[keycloak-user] Noob question -- 'forbidden' on demo after redirect
Walter Rice
walterrrice at gmail.com
Fri Feb 13 16:47:46 EST 2015
Hi,
I am trying to set up the demo as per the youtube videos (#1 and #2). I am
using keycloak 1.0.5. I have set up per the video (i think), however things
aren't working as expected.
I browse to http://localhost:8080/customer-portal/ and all is fine. I click
Customer Listing and I am redirected to login page as expected. I enter my
name/pw , this is successful and then I am redirected back to
http://localhost:8080/customer-portal/customers/view.jsp but the page is
'Forbidden' (redirect uri appears ok here?)
I am using the 'full' version with bundled wildfly server.
*customer app:*
keycloak file
{
"realm": "cryo198",
"realm-public-key":
"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCFnsEHg1o9UMBpMoHqLxYesXgDsTHnv1vF0AgrznxAcLfmYUdjvBNdIXZNfB7I7tG9OMHvX21h9arHdcdg2qqk9adLjHuImg/LhYHVOrosJ/sybohrR/Im+k1fTsw/5p/nwZKOF1DLL4/4SZAY2h19FGCi0ZgIvE80psq98UvCNQIDAQAB",
"auth-server-url": "http://localhost:8080/auth",
"ssl-required": "external",
"resource": "customer-portal",
"credentials": {
"secret": "a0872aa0-113d-435c-a9d6-56cd9b270e22"
}
}
*web.xml*
<login-config>
<auth-method>KEYCLOAK</auth-method>
<realm-name>cryo198</realm-name>
</login-config>
*redirect URI:*
/customer-portal/*
*database app:*
{
"realm": "cryo198",
"realm-public-key":
"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCFnsEHg1o9UMBpMoHqLxYesXgDsTHnv1vF0AgrznxAcLfmYUdjvBNdIXZNfB7I7tG9OMHvX21h9arHdcdg2qqk9adLjHuImg/LhYHVOrosJ/sybohrR/Im+k1fTsw/5p/nwZKOF1DLL4/4SZAY2h19FGCi0ZgIvE80psq98UvCNQIDAQAB",
"auth-server-url": "http://localhost:8080/auth",
"ssl-required": "NONE",
"resource": "database",
"bearer-only": "true"
}
*web.xml*
<login-config>
<auth-method>KEYCLOAK</auth-method>
<realm-name>cryo198</realm-name>
</login-config>
*redirect URI:*
n./a ..set as bearer only
*deployed apps:*
$
/c/tools/keycloak-appliance-dist-all-1.0.5.Final/keycloak-appliance-dist-all-1.0.5.Final/keycloak/bin/jboss-cli.sh
-c --command="deploy -l"
NAME RUNTIME-NAME ENABLED STATUS
admin-access.war admin-access.war true OK
angular-product.war angular-product.war true OK
auth-server.war auth-server.war true OK
customer-portal-js.war customer-portal-js.war true OK
customer-portal.war customer-portal.war true OK
database.war database.war true OK
product-portal.war product-portal.war true OK
*Log:*
2015-02-13 21:22:29,665 DEBUG [org.keycloak.adapters.PreAuthActionsHandler]
(default task-41) adminRequest http://localhost:8080/customer-portal/custo
mers/view.jsp
2015-02-13 21:22:29,667 TRACE [org.keycloak.adapters.RequestAuthenticator]
(default task-41) --> authenticate()
2015-02-13 21:22:29,668 TRACE [org.keycloak.adapters.RequestAuthenticator]
(default task-41) try bearer
2015-02-13 21:22:29,669 TRACE [org.keycloak.adapters.RequestAuthenticator]
(default task-41) try oauth
2015-02-13 21:22:29,669 DEBUG [org.keycloak.adapters.RequestAuthenticator]
(default task-41) session was null, returning null
2015-02-13 21:22:29,670 DEBUG
[org.keycloak.adapters.OAuthRequestAuthenticator] (default task-41) there
was no code
2015-02-13 21:22:29,670 DEBUG
[org.keycloak.adapters.OAuthRequestAuthenticator] (default task-41)
redirecting to auth server
2015-02-13 21:22:29,671 DEBUG
[org.keycloak.adapters.OAuthRequestAuthenticator] (default task-41)
callback uri: http://localhost:8080/customer-portal/
customers/view.jsp
2015-02-13 21:22:29,672 DEBUG
[org.keycloak.adapters.OAuthRequestAuthenticator] (default task-41) Sending
redirect to login page: http://localhost:808
0/auth/realms/cryo198/tokens/login?client_id=customer-portal&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Fcustomer-portal%2Fcustomers%2Fview.jsp&state
=2%2F8185a8ea-5a38-4a91-b990-1b32ccabb2e8&login=true
2015-02-13 21:22:29,701 DEBUG
[org.keycloak.services.resources.TokenService] (default task-42) replacing
relative valid redirect with: http://localhos
t:8080/customer-portal/*
2015-02-13 21:22:29,702 DEBUG
[org.keycloak.services.managers.AuthenticationManager] (default task-42)
Could not find cookie: KEYCLOAK_IDENTITY
2015-02-13 21:22:46,300 DEBUG
[org.keycloak.services.resources.TokenService] (default task-43) replacing
relative valid redirect with: http://localhos
t:8080/customer-portal/*
2015-02-13 21:22:46,301 DEBUG
[org.keycloak.services.managers.AuthenticationManager] (default task-43)
