- Аутентификация и авторизация: Keycloak предоставляет механизмы аутентификации и авторизации, позволяя пользователям входить в систему и контролировать доступ к ресурсам на основе определенных политик безопасности.
- Единый вход (Single Sign-On, SSO): Keycloak поддерживает SSO, что позволяет пользователям авторизоваться один раз и получить доступ к нескольким приложениям без необходимости повторного ввода учетных данных.
- Социальная аутентификация: Keycloak интегрируется с различными социальными платформами, такими как Google, Facebook, Twitter и другими, что позволяет пользователям использовать свои учетные записи на этих платформах для входа в ваше приложение.
- Управление идентичностью: Keycloak предоставляет возможность управлять пользователями, ролями и группами, а также выполнять другие операции по управлению идентичностью, такие как сброс пароля, проверка электронной почты и другие.
- Интеграция с веб-приложениями: Keycloak предоставляет клиентские адаптеры и библиотеки для интеграции с различными веб-приложениями и службами, обеспечивая безопасность и удобство взаимодействия с IAM-системой.
- nexus.citeck.ru/keycloak:12.0.4 - образ, собранный на основе docker.io/jboss/keycloak:12.0.4 , в который добавлены переменные citeck
- keycloak:12.0.4
eis: logging: options: max-size: "10m" max-file: "5" image: docker.io/jboss/keycloak:12.0.4 container_name: eis hostname: eis restart: unless-stopped environment: PROXY_ADDRESS_FORWARDING: "true" DB_VENDOR: POSTGRES DB_ADDR: eis_postgres DB_DATABASE: keycloak DB_USER: keycloak DB_SCHEMA: public DB_PASSWORD: password KEYCLOAK_USER: admin KEYCLOAK_PASSWORD: examplepassword # Uncomment the line below if you want to specify JDBC parameters. The parameter below is just an example, and it shouldn't be used in production without knowledge. It is highly recommended that you read the PostgreSQL JDBC driver documentation in order to use it. #JDBC_PARAMS: "ssl=true" ports: - 443:8443 depends_on: - eis_postgres networks: - app_network eis_postgres: image: postgres:11 container_name: eis_postgres hostname: eis_postgres volumes: - /opt/postgresql/keycloak:/var/lib/postgresql/data environment: POSTGRES_DB: keycloak POSTGRES_USER: keycloak POSTGRES_PASSWORD: password networks: - app_network
{{- if .Values.EcosIdentityApp.enabled -}} apiVersion: apps/v1 kind: Deployment metadata: labels: app: ecos-identity-app name: ecos-identity-app spec: {{- if .Values.EcosIdentityApp.highAvailability.enabled }} replicas: {{ .Values.EcosIdentityApp.replicas | default "2" }} {{- else }} replicas: {{ .Values.EcosIdentityApp.replicas | default "1" }} {{- end }} selector: matchLabels: app: ecos-identity-app strategy: rollingUpdate: maxSurge: 0 maxUnavailable: 1 type: RollingUpdate template: metadata: labels: app: ecos-identity-app annotations: {{- if and .Values.global.vault.enabled .Values.global.vault.annotations }} {{- with .Values.global.vault.annotations }} {{- toYaml . | nindent 8 }} {{- end }} {{- end }} spec: {{- if .Values.EcosIdentityApp.nodeSelector }} nodeSelector: {{ toYaml .Values.EcosIdentityApp.nodeSelector | indent 8 }} {{- end }} containers: - command: - /scripts/keycloak.sh env: - name: KEYCLOAK_FRONTEND_URL {{- if .Values.EcosIdentityApp.environments.frontendURL }} value: {{ .Values.EcosIdentityApp.environments.frontendURL }} {{ else }} value: https://{{ .Values.FQDN }}/auth {{- end }} {{- if .Values.EcosIdentityApp.import.realm.enabled }} - name: KEYCLOAK_IMPORT value: /import/realm-export.json {{- end }} - name: HOSTNAME value: ecos-identity-app - name: KEYCLOAK_LOGLEVEL value: {{ .Values.EcosIdentityApp.environments.logLevel| default "INFO" }} - name: KEYCLOAK_USER value: {{ .Values.EcosIdentityApp.environments.username | default "admin" }} - name: KEYCLOAK_PASSWORD {{- if .Values.global.vault.keycloak.appPassword }} value: {{ .Values.global.vault.keycloak.appPassword | quote }} {{- else }} valueFrom: secretKeyRef: key: ecos-identity-app-password name: ecos-secret {{- end }} - name: JAVA_TOOL_OPTIONS value: -XX:+UseContainerSupport -XX:MaxRAMPercentage=50.0 - name: PROXY_ADDRESS_FORWARDING value: "true" - name: DB_VENDOR value: postgres - name: DB_ADDR value: {{ .Values.EcosIdentityApp.dataSource.host | default "ecos-microservices-postgresql-app-service" }}.