Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
The required mechanism 'SSO' is not available in mechanisms [BASIC, CLIENT_CERT, DIGEST, FORM] from the HttpAuthenticationFactory.
See original GitHub issueDescribe the bug
I’m unable to upgrade our keycloak instance of keycloak (using docker) in Openshift from 15.0.2 to 16.1.1, but am able to upgrade it locally without issue. I’ve already resolved the FIPS issue by updating the JAVA_OPTS on startup, but can’t find any info on what would be causing this issue.
15:04:08,220 WARN [org.jboss.as.server.deployment] (MSC service thread 1-2) WFLYSRV0273: Excluded subsystem webservices via jboss-deployment-structure.xml does not exist.
15:04:08,452 ERROR [org.jboss.msc.service.fail] (ServerService Thread Pool -- 66) MSC000001: Failed to start service jboss.deployment.unit."keycloak-server.war".undertow-deployment: org.jboss.msc.service.StartException in service jboss.deployment.unit."keycloak-server.war".undertow-deployment: java.lang.RuntimeException: java.lang.IllegalStateException: The required mechanism 'SSO' is not available in mechanisms [BASIC, CLIENT_CERT, DIGEST, FORM] from the HttpAuthenticationFactory.
at org.wildfly.extension.undertow@26.0.1.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentService$1.run(UndertowDeploymentService.java:90)
at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at org.jboss.threads@2.4.0.Final//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
at org.jboss.threads@2.4.0.Final//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1990)
at org.jboss.threads@2.4.0.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
at org.jboss.threads@2.4.0.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
at java.base/java.lang.Thread.run(Thread.java:829)
at org.jboss.threads@2.4.0.Final//org.jboss.threads.JBossThread.run(JBossThread.java:513)
Caused by: java.lang.RuntimeException: java.lang.IllegalStateException: The required mechanism 'SSO' is not available in mechanisms [BASIC, CLIENT_CERT, DIGEST, FORM] from the HttpAuthenticationFactory.
at io.undertow.servlet@2.2.14.Final//io.undertow.servlet.core.DeploymentManagerImpl.deploy(DeploymentManagerImpl.java:257)
at org.wildfly.extension.undertow@26.0.1.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentService.startContext(UndertowDeploymentService.java:105)
at org.wildfly.extension.undertow@26.0.1.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentService$1.run(UndertowDeploymentService.java:87)
... 8 more
Caused by: java.lang.IllegalStateException: The required mechanism 'SSO' is not available in mechanisms [BASIC, CLIENT_CERT, DIGEST, FORM] from the HttpAuthenticationFactory.
at org.wildfly.security.elytron-web.undertow-server-servlet@1.10.1.Final//org.wildfly.elytron.web.undertow.server.servlet.AuthenticationManager.initialSecurityHandler(AuthenticationManager.java:156)
at org.wildfly.security.elytron-web.undertow-server-servlet@1.10.1.Final//org.wildfly.elytron.web.undertow.server.servlet.AuthenticationManager.lambda$configure$2(AuthenticationManager.java:101)
at io.undertow.servlet@2.2.14.Final//io.undertow.servlet.core.DeploymentManagerImpl.setupSecurityHandlers(DeploymentManagerImpl.java:445)
at io.undertow.servlet@2.2.14.Final//io.undertow.servlet.core.DeploymentManagerImpl.access$600(DeploymentManagerImpl.java:122)
at io.undertow.servlet@2.2.14.Final//io.undertow.servlet.core.DeploymentManagerImpl$1.call(DeploymentManagerImpl.java:226)
at io.undertow.servlet@2.2.14.Final//io.undertow.servlet.core.DeploymentManagerImpl$1.call(DeploymentManagerImpl.java:187)
at io.undertow.servlet@2.2.14.Final//io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:42)
at io.undertow.servlet@2.2.14.Final//io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
at org.wildfly.extension.undertow@26.0.1.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1544)
at org.wildfly.extension.undertow@26.0.1.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1544)
at org.wildfly.extension.undertow@26.0.1.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1544)
at org.wildfly.extension.undertow@26.0.1.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1544)
at io.undertow.servlet@2.2.14.Final//io.undertow.servlet.core.DeploymentManagerImpl.deploy(DeploymentManagerImpl.java:255)
... 10 more
15:04:08,457 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([("deployment" => "keycloak-server.war")]) - failure description: {"WFLYCTL0080: Failed services" => {"jboss.deployment.unit.\"keycloak-server.war\".undertow-deployment" => "java.lang.RuntimeException: java.lang.IllegalStateException: The required mechanism 'SSO' is not available in mechanisms [BASIC, CLIENT_CERT, DIGEST, FORM] from the HttpAuthenticationFactory.
