[keycloak-user] failed verification of token

Pratik Parikh pratik.p.parikh at gmail.com
Fri Nov 14 09:34:35 EST 2014 

Hi Bill,

    My goal is get liveoak, aerogear and keycloak working on different
servers.  LiveOak uses Keycloak and Aerogear.  Following are the steps i
took.

    1) Install Keycloak on one server with self signed certificate.  It is
accessible via https://XXX.XXX.XXX.XXX:8443/auth.  Worked
    2) Installed AreoGear on another server with self signed certificate.
It is accessible via https://XXX.XXX.XXX.XXX:8443/ag-push.  Worked
    3) Imported attached  JSON in as a new aerogear realm in keycloak.
  Worked
    4) Updated Keycloak to use MongoDB. Worked
    5) Update application aerogear with keycloak.json restarted wildfly
server. Updated application under AreoGear to use
https://XXX.XXX.XXX.XXX:8443/ag-push/* as a redirect uri. Worked.
    6) Restarted both the wildfly servers.
    7) After restart tried to login to https://XXX.XXX.XXX.XXX:8443/ag-push/
forwarded me to https://XXX.XXX.XXX.XXX:8443/auth login page.  Successfull
login was achieved.
    8) PROBLEM: After login redirect to
https://XXX.XXX.XXX.XXX:8443/ag-push/ where by i get error "No state
cookie" in AreoGear log, which is coming from OAuthRequestAuthenticator
line 116 because the adapter can not find a cookie with name "
OAuth_Token_Request_State" in HTTP.

   Troubleshooting Try 1.
   1) updated aerogear to use 1.0.1.Beta1 Adapter.  Still works does not
solve the problem same error.

   Troubleshooting Try 2.
   1) updated keycloak.json by adding *"disable-trust-manager": true*.
Still works does not solve the problem same error.

   Troubleshooting Try 2.  Still have not done but will do today is
   1) updated keycloak.json by adding *"disable-trust-manager":
false,"truststore": "/path","truststore-password": "password"*.  Will
report back shortly.

Regards,
Pratik Parikh

On Fri, Nov 14, 2014 at 8:46 AM, Bill Burke <bburke at redhat.com> wrote:

> Can you explain your problem again?  I think I am misunderstanding what
> problems you are having.  You linked this message:
>
> http://lists.jboss.org/pipermail/keycloak-user/2014-November/001170.html
>
> We do not support OIDC scope param, but you can limit the application's
> scope in the admin console.
>
> On 11/13/2014 10:28 PM, Pratik Parikh wrote:
> > Hi Bill,
> >
> >      Is this because both of my server (keycloak and aerogear are
> > https).  Do i need to establish trust between them?
> >
> > Regards,
> > Pratik Parikh
> >
> > On Thu, Nov 13, 2014 at 8:18 PM, Pratik Parikh
> > <pratik.p.parikh at gmail.com <mailto:pratik.p.parikh at gmail.com>> wrote:
> >
> >     Hi Bill,
> >
> >          Thanks i turned the scope off under the application but that
> >     did not help.  Could you please help us understand what is going
> >     on.  I am trying to look the code but seems like it is going to take
> >     be a bit to figure it out.  It seems like HttpFacade.Cookies is
> >     suppose to have state cookie which is contained in
> >     KeycloakDeployment. I did try what you suggest was that not
> >     correctly understood by me? I am new to keycloak but this is a great
> >     project would like to understand it and use it to its fullest
> >     extend. Can you help me get past this problem. Thanks in advance.
> >
> >     Regards,
> >     --
> >     Pratik Parikh
> >     - Mantra - Keep It Simple and Straightforward
> >
> >
> >
> >
> > --
> > Pratik Parikh
> > - Mantra - Keep It Simple and Straightforward
> >
> >
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
>
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>



-- 
Pratik Parikh
- Mantra - Keep It Simple and Straightforward
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20141114/62cb6706/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ups-realm.json
Type: application/json
Size: 2333 bytes
Desc: not available
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20141114/62cb6706/attachment.bin

More information about the keycloak-user mailing list