RH-SSO 7.6.6 consumes 100% of the CPU when using x509 authentication

Solution Unverified - Updated -

Issue

After upgrading to RH-SSO 7.6.6, my customer faces following error repeatedly. The thread was killed by TransactionReaper. It indicates the thread was stuck.

2024-02-08 14:25:01,442 WARN  [com.arjuna.ats.arjuna] (Transaction Reaper) ARJUNA012117: TransactionReaper::check processing TX 0:ffff7f000001:20e56aaa:65c4643b:84 in state  RUN
2024-02-08 14:25:01,451 WARN  [com.arjuna.ats.arjuna] (Transaction Reaper Worker 0) ARJUNA012095: Abort of action id 0:ffff7f000001:20e56aaa:65c4643b:84 invoked while multiple threads active within it.
2024-02-08 14:25:01,477 WARN  [com.arjuna.ats.arjuna] (Transaction Reaper Worker 0) ARJUNA012381: Action id 0:ffff7f000001:20e56aaa:65c4643b:84 completed with multiple threads - thread default task-2 was in progress with org.keycloak.authentication.authenticators.x509.UserIdentityExtractor$SubjectAltNameExtractor.unwrap(UserIdentityExtractor.java:210)
org.keycloak.authentication.authenticators.x509.UserIdentityExtractor$SubjectAltNameExtractor.extractUserIdentity(UserIdentityExtractor.java:175)
org.keycloak.authentication.authenticators.x509.X509ClientCertificateAuthenticator.authenticate(X509ClientCertificateAuthenticator.java:104)
org.keycloak.authentication.DefaultAuthenticationFlow.processSingleFlowExecutionModel(DefaultAuthenticationFlow.java:460)
org.keycloak.authentication.DefaultAuthenticationFlow.processFlow(DefaultAuthenticationFlow.java:286)
org.keycloak.authentication.DefaultAuthenticationFlow.processSingleFlowExecutionModel(DefaultAuthenticationFlow.java:395)
org.keycloak.authentication.DefaultAuthenticationFlow.processFlow(DefaultAuthenticationFlow.java:264)
org.keycloak.authentication.DefaultAuthenticationFlow.processSingleFlowExecutionModel(DefaultAuthenticationFlow.java:395)
org.keycloak.authentication.DefaultAuthenticationFlow.continueAuthenticationAfterSuccessfulAction(DefaultAuthenticationFlow.java:196)
org.keycloak.authentication.DefaultAuthenticationFlow.processAction(DefaultAuthenticationFlow.java:172)
org.keycloak.authentication.AuthenticationProcessor.authenticationAction(AuthenticationProcessor.java:990)
org.keycloak.services.resources.LoginActionsService.processFlow(LoginActionsService.java:314)
org.keycloak.services.resources.LoginActionsService.processAuthentication(LoginActionsService.java:285)
org.keycloak.services.resources.LoginActionsService.authenticate(LoginActionsService.java:277)
org.keycloak.services.resources.LoginActionsService.authenticateForm(LoginActionsService.java:342)

Environment

  • Red Hat Single Sign-On (RH-SSO)
    • 7.6.6

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content