[keycloak-user] Client's REST api returns blank after switching keycloak to HTTPS

Orestis Tsakiridis orestis.tsakiridis at telestax.com
Tue Jun 2 13:53:02 EDT 2015 

Hello,

I had a working setup of a Java web application running on machine A
secured by keycloak  on machine B (login.restcomm.com).  The application
running on A provides a REST api is used from the UI. The application also
contains a UI (angular) that accesses the REST api. login.restcomm.com is
the keycloak running on docker and resolves to 172.17.42.1 (overriden in
/etc/hosts). I'm using keycloak 1.2.0.Final. Both the UI and the REST api
have been secured and the application worked fine with "ssl-required" ->
"external".

I switched keycloak configuration to HTTPS (using "all") and i'm experience
the following:

Login seems to work fine. When trying to access the UI i'm redirected to
https://login.restcomm.com, i login and back to the UI. BUT, the request to
A's services though succesfull (200 OK) return blank content. As if the
adapter get in the way and overrides the response. I'm also getting the
following message in A's log:

12:21:55,083 DEBUG [org.keycloak.adapters.PreAuthActionsHandler]
(http-/192.168.1.39:8080-4) adminRequest
http://192.168.1.39:8080/restcomm-rvd/api/projects
12:21:55,085 WARN  [org.keycloak.adapters.RequestAuthenticator]
(http-/192.168.1.39:8080-4) SSL is required to authenticate

http://192.168.1.39:8080/restcomm-rvd/api/projects is the endpoint that is
supposed to return a block of JSON.

The same happens when trying to access the endpoint directly using an
independent REST client. I get back a 200 OK and the same message appears
in the log but there is no content in the response.

Keep in mind that HTTPS is only enabled for accessing keycloak. The web
application still runs on HTTP. Is this supported?

I have also made various experiments in keycloak.json (for the REST api)
starting from this:

{
  "realm": "restcomm",
  "realm-public-key":
"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
  "bearer-only": true,
  "auth-server-url": "https://login.restcomm.com/auth",
  "ssl-required": "all",
  "disable-trust-manager": true,
  "resource": "restcomm-rvd",
  "enable-cors": true
}

down to this:

{
  "realm": "restcomm",
  "realm-public-key":
"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
  "bearer-only": true,
  "auth-server-url": "https://login.restcomm.com/auth",
  "ssl-required": "all",
  "allow-any-hostname":true,
  "disable-trust-manager": false,
  "truststore": "/tmp/trusted_keycloak.jks",
  "truststore-password" : "password",
  "resource": "restcomm-rvd"
}


Any pointers will be great help.

Thanks in advance

Orestis
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20150602/4dfc1c02/attachment.html

More information about the keycloak-user mailing list