Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Expected output for LDAP Connection healthcheck in 15.0.2.0 version #27

Open
afilipash opened this issue May 5, 2022 · 1 comment
Open

Expected output for LDAP Connection healthcheck in 15.0.2.0 version #27

afilipash opened this issue May 5, 2022 · 1 comment

Comments

@afilipash
Copy link

Hello Tomas,

We are using this Keycloak healthcheck implementation in our Keycloak deployments. Currently we migrated to Keycloak 16.1.1 and installed healthcheck 15.0.2.0 as per https://github.com/thomasdarimont/keycloak-health-checks/tree/15.0.2.0#readme.
We are interested in LDAP User Federation check at Realm level. It seems the output is not per our expectation.

Here are the details from our installation:

  • log entries about healthcheck module installation
2022-05-04 07:40:57,648 INFO  [org.wildfly.extension.health] (ServerService Thread Pool -- 37) WFLYHEALTH0001: Activating Base Health Subsystem
2022-05-04 07:40:57,953 INFO  [org.wildfly.extension.undertow] (MSC service thread 1-2) WFLYUT0006: Undertow HTTP listener https-health-check listening on 0.0.0.0:8668
2022-05-04 07:41:01,132 WARN  [org.keycloak.services] (ServerService Thread Pool -- 67) KC-SERVICES0047: health (com.github.thomasdarimont.keycloak.healthchecker.rest.HealthCheckResourceProviderFactory) is implementing the internal SPI realm-restapi-extension. This SPI is internal and may change without notice
  • keycloak-health-checks.jar and module.xml files available in modules/com/nsn/keycloak/extensions/keycloak-health-checks/main
<?xml version="1.0" ?>
<module xmlns="urn:jboss:module:1.1" name="com.nsn.keycloak.extensions.keycloak-health-checks">
    <resources>
        <resource-root path="keycloak-health-checks.jar"/>
    </resources>
    <dependencies>
        <module name="org.keycloak.keycloak-core"/>
        <module name="org.keycloak.keycloak-services"/>
        <module name="org.keycloak.keycloak-server-spi"/>
        <module name="org.keycloak.keycloak-server-spi-private"/>
        <module name="org.keycloak.keycloak-ldap-federation"/>
        <module name="org.keycloak.keycloak-kerberos-federation"/>
        <module name="org.jboss.resteasy.resteasy-jaxrs"/>
        <module name="org.apache.httpcomponents"/>
        <module name="com.google.guava"/>
        <module name="javax.api"/>
        <module name="javax.ws.rs.api"/>
        <module name="com.fasterxml.jackson.core.jackson-core"/>
        <module name="com.fasterxml.jackson.core.jackson-databind"/>
        <module name="com.fasterxml.jackson.core.jackson-annotations"/>
        <module name="org.jboss.logging"/>
        <module name="org.infinispan"/>
        <module name="org.infinispan.commons"/>
    </dependencies>
</module>
  • the module registration is available in standalone-ha.xml:
<provider>
    module:com.nsn.keycloak.extensions.keycloak-health-checks
</provider>
  • added a Realm with LDAP User Federation

When running healthcheck query (curl http://afi-key:8668/auth/realms/master/health/check) we are getting in the output only info about database, filesystem and infinispan:

{"details":{"database":{"connection":"established","state":"UP"},"filesystem":{"freebytes":61015674880,"state":"UP"},"infinispan":{"hostInfo":{"numberOfCpus":1,"totalMemoryKb":202840,"freeMemoryInKb":61705},"clusterName":"ejb","healthStatus":"HEALTHY","numberOfNodes":2,"nodeNames":["afi-ckey-0","afi-ckey-1"],"cacheDetails":[{"cacheName":"authenticationSessions","healthStatus":"HEALTHY"},{"cacheName":"realms","healthStatus":"HEALTHY"},{"cacheName":"sessions","healthStatus":"HEALTHY"},{"cacheName":"authorizationRevisions","healthStatus":"HEALTHY"},{"cacheName":"keys","healthStatus":"HEALTHY"},{"cacheName":"clientSessions","healthStatus":"HEALTHY"},{"cacheName":"work","healthStatus":"HEALTHY"},{"cacheName":"users","healthStatus":"HEALTHY"},{"cacheName":"loginFailures","healthStatus":"HEALTHY"},{"cacheName":"authorization","healthStatus":"HEALTHY"},{"cacheName":"offlineClientSessions","healthStatus":"HEALTHY"},{"cacheName":"realmRevisions","healthStatus":"HEALTHY"},{"cacheName":"offlineSessions","healthStatus":"HEALTHY"},{"cacheName":"actionTokens","healthStatus":"HEALTHY"},{"cacheName":"userRevisions","healthStatus":"HEALTHY"}],"state":"UP"}},"name":"keycloak","state":"UP"}

We have tried to query directly for ldap check (curl http://afi-key:8668/auth/realms/master/health/check/ldap) and here is the output:

{"state":"UP","details":{"ldapStatus":{},"state":"UP"},"name":"ldap"}

So, seems we are not getting the expected output. We had installed for a while an older version of this module (4.9.0.0-SNAPSHOT) and in the response we have had status per realm, under "ldap-user-federation" object:

{"details":{"database":{"connection":"established","state":"UP"},"ldap-user-federation":{"realms":[{"realm":"rt","connection":"established","authentication":"established"},{"realm":"ati","connection":"established","authentication":"established"},{"realm":"mel","connection":"established","authentication":"established"},{"realm":"cel","connection":"established","authentication":"established"},{"realm":"nip","connection":"established","authentication":"established"}],"state":"UP"},"infinispan":{"numberOfNodes":2,"state":"UP","healthStatus":"HEALTHY","nodeNames":["qa_12","qa_11"],"cacheDetails":[{"cacheName":"realms","healthStatus":"HEALTHY"},{"cacheName":"authenticationSessions","healthStatus":"HEALTHY"},{"cacheName":"sessions","healthStatus":"HEALTHY"},{"cacheName":"authorizationRevisions","healthStatus":"HEALTHY"},{"cacheName":"keys","healthStatus":"HEALTHY"},{"cacheName":"work","healthStatus":"HEALTHY"},{"cacheName":"clientSessions","healthStatus":"HEALTHY"},{"cacheName":"users","healthStatus":"HEALTHY"},{"cacheName":"loginFailures","healthStatus":"HEALTHY"},{"cacheName":"offlineClientSessions","healthStatus":"HEALTHY"},{"cacheName":"authorization","healthStatus":"HEALTHY"},{"cacheName":"realmRevisions","healthStatus":"HEALTHY"},{"cacheName":"offlineSessions","healthStatus":"HEALTHY"},{"cacheName":"actionTokens","healthStatus":"HEALTHY"},{"cacheName":"userRevisions","healthStatus":"HEALTHY"}],"clusterName":"ejb"},"filesystem":{"freebytes":12622778368,"state":"UP"}},"name":"keycloak","state":"UP"}

Could you help us understand is 15.0.2.0 module suitable for Keycloak 16.1.1? What could be the reason of no LDAP check results?

Kind Regards,
Alexandru
@ssonparo
Copy link

Hi Alexandru ,

As per the Readme document they are not having Ldap support
https://github.com/thomasdarimont/keycloak-health-checks/blob/master/readme.md
The following health-checks are currently available:
database
filesystem
infinispan

That is the reason you are getting this status back.

Hi Thomas ,
Please correct me , if I am wrong . Currently Ldap is not supported .

Regards
Shrikant

@ssonparo ssonparo mentioned this issue Jan 11, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@afilipash @ssonparo