{{ .Release.Namespace }}{{ .Values.clusterName | default "" }} - name: DB_PORT value: {{ .Values.EcosIdentityApp.dataSource.port | default "5432" | quote }} - name: DB_DATABASE value: {{ .Values.EcosIdentityApp.dataSource.database| default "ecos_identity" }} - name: DB_USER {{- if .Values.global.vault.keycloak.psqlUsername }} value: {{ .Values.global.vault.keycloak.psqlUsername | quote }} {{- else }} valueFrom: secretKeyRef: key: ecos-identity-postgresql-app-username name: ecos-secret {{- end }} - name: DB_PASSWORD {{- if .Values.global.vault.keycloak.psqlPassword }} value: {{ .Values.global.vault.keycloak.psqlPassword | quote }} {{- else }} valueFrom: secretKeyRef: key: ecos-identity-postgresql-app-password name: ecos-secret {{- end }} {{- if .Values.EcosIdentityApp.highAvailability.enabled }} - name: JGROUPS_DISCOVERY_PROTOCOL value: dns.DNS_PING - name: JGROUPS_DISCOVERY_PROPERTIES value: dns_query=ecos-identity-app-service-headless - name: CACHE_OWNERS_COUNT value: '2' - name: CACHE_OWNERS_AUTH_SESSIONS_COUNT value: '2' {{- end }} {{- if .Values.EcosIdentityApp.ecosExtensions.enabled }} - name: ECOS_KK_RMQ_HOST value: rabbitmq-app-service.{{ .Release.Namespace }}{{ .Values.clusterName | default "" }} - name: ECOS_KK_RMQ_USERNAME value: {{ .Values.RabbitmqApp.environments.username | default "rabbitmqadmin" }} - name: ECOS_KK_RMQ_PASSWORD value: {{ .Values.RabbitmqApp.environments.password | default "RabbitmqStrongPassword" }} - name: ECOS_KK_ZK_HOST value: zookeeper-app-service-headless.{{ .Release.Namespace }}{{ .Values.clusterName | default "" }} - name: ECOS_KK_LISTEN_PERSON_DISABLED_STATUS value: {{ .Values.EcosIdentityApp.ecosExtensions.listenPersonDisabledStatus | quote }} {{- end }} image: {{ .Values.EcosIdentityApp.image.registry }}/{{ .Values.EcosIdentityApp.image.repository }}:{{ .Values.EcosIdentityApp.image.tag }} imagePullPolicy: {{ .Values.EcosIdentityApp.image.pullPolicy | default "IfNotPresent" }} name: ecos-identity-app ports: - containerPort: 8080 name: http protocol: TCP - containerPort: 8443 name: https protocol: TCP securityContext: runAsNonRoot: true runAsUser: 1000 {{- with .Values.EcosIdentityApp.resources }} resources: {{- tpl . $ | nindent 12 }} {{- end }} livenessProbe: failureThreshold: 3 httpGet: path: /auth/ port: http scheme: HTTP initialDelaySeconds: 300 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 readinessProbe: failureThreshold: 3 httpGet: path: /auth/realms/master port: http scheme: HTTP initialDelaySeconds: 30 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 volumeMounts: - mountPath: /scripts name: sh readOnly: true - mountPath: /opt/jboss/startup-scripts name: startup readOnly: true {{- if .Values.EcosIdentityApp.import.certs.enabled }} - mountPath: /opt/certs name: certs readOnly: true {{- end }} {{- if .Values.EcosIdentityApp.import.realm.enabled }} - mountPath: /import name: realm-export readOnly: true {{- end }} {{- if .Values.EcosIdentityApp.KerberosIntegration.enabled }} - mountPath: /etc/krb5.conf.d name: krb5-conf readOnly: true - mountPath: /opt/keytab name: keytab readOnly: true {{- end }} {{- if .Values.EcosIdentityApp.ecosExtensions.enabled }} - mountPath: '/opt/jboss/keycloak/standalone/deployments/ecos' name: ecos-extensions {{- end }} initContainers: - command: - /bin/sh - -c - | while true do {{- if .Values.EcosMicroservicesPostgresqlApp.enabled }} rt=$(nc -z -w 1 {{ .Values.EcosIdentityApp.dataSource.host | default "ecos-microservices-postgresql-app-service" }}.{{ .Release.Namespace }}{{ .Values.clusterName | default "" }} {{ .Values.EcosIdentityApp.dataSource.port | default "5432" }}) {{ else }} rt=$(nc -z -w 1 {{ .Values.EcosIdentityApp.dataSource.host | default "ecos-microservices-postgresql-app-service" }} {{ .Values.EcosIdentityApp.dataSource.port | default "5432" }}) {{- end }} if [ $? -eq 0 ]; then echo "DB is UP" break fi echo "DB is not yet reachable, sleep for 10s before retry" sleep 10 done image: {{ .Values.global.initContainers.image.registry }}/{{ .Values.global.initContainers.image.repository }}:{{ .Values.global.initContainers.image.tag }} imagePullPolicy: Always name: init-db resources: limits: cpu: 100m memory: 128Mi requests: cpu: 100m memory: 128Mi {{- if .Values.EcosIdentityApp.ecosExtensions.enabled }} - image: {{ .Values.global.initContainers.image.registry }}/ecos-keycloak-ext:{{ .Values.EcosIdentityApp.ecosExtensions.version }} imagePullPolicy: Always name: init-extensions env: - name: KK_EXT_TARGET_ROOT value: /run/extensions-target resources: limits: cpu: 100m memory: 128Mi requests: cpu: 