[keycloak-user] 403 when loading user info

Adrian Matei adrianmatei at gmail.com
Thu Feb 25 03:49:12 EST 2016 

Hi everyone,

The problem was that our engineering team had set up a jboss cluster via a
reverse-proxy/load-balancer server and that's why some of the token
sessions were invalid...

Best regards,
Adrian

On Wed, Feb 24, 2016 at 7:56 PM, Stian Thorgersen <sthorger at redhat.com>
wrote:

> Looks like the token session isn't valid.
>
>
> https://github.com/keycloak/keycloak/blob/1.7.x/services/src/main/java/org/keycloak/protocol/oidc/endpoints/UserInfoEndpoint.java#L130
>
> On 24 February 2016 at 11:35, Adrian Matei <adrianmatei at gmail.com> wrote:
>
>> Hi everybody,
>>
>> Could  you help me please with a hard nut to crack? We have the following
>> situation:
>> When calling the userinfo endpoint over an enterprise proxy server (js
>> adapter loadUserInfo() method):
>>
>> https://hostname/auth/realms/realmname/protocol/openid-connect/userinfo
>>
>> we get 403 Forbidden with no Access-Controls headers set. Here is the
>> funny part - it happens only in Chrome, Firefox and Opera. With Safari and
>> IE11 it seems to be working.
>>
>> The stacktrace from server.log does not tell me much....:
>> 11:30:31,906 ERROR [org.jboss.resteasy.resteasy_jaxrs.i18n]
>> (http-/159.232.186.74:8443-6) RESTEASY000105: Failed to execute:
>> org.keycloak.services.ErrorResponseException
>>         at
>> org.keycloak.protocol.oidc.endpoints.UserInfoEndpoint.issueUserInfo(UserInfoEndpoint.java:130)
>> [keycloak-services-1.7.0.Final.jar:1.7.0.Final]
>>         at
>> org.keycloak.protocol.oidc.endpoints.UserInfoEndpoint.issueUserInfoGet(UserInfoEndpoint.java:103)
>> [keycloak-services-1.7.0.Final.jar:1.7.0.Final]
>>         at sun.reflect.GeneratedMethodAccessor342.invoke(Unknown Source)
>> [:1.8.0_66]
>>         at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>> [rt.jar:1.8.0_66]
>>         at java.lang.reflect.Method.invoke(Method.java:497)
>> [rt.jar:1.8.0_66]
>>         at
>> org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:168)
>> [resteasy-jaxrs-2.3.12.Final-redhat-1.jar:]
>>         at
>> org.jboss.resteasy.core.ResourceMethod.invokeOnTarget(ResourceMethod.java:269)
>> [resteasy-jaxrs-2.3.12.Final-redhat-1.jar:]
>>         at
>> org.jboss.resteasy.core.ResourceMethod.invoke(ResourceMethod.java:227)
>> [resteasy-jaxrs-2.3.12.Final-redhat-1.jar:]
>>         at
>> org.jboss.resteasy.core.ResourceLocator.invokeOnTargetObject(ResourceLocator.java:158)
>> [resteasy-jaxrs-2.3.12.Final-redhat-1.jar:]
>>         at
>> org.jboss.resteasy.core.ResourceLocator.invoke(ResourceLocator.java:106)
>> [resteasy-jaxrs-2.3.12.Final-redhat-1.jar:]
>>         at
>> org.jboss.resteasy.core.ResourceLocator.invokeOnTargetObject(ResourceLocator.java:153)
>> [resteasy-jaxrs-2.3.12.Final-redhat-1.jar:]
>>         at
>> org.jboss.resteasy.core.ResourceLocator.invoke(ResourceLocator.java:91)
>> [resteasy-jaxrs-2.3.12.Final-redhat-1.jar:]
>>         at
>> org.jboss.resteasy.core.SynchronousDispatcher.getResponse(SynchronousDispatcher.java:561)
>> [resteasy-jaxrs-2.3.12.Final-redhat-1.jar:]
>>         at
>> org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:543)
>> [resteasy-jaxrs-2.3.12.Final-redhat-1.jar:]
>>         at
>> org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:128)
>> [resteasy-jaxrs-2.3.12.Final-redhat-1.jar:]
>>         at
>> org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:208)
>> [resteasy-jaxrs-2.3.12.Final-redhat-1.jar:]
>>         at
>> org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:55)
>> [resteasy-jaxrs-2.3.12.Final-redhat-1.jar:]
>>         at
>> org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:50)
>> [resteasy-jaxrs-2.3.12.Final-redhat-1.jar:]
>>         at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
>> [jboss-servlet-api_3.0_spec-1.0.2.Final-redhat-2.jar:1.0.2.Final-redhat-2]
>>         at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:295)
>> [jbossweb-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
>>         at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214)
>> [jbossweb-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
>>         at
>> org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:61)
>> [keycloak-services-1.7.0.Final.jar:1.7.0.Final]
>>         at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:246)
>> [jbossweb-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
>>         at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214)
>> [jbossweb-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
>>         at
>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:231)
>> [jbossweb-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
>>         at
>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:149)
>> [jbossweb-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
>>         at
>> org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:169)
>> [jboss-as-web-7.5.5.Final-redhat-3.jar:7.5.5.Final-redhat-3]
>>         at
>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:150)
>> [jbossweb-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
>>         at
>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:97)
>> [jbossweb-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
>>         at
>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:102)
>> [jbossweb-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
>>         at
>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:344)
>> [jbossweb-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
>>         at
>> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:854)
>> [jbossweb-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
>>         at
>> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:653)
>> [jbossweb-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
>>         at
>> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:926)
>> [jbossweb-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]
>>         at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_66]
>>
>>
>> Thanks,
>> Adrian
>>
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160225/ae43e5c4/attachment.html

More information about the keycloak-user mailing list