Keycloak 26.4.0 - Microsoft SQL - Kerberos not working #43368
Description
Before reporting an issue
- I have read and understood the above terms for submitting issues, and I understand that my issue may be closed without action if I do not follow them.
Area
storage
Describe the bug
It seems that Kerberos authentication is not working when using Microsoft SQL as the database.
Error:
2025-10-10 12:19:27.161 stdout 2025-10-10 12:19:27,159 WARN [org.hibernate.engine.jdbc.env.internal.JdbcEnvironmentInitiator] (JPA Startup Thread) HHH000342: Could not obtain connection to query JDBC database metadata: org.hibernate.exception.JDBCConnectionException: Unable to obtain isolated JDBC connection [Kerberos Login failed: Integrated authentication failed. ClientConnectionId:6d3c893d-d6ee-4b37-b707-38d3ae0a0fec due to javax.security.auth.login.LoginException (No LoginModules configured for SQLJDBCDriver)] [n/a]
2025-10-10 12:19:27.161 stdout at org.hibernate.exception.internal.SQLStateConversionDelegate.convert(SQLStateConversionDelegate.java:80)
2025-10-10 12:19:27.161 stdout at org.hibernate.exception.internal.StandardSQLExceptionConverter.convert(StandardSQLExceptionConverter.java:34)
2025-10-10 12:19:27.161 stdout at org.hibernate.engine.jdbc.spi.SqlExceptionHelper.convert(SqlExceptionHelper.java:115)
2025-10-10 12:19:27.161 stdout at org.hibernate.engine.jdbc.spi.SqlExceptionHelper.convert(SqlExceptionHelper.java:101)
2025-10-10 12:19:27.161 stdout at org.hibernate.resource.transaction.backend.jta.internal.JtaIsolationDelegate.convert(JtaIsolationDelegate.java:229)
2025-10-10 12:19:27.161 stdout at org.hibernate.resource.transaction.backend.jta.internal.JtaIsolationDelegate.doTheWork(JtaIsolationDelegate.java:197)
2025-10-10 12:19:27.161 stdout at org.hibernate.resource.transaction.backend.jta.internal.JtaIsolationDelegate.lambda$delegateWork$3(JtaIsolationDelegate.java:76)
2025-10-10 12:19:27.161 stdout at org.hibernate.resource.transaction.backend.jta.internal.JtaIsolationDelegate.doInSuspendedTransaction(JtaIsolationDelegate.java:112)
2025-10-10 12:19:27.161 stdout at org.hibernate.resource.transaction.backend.jta.internal.JtaIsolationDelegate.delegateWork(JtaIsolationDelegate.java:73)
2025-10-10 12:19:27.161 stdout at org.hibernate.engine.jdbc.env.internal.JdbcEnvironmentInitiator.getJdbcEnvironmentUsingJdbcMetadata(JdbcEnvironmentInitiator.java:355)
2025-10-10 12:19:27.161 stdout at org.hibernate.engine.jdbc.env.internal.JdbcEnvironmentInitiator.getJdbcEnvironment(JdbcEnvironmentInitiator.java:149)
2025-10-10 12:19:27.161 stdout at org.hibernate.engine.jdbc.env.internal.JdbcEnvironmentInitiator.initiateService(JdbcEnvironmentInitiator.java:127)
2025-10-10 12:19:27.161 stdout at org.hibernate.engine.jdbc.env.internal.JdbcEnvironmentInitiator.initiateService(JdbcEnvironmentInitiator.java:82)
2025-10-10 12:19:27.161 stdout at org.hibernate.boot.registry.internal.StandardServiceRegistryImpl.initiateService(StandardServiceRegistryImpl.java:133)
2025-10-10 12:19:27.161 stdout at org.hibernate.service.internal.AbstractServiceRegistryImpl.createService(AbstractServiceRegistryImpl.java:262)
2025-10-10 12:19:27.161 stdout at org.hibernate.service.internal.AbstractServiceRegistryImpl.initializeService(AbstractServiceRegistryImpl.java:237)
2025-10-10 12:19:27.161 stdout at org.hibernate.service.internal.AbstractServiceRegistryImpl.getService(AbstractServiceRegistryImpl.java:214)
2025-10-10 12:19:27.161 stdout at org.hibernate.service.ServiceRegistry.requireService(ServiceRegistry.java:66)
2025-10-10 12:19:27.161 stdout at org.hibernate.engine.jdbc.internal.JdbcServicesImpl.configure(JdbcServicesImpl.java:50)
2025-10-10 12:19:27.161 stdout at org.hibernate.boot.registry.internal.StandardServiceRegistryImpl.configureService(StandardServiceRegistryImpl.java:139)
2025-10-10 12:19:27.161 stdout at org.hibernate.service.internal.AbstractServiceRegistryImpl.initializeService(AbstractServiceRegistryImpl.java:246)
2025-10-10 12:19:27.161 stdout at org.hibernate.service.internal.AbstractServiceRegistryImpl.getService(AbstractServiceRegistryImpl.java:214)
2025-10-10 12:19:27.161 stdout at org.hibernate.service.ServiceRegistry.requireService(ServiceRegistry.java:66)
2025-10-10 12:19:27.161 stdout at org.hibernate.boot.internal.SessionFactoryOptionsBuilder.<init>(SessionFactoryOptionsBuilder.java:272)
2025-10-10 12:19:27.161 stdout at io.quarkus.hibernate.orm.runtime.recording.PrevalidatedQuarkusMetadata.buildSessionFactoryOptionsBuilder(PrevalidatedQuarkusMetadata.java:70)