100m memory: 128Mi volumeMounts: - mountPath: /run/extensions-target name: ecos-extensions {{- end }} dnsPolicy: ClusterFirst {{- if .Values.EcosIdentityApp.image.pullSecrets }} imagePullSecrets: - name: {{ .Values.EcosIdentityApp.image.pullSecrets }} {{- end }} securityContext: fsGroup: 1000 restartPolicy: Always terminationGracePeriodSeconds: 120 volumes: {{- if .Values.EcosIdentityApp.import.certs.enabled }} - name: certs configMap: defaultMode: 365 name: {{ .Values.EcosIdentityApp.import.certs.configMap }} {{- end }} {{- if .Values.EcosIdentityApp.KerberosIntegration.enabled }} - name: krb5-conf configMap: defaultMode: 365 name: ecos-identity-app-configmap items: - key: krb5.conf path: krb5.conf - name: keytab secret: secretName: ecos-secret items: - key: keytab-file path: keytab-file {{- end }} - name: sh configMap: defaultMode: 365 name: ecos-identity-app-configmap items: - key: keycloak.sh path: keycloak.sh - name: startup configMap: defaultMode: 365 name: ecos-identity-app-configmap items: - key: keycloak.cli path: keycloak.cli - name: realm-export configMap: defaultMode: 365 name: ecos-identity-app-configmap items: - key: realm-export.json path: realm-export.json {{- if .Values.EcosIdentityApp.ecosExtensions.enabled }} - name: ecos-extensions emptyDir: {} {{- end }} {{- end }}
- KEYCLOAK_FRONTEND_URL - https://example.ecos24.ru url кейклока, где добавлен realm
- KEYCLOAK_IMPORT - стандартное значение /import/realm-export.json успользует для того, чтоб вместе с ecos стартанул Keycloak, в котором уже будет необходимы Realm
- HOSTNAME - переменная задающая имя сервиса
- KEYCLOAK_LOGLEVEL - переменная задающая loglevel Keycloak
- KEYCLOAK_USER - admin user для входа в https://example.ecos24.ru/auth
- KEYCLOAK_PASSWORD - пароль для dmin user для входа в https://example.ecos24.ru/auth
- JAVA_TOOL_OPTIONS - параметры Java
- DB_VENDOR - вендор БД
- DB_ADDR - имя сервиса БД
- DB_PORT - порт , по которому доступна база данных
- DB_DATABASE - имя БД
- DB_USER - пользователь БД
- DB_PASSWORD - пароль для входа в БД
- JGROUPS_DISCOVERY_PROTOCOL - протокол, для возможности работы Keycloak в режиме HA с 2 репликами
- JGROUPS_DISCOVERY_PROPERTIES - имя сервиса, для общения 2х реплик Keycloak при развертывании в режиме HA
- CACHE_OWNERS_COUNT - количество owner при режиме HA
- CACHE_OWNERS_AUTH_SESSIONS_COUNT - количество активных сеансов для владельца кеша ( установить в соответсвии с CACHE_OWNERS_COUNT )
- ECOS_KK_RMQ_HOST - хост для подключения к RabbitMQ
- ECOS_KK_RMQ_USERNAME - имя пользователя для подключения к RabbitMQ
- ECOS_KK_RMQ_PASSWORD - пароль пользователя для подключения к RabbitMQ
- ECOS_KK_ZK_HOST - хост zookeeper
Keycloak подключается к сервису с БД ecos-app-microservice-postgresql и используются в собственную базу данных
Picked up JAVA_TOOL_OPTIONS: -XX:+UseContainerSupport -XX:MaxRAMPercentage=50.0 Added 'admin' to '/opt/jboss/keycloak/standalone/configuration/keycloak-add-user.json', restart server to load user ========================================================================= Using PostgreSQL database ========================================================================= Picked up JAVA_TOOL_OPTIONS: -XX:+UseContainerSupport -XX:MaxRAMPercentage=50.0 21:08:34,603 INFO [org.jboss.modules] (CLI command executor) JBoss Modules version 1.10.2.Final 21:08:35,001 INFO [org.jboss.msc] (CLI command executor) JBoss MSC version 1.4.12.Final 21:08:35,011 INFO [org.jboss.threads] (CLI command executor) JBoss Threads version 2.4.0.Final 21:08:35,897 INFO [org.jboss.as] (MSC service thread 1-2) WFLYSRV0049: Keycloak 12.0.4 (WildFly Core 13.0.3.Final) starting 21:08:36,404 INFO [org.jboss.vfs] (MSC service thread 1-1) VFS000002: Failed to clean existing content for temp file provider of type temp. Enable DEBUG level log to find what caused this 21:08:42,002 INFO [org.wildfly.security] (ServerService Thread Pool -- 17) ELY00001: WildFly Elytron version 1.13.1.Final 21:08:46,614 INFO [org.jboss.as.controller.management-deprecated] (Controller Boot Thread) WFLYCTL0028: Attribute 'security-realm' in the resource at address '/core-service=management/management-interface=http-interface' is deprecated, and may be removed in a future version. See the attribute description in the output of the read-resource-description operation to learn more about the deprecation. 