[keycloak-user] Always redirected to login form

Marko Radinovic markoradinovic79 at gmail.com
Thu Jan 22 21:39:40 EST 2015 

Can anyone help me with this?

When I use virtualhost configuration it doesn’t work, when I disable virtualhost everything is fine.

I tried every possible combination that I can think off, but still isn’t working.

Thanks



> On Jan 21, 2015, at 11:58 PM, Marko Radinovic <markoradinovic79 at gmail.com> wrote:
> 
> Hi,
> I tried without proxy server, but it’s not working. 
> 
> When I navigate to admin console
> 
> http://accounts.e-karton.net:8081/admin/maste/console <http://accounts.e-karton.net:8081/admin/maste/console>
> 
> I’m redirected to 
> http://accounts.e-karton.net:8081//realms/master/tokens/login?client_id=security-admin-console&redirect_uri=http%3A%2F%2Faccounts.e-karton.net%3A8081%2Fadmin%2Fmaster%2Fconsole%2F&state=1e8dc6f1-b49f-4cce-8cc4-59233caafbb2&response_type=code <http://accounts.e-karton.net:8081//realms/master/tokens/login?client_id=security-admin-console&redirect_uri=http://accounts.e-karton.net:8081/admin/master/console/&state=1e8dc6f1-b49f-4cce-8cc4-59233caafbb2&response_type=code>
> 
> Redirect url is invalid because of appended “/“. Now I’m getting this in log:
> 
> 2015-01-21 15:07:32,193 WARN  [org.jboss.resteasy.core.ExceptionHandler] (default task-63) failed to execute: javax.ws.rs.NotFoundException: Could not find resource for full path: http://accounts.e-karton.net:8081//realms/master/tokens/login?client_id=security-admin-console&redirect_uri=http%3A%2F%2Faccounts.e-karton.net%3A8081%2Fadmin%2Fmaster%2Fconsole%2F&state=1e8dc6f1-b49f-4cce-8cc4-59233caafbb2&response_type=code <http://accounts.e-karton.net:8081//realms/master/tokens/login?client_id=security-admin-console&redirect_uri=http://accounts.e-karton.net:8081/admin/master/console/&state=1e8dc6f1-b49f-4cce-8cc4-59233caafbb2&response_type=code>
> 
> The same thing is happening when using proxy server, but there is nothing in log file.
> 
> How can I prevent this?
> 
> Thank you.
> 
>> On Jan 21, 2015, at 7:17 AM, Stian Thorgersen <stian at redhat.com <mailto:stian at redhat.com>> wrote:
>> 
>> Does it work if you bypass the proxy?
>> 
>> ----- Original Message -----
>>> From: "Marko Radinovic" <markoradinovic79 at gmail.com <mailto:markoradinovic79 at gmail.com>>
>>> To: keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org>
>>> Sent: Tuesday, 20 January, 2015 8:17:41 PM
>>> Subject: [keycloak-user] Always redirected to login form
>>> 
>>> Hi,
>>> When I try to login to master realm, I’am redirected back to login page.
>>> 
>>> I’m using:
>>> Wildfly 8.2.0.Final
>>> Keycloak version 1.1.0-Beta2
>>> Apache2 as proxy server.
>>> 
>>> Here is my apache configuration
>>> 
>>> IfModule mod_ssl.c>
>>> <VirtualHost _default_:443>
>>> ServerName accounts.e-karton.net <http://accounts.e-karton.net/>
>>> 
>>> ErrorLog ${APACHE_LOG_DIR}/ accounts.e-karton.net <http://accounts.e-karton.net/> -error.log
>>> CustomLog ${APACHE_LOG_DIR}/ accounts.e-karton.net <http://accounts.e-karton.net/> -access.log combined
>>> 
>>> SSLEngine on
>>> SSLProtocol all -SSLv2
>>> SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM
>>> 
>>> …SSL stuff omitted
>>> 
>>> 
>>> BrowserMatch "MSIE [2-6]" \
>>> nokeepalive ssl-unclean-shutdown \
>>> downgrade-1.0 force-response-1.0
>>> # MSIE 7 and newer should be able to use keepalive
>>> BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
>>> 
>>> 
>>> SetOutputFilter DEFLATE
>>> SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|ico|png)$ \ no-gzip dont-vary
>>> SetEnvIfNoCase Request_URI \.(?:exe|t?gz|zip|bz2|sit|rar)$ \no-gzip dont-vary
>>> SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|ico|png)$ \ no-gzip dont-vary
>>> SetEnvIfNoCase Request_URI \.(?:exe|t?gz|zip|bz2|sit|rar)$ \no-gzip dont-vary
>>> SetEnvIfNoCase Request_URI \.pdf$ no-gzip dont-vary
>>> 
>>> BrowserMatch ^Mozilla/4 gzip-only-text/html
>>> BrowserMatch ^Mozilla/4\.0[678] no-gzip
>>> BrowserMatch \bMSIE !no-gzip !gzip-only-text/htmles
>>> 
>>> # Turn off support for true Proxy behaviour as we are acting as
>>> # a transparent proxy
>>> ProxyRequests Off
>>> 
>>> # Turn off VIA header as we know where the requests are proxied
>>> ProxyVia Off
>>> ProxyPreserveHost On
>>> RequestHeader set X-Forwarded-Proto "https"
>>> SSLProxyEngine on
>>> <Proxy *>
>>> AddDefaultCharset Off
>>> Order deny,allow
>>> Allow from all
>>> </Proxy>
>>> 
>>> 
>>> ProxyPass / ajp://192.168.5.17:8009/ <ajp://192.168.5.17:8009/>
>>> ProxyPassReverse / ajp://192.168.5.17:8009/ <ajp://192.168.5.17:8009/>
>>> </VirtualHost>
>>> </IfModule>
>>> 
>>> 
>>> Wildfly configuration:
>>> 
>>> <subsystem xmlns="urn:jboss:domain:undertow:1.2">
>>> <buffer-cache name="default"/>
>>> <server name="default-server">
>>> <ajp-listener name="ajp" scheme="https" socket-binding="ajp"/>
>>> <http-listener name="default" certificate-forwarding="true"
>>> socket-binding="http" proxy-address-forwarding="true"/>
>>> <host name="default-host" alias="localhost">
>>> <location name="/" handler="welcome-content"/>
>>> <filter-ref name="server-header"/>
>>> <filter-ref name="x-powered-by-header"/>
>>> </host>
>>> <host name="accounts" alias=" accounts.e-karton.net <http://accounts.e-karton.net/> "
>>> default-web-module="auth-server.war"/>
>>> </server>
>>> <servlet-container name="default">
>>> <jsp-config/>
>>> <websockets/>
>>> </servlet-container>
>>> <handlers>
>>> <file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>
>>> </handlers>
>>> <filters>
>>> <response-header name="server-header" header-name="Server"
>>> header-value="WildFly/8"/>
>>> <response-header name="x-powered-by-header" header-name="X-Powered-By"
>>> header-value="Undertow/1"/>
>>> </filters>
>>> </subsystem>
>>> 
>>> Keycloak jboss-web.xml
>>> 
>>> <?xml version="1.0"?>
>>> <!DOCTYPE jboss-web PUBLIC "-//JBoss//DTD Web Application 5.0//EN" "
>>> http://www.jboss.org/j2ee/dtd/jboss-web_5_0.dtd <http://www.jboss.org/j2ee/dtd/jboss-web_5_0.dtd> ">
>>> <jboss-web>
>>> <context-root>/</context-root>
>>> <virtual-host>accounts</virtual-host>
>>> </jboss-web>
>>> 
>>> Can anyone help me with this?
>>> 
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org>
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20150123/8539d6e4/attachment-0001.html

More information about the keycloak-user mailing list