Caused by: java.lang.RuntimeException: java.lang.IllegalStateException: The required mechanism 'SSO' is not available in mechanisms [BASIC, CLIENT_CERT, DIGEST, FORM] from the HttpAuthenticationFactory.
Caused by: java.lang.IllegalStateException: The required mechanism 'SSO' is not available in mechanisms [BASIC, CLIENT_CERT, DIGEST, FORM] from the HttpAuthenticationFactory."}}
15:04:08,545 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([
("subsystem" => "undertow"),
("server" => "default-server"),
("host" => "default-host"),
("filter-ref" => "Access-Control-Allow-Origin")
]) - failure description: {
"WFLYCTL0412: Required services that are not installed:" => ["jboss.undertow.filter.Access-Control-Allow-Origin"],
"WFLYCTL0180: Services with missing/unavailable dependencies" => ["jboss.undertow.server.default-server.default-host.filter-ref.Access-Control-Allow-Origin is missing [jboss.undertow.filter.Access-Control-Allow-Origin]"]
}
15:04:08,557 INFO [org.jboss.as.server] (ServerService Thread Pool -- 33) WFLYSRV0010: Deployed "docker-keycloak-java-keystore-spi-16.1.1.0-RELEASE.jar" (runtime-name : "docker-keycloak-java-keystore-spi-16.1.1.0-RELEASE.jar")
15:04:08,570 INFO [org.jboss.as.server] (ServerService Thread Pool -- 45) WFLYSRV0010: Deployed "keycloak-server.war" (runtime-name : "keycloak-server.war")
15:04:08,571 INFO [org.jboss.as.controller] (Controller Boot Thread) WFLYCTL0183: Service status report
WFLYCTL0184: New missing/unsatisfied dependencies:
service jboss.undertow.filter.Access-Control-Allow-Origin (missing) dependents: [service jboss.undertow.server.default-server.default-host.filter-ref.Access-Control-Allow-Origin]
WFLYCTL0186: Services which failed to start: service jboss.deployment.unit."keycloak-server.war".undertow-deployment: java.lang.RuntimeException: java.lang.IllegalStateException: The required mechanism 'SSO' is not available in mechanisms [BASIC, CLIENT_CERT, DIGEST, FORM] from the HttpAuthenticationFactory.
WFLYCTL0448: 1 additional services are down due to their dependencies being missing or failed
15:04:08,655 INFO [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0212: Resuming server
15:04:08,658 ERROR [org.jboss.as] (Controller Boot Thread) WFLYSRV0026: Keycloak 16.1.1 (WildFly Core 18.0.4.Final) started (with errors) in 8629ms - Started 767 of 1060 services (4 services failed or missing dependencies, 719 services are lazy, passive or on-demand)
15:04:08,659 INFO [org.jboss.as] (Controller Boot Thread) WFLYSRV0060: Http management interface listening on http://0.0.0.0:9990/management
15:04:08,660 INFO [org.jboss.as] (Controller Boot Thread) WFLYSRV0051: Admin console listening on http://0.0.0.0:9990
Version
16.1.1
Expected behavior
Server starts up and fully upgrades to 16.1.1. Login Page is available.
Actual behavior
15:04:08,220 WARN [org.jboss.as.server.deployment] (MSC service thread 1-2) WFLYSRV0273: Excluded subsystem webservices via jboss-deployment-structure.xml does not exist.