21:08:47,214 INFO [org.jboss.as.controller.management-deprecated] (Controller Boot Thread) WFLYCTL0028: Attribute 'security-realm' in the resource at address '/subsystem=undertow/server=default-server/https-listener=https' is deprecated, and may be removed in a future version. See the attribute description in the output of the read-resource-description operation to learn more about the deprecation. 21:08:48,302 INFO [org.jboss.as.patching] (MSC service thread 1-1) WFLYPAT0050: Keycloak cumulative patch ID is: base, one-off patches include: none 21:08:48,915 INFO [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0212: Resuming server 21:08:48,917 INFO [org.jboss.as] (Controller Boot Thread) WFLYSRV0025: Keycloak 12.0.4 (WildFly Core 13.0.3.Final) started in 14219ms - Started 56 of 79 services (32 services are lazy, passive or on-demand) The batch executed successfully 21:08:50,099 INFO [org.jboss.as] (MSC service thread 1-1) WFLYSRV0050: Keycloak 12.0.4 (WildFly Core 13.0.3.Final) stopped in 186ms Picked up JAVA_TOOL_OPTIONS: -XX:+UseContainerSupport -XX:MaxRAMPercentage=50.0 21:08:58,406 INFO [org.jboss.modules] (CLI command executor) JBoss Modules version 1.10.2.Final 21:08:58,810 INFO [org.jboss.msc] (CLI command executor) JBoss MSC version 1.4.12.Final 21:08:58,820 INFO [org.jboss.threads] (CLI command executor) JBoss Threads version 2.4.0.Final 21:08:59,514 INFO [org.jboss.as] (MSC service thread 1-2) WFLYSRV0049: Keycloak 12.0.4 (WildFly Core 13.0.3.Final) starting 21:09:00,210 INFO [org.jboss.vfs] (MSC service thread 1-2) VFS000002: Failed to clean existing content for temp file provider of type temp. Enable DEBUG level log to find what caused this 21:09:07,226 INFO [org.wildfly.security] (ServerService Thread Pool -- 21) ELY00001: WildFly Elytron version 1.13.1.Final 21:09:13,710 INFO [org.jboss.as.controller.management-deprecated] (Controller Boot Thread) WFLYCTL0028: Attribute 'security-realm' in the resource at address '/core-service=management/management-interface=http-interface' is deprecated, and may be removed in a future version. See the attribute description in the output of the read-resource-description operation to learn more about the deprecation. 21:09:14,500 INFO [org.jboss.as.controller.management-deprecated] (Controller Boot Thread) WFLYCTL0028: Attribute 'security-realm' in the resource at address '/subsystem=undertow/server=default-server/https-listener=https' is deprecated, and may be removed in a future version. See the attribute description in the output of the read-resource-description operation to learn more about the deprecation. 21:09:15,735 INFO [org.jboss.as.patching] (MSC service thread 1-1) WFLYPAT0050: Keycloak cumulative patch ID is: base, one-off patches include: none 21:09:16,618 INFO [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0212: Resuming server 21:09:16,624 INFO [org.jboss.as] (Controller Boot Thread) WFLYSRV0025: Keycloak 12.0.4 (WildFly Core 13.0.3.Final) started in 18211ms - Started 56 of 86 services (39 services are lazy, passive or on-demand) The batch executed successfully 21:09:17,745 INFO [org.jboss.as] (MSC service thread 1-2) WFLYSRV0050: Keycloak 12.0.4 (WildFly Core 13.0.3.Final) stopped in 129ms Executing cli script: /opt/jboss/startup-scripts/keycloak.cli Picked up JAVA_TOOL_OPTIONS: -XX:+UseContainerSupport -XX:MaxRAMPercentage=50.0 21:09:26,817 INFO [org.jboss.modules] (CLI command executor) JBoss Modules version 1.10.2.Final 21:09:27,218 INFO [org.jboss.msc] (CLI command executor) JBoss MSC version 1.4.12.Final 21:09:27,241 INFO [org.jboss.threads] (CLI command executor) JBoss Threads version 2.4.0.Final 21:09:28,008 INFO [org.jboss.as] (MSC service thread 1-1) WFLYSRV0049: Keycloak 12.0.4 (WildFly Core 13.0.3.Final) starting 21:09:28,627 INFO [org.jboss.vfs] (MSC service thread 1-2) VFS000002: Failed to clean existing content for temp file provider of type temp. Enable DEBUG level log to find what caused this 21:09:34,848 INFO [org.wildfly.security] (ServerService Thread Pool -- 22) ELY00001: WildFly Elytron version 1.13.1.Final 21:09:41,713 INFO [org.jboss.as.controller.management-deprecated] (Controller Boot Thread) WFLYCTL0028: Attribute 'security-realm' in the resource at address '/core-service=management/management-interface=http-interface' is deprecated, and may be removed in a future version. See the attribute description in the output of the read-resource-description operation to learn more about the deprecation. 