15 minutes after login, when trying again to do authorization using keycloack-authz-client, I am receiving an exception: Caused by: java.net.SocketException: Connection reset.
Maybe some settings need to update from keycloak admin console or maybe from the Java configuration, I could not find any solution.
Has anyone encountered such problems?
I am trying to do authorization and expect to receive access and refresh tokens.
Related
I have a java client using javamail and google example code to connect to gmail IMAP server using a client secret and OAuth token. The issue is that about 1/3 of the time, the com.sun.mail.imap.IMAPStore.protocolConnect call fails with an AuthenticationFailedException: Invalid Credentials (Failure) exception.
In the log there are the following lines for each failure:
DEBUG IMAPS: SASL client XOAUTH2
DEBUG IMAPS: SASL callback length: 1
DEBUG IMAPS: SASL callback 0: javax.security.auth.callback.NameCallback#12cdcf4
DEBUG IMAPS: SASL no response
2023-01-04 08:45:55 WARN ImapStoreFactory.getImapStore.140 - Failed to authenticate to 74.125.142.108 after 5 attempts.
(I have a retry loop that backs off after each try up to 5 tries to see if that would help.)
The (partial) stack trace is:
javax.mail.AuthenticationFailedException: Authentication failed to 74.125.142.108 after 5 attempts.
at com.sun.mail.imap.IMAPStore.protocolConnect(IMAPStore.java:732)
at javax.mail.Service.connect(Service.java:366)
at com.google.code.samples.oauth2.OAuth2Authenticator.connectToImap(OAuth2Authenticator.java:91)
The issue is the SASL no response from the server.
This same code, with the same credentials, works all the other times on the first connection attempt, including to the same IP address, both before and after the failed attempts.
imap.gmail.com resolves to (at least?) 24 different IP addresses that I have seen, and they are all open and accessible from the client machine.
I have tried connecting to a known IP address directly (as opposed to connecting to imap.gmail.com) but then I get a HTTPS certificate failure.
Any ideas as to why this is happening, or how to mitigate or work around would be appreciated.
Thanks!
Linus
Trying to connect to an external datahub from a SSMS on a server. From desktop computer works.
Port 1433 allowed on server. Has anyone seen this or have a solution? Thank you.
Error:
Test connection failed because of an error in initializing provider. Client unable to establish connection due to prelogin failure
TCP Provider: The specified network name is no longer available.
Client unable to establish connection
Client unable to establish connection because an error was encountered during handshakes before login. Common causes include client attempting to connect to an unsupported version of SQL Server, server too busy to accept new connections or a resource limitation (memory or maximum allowed connections) on the server.
Occasionally I receive a connection timeout when calling the /userinfo endpoint of my KeyCloak-Server.
So far, I have no indication what's wrong and what causes the timeouts. There are no errors in the server.log I configured. Also, I cannot reproduce the issue, I just see the errors in the logs of the application trying to authenticate with keycloak.
Is there some sort of connection limit that my keycloak might use?
List item
What additional logs can I activate to narrow down the problem?
I am currently on version 17.0.1
Try running keycloak in debug mode kc.sh start --log-level=debug If the /userinfo call reached the keycloak then there will be a debug log for that, you can match the time when error occurred to the keycloak log.
Do you have any other components in between your application and keycloak such as proxy, a DNS server etc ? You would need to check their logs as well.
Also check out this document regarding rest api in keycloak -> https://github.com/keycloak/keycloak-community/blob/main/design/rest-api-guideline.md#rate-lmiting
I'm running Keycloak, keycloak Security Proxy and an ui application in a Docker-compose network. When I try to access the webpage, I get a login page, which I can use - but instead of being successfully redirected, I get the following error:
> Aug 03, 2018 1:13:24 PM org.keycloak.adapters.OAuthRequestAuthenticator resolveCode
ERROR: failed to turn code into token
java.net.ConnectException: Connection refused (Connection refused)
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)
at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)
at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
at java.net.Socket.connect(Socket.java:589)
I get this error no matter what kind of application I proxy, or if I run it within Docker-compose or simply as a node. It also probably appears when I try to use python adapters, instead of the security proxy.
The whole network runs behind a company proxy, could this be the reason?