15:04:08,452 ERROR [org.jboss.msc.service.fail] (ServerService Thread Pool -- 66) MSC000001: Failed to start service jboss.deployment.unit."keycloak-server.war".undertow-deployment: org.jboss.msc.service.StartException in service jboss.deployment.unit."keycloak-server.war".undertow-deployment: java.lang.RuntimeException: java.lang.IllegalStateException: The required mechanism 'SSO' is not available in mechanisms [BASIC, CLIENT_CERT, DIGEST, FORM] from the HttpAuthenticationFactory.
at org.wildfly.extension.undertow@26.0.1.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentService$1.run(UndertowDeploymentService.java:90)
at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at org.jboss.threads@2.4.0.Final//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
at org.jboss.threads@2.4.0.Final//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1990)
at org.jboss.threads@2.4.0.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
at org.jboss.threads@2.4.0.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
at java.base/java.lang.Thread.run(Thread.java:829)
at org.jboss.threads@2.4.0.Final//org.jboss.threads.JBossThread.run(JBossThread.java:513)
Caused by: java.lang.RuntimeException: java.lang.IllegalStateException: The required mechanism 'SSO' is not available in mechanisms [BASIC, CLIENT_CERT, DIGEST, FORM] from the HttpAuthenticationFactory.
at io.undertow.servlet@2.2.14.Final//io.undertow.servlet.core.DeploymentManagerImpl.deploy(DeploymentManagerImpl.java:257)
at org.wildfly.extension.undertow@26.0.1.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentService.startContext(UndertowDeploymentService.java:105)
at org.wildfly.extension.undertow@26.0.1.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentService$1.run(UndertowDeploymentService.java:87)
... 8 more
Caused by: java.lang.IllegalStateException: The required mechanism 'SSO' is not available in mechanisms [BASIC, CLIENT_CERT, DIGEST, FORM] from the HttpAuthenticationFactory.
at org.wildfly.security.elytron-web.undertow-server-servlet@1.10.1.Final//org.wildfly.elytron.web.undertow.server.servlet.AuthenticationManager.initialSecurityHandler(AuthenticationManager.java:156)
at org.wildfly.security.elytron-web.undertow-server-servlet@1.10.1.Final//org.wildfly.elytron.web.undertow.server.servlet.AuthenticationManager.lambda$configure$2(AuthenticationManager.java:101)
at io.undertow.servlet@2.2.14.Final//io.undertow.servlet.core.DeploymentManagerImpl.setupSecurityHandlers(DeploymentManagerImpl.java:445)
at io.undertow.servlet@2.2.14.Final//io.undertow.servlet.core.DeploymentManagerImpl.access$600(DeploymentManagerImpl.java:122)
at io.undertow.servlet@2.2.14.Final//io.undertow.servlet.core.DeploymentManagerImpl$1.call(DeploymentManagerImpl.java:226)
at io.undertow.servlet@2.2.14.Final//io.undertow.servlet.core.DeploymentManagerImpl$1.call(DeploymentManagerImpl.java:187)
at io.undertow.servlet@2.2.14.Final//io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:42)
at io.undertow.servlet@2.2.14.Final//io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
at org.wildfly.extension.undertow@26.0.1.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1544)
at org.wildfly.extension.undertow@26.0.1.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1544)
at org.wildfly.extension.undertow@26.0.1.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1544)
at org.wildfly.extension.undertow@26.0.1.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1544)
at io.undertow.servlet@2.2.14.Final//io.undertow.servlet.core.DeploymentManagerImpl.deploy(DeploymentManagerImpl.java:255)
... 10 more
15:04:08,457 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([("deployment" => "keycloak-server.war")]) - failure description: {"WFLYCTL0080: Failed services" => {"jboss.deployment.unit.\"keycloak-server.war\".undertow-deployment" => "java.lang.RuntimeException: java.lang.IllegalStateException: The required mechanism 'SSO' is not available in mechanisms [BASIC, CLIENT_CERT, DIGEST, FORM] from the HttpAuthenticationFactory.
Caused by: java.lang.RuntimeException: java.lang.IllegalStateException: The required mechanism 'SSO' is not available in mechanisms [BASIC, CLIENT_CERT, DIGEST, FORM] from the HttpAuthenticationFactory.