21:09:42,454 INFO [org.jboss.as.controller.management-deprecated] (Controller Boot Thread) WFLYCTL0028: Attribute 'security-realm' in the resource at address '/subsystem=undertow/server=default-server/https-listener=https' is deprecated, and may be removed in a future version. See the attribute description in the output of the read-resource-description operation to learn more about the deprecation. 21:09:43,734 INFO [org.jboss.as.patching] (MSC service thread 1-1) WFLYPAT0050: Keycloak cumulative patch ID is: base, one-off patches include: none 21:09:44,615 INFO [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0212: Resuming server 21:09:44,617 INFO [org.jboss.as] (Controller Boot Thread) WFLYSRV0025: Keycloak 12.0.4 (WildFly Core 13.0.3.Final) started in 17788ms - Started 56 of 86 services (39 services are lazy, passive or on-demand) Configuring node identifier Finished configuring node identifier The batch executed successfully 21:09:45,770 INFO [org.jboss.as] (MSC service thread 1-2) WFLYSRV0050: Keycloak 12.0.4 (WildFly Core 13.0.3.Final) stopped in 148ms ========================================================================= JBoss Bootstrap Environment JBOSS_HOME: /opt/jboss/keycloak JAVA: java JAVA_OPTS: -server -Xms64m -Xmx512m -XX:MetaspaceSize=96M -XX:MaxMetaspaceSize=256m -Djava.net.preferIPv4Stack=true -Djboss.modules.system.pkgs=org.jboss.byteman -Djava.awt.headless=true --add-exports=java.base/sun.nio.ch=ALL-UNNAMED --add-exports=jdk.unsupported/sun.misc=ALL-UNNAMED --add-exports=jdk.unsupported/sun.reflect=ALL-UNNAMED ========================================================================= Picked up JAVA_TOOL_OPTIONS: -XX:+UseContainerSupport -XX:MaxRAMPercentage=50.0 21:09:50,000 INFO [org.jboss.modules] (main) JBoss Modules version 1.10.2.Final 21:09:54,026 INFO [org.jboss.msc] (main) JBoss MSC version 1.4.12.Final 21:09:54,156 INFO [org.jboss.threads] (main) JBoss Threads version 2.4.0.Final 21:09:55,106 INFO [org.jboss.as] (MSC service thread 1-2) WFLYSRV0049: Keycloak 12.0.4 (WildFly Core 13.0.3.Final) starting 21:09:55,703 INFO [org.jboss.vfs] (MSC service thread 1-1) VFS000002: Failed to clean existing content for temp file provider of type temp. Enable DEBUG level log to find what caused this 21:10:01,709 INFO [org.wildfly.security] (ServerService Thread Pool -- 19) ELY00001: WildFly Elytron version 1.13.1.Final 21:10:06,431 INFO [org.jboss.as.controller.management-deprecated] (Controller Boot Thread) WFLYCTL0028: Attribute 'security-realm' in the resource at address '/core-service=management/management-interface=http-interface' is deprecated, and may be removed in a future version. See the attribute description in the output of the read-resource-description operation to learn more about the deprecation. 21:10:06,846 INFO [org.jboss.as.controller.management-deprecated] (ServerService Thread Pool -- 12) WFLYCTL0028: Attribute 'security-realm' in the resource at address '/subsystem=undertow/server=default-server/https-listener=https' is deprecated, and may be removed in a future version. See the attribute description in the output of the read-resource-description operation to learn more about the deprecation. 21:10:07,716 INFO [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0039: Creating http management service using socket-binding (management-http) 21:10:07,835 INFO [org.xnio] (MSC service thread 1-2) XNIO version 3.8.2.Final 21:10:07,935 INFO [org.xnio.nio] (MSC service thread 1-2) XNIO NIO Implementation Version 3.8.2.Final 21:10:08,219 INFO [org.jboss.remoting] (MSC service thread 1-1) JBoss Remoting version 5.0.19.Final 21:10:08,298 INFO [org.wildfly.extension.microprofile.config.smallrye._private] (ServerService Thread Pool -- 45) WFLYCONF0001: Activating WildFly MicroProfile Config Subsystem 21:10:08,568 INFO [org.jboss.as.security] (ServerService Thread Pool -- 51) WFLYSEC0002: Activating Security Subsystem 21:10:08,648 INFO [org.jboss.as.naming] (ServerService Thread Pool -- 48) WFLYNAM0001: Activating Naming Subsystem 21:10:08,696 INFO [org.wildfly.extension.microprofile.health.smallrye] (ServerService Thread Pool -- 46) WFLYHEALTH0001: Activating Eclipse MicroProfile Health Subsystem21:10:08,843 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 37) WFLYCLINF0001: Activating Infinispan subsystem. 