2025-10-10 12:19:27.161 stdout at io.quarkus.hibernate.orm.runtime.boot.FastBootEntityManagerFactoryBuilder.build(FastBootEntityManagerFactoryBuilder.java:94)
2025-10-10 12:19:27.161 stdout at io.quarkus.hibernate.orm.runtime.FastBootHibernatePersistenceProvider.createEntityManagerFactory(FastBootHibernatePersistenceProvider.java:88)
2025-10-10 12:19:27.161 stdout at jakarta.persistence.Persistence.createEntityManagerFactory(Persistence.java:90)
2025-10-10 12:19:27.161 stdout at io.quarkus.hibernate.orm.runtime.JPAConfig$LazyPersistenceUnit.get(JPAConfig.java:183)
2025-10-10 12:19:27.161 stdout at io.quarkus.hibernate.orm.runtime.JPAConfig$1.run(JPAConfig.java:68)
2025-10-10 12:19:27.161 stdout at java.base/java.lang.Thread.run(Thread.java:1583)
2025-10-10 12:19:27.161 stdout Caused by: com.microsoft.sqlserver.jdbc.SQLServerException: Kerberos Login failed: Integrated authentication failed. ClientConnectionId:6d3c893d-d6ee-4b37-b707-38d3ae0a0fec due to javax.security.auth.login.LoginException (No LoginModules configured for SQLJDBCDriver)
2025-10-10 12:19:27.161 stdout at com.microsoft.sqlserver.jdbc.KerbAuthentication.initAuthInit(KerbAuthentication.java:138)
2025-10-10 12:19:27.161 stdout at com.microsoft.sqlserver.jdbc.KerbAuthentication.generateClientContext(KerbAuthentication.java:252)
2025-10-10 12:19:27.161 stdout at com.microsoft.sqlserver.jdbc.SQLServerConnection.sendLogon(SQLServerConnection.java:7148)
2025-10-10 12:19:27.161 stdout at com.microsoft.sqlserver.jdbc.SQLServerConnection.logon(SQLServerConnection.java:5921)
2025-10-10 12:19:27.161 stdout at com.microsoft.sqlserver.jdbc.SQLServerConnection$LogonCommand.doExecute(SQLServerConnection.java:5853)
2025-10-10 12:19:27.161 stdout at com.microsoft.sqlserver.jdbc.TDSCommand.execute(IOBuffer.java:7825)
2025-10-10 12:19:27.161 stdout at com.microsoft.sqlserver.jdbc.SQLServerConnection.executeCommand(SQLServerConnection.java:4828)
2025-10-10 12:19:27.161 stdout at com.microsoft.sqlserver.jdbc.SQLServerConnection.connectHelper(SQLServerConnection.java:4261)
2025-10-10 12:19:27.161 stdout at com.microsoft.sqlserver.jdbc.SQLServerConnection.login(SQLServerConnection.java:3817)
2025-10-10 12:19:27.161 stdout at com.microsoft.sqlserver.jdbc.SQLServerConnection.connectInternal(SQLServerConnection.java:3591)
2025-10-10 12:19:27.161 stdout at com.microsoft.sqlserver.jdbc.SQLServerConnection.connect(SQLServerConnection.java:2286)
2025-10-10 12:19:27.161 stdout at com.microsoft.sqlserver.jdbc.SQLServerDriver.connect(SQLServerDriver.java:1371)
2025-10-10 12:19:27.161 stdout at io.agroal.pool.ConnectionFactory.createConnection(ConnectionFactory.java:225)
2025-10-10 12:19:27.161 stdout at io.agroal.pool.ConnectionPool$CreateConnectionTask.call(ConnectionPool.java:625)
2025-10-10 12:19:27.161 stdout at io.agroal.pool.ConnectionPool$CreateConnectionTask.call(ConnectionPool.java:606)
2025-10-10 12:19:27.161 stdout at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:317)
2025-10-10 12:19:27.161 stdout at io.agroal.pool.util.PriorityScheduledExecutor.beforeExecute(PriorityScheduledExecutor.java:75)
2025-10-10 12:19:27.161 stdout at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
2025-10-10 12:19:27.161 stdout at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642)
2025-10-10 12:19:27.161 stdout ... 1 more
2025-10-10 12:19:27.161 stdout Caused by: javax.security.auth.login.LoginException: No LoginModules configured for SQLJDBCDriver
2025-10-10 12:19:27.161 stdout at java.base/javax.security.auth.login.LoginContext.init(LoginContext.java:269)
2025-10-10 12:19:27.161 stdout at java.base/javax.security.auth.login.LoginContext.<init>(LoginContext.java:423)
2025-10-10 12:19:27.161 stdout at com.microsoft.sqlserver.jdbc.KerbAuthentication.initAuthInit(KerbAuthentication.java:113)
2025-10-10 12:19:27.161 stdout ... 19 more
2025-10-10 12:19:27.161 stdout
KC_DB_URL is set like this:
jdbc:sqlserver://OUR-PROD-DB:1433;database=Keycloak;integratedSecurity=true;authenticationScheme=JavaKerberos;encrypt=true;trustServerCertificate=true
SQL authentication (standard username/password without Kerberos) is not allowed by company policy, so switching to it is not an option.
For reference, version 26.3.3 works correctly with Kerberos.
Version
26.4.0
Regression
- The issue is a regression
Expected behavior
/
Actual behavior
/
How to Reproduce?
/
Anything else?
No response