Considering that the code seems to be send (see below), it seems Keycloak can at least verify the user. But I'm stumped on how to solve the problem. Has anyone any ideas?
http://localhost:8080/?state=84736978-afe6-43eb-a554-aedf86717415session_state=8a231709-5ef3-45fd-8e36-103e521ba49ecode=eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0..4GewkGISgYEXeGPuCxupsA.V939JivWRaNltjnjT4r2CJGT4oj1HEX9iXycJFoAb_qhI4ietRc5Z2wQO6ekF9MOZ0VtMcLAyX0zASY-NPEcf3byX0INP-2zJDSF4TOEXNbMbMnVeKFgmLgQKDseUsl1ieofPVY7df8QVvpTs98VAw2_g2XwTsLemBcpxfalvMRBwViN6PyJI8A-gJJToolyDafHbzIco7bH4X4y5bzZsUh5yB6ZUMy0goBkAV_KPLepnA8X2OjEJef8GHyqgHVi.QQtjD-E_MZq72hb4g0BEbw
My proxy.json file is:
{
"target-url": "http://localhost:7005",
"bind-address":"0.0.0.0",
"http-port":"8080",
"applications":[
{
"base-path":"/",
"adapter-config":{
"realm":"realm",
"resource":"realm_ui",
"auth-server-url":"http://localhost:8800/auth",
"ssl-required":"external",
"credentials": {
"secret":"secret"
},
"confidential-port":0
},
"constraints":[
{
"pattern":"/*",
"roles-allowed":[
"user"
]
}
]
}
]
}
In Keycloak:
Access Type: confidential
Standard Flow Enabled: ON
Direct Access Grands: ON
The Valid Redirect URI: *
After searching for a while, I found the solution. It was a networking problem.
Keycloak OpenIDConnect Authentication flow follows 3 steps, as explained here: https://www.keycloak.org/docs/3.3/server_admin/topics/sso-protocols/oidc.html
Step 1 & 2 were completed, but upon receiving the temporary code from the browser the application was unable to connect with Keycloak. In step 1&2 it is always the browser connecting to application or Keycloak, not them speaking with each other.
This happened, because within my docker-compose file I declared networks that overwrote the automatic binding to 0.0.0.0 of Keycloak and the proxy. Additionally, the auth-server-url to connect to Keycloak must be true for the browser as well as the docker container of the Keycloak security proxy.
Make sure credential secret and auth-server-url values are same in keycloak.json and proxy.json files. Also, try removing "confidential-port":0 in the proxy.json file.
I think having a company proxy is not the reason for this error.
I've disabled SSL Certificate Validation under General Settings because my WordPress site is using http.
But I am still still getting "Failed to connect to api.twilio.com port 443: Connection refused" on live and test credentials."
I've also purge caches on the browser.
I am using the guide from https://www.twilio.com/blog/2017/08/send-sms-wordpress-php-plugin.html.
Does the setting takes time to remove the SSL certification validation or what else could go wrong?
Answered by Twilio support "All connections to the Twilio API endpoints must use HTTPS and so if you have no SSL Cert for your Wordpress website it will refuse the request. You will need to get an SSL Certificate for your website in order to call the API endpoints from your Wordpress site/domain. Disabling SSL Certificate Validation setting on Twilio dashboard is for calls from Twilio to your servers, not the other way around."
I am also facing the same challenge while doing a POC to send SMS using twilio. This is the exception that I am getting.
Exception in thread "main" com.twilio.exception.ApiException: Connect to api.twilio.com:443 [api.twilio.com/54.209.184.12, api.twilio.com/52.45.186.111, api.twilio.com/52.4.111.215, api.twilio.com/52.5.142.82, api.twilio.com/54.165.83.5, api.twilio.com/54.84.239.1, api.twilio.com/52.45.52.233, api.twilio.com/52.72.204.95] failed: Connection refused: connect
at com.twilio.http.NetworkHttpClient.makeRequest(NetworkHttpClient.java:128)
at com.twilio.http.HttpClient.reliableRequest(HttpClient.java:42)
at com.twilio.http.HttpClient.reliableRequest(HttpClient.java:25)
at com.twilio.http.TwilioRestClient.request(TwilioRestClient.java:42)
at com.twilio.rest.api.v2010.account.MessageCreator.create(MessageCreator.java:402)