21:10:09,025 INFO [org.jboss.as.connector.subsystems.datasources] (ServerService Thread Pool -- 32) WFLYJCA0004: Deploying JDBC-compliant driver class org.h2.Driver (version 1.4) 21:10:09,101 INFO [org.wildfly.extension.io] (ServerService Thread Pool -- 38) WFLYIO001: Worker 'default' has auto-configured to 2 IO threads with 16 max task threads based on your 1 available processors 21:10:09,417 INFO [org.wildfly.extension.microprofile.metrics.smallrye] (ServerService Thread Pool -- 47) WFLYMETRICS0001: Activating Eclipse MicroProfile Metrics Subsystem 21:10:09,434 INFO [org.jboss.as.jaxrs] (ServerService Thread Pool -- 39) WFLYRS0016: RESTEasy version 3.13.2.Final 21:10:09,333 INFO [org.jboss.as.security] (MSC service thread 1-1) WFLYSEC0001: Current PicketBox version=5.0.3.Final-redhat-00006 21:10:09,898 INFO [org.jboss.as.connector.subsystems.datasources] (ServerService Thread Pool -- 32) WFLYJCA0005: Deploying non-JDBC-compliant driver class org.postgresql.Driver (version 42.2) 21:10:10,122 INFO [org.wildfly.extension.undertow] (MSC service thread 1-2) WFLYUT0003: Undertow 2.2.2.Final starting 21:10:11,115 INFO [org.wildfly.extension.undertow] (ServerService Thread Pool -- 54) WFLYUT0014: Creating file handler for path '/opt/jboss/keycloak/welcome-content' with options [directory-listing: 'false', follow-symlink: 'false', case-sensitive: 'true', safe-symlink-paths: '[]'] 21:10:11,315 INFO [org.jboss.as.connector] (MSC service thread 1-2) WFLYJCA0009: Starting JCA Subsystem (WildFly/IronJacamar 1.4.23.Final) 21:10:12,701 INFO [org.jboss.as.naming] (MSC service thread 1-2) WFLYNAM0003: Starting Naming Service 21:10:13,232 INFO [org.jboss.as.connector.deployers.jdbc] (MSC service thread 1-1) WFLYJCA0018: Started Driver service with driver-name = h2 21:10:13,235 INFO [org.jboss.as.connector.deployers.jdbc] (MSC service thread 1-2) WFLYJCA0018: Started Driver service with driver-name = postgresql 21:10:13,238 INFO [org.jboss.as.ejb3] (MSC service thread 1-2) WFLYEJB0482: Strict pool mdb-strict-max-pool is using a max instance size of 4 (per class), which is derived from the number of CPUs on this host. 21:10:13,303 INFO [org.jboss.as.ejb3] (MSC service thread 1-2) WFLYEJB0481: Strict pool slsb-strict-max-pool is using a max instance size of 16 (per class), which is derived from thread worker pool sizing. 21:10:13,412 INFO [org.jboss.as.mail.extension] (MSC service thread 1-1) WFLYMAIL0001: Bound mail session [java:jboss/mail/Default] 21:10:14,720 INFO [org.wildfly.extension.undertow] (MSC service thread 1-1) WFLYUT0012: Started server default-server. 21:10:14,825 INFO [org.jboss.as.patching] (MSC service thread 1-1) WFLYPAT0050: Keycloak cumulative patch ID is: base, one-off patches include: none 21:10:15,000 INFO [org.wildfly.extension.undertow] (MSC service thread 1-1) WFLYUT0018: Host default-host starting 21:10:15,202 INFO [org.jboss.as.server.deployment.scanner] (MSC service thread 1-1) WFLYDS0013: Started FileSystemDeploymentService for directory /opt/jboss/keycloak/standalone/deployments 21:10:15,225 INFO [org.jboss.as.server.deployment] (MSC service thread 1-1) WFLYSRV0027: Starting deployment of "keycloak-server.war" (runtime-name: "keycloak-server.war") 21:10:15,415 INFO [org.wildfly.extension.undertow] (MSC service thread 1-2) WFLYUT0006: Undertow HTTP listener default listening on 0.0.0.0:8080 21:10:15,804 INFO [org.jboss.as.ejb3] (MSC service thread 1-2) WFLYEJB0493: EJB subsystem suspension complete 21:10:16,703 INFO [org.wildfly.extension.undertow] (MSC service thread 1-2) WFLYUT0006: Undertow HTTPS listener https listening on 0.0.0.0:8443 21:10:17,815 INFO [org.jboss.as.connector.subsystems.datasources] (MSC service thread 1-2) WFLYJCA0001: Bound data source [java:jboss/datasources/ExampleDS] 21:10:17,816 INFO [org.jboss.as.connector.subsystems.datasources] (MSC service thread 1-2) WFLYJCA0001: Bound data source [java:jboss/datasources/KeycloakDS] 21:10:22,815 INFO [org.infinispan.CONTAINER] (ServerService Thread Pool -- 57) ISPN000128: Infinispan version: Infinispan 'Corona Extra' 11.0.4.Final 21:10:23,327 INFO [org.infinispan.CONFIG] (MSC service thread 1-1) ISPN000152: Passivation configured without an eviction policy being selected. Only manually evicted entities will be passivated. 21:10:23,346 INFO [org.infinispan.CONFIG] (MSC service thread 1-1) ISPN000152: Passivation configured without an eviction policy being selected. Only manually evicted entities will be passivated. 