Error in keycloak during join

UCS - Univention Corporate Server
, ,
#1

Hello, i’m trying migrate to keycloack,following this How-to it install ok, but fail on join, the error is this…

File “/usr/sbin/univention-keycloak”, line 3100, in
sys.exit(main())
File “/usr/sbin/univention-keycloak”, line 3096, in main
return opt.func(opt) or 0
File “/usr/sbin/univention-keycloak”, line 2768, in init_keycloak_ucs
locales_format = [locale[:locale.index("")] for locale in locales]
File “/usr/sbin/univention-keycloak”, line 2768, in
locales_format = [locale[:locale.index("")] for locale in locales]
ValueError: substring not found
/usr/lib/univention-install/50keycloak.inst: FATAL:
EXITCODE=2
9ddc672d-a763-4c46-a014-f9f1ef76026f

Any help?

#2

Anyone can help out?

#3

Hi codemind,

it would helpfully to see the full traceback or the complete join.log to understand, why the 50keycloak.inst failed while the keycloak installation.

Kind regards,
Mirac

#4

Hello @MiracErde thanks for your time. The log is really what i have posted… but i put here the full join log

RUNNING 50keycloak.inst
2024-05-10 14:10:19.123477355+01:00 (in joinscript_init)
Setting ucs/web/overview/entries/admin/keycloak/description/de
Setting ucs/web/overview/entries/admin/keycloak/description
Setting ucs/web/overview/entries/admin/keycloak/label
Setting ucs/web/overview/entries/admin/keycloak/link
Setting ucs/web/overview/entries/admin/keycloak/icon
Setting ucs/web/overview/entries/admin/keycloak/link-target
Module: create_portal_entries
No modification: cn=keycloak,cn=entry,cn=portals,cn=univention,dc=ccm,dc=local
WARNING: cannot append cn=Domain Admins,cn=groups,dc=ccm,dc=local to allowedGroups, value exists
Object exists: cn=ldapacl,cn=univention,dc=ccm,dc=local
INFO: No change of core data of object 67keycloak.
No modification: cn=67keycloak,cn=ldapacl,cn=univention,dc=ccm,dc=local
Waiting for activation of the extension object 67keycloak: OK
Could not chdir to home directory /dev/null: Not a directory
File: /etc/apache2/sites-available/univention-keycloak.conf
File: /etc/apache2/sites-available/univention-keycloak.conf
Site univention-keycloak already enabled
Multifile: /etc/postgresql/11/main/pg_hba.conf
Multifile: /etc/postgresql/11/main/pg_hba.conf
Warning: The file ‘/etc/postgresql/15/main/pg_hba.conf’ is not registered as an UCR template.
Adding A record “ucs-sso-ng 192.168.120.2” to zone ccm.local…
done
10.05.24 14:10:34.160 DEBUG_INIT
10.05.24 14:10:34.161 DEBUG_EXIT
Restarting keycloak …
estarting keycloak … done
Traceback (most recent call last):
File “/usr/sbin/univention-keycloak”, line 3101, in
sys.exit(main())
File “/usr/sbin/univention-keycloak”, line 3097, in main
return opt.func(opt) or 0
File “/usr/sbin/univention-keycloak”, line 2768, in init_keycloak_ucs
locales_format = [locale[:locale.index("")] for locale in locales]
File “/usr/sbin/univention-keycloak”, line 2768, in
locales_format = [locale[:locale.index("")] for locale in locales]
ValueError: substring not found
/usr/lib/univention-install/50keycloak.inst: FATAL:
EXITCODE=2
15892b30-76d9-49f3-ae42-9d441c9dafb8
univention-join-hooks: looking for hook type “join/post-joinscripts” on CCMDC01.ccm.local
Found hooks:
sex mai 10 14:11:16 WEST 2024
univention-run-join-scripts finished

Also i’m unable to login to keycloak admin because get wrong credentials, i’m assuming that is because the join failed

#5

@MiracErde do you have opportunity to look at the logs? Do you need more info from my side?

Thanks

#6

Hello,

Even with latest upgrades i still have this issue.
Anyone can point out where i can dig to find the issue? The log information don’t tell much

#7

Hi Codemind,

sounds like the issue from this article:

Greetings

#8

I saw when you post that, but then i run the command and i don’t get any error

~# univention-keycloak --binduser “${keycloak_admin_user:-admin}” realms get
[‘master’]

So i assume that could be other thing… i will try that solution

root@CCMDC01:~# rm /etc/keycloak.secret
root@CCMDC01:~# su postgres
postgres@CCMDC01:/$ dropdb keycloak
could not change directory to “/root”: Permission denied
postgres@CCMDC01:/root$ cd …
postgres@CCMDC01:/$ dropdb keycloak
dropdb: database removal failed: ERROR: database “keycloak” does not exist

Then run install again and it still not work

#9

So still have the issue, also the log output that i have is a little different from post.

06.06.24 17:09:20.323 DEBUG_EXIT
Restarting keycloak …
estarting keycloak … done
[‘master’]
Traceback (most recent call last):
File “/usr/sbin/univention-keycloak”, line 3101, in
sys.exit(main())
File “/usr/sbin/univention-keycloak”, line 3097, in main
return opt.func(opt) or 0
File “/usr/sbin/univention-keycloak”, line 2768, in init_keycloak_ucs
locales_format = [locale[:locale.index("")] for locale in locales]
File “/usr/sbin/univention-keycloak”, line 2768, in
locales_format = [locale[:locale.index("")] for locale in locales]
ValueError: substring not found
/usr/lib/univention-install/50keycloak.inst: FATAL:

I have errors in lines 2768 and don’t have in lines 510, 191, 96 etc… also after restarting in the logs i have output of [‘master’]

#10

Ok…

I’m able to find the admin password inside docker compose file and i’m able to login into keycloak… but still can’t figure out why the join is failing

Mastodon