYSQL_USER: user_db
      MYSQL_PASSWORD: password_db
    volumes:
      - mysql_data_container:/data/db
      - ./initdb:/docker-entrypoint-initdb.d #scripts sql docker
    networks:
      - keycloak_network

  keycloak:
    image: keycloak/keycloak:25.0
    ports:
      - 8080:8080
    environment:
      KEYCLOAK_USER: admin
      KEYCLOAK_PASSWORD: password_key
      DB_VENDOR: MYSQL
      DB_ADDR: mysql
      DB_DATABASE: KEYCLOAK
      DB_USER: user_db
      DB_PASSWORD: password_db
    depends_on:
      - mysql
    volumes:
      - keycloak_data_container:/opt/keycloak/keycloak/standalone/data
    networks:
      - keycloak_network

networks:
  keycloak_network:
    driver: bridge

volumes:
  mysql_data_container:
  keycloak_data_container:

And to deployed the Gerrit, I use the basic command to deployed on docker.

docker run -ti -p 8080:8080 -p 29418:29418 gerritcodereview/gerrit

I was to used this tutorial, but without success.
https://gerrit.googlesource.com/plugins/saml/+/HEAD/keycloak/README.md

4

can you share saml.jar mentioned in the docs? @ThiagoCits

5

I’m sorry I couldn’t help recreating the issue. Gerrit is hard to boot up. @ThiagoCits

6

I downloaded in this link.
https://gerrit-ci.gerritforge.com/job/plugin-saml-bazel-stable-3.8/

7

have you tried removing auth from the url (http://localhost:8080/auth/realms/master/protocol/saml/descriptor) and make it (http://localhost:8080/realms/master/protocol/saml/descriptor)?

also make sure that Gerrit and keycloak run on different ports because from what I see you’re using 8080 for both applications

@ThiagoCits

8

Hi,
sorry, I couldn’t to answer your ask.
I will try this.
I deployed the applications on separate servers, but both in Docker.

9

I don’t have success.
I tryed other things, but whiout result.
End reporte me a follow error:

2024-08-01T17:56:03.656Z] [main] ERROR com.google.gerrit.pgm.Daemon : Unable to start daemon
com.google.inject.CreationException: Unable to create injector, see the following errors:

1) [Guice/ErrorInjectingConstructor]: IllegalArgumentException: Unable to instantiate front-end HTTP Filter SamlWebFilter
  at JettyServer.<init>(JettyServer.java:218)
  at JettyModule.configure(JettyModule.java:31)
  while locating JettyServer

Learn more:
  https://github.com/google/guice/wiki/ERROR_INJECTING_CONSTRUCTOR
Caused by: IllegalArgumentException: Unable to instantiate front-end HTTP Filter SamlWebFilter
        at JettyServer.makeContext(JettyServer.java:562)
        at JettyServer.makeContext(JettyServer.java:504)
        at JettyServer.<init>(JettyServer.java:258)
        at JettyServer$$FastClassByGuice$$42adbd3d.GUICE$TRAMPOLINE(<generated>)
        at JettyServer$$FastClassByGuice$$42adbd3d.apply(<generated>)
        at DefaultConstructionProxyFactory$FastClassProxy.newInstance(DefaultConstructionProxyFactory.java:82)
        at ConstructorInjector.provision(ConstructorInjector.java:114)
        at ConstructorInjector.construct(ConstructorInjector.java:91)
        at ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:300)
        at ProviderToInternalFactoryAdapter.get(ProviderToInternalFactoryAdapter.java:40)
        at SingletonScope$1.get(SingletonScope.java:169)
        at InternalFactoryToProviderAdapter.get(InternalFactoryToProviderAdapter.java:45)
        at InternalInjectorCreator.loadEagerSingletons(InternalInjectorCreator.java:213)
        at InternalInjectorCreator.injectDynamically(InternalInjectorCreator.java:186)
        at InternalInjectorCreator.build(InternalInjectorCreator.java:113)
        at InjectorImpl.createChildInjector(InjectorImpl.java:240)
        at Daemon.createHttpdInjector(Daemon.java:684)
        at Daemon.initHttpd(Daemon.java:635)
        at Daemon.start(Daemon.java:404)
        at Daemon.run(Daemon.java:300)
        at AbstractProgram.main(AbstractProgram.java:62)
        at java.base/NativeMethodAccessorImpl.invoke0(Native Method)
        at java.base/NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
        at java.base/DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.base/Method.invoke(Method.java:568)
        at GerritLauncher.invokeProgram(GerritLauncher.java:251)
        at GerritLauncher.mainImpl(GerritLauncher.java:147)
        at GerritLauncher.main(GerritLauncher.java:92)
        at Main.main(Main.java:30)
Caused by: ConfigurationException: Guice configuration errors:

It is a frist error.

10

I think this mostly a gerrit question, you found your solution on the gerrit mailing list[1]

[1] https://groups.google.com/g/repo-discuss/c/7zdYDQw37QM

1 Like
11

Hi @bpedersen2 .
Yes, I open this discution, but, I can’t the solution to de problem.

12

HI, For information, I managed a solution.
In this link I create a tutorial about Gerrit with Keycloak SAML authentication .

1 Like