Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Not showing information before throws exception while legacy migration to 9.0.0 #14899

Open
h3nrique opened this issue Oct 14, 2022 · 0 comments
Open

Not showing information before throws exception while legacy migration to 9.0.0 #14899

h3nrique opened this issue Oct 14, 2022 · 0 comments
Labels
kind/enhancement Categorizes a PR related to an enhancement status/triage

Comments

@h3nrique
Copy link

Description

While trying migrate version 4.6.0 to 18.0.0 I identified that throws ModelDuplicateException originated by MigrateTo9_0_0 class without any information about duplicate object.

FATAL [org.keycloak.services] (ServerService Thread Pool -- 88) Error during startup: org.keycloak.models.ModelDuplicateException
	at org.keycloak.keycloak-model-jpa@18.0.0.redhat-00002//org.keycloak.models.jpa.JpaRealmProvider.addClientRole(JpaRealmProvider.java:251)
	at org.keycloak.keycloak-services@18.0.0.redhat-00002//org.keycloak.storage.RoleStorageManager.addClientRole(RoleStorageManager.java:201)
	at org.keycloak.keycloak-model-infinispan@18.0.0.redhat-00002//org.keycloak.models.cache.infinispan.RealmCacheSession.addClientRole(RealmCacheSession.java:731)
	at org.keycloak.keycloak-model-infinispan@18.0.0.redhat-00002//org.keycloak.models.cache.infinispan.RealmCacheSession.addClientRole(RealmCacheSession.java:726)
	at org.keycloak.keycloak-model-jpa@18.0.0.redhat-00002//org.keycloak.models.jpa.ClientAdapter.addRole(ClientAdapter.java:620)
	at org.keycloak.keycloak-server-spi-private@18.0.0.redhat-00002//org.keycloak.migration.migrators.MigrateTo9_0_0.addAccountApiRoles(MigrateTo9_0_0.java:67)
	at org.keycloak.keycloak-server-spi-private@18.0.0.redhat-00002//org.keycloak.migration.migrators.MigrateTo9_0_0.migrateRealmCommon(MigrateTo9_0_0.java:60)

After a time investigating, I compiled the lib keycloak-server-spi-private and keycloak-model-jpa with logs before exception occurs and I checked 2 issues (In my migration case):

1 - For some reason that I do not understand, the realms already had roles 'view-applications', 'view-consent' and 'manage-consent' on database;
To solve this first case I executed the follow sql

delete from COMPOSITE_ROLE where COMPOSITE in (select kr.id from KEYCLOAK_ROLE kr left join client c on c.id = kr.client and c.client_id = 'account' where kr.NAME in ('view-applications', 'view-consent', 'manage-consent'));
delete from KEYCLOAK_ROLE where id in (select kr.id from KEYCLOAK_ROLE kr left join client c on c.id = kr.client and c.client_id = 'account' where kr.NAME in ('view-applications', 'view-consent', 'manage-consent'));
commit;

2 - After solve issue 1, I saw that the client 'account' did not exists in some realms, the person that adminstrate keycloak removed this client.
To solve this I make a copy of a existent 'account' client and change collumns ID, BASE_URL and REALM_ID

INSERT INTO CLIENT VALUES ('xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx', '0', '0', 'account', '0', '0', '**********', '/realms/<MY_REALM>/account/', '0', '', '0', '<MY_REALM>', 'openid-connect', '0', '0', '0', '${client_account}', '0', 'client-secret', '${authBaseUrl}', '', '', '1', '0', '0', '0');

Discussion

No response

Motivation

Help others with same case.

Details

No response
@h3nrique h3nrique added kind/enhancement Categorizes a PR related to an enhancement status/triage labels Oct 14, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/enhancement Categorizes a PR related to an enhancement status/triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@h3nrique