How To Resolve "The required mechanism 'BASIC' is not available in mechanisms [KEYCLOAK] from the HttpAuthenticationFactory"

Question

When I tried to deploy the keycloak-quickstart app-profile-jee-vanilla project, I ran into an error message. A bit of web searching did not provide a resolution, so I thought to ask here.

Here are the steps that I followed. Three bash shells are involved.

---

KEYCLOAK SHELL

curl -O -L https://downloads.jboss.org/keycloak/4.1.0.Final/keycloak-4.1.0.Final.tar.gz
tar xvfz keycloak-4.1.0.Final.tar.gz
./keycloak-4.1.0.Final/bin/standalone.sh -Djboss.socket.binding.port-offset=100

---

WILDFLY SHELL

curl -O -L http://download.jboss.org/wildfly/11.0.0.Final/wildfly-11.0.0.Final.tar.gz
curl -O -L https://downloads.jboss.org/keycloak/4.1.0.Final/adapters/keycloak-oidc/keycloak-wildfly-adapter-dist-4.1.0.Final.tar.gz
tar xvfz wildfly-11.0.0.Final.tar.gz
cd wildfly-11.0.0.Final
tar xvfz ../keycloak-wildfly-adapter-dist-4.1.0.Final.tar.gz
cd bin
./jboss-cli.sh --file=adapter-elytron-install-offline.cli
cd ../..
./wildfly-11.0.0.Final/bin/standlone.sh

---

QUICKSTART SHELL

git clone https://github.com/keycloak/keycloak-quickstarts
cd keycloak-quickstarts/app-profile-jee-vanilla
mvn clean wildfly:deploy

After a few minutes of compiling and such I see the "The required mechanism 'BASIC' is not available in mechanisms [KEYCLOAK] from the HttpAuthenticationFactory" message.

Can someone point me in the direction to resolve this issue?

Answer 1

according to the link below, this has to do with the default basic authentication setup in Wildfly, which is missing credentials by default (ldap-realm is insufficiently configured) https://issues.jboss.org/browse/JBEAP-9943

the issue can be resolved by redirecting authentication to Keycloak for a specific Wildfly deployment such as "vanilla.war", as described here: https://github.com/keycloak/keycloak-quickstarts/blob/latest/app-profile-jee-vanilla/README.md#configure-client-adapter-subsystem

and then deploying the app as posted in the issue (mvn clean wildfly:deploy)

Answer 2

I got the same problem. I found the workaround. Before running mvn clean wildfly:deploy, I set the secure-deployment in a keycloak subsystem as following:

<subsystem xmlns="urn:jboss:domain:keycloak:1.1">
  <secure-deployment name="vanilla.war">
    <realm>demo</realm>
    <auth-server-url>http://localhost:8180/auth</auth-server-url>
    <public-client>true</public-client>
    <ssl-required>EXTERNAL</ssl-required>
    <resource>vanilla</resource>
  </secure-deployment>
</subsystem>

Answer 3

Found out that the order of the "Getting Started Guide" of Keycloak needs to be changed. You have to do the step where you change the standalone.xml file afterwards.

Do this step before: Start the WildFly server and complete these steps:

> git clone https://github.com/keycloak/keycloak-quickstarts
> cd keycloak-quickstarts/app-profile-jee-vanilla
> mvn clean wildfly:deploy

and then change the "standalone.xml" file with:

> cd bin
> jboss-cli.bat --file=adapter-elytron-install-offline.cli

Answer 4

you just need to configure the following file: standalone/configuration/standalone.xml

check the link bellow: https://www.keycloak.org/docs/latest/getting_started/index.html

step 4.5

before run:

sudo mvn clean wildfly:deploy

Answer 5

The problem, as I now see, is that the elytron adapter was installed and it should not have been. I removed the Wildfly directory. Then un-tarred the tgz file. Without doing any other configuration, I started the Wildfly server. After the server started, the wildfly:deploy maven command worked.