[keycloak-user] Can not authenticate user using Spring Security Adapter
Michael Furman
michael_furman at hotmail.com
Tue Nov 8 10:10:07 EST 2016
Hi all,
Can anybody help with this issue?
Probably I miss something small.
I do success to work with mod-auth-openidc and mitreid clients.
Probably I miss something small and I really need your help.
Best regards,
Michael
________________________________
From: keycloak-user-bounces at lists.jboss.org <keycloak-user-bounces at lists.jboss.org> on behalf of Michael Furman <michael_furman at hotmail.com>
Sent: Monday, November 7, 2016 4:49 PM
To: keycloak-user at lists.jboss.org
Subject: [keycloak-user] Can not authenticate user using Spring Security Adapter
Hi,
I will appreciate your help on the issue below.
I try to configure Spring Security Adapter (version 2.3.0.Final):
https://keycloak.gitbooks.io/securing-client-applications-guide/content/topics/oidc/java/spring-security-adapter.html
Spring Security Adapter | Securing Applications and ...<https://keycloak.gitbooks.io/securing-client-applications-guide/content/topics/oidc/java/spring-security-adapter.html>
keycloak.gitbooks.io
To secure an application with Spring Security and Keycloak, add this adapter as a dependency to your project. You then have to provide some extra beans in your Spring ...
I suppose that Keycloak uses the static client registration since when I tries to connect without the client configuration in Keycloak I get the following:
16:15:43,174 WARN [org.keycloak.events] (default task-3) type=LOGIN_ERROR, realmId=master, clientId=st_1, userId=null, ipAddress=192.168.111.33, error=client_not_found
Please note that I was able to connect to Keycloak using non Keycloak OIDC client using the following configuration:
a) clientId
b) clientSecret
c) Scopes
d) redirectUris
Therefore I have configured the client at Keycloak using the same information.
I am not sure what is "Valid Redirect URIs" and I have configured the following value:
http://192.168.110.2:8081/app/sso/login
Now client redirects to Keycloak IDP using this URL
http://192.168.110.2:8080/auth/realms/master/protocol/openid-connect/auth?response_type=code&client_id=testclient&redirect_uri=http%3A%2F%2F192.168.110.2%3A8081%2Fapp%2Fsso%2Flogin&state=10%2Fc0079a4b-e896-4400-9357-77fdacde9a56&login=true&scope=openid
I authenticate the user and IDP returns URL back to the client using this URL:
http://192.168.110.2:8081/app/sso/login?state=14%2F9a4376fa-06e2-4188-a616-a182363dab3a&code=JzKXHOm7jRp5pkfT6GT6rRPZ5HOcZyGEB5uA-fjrk1I.7d91a145-76a5-4bc4-960f-f4a67f242fba
Unfortunately then I have the endless loop.
While I debug KeycloakAuthenticationProcessingFilter I see that AuthOutcome get value NOT_ATTEMPTED and it cause additional redirect to IDP.
What I missed?
I have opened the bug https://issues.jboss.org/browse/KEYCLOAK-3868 with attached json file and Spring Security configuration.
Best regards,
Michael
_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list