[keycloak-user] redirection error with Keycloak-proxy

Guy Bowdler guybowdler at dorsetnetworks.com
Tue May 24 06:48:47 EDT 2016 

Hi:)

Has anybody seen this error?

I have  (http://host.name/appname) --> [KeyCloakProxy:80 --> nginx:8080] 
  -->  [Web apps on different boxes] where [] denotes on same box.   
Namespace is hostname/appname where nginx location directives proxy out 
again to different boxes.

I've previously had this working but when I changed the keystore it all 
broke and haven't found the problem yet.  Troubleshooting steps have 
been to take out the ssl entirely and try different client settings.  If 
I remove the contraints in the proxy config, it proxies ok to the 
webpages, and it the constraints are in, I log in ok and then the 
browser goes blank with a URL like this in the address bar:

http://apps.host.name/python?state=0%2F52043b01-976f-464f-8651-ebe295aac2af&code=-_odSdHkDVnID6JhPeKV2QXh_1oub5DDLP2ZLZ6pA_0.ef2bd934-2fd8-48da-a626-106712b687b1

The error stack below is from the console of the keycloak proxy.  
Refreshing the page, simply returns a different error of "NO STATE 
COOKIE".

Thanks in advance for any assistance,

kind regards

Guy


ERROR: failed to turn code into token
java.net.ConnectException: Connection refused
         at java.net.PlainSocketImpl.socketConnect(Native Method)
         at 
java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)
         at 
java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)
         at 
java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)
         at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
         at java.net.Socket.connect(Socket.java:589)
         at 
sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:668)
         at 
org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:532)
         at 
org.keycloak.adapters.SniSSLSocketFactory.connectSocket(SniSSLSocketFactory.java:109)
         at 
org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:409)
         at 
org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:177)
         at 
org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:144)
         at 
org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:131)
         at 
org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:611)
         at 
org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:446)
         at 
org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:882)
         at 
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
         at 
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107)
         at 
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55)
         at 
org.keycloak.adapters.ServerRequest.invokeAccessCodeToToken(ServerRequest.java:107)
         at 
org.keycloak.adapters.OAuthRequestAuthenticator.resolveCode(OAuthRequestAuthenticator.java:314)
         at 
org.keycloak.adapters.OAuthRequestAuthenticator.authenticate(OAuthRequestAuthenticator.java:260)
         at 
org.keycloak.adapters.RequestAuthenticator.authenticate(RequestAuthenticator.java:112)
         at 
org.keycloak.adapters.undertow.AbstractUndertowKeycloakAuthMech.keycloakAuthenticate(AbstractUndertowKeycloakAuthMech.java:110)
         at 
org.keycloak.adapters.undertow.UndertowAuthenticationMechanism.authenticate(UndertowAuthenticationMechanism.java:56)
         at 
io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:233)
         at 
io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:250)
         at 
io.undertow.security.impl.SecurityContextImpl$AuthAttempter.access$100(SecurityContextImpl.java:219)
         at 
io.undertow.security.impl.SecurityContextImpl.attemptAuthentication(SecurityContextImpl.java:121)
         at 
io.undertow.security.impl.SecurityContextImpl.authTransition(SecurityContextImpl.java:96)
         at 
io.undertow.security.impl.SecurityContextImpl.authenticate(SecurityContextImpl.java:89)
         at 
org.keycloak.proxy.ProxyAuthenticationCallHandler.handleRequest(ProxyAuthenticationCallHandler.java:44)
         at 
org.keycloak.proxy.ConstraintMatcherHandler.handleRequest(ConstraintMatcherHandler.java:89)
         at 
io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
         at 
org.keycloak.adapters.undertow.UndertowPreAuthActionsHandler.handleRequest(UndertowPreAuthActionsHandler.java:54)
         at 
io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
         at 
io.undertow.server.session.SessionAttachmentHandler.handleRequest(SessionAttachmentHandler.java:68)
         at 
io.undertow.server.handlers.PathHandler.handleRequest(PathHandler.java:94)
         at 
io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
         at 
io.undertow.server.protocol.http.HttpReadListener.handleEventWithNoRunningRequest(HttpReadListener.java:232)
         at 
io.undertow.server.protocol.http.HttpReadListener.handleEvent(HttpReadListener.java:130)
         at 
io.undertow.server.protocol.http.HttpReadListener.handleEvent(HttpReadListener.java:56)
         at 
org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
         at 
org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66)
         at 
org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:88)
         at org.xnio.nio.WorkerThread.run(WorkerThread.java:559)

May 24, 2016 11:04:30 AM org.keycloak.adapters.OAuthRequestAuthenticator 
checkStateCookie
WARN: No state cookie

More information about the keycloak-user mailing list