[keycloak-dev] Wildfly integration

Bill Burke bburke at redhat.com
Thu Jul 24 12:49:22 EDT 2014 

What version of Wildfly?  The Undertow auth should not be called for non 
secured URLs.

On 7/24/2014 12:30 PM, Stian Thorgersen wrote:
> The problem was down to the fact that the unified-push application wasn't set to bearer-only and Undertow seems to invoke the authentication mechanism even though it's a non-secured resource.
>
> What happens in details are:
>
> 1. /index.html is loaded
> 2. keycloak.js redirects to login page
> 3. Keycloak returns ?code=...
> 4. Undertow invokes authentication mechanism (even though /index.html is not secured), sees the code, checks for a state cookie, doesn't find one, returns 400
>
> One AS7 it works because AS7 doesn't invoke the authentication mechanism at all for /index.html (which seems the correct way to me, as the resource is not part of a secured-constraint).
>
> Setting unified-push to bearerOnly (which it should be in any case as it's used for jax-rs endpoints) works around the issue as our Undertow adapter will only look for bearer token and not do anything else.
>
> Question: is this a bug in Undertow? is it something we have to add a solution to our Undertow adapter?
>
> ----- Original Message -----
>> From: "Stian Thorgersen" <stian at redhat.com>
>> To: "Bruno Oliveira" <bruno at abstractj.org>
>> Cc: "keycloak dev" <keycloak-dev at lists.jboss.org>
>> Sent: Thursday, 24 July, 2014 3:52:48 PM
>> Subject: Re: [keycloak-dev] Wildfly integration
>>
>> Got the same issue here, looking into it now
>>
>> ----- Original Message -----
>>> From: "Bruno Oliveira" <bruno at abstractj.org>
>>> To: "keycloak dev" <keycloak-dev at lists.jboss.org>
>>> Sent: Thursday, 24 July, 2014 1:57:38 PM
>>> Subject: [keycloak-dev] Wildfly integration
>>>
>>> Good morning guys, I'm banging my head against the wall with this issue:
>>> https://gist.github.com/abstractj/b5b79bf3a5eb77e7989a, basically what I'm
>>> trying to
>>> do is integrate the latest changes on master with UPS on AeroGear.
>>>
>>> On AS7 the application runs with no errors, but when I try to deploy on
>>> Wildfly I get HTTP 400 after login.
>>>
>>> Probably is some misconfiguration on my end, but I already double checked
>>> project-integrations, checked the examples, tried to debug on IntelliJ and
>>> Chrome.
>>>
>>> Here are the steps to reproduce:
>>>
>>> git clone git at github.com:keycloak/keycloak.git && cd keycloak && mvn
>>> clean install -DskipTests=true -Dcheckstyle.skip=true
>>> cd ..
>>> git clone git at github.com:aerogear/aerogear-parent.git && cd
>>> aerogear-parent && git checkout KeycloakBeta4 && mvn clean install
>>> cd ..
>>> git clone git at github.com:aerogear/aerogear-unifiedpush-server.git && cd
>>> aerogear-unifiedpush-server && git checkout KeycloakBeta4 && mvn clean
>>> install -Pwildfly -DskipTests=true -Dcheckstyle.skip=true
>>>
>>> cp databases/unifiedpush-h2-ds.xml $JBOSS_HOME/standalone/deployments
>>> cp auth-server/target/auth-server.war
>>> $JBOSS_HOME/standalone/deployments/
>>> cp server/target/ag-push.war $JBOSS_HOME/standalone/deployments
>>>
>>> $JBOSS_HOME/bin/standalone.sh
>>>
>>> If you have an idea, let me know.
>>>
>>> --
>>>
>>> abstractj
>>> PGP: 0x84DC9914
>>> _______________________________________________
>>> keycloak-dev mailing list
>>> keycloak-dev at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>>
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com

More information about the keycloak-dev mailing list