21:10:23,804 INFO [org.infinispan.PERSISTENCE] (ServerService Thread Pool -- 58) ISPN000556: Starting user marshaller 'org.wildfly.clustering.infinispan.marshalling.jboss.JBossMarshaller' 21:10:23,814 INFO [org.infinispan.PERSISTENCE] (ServerService Thread Pool -- 57) ISPN000556: Starting user marshaller 'org.wildfly.clustering.infinispan.spi.marshalling.InfinispanProtoStreamMarshaller' 21:10:25,221 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 57) WFLYCLINF0002: Started http-remoting-connector cache from ejb container 21:10:25,417 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 57) WFLYCLINF0002: Started offlineClientSessions cache from keycloak container 21:10:25,599 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 57) WFLYCLINF0002: Started actionTokens cache from keycloak container 21:10:25,414 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 58) WFLYCLINF0002: Started offlineSessions cache from keycloak container 21:10:25,616 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 61) WFLYCLINF0002: Started sessions cache from keycloak container 21:10:25,826 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 63) WFLYCLINF0002: Started keys cache from keycloak container 21:10:25,799 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 64) WFLYCLINF0002: Started clientSessions cache from keycloak container 21:10:25,809 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 65) WFLYCLINF0002: Started loginFailures cache from keycloak container 21:10:25,816 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 66) WFLYCLINF0002: Started authenticationSessions cache from keycloak container 21:10:25,907 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 57) WFLYCLINF0002: Started users cache from keycloak container 21:10:25,908 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 62) WFLYCLINF0002: Started authorization cache from keycloak container 21:10:25,915 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 59) WFLYCLINF0002: Started realms cache from keycloak container 21:10:25,918 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 60) WFLYCLINF0002: Started work cache from keycloak container 21:10:30,634 INFO [org.keycloak.services] (ServerService Thread Pool -- 67) KC-SERVICES0001: Loading config from standalone.xml or domain.xml 21:10:33,334 INFO [org.keycloak.url.DefaultHostnameProviderFactory] (ServerService Thread Pool -- 67) Frontend: https://enterprise.ecos24.ru/auth, Admin: <frontend>, Backend: <request> 21:10:33,938 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 67) WFLYCLINF0002: Started realmRevisions cache from keycloak container 21:10:34,019 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 67) WFLYCLINF0002: Started authorizationRevisions cache from keycloak container 21:10:34,021 INFO [org.keycloak.connections.infinispan.DefaultInfinispanConnectionProviderFactory] (ServerService Thread Pool -- 67) Node name: ecos-identity-app, Site name: null 21:10:36,606 INFO [org.keycloak.connections.jpa.DefaultJpaConnectionProviderFactory] (ServerService Thread Pool -- 67) Database info: {databaseUrl=jdbc:postgresql://ecos-microservices-postgresql-app-service.enterprise-ecos24.svc.cluster.local:5432/ecos_identity, databaseUser=eis, databaseProduct=PostgreSQL 12.7, databaseDriver=PostgreSQL JDBC Driver 42.2.5} 21:10:48,599 INFO [org.hibernate.jpa.internal.util.LogHelper] (ServerService Thread Pool -- 67) HHH000204: Processing PersistenceUnitInfo [ name: keycloak-default ...] 21:10:48,912 INFO [org.hibernate.Version] (ServerService Thread Pool -- 67) HHH000412: Hibernate Core {5.3.20.Final} 21:10:48,915 INFO [org.hibernate.cfg.Environment] (ServerService Thread Pool -- 67) HHH000206: hibernate.properties not found 21:10:49,723 INFO [org.hibernate.annotations.common.Version] (ServerService Thread Pool -- 67) HCANN000001: Hibernate Commons Annotations {5.0.5.Final} 21:10:50,729 INFO [org.hibernate.dialect.Dialect] (ServerService Thread Pool -- 67) HHH000400: Using dialect: org.hibernate.dialect.PostgreSQL95Dialect 21:10:51,809 INFO [org.hibernate.engine.jdbc.env.internal.LobCreatorBuilderImpl] (ServerService Thread Pool -- 67) HHH000424: Disabling contextual LOB creation as createClob() method threw error : java.lang.reflect.InvocationTargetException 21:10:51,815 INFO [org.hibernate.type.BasicTypeRegistry] (ServerService Thread Pool -- 67) HHH000270: Type registration [java.util.UUID] overrides previous : org.hibernate.type.UUIDBinaryType@429b0d6e 21:10:51,822 INFO [org.hibernate.envers.boot.internal.EnversServiceImpl] (ServerService Thread Pool -- 67) Envers integration enabled? : true 21:10:54,716 INFO [org.hibernate.orm.beans] (ServerService Thread Pool -- 67) HHH10005002: No explicit CDI BeanManager reference was passed to Hibernate, but CDI is available on the Hibernate ClassLoader. 