Community Packages

Please read this before reporting a bug:

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!

FS#71287 - [keycloak] Doesn't work with Java 16

Attached to Project: Community Packages
Opened by Caleb Maclennan (alerque) - Friday, 18 June 2021, 11:49 GMT
Last edited by Sven-Hendrik Haase (Svenstaro) - Sunday, 04 July 2021, 20:49 GMT
Task Type Bug Report
Category Packages
Status Closed
Assigned To Sven-Hendrik Haase (Svenstaro)
Levente Polyak (anthraxx)
Architecture All
Severity Critical
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No


I just updated my SSO server and Keycloak 14 is is falling over badly, it can no longer talk to LDAP and is throwing stack traces in the log files. I actually tried downgrading to 13 and had the same trouble.

It turns out Java is the culprit and the 15→16 update that happened today along with Keycloak 13→14.

I suggest urgently marking the Keycloak package as needing Java < 16 so other people's servers don't break.
This task depends upon

Closed by  Sven-Hendrik Haase (Svenstaro)
Sunday, 04 July 2021, 20:49 GMT
Reason for closing:  Fixed
Additional comments about closing:  Package is fixed to make sure a lesser version of Java is always used. We won't make the software itself compatible with Java 16, upstream has to do that work.
Comment by Caleb Maclennan (alerque) - Friday, 18 June 2021, 11:54 GMT
Upstream issue here, they don't support 16 at all yet:
Comment by Caleb Maclennan (alerque) - Friday, 18 June 2021, 12:29 GMT
For others hitting this issue it look like switching from `jre-openjdk` to `jre11-openjdk` is the way to go for now.

The Keycloak package needs to set `depends=(java-runtime>=8 java-runtime<=15)`.
Comment by Levente Polyak (anthraxx) - Saturday, 19 June 2021, 23:49 GMT
Caleb: depends=(java-runtime>=8 java-runtime<=15) doesnt work as you think. Everyone can freely configure whatever will be /usr/bin/java which ultimately breaks this package. The save way to fix such issues is directly depending on f.e. java-runtime=11 and patch the call depending on who invokes java
Comment by Levente Polyak (anthraxx) - Monday, 21 June 2021, 19:01 GMT
Caleb: Can you test 14.0.0-3 from [community-testing] and give feedback?
Comment by Caleb Maclennan (alerque) - Tuesday, 22 June 2021, 07:30 GMT
Yes I'll take a look.
Comment by Caleb Maclennan (alerque) - Tuesday, 22 June 2021, 09:55 GMT
I've installed an run the -3 packaging on one of my production servers and all seems well. I'm not seeing any issues that didn't exist before. There are some Java warnings in the service log but they are app related and have been occuring for a while. As far as I'm concerned this looks okay.

That being said my testing setup is of limited because (as of my original problem) the system only has Java 11 to work with across the board at it's the system default JRE. I can't comment on whether the patches actually worked to run this service on a system with multiple versions of JRE to choose from and a different default.