Caused by: java.lang.IllegalStateException: The required mechanism 'SSO' is not available in mechanisms [BASIC, CLIENT_CERT, DIGEST, FORM] from the HttpAuthenticationFactory."}}
15:04:08,545 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([
("subsystem" => "undertow"),
("server" => "default-server"),
("host" => "default-host"),
("filter-ref" => "Access-Control-Allow-Origin")
]) - failure description: {
"WFLYCTL0412: Required services that are not installed:" => ["jboss.undertow.filter.Access-Control-Allow-Origin"],
"WFLYCTL0180: Services with missing/unavailable dependencies" => ["jboss.undertow.server.default-server.default-host.filter-ref.Access-Control-Allow-Origin is missing [jboss.undertow.filter.Access-Control-Allow-Origin]"]
}
15:04:08,557 INFO [org.jboss.as.server] (ServerService Thread Pool -- 33) WFLYSRV0010: Deployed "docker-keycloak-java-keystore-spi-16.1.1.0-RELEASE.jar" (runtime-name : "docker-keycloak-java-keystore-spi-16.1.1.0-RELEASE.jar")
15:04:08,570 INFO [org.jboss.as.server] (ServerService Thread Pool -- 45) WFLYSRV0010: Deployed "keycloak-server.war" (runtime-name : "keycloak-server.war")
15:04:08,571 INFO [org.jboss.as.controller] (Controller Boot Thread) WFLYCTL0183: Service status report
WFLYCTL0184: New missing/unsatisfied dependencies:
service jboss.undertow.filter.Access-Control-Allow-Origin (missing) dependents: [service jboss.undertow.server.default-server.default-host.filter-ref.Access-Control-Allow-Origin]
WFLYCTL0186: Services which failed to start: service jboss.deployment.unit."keycloak-server.war".undertow-deployment: java.lang.RuntimeException: java.lang.IllegalStateException: The required mechanism 'SSO' is not available in mechanisms [BASIC, CLIENT_CERT, DIGEST, FORM] from the HttpAuthenticationFactory.
WFLYCTL0448: 1 additional services are down due to their dependencies being missing or failed
15:04:08,655 INFO [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0212: Resuming server
15:04:08,658 ERROR [org.jboss.as] (Controller Boot Thread) WFLYSRV0026: Keycloak 16.1.1 (WildFly Core 18.0.4.Final) started (with errors) in 8629ms - Started 767 of 1060 services (4 services failed or missing dependencies, 719 services are lazy, passive or on-demand)
15:04:08,659 INFO [org.jboss.as] (Controller Boot Thread) WFLYSRV0060: Http management interface listening on http://0.0.0.0:9990/management
15:04:08,660 INFO [org.jboss.as] (Controller Boot Thread) WFLYSRV0051: Admin console listening on http://0.0.0.0:9990
How to Reproduce?
I’m upgrading from keycloak 15.0.2 to 16.1.1 in an OCP environment. FIPS has been disabled.
Anything else?
No response
Issue Analytics
- State:
- Created 2 years ago
- Comments:6 (2 by maintainers)
Top Results From Across the Web
The required mechanism 'SSO' is not available in mechanisms ...
The required mechanism 'SSO' is not available in mechanisms [FORM, BASIC] from the HttpAuthenticationFactory.
Read more >How to fix "The required mechanism 'SSO' is not available in ...
Caused by: java.lang.IllegalStateException: The required mechanism 'SSO' is not available in mechanisms [BASIC, CLIENT_CERT, DIGEST, FORM] from ...
Read more >Single Sign on in a cluster - WildFly - JBoss.org
IllegalStateException: WFLYUT0085: The required mechanism 'SSO' is not available in mechanisms [FORM] from the HttpAuthenticationFactory.
Read more >WildFly Elytron Security
The HttpAuthenticationFactory is an authentication policy for authentication using HTTP authentication mechanisms, including the BASIC, ...
Read more >Servlet Security - Undertow
The built in mechanisms are FORM, DIGEST, CLIENT_CERT and BASIC. Adding a Custom Authentication Mechanism. Custom authentication mechanisms are ...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Recent WildFly upgrade resulted in a lot of changes to the config. See the release notes for details.
Not quite sure what needs changing in your script, but don’t have time to debug that for you I’m afraid.
Since this is not a bug in Keycloak I’m going to close this one.
@stianst
It looks like our issue is with the /subsystem configurations. I can’t seem to find any detailed information on how to rewrite configurations for this part of the 16.1.1 upgrade as it was a rather substantial script.
cm-keycloak-server-script.scrubbed.yaml
If i knew where the specs and some examples were and which parts of this script needed to be rewritten, that would help a lot. The only examples I could find were so minimalistic they weren’t useful for converting out existing OpenShift environment as there was nothing to compare.