21:10:55,207 INFO [org.hibernate.validator.internal.util.Version] (ServerService Thread Pool -- 67) HV000001: Hibernate Validator 6.0.21.Final 21:11:03,531 INFO [org.hibernate.hql.internal.QueryTranslatorFactoryInitiator] (ServerService Thread Pool -- 67) HHH000397: Using ASTQueryTranslatorFactory 21:11:11,215 INFO [org.keycloak.services] (ServerService Thread Pool -- 67) KC-SERVICES0003: Not importing realm ecos-app from file /import/realm-export.json. It already exists. 21:11:11,308 INFO [org.keycloak.services] (ServerService Thread Pool -- 67) KC-SERVICES0003: Not importing realm ecos-app from file /import/realm-export.json. It already exists. 21:11:11,399 INFO [org.keycloak.services] (ServerService Thread Pool -- 67) KC-SERVICES0006: Importing users from '/opt/jboss/keycloak/standalone/configuration/keycloak-add-user.json' 21:11:12,001 INFO [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 67) RESTEASY002225: Deploying javax.ws.rs.core.Application: class org.keycloak.services.resources.KeycloakApplication 21:11:12,003 INFO [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 67) RESTEASY002205: Adding provider class org.keycloak.services.filters.KeycloakSecurityHeadersFilter from Application class org.keycloak.services.resources.KeycloakApplication 21:11:12,005 INFO [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 67) RESTEASY002200: Adding class resource org.keycloak.services.resources.JsResource from Application class org.keycloak.services.resources.KeycloakApplication 21:11:12,005 INFO [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 67) RESTEASY002205: Adding provider class org.keycloak.services.error.KeycloakErrorHandler from Application class org.keycloak.services.resources.KeycloakApplication 21:11:12,006 INFO [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 67) RESTEASY002200: Adding class resource org.keycloak.services.resources.ThemeResource from Application class org.keycloak.services.resources.KeycloakApplication 21:11:12,006 INFO [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 67) RESTEASY002210: Adding provider singleton org.keycloak.services.util.ObjectMapperResolver from Application class org.keycloak.services.resources.KeycloakApplication 21:11:12,006 INFO [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 67) RESTEASY002220: Adding singleton resource org.keycloak.services.resources.admin.AdminRoot from Application class org.keycloak.services.resources.KeycloakApplication 21:11:12,006 INFO [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 67) RESTEASY002220: Adding singleton resource org.keycloak.services.resources.WelcomeResource from Application class org.keycloak.services.resources.KeycloakApplication 21:11:12,006 INFO [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 67) RESTEASY002220: Adding singleton resource org.keycloak.services.resources.RealmsResource from Application class org.keycloak.services.resources.KeycloakApplication 21:11:12,006 INFO [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 67) RESTEASY002220: Adding singleton resource org.keycloak.services.resources.RobotsResource from Application class org.keycloak.services.resources.KeycloakApplication 21:11:12,498 INFO [org.wildfly.extension.undertow] (ServerService Thread Pool -- 67) WFLYUT0021: Registered web context: '/auth' for server 'default-server' 21:11:13,200 INFO [org.jboss.as.server] (ServerService Thread Pool -- 43) WFLYSRV0010: Deployed "keycloak-server.war" (runtime-name : "keycloak-server.war") 21:11:13,508 INFO [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0212: Resuming server 21:11:13,511 INFO [org.jboss.as] (Controller Boot Thread) WFLYSRV0025: Keycloak 12.0.4 (WildFly Core 13.0.3.Final) started in 86028ms - Started 590 of 868 services (585 services are lazy, passive or on-demand) 21:11:13,513 INFO [org.jboss.as] (Controller Boot Thread) WFLYSRV0060: Http management interface listening on http://127.0.0.1:9990/management 21:11:13,513 INFO [org.jboss.as] (Controller Boot Thread) WFLYSRV0051: Admin console listening on http://127.0.0.1:9990