[keycloak-user] Always redirected to login form

Marko Radinovic markoradinovic79 at gmail.com
Wed Jan 21 17:58:37 EST 2015


Hi,
I tried without proxy server, but it’s not working. 

When I navigate to admin console

http://accounts.e-karton.net:8081/admin/maste/console <http://accounts.e-karton.net:8081/admin/maste/console>

I’m redirected to 
http://accounts.e-karton.net:8081//realms/master/tokens/login?client_id=security-admin-console&redirect_uri=http%3A%2F%2Faccounts.e-karton.net%3A8081%2Fadmin%2Fmaster%2Fconsole%2F&state=1e8dc6f1-b49f-4cce-8cc4-59233caafbb2&response_type=code <http://accounts.e-karton.net:8081//realms/master/tokens/login?client_id=security-admin-console&redirect_uri=http://accounts.e-karton.net:8081/admin/master/console/&state=1e8dc6f1-b49f-4cce-8cc4-59233caafbb2&response_type=code>

Redirect url is invalid because of appended “/“. Now I’m getting this in log:

2015-01-21 15:07:32,193 WARN  [org.jboss.resteasy.core.ExceptionHandler] (default task-63) failed to execute: javax.ws.rs.NotFoundException: Could not find resource for full path: http://accounts.e-karton.net:8081//realms/master/tokens/login?client_id=security-admin-console&redirect_uri=http%3A%2F%2Faccounts.e-karton.net%3A8081%2Fadmin%2Fmaster%2Fconsole%2F&state=1e8dc6f1-b49f-4cce-8cc4-59233caafbb2&response_type=code <http://accounts.e-karton.net:8081//realms/master/tokens/login?client_id=security-admin-console&redirect_uri=http://accounts.e-karton.net:8081/admin/master/console/&state=1e8dc6f1-b49f-4cce-8cc4-59233caafbb2&response_type=code>

The same thing is happening when using proxy server, but there is nothing in log file.

How can I prevent this?

Thank you.

> On Jan 21, 2015, at 7:17 AM, Stian Thorgersen <stian at redhat.com> wrote:
> 
> Does it work if you bypass the proxy?
> 
> ----- Original Message -----
>> From: "Marko Radinovic" <markoradinovic79 at gmail.com>
>> To: keycloak-user at lists.jboss.org
>> Sent: Tuesday, 20 January, 2015 8:17:41 PM
>> Subject: [keycloak-user] Always redirected to login form
>> 
>> Hi,
>> When I try to login to master realm, I’am redirected back to login page.
>> 
>> I’m using:
>> Wildfly 8.2.0.Final
>> Keycloak version 1.1.0-Beta2
>> Apache2 as proxy server.
>> 
>> Here is my apache configuration
>> 
>> IfModule mod_ssl.c>
>> <VirtualHost _default_:443>
>> ServerName accounts.e-karton.net
>> 
>> ErrorLog ${APACHE_LOG_DIR}/ accounts.e-karton.net -error.log
>> CustomLog ${APACHE_LOG_DIR}/ accounts.e-karton.net -access.log combined
>> 
>> SSLEngine on
>> SSLProtocol all -SSLv2
>> SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM
>> 
>> …SSL stuff omitted
>> 
>> 
>> BrowserMatch "MSIE [2-6]" \
>> nokeepalive ssl-unclean-shutdown \
>> downgrade-1.0 force-response-1.0
>> # MSIE 7 and newer should be able to use keepalive
>> BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
>> 
>> 
>> SetOutputFilter DEFLATE
>> SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|ico|png)$ \ no-gzip dont-vary
>> SetEnvIfNoCase Request_URI \.(?:exe|t?gz|zip|bz2|sit|rar)$ \no-gzip dont-vary
>> SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|ico|png)$ \ no-gzip dont-vary
>> SetEnvIfNoCase Request_URI \.(?:exe|t?gz|zip|bz2|sit|rar)$ \no-gzip dont-vary
>> SetEnvIfNoCase Request_URI \.pdf$ no-gzip dont-vary
>> 
>> BrowserMatch ^Mozilla/4 gzip-only-text/html
>> BrowserMatch ^Mozilla/4\.0[678] no-gzip
>> BrowserMatch \bMSIE !no-gzip !gzip-only-text/htmles
>> 
>> # Turn off support for true Proxy behaviour as we are acting as
>> # a transparent proxy
>> ProxyRequests Off
>> 
>> # Turn off VIA header as we know where the requests are proxied
>> ProxyVia Off
>> ProxyPreserveHost On
>> RequestHeader set X-Forwarded-Proto "https"
>> SSLProxyEngine on
>> <Proxy *>
>> AddDefaultCharset Off
>> Order deny,allow
>> Allow from all
>> </Proxy>
>> 
>> 
>> ProxyPass / ajp://192.168.5.17:8009/
>> ProxyPassReverse / ajp://192.168.5.17:8009/
>> </VirtualHost>
>> </IfModule>
>> 
>> 
>> Wildfly configuration:
>> 
>> <subsystem xmlns="urn:jboss:domain:undertow:1.2">
>> <buffer-cache name="default"/>
>> <server name="default-server">
>> <ajp-listener name="ajp" scheme="https" socket-binding="ajp"/>
>> <http-listener name="default" certificate-forwarding="true"
>> socket-binding="http" proxy-address-forwarding="true"/>
>> <host name="default-host" alias="localhost">
>> <location name="/" handler="welcome-content"/>
>> <filter-ref name="server-header"/>
>> <filter-ref name="x-powered-by-header"/>
>> </host>
>> <host name="accounts" alias=" accounts.e-karton.net "
>> default-web-module="auth-server.war"/>
>> </server>
>> <servlet-container name="default">
>> <jsp-config/>
>> <websockets/>
>> </servlet-container>
>> <handlers>
>> <file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>
>> </handlers>
>> <filters>
>> <response-header name="server-header" header-name="Server"
>> header-value="WildFly/8"/>
>> <response-header name="x-powered-by-header" header-name="X-Powered-By"
>> header-value="Undertow/1"/>
>> </filters>
>> </subsystem>
>> 
>> Keycloak jboss-web.xml
>> 
>> <?xml version="1.0"?>
>> <!DOCTYPE jboss-web PUBLIC "-//JBoss//DTD Web Application 5.0//EN" "
>> http://www.jboss.org/j2ee/dtd/jboss-web_5_0.dtd ">
>> <jboss-web>
>> <context-root>/</context-root>
>> <virtual-host>accounts</virtual-host>
>> </jboss-web>
>> 
>> Can anyone help me with this?
>> 
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20150121/665c939f/attachment-0001.html 


More information about the keycloak-user mailing list