validating password for user: walt
2015-02-13 21:22:46,306 DEBUG
[org.keycloak.services.managers.AuthenticationManager] (default task-43)
Expiring remember me cookie
2015-02-13 21:22:46,307 DEBUG
[org.keycloak.services.managers.AuthenticationManager] (default task-43)
Expiring cookie: KEYCLOAK_REMEMBER_ME path: /au
th/realms/cryo198
2015-02-13 21:22:46,308 DEBUG
[org.keycloak.services.resources.flows.OAuthFlows] (default task-43)
processAccessCode: isResource: true
2015-02-13 21:22:46,308 DEBUG
[org.keycloak.services.resources.flows.OAuthFlows] (default task-43)
processAccessCode: go to oauth page?: false
2015-02-13 21:22:46,329 DEBUG
[org.keycloak.services.resources.flows.OAuthFlows] (default task-43)
redirectAccessCode: state: 2/8185a8ea-5a38-4a91-b99
0-1b32ccabb2e8
2015-02-13 21:22:46,340 DEBUG
[org.keycloak.services.managers.AuthenticationManager] (default task-43)
Create login cookie - name: KEYCLOAK_IDENTITY,
path: /auth/realms/cryo198, max-age: -1
2015-02-13 21:22:46,387 DEBUG [org.keycloak.adapters.PreAuthActionsHandler]
(default task-44) adminRequest http://localhost:8080/customer-portal/custo
mers/view.jsp?code=zf9VUvG6-QkAWtF8xDFcJfnBnrY.OTY1YjllMzMtZDdlNS00YWQwLWEwMzgtZjIzMTJhODZjMTIx&state=2%2F8185a8ea-5a38-4a91-b990-1b32ccabb2e8
2015-02-13 21:22:46,388 TRACE [org.keycloak.adapters.RequestAuthenticator]
(default task-44) --> authenticate()
2015-02-13 21:22:46,389 TRACE [org.keycloak.adapters.RequestAuthenticator]
(default task-44) try bearer
2015-02-13 21:22:46,389 TRACE [org.keycloak.adapters.RequestAuthenticator]
(default task-44) try oauth
2015-02-13 21:22:46,389 DEBUG [org.keycloak.adapters.RequestAuthenticator]
(default task-44) session was null, returning null
2015-02-13 21:22:46,390 DEBUG
[org.keycloak.adapters.OAuthRequestAuthenticator] (default task-44) there
was a code, resolving
2015-02-13 21:22:46,390 DEBUG
[org.keycloak.adapters.OAuthRequestAuthenticator] (default task-44)
checking state cookie for after code
2015-02-13 21:22:46,390 DEBUG
[org.keycloak.adapters.OAuthRequestAuthenticator] (default task-44) **
reseting application state cookie
2015-02-13 21:22:46,477 DEBUG
[org.keycloak.adapters.OAuthRequestAuthenticator] (default task-44) Token
Verification succeeded!
2015-02-13 21:22:46,478 DEBUG
[org.keycloak.adapters.OAuthRequestAuthenticator] (default task-44)
successful authenticated
2015-02-13 21:22:46,478 TRACE
[org.keycloak.adapters.RefreshableKeycloakSecurityContext] (default
task-44) checking whether to refresh.
2015-02-13 21:22:46,478 TRACE
[org.keycloak.adapters.undertow.KeycloakUndertowAccount] (default task-44)
use realm role mappings
2015-02-13 21:22:46,479 DEBUG
[org.keycloak.adapters.wildfly.WildflyRequestAuthenticator] (default
task-44) propagate security context to wildfly
2015-02-13 21:22:46,481 TRACE
[org.keycloak.adapters.RefreshableKeycloakSecurityContext] (default
task-44) checking whether to refresh.
2015-02-13 21:22:46,484 DEBUG [org.keycloak.adapters.RequestAuthenticator]
(default task-44) AUTHENTICATED
2015-02-13 21:22:46,502 DEBUG [org.keycloak.adapters.PreAuthActionsHandler]
(default task-46) adminRequest http://localhost:8080/customer-portal/custo
mers/view.jsp
2015-02-13 21:22:46,505 TRACE [org.keycloak.adapters.RequestAuthenticator]
(default task-46) --> authenticate()
2015-02-13 21:22:46,506 TRACE [org.keycloak.adapters.RequestAuthenticator]
(default task-46) try bearer
2015-02-13 21:22:46,506 TRACE [org.keycloak.adapters.RequestAuthenticator]
(default task-46) try oauth
2015-02-13 21:22:46,507 DEBUG
[org.keycloak.adapters.undertow.KeycloakUndertowAccount] (default task-46)
session is active
2015-02-13 21:22:46,508 DEBUG [org.keycloak.adapters.RequestAuthenticator]
(default task-46) Cached account found
2015-02-13 21:22:46,508 DEBUG
[org.keycloak.adapters.wildfly.WildflyRequestAuthenticator] (default
task-46) propagate security context to wildfly
2015-02-13 21:22:46,509 DEBUG [org.keycloak.adapters.RequestAuthenticator]
(default task-46) AUTHENTICATED: was cached
2015-02-13 21:22:46,510 DEBUG
[org.keycloak.adapters.AuthenticatedActionsHandler] (default task-46)
AuthenticatedActionsValve.invoke http://localhost:
8080/customer-portal/customers/view.jsp
Many thanks
W
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20150213/c51d885a/attachment-0001.html
More information about the keycloak-user
mailing list