[keycloak-user] /introspect always returns {"active":false}
Alexander Chriztopher
alexander.chriztopher at gmail.com
Thu Jul 27 06:36:39 EDT 2017
Hi all,
Any idea about this point ? We always get : {"active":false} when we call
the api to make an intropection wether the access_token is valid or not.
Are there any params to tweek in the console to activate this service ?
These are the logs we get in Keycloak where every thing seems to work
nicely although i don't have all the details of whats going on :
2017-07-26 16:57:55,679 DEBUG [io.undertow.request.security] (default
task-14) Attempting to authenticate HttpServerExchange{ POST
/auth/realms/REALM/protocol/openid-connect/token/introspect request
{Accept=[*/*], Content-Type=[application/x-www-form-urlencoded ],
User-Agent=[curl/7.51.0], Authorization=[Basic
ZW1wLW51bS1sb2dpbi1jbGllbnQ6NzVjOWQ4ODMtNGY2YS00ZWMxLWEzZGQtNDU0YjE1ZjNlZDIx],
X-Forwarded-Proto=[https], X-Forwarded-Port=[443], Content-Length=[968],
Content-Type=[application/x-www-form-urlencoded], Host=[host.com]} response
{X-Powered-By=[Undertow/1], Server=[JBoss-EAP/7]}}, authentication
required: false
2017-07-26 16:57:55,679 DEBUG [io.undertow.request.security] (default
task-14) Authentication outcome was NOT_ATTEMPTED with method
io.undertow.security.impl.CachedAuthenticatedSessionMechanism at 2724f346 for
HttpServerExchange{ POST
/auth/realms/REALM/protocol/openid-connect/token/introspect request
{Accept=[*/*], Content-Type=[application/x-www-form-urlencoded ],
User-Agent=[curl/7.51.0], Authorization=[Basic
ZW1wLW51bS1sb2dpbi1jbGllbnQ6NzVjOWQ4ODMtNGY2YS00ZWMxLWEzZGQtNDU0YjE1ZjNlZDIx],
X-Forwarded-Proto=[https], X-Forwarded-Port=[443], Content-Length=[968],
Content-Type=[application/x-www-form-urlencoded], Host=[host.com]} response
{X-Powered-By=[Undertow/1], Server=[JBoss-EAP/7]}}
2017-07-26 16:57:55,679 DEBUG
[org.keycloak.transaction.JtaTransactionWrapper] (default task-14) new
JtaTransactionWrapper
2017-07-26 16:57:55,679 DEBUG
[org.keycloak.transaction.JtaTransactionWrapper] (default task-14) was
existing? false
2017-07-26 16:57:55,680 DEBUG [org.jboss.resteasy.resteasy_jaxrs.i18n]
(default task-14) RESTEASY002315: PathInfo:
/realms/REALM/protocol/openid-connect/token/introspect
2017-07-26 16:57:55,680 DEBUG
[org.keycloak.authentication.AuthenticationProcessor] (default task-14)
AUTHENTICATE CLIENT
2017-07-26 16:57:55,680 DEBUG
[org.keycloak.authentication.ClientAuthenticationFlow] (default task-14)
client authenticator: client-secret
2017-07-26 16:57:55,680 DEBUG
[org.keycloak.authentication.ClientAuthenticationFlow] (default task-14)
client authenticator SUCCESS: client-secret
2017-07-26 16:57:55,680 DEBUG
[org.keycloak.authentication.ClientAuthenticationFlow] (default task-14)
Client emp-num-login-client authenticated by client-secret
2017-07-26 16:57:55,680 DEBUG [org.keycloak.events] (default task-14)
type=INTROSPECT_TOKEN, realmId=REALM, clientId=emp-num-login-client,
userId=null, ipAddress=xx.xx.xx.xx, client_auth_method=client-secret
2017-07-26 16:57:55,680 DEBUG
[org.keycloak.transaction.JtaTransactionWrapper] (default task-14)
JtaTransactionWrapper commit
2017-07-26 16:57:55,680 DEBUG
[org.keycloak.transaction.JtaTransactionWrapper] (default task-14)
JtaTransactionWrapper end
2017-07-26 16:57:55,680 DEBUG [org.jboss.resteasy.resteasy_jaxrs.i18n]
(default task-14) MessageBodyWriter:
org.jboss.resteasy.spi.ResteasyProviderFactory$SortedKey
2017-07-26 16:57:55,680 DEBUG [org.jboss.resteasy.resteasy_jaxrs.i18n]
(default task-14) MessageBodyWriter:
org.jboss.resteasy.plugins.providers.ByteArrayProvider
2017-07-26 16:57:55,680 DEBUG [org.jboss.resteasy.resteasy_jaxrs.i18n]
(default task-14) Interceptor Context:
org.jboss.resteasy.core.interception.ServerWriterInterceptorContext,
Method : proceed
2017-07-26 16:57:55,680 DEBUG [org.jboss.resteasy.resteasy_jaxrs.i18n]
(default task-14) InterceptorWriter:
org.jboss.resteasy.plugins.interceptors.encoding.GZIPEncodingInterceptor
2017-07-26 16:57:55,680 DEBUG [org.jboss.resteasy.resteasy_jaxrs.i18n]
(default task-14) Interceptor :
org.jboss.resteasy.plugins.interceptors.encoding.GZIPEncodingInterceptor,
Method : aroundWriteTo
2017-07-26 16:57:55,680 DEBUG [org.jboss.resteasy.resteasy_jaxrs.i18n]
(default task-14) Interceptor Context:
org.jboss.resteasy.core.interception.ServerWriterInterceptorContext,
Method : proceed
2017-07-26 16:57:55,680 DEBUG [org.jboss.resteasy.resteasy_jaxrs.i18n]
(default task-14) InterceptorWriter:
org.jboss.resteasy.security.doseta.DigitalSigningInterceptor
2017-07-26 16:57:55,680 DEBUG [org.jboss.resteasy.resteasy_jaxrs.i18n]
(default task-14) Interceptor Context:
org.jboss.resteasy.core.interception.ServerWriterInterceptorContext,
Method : proceed
2017-07-26 16:57:55,681 DEBUG [org.jboss.resteasy.resteasy_jaxrs.i18n]
(default task-14) MessageBodyWriter:
org.jboss.resteasy.spi.ResteasyProviderFactory$SortedKey
2017-07-26 16:57:55,681 DEBUG [org.jboss.resteasy.resteasy_jaxrs.i18n]
(default task-14) MessageBodyWriter:
org.jboss.resteasy.plugins.providers.ByteArrayProvider
2017-07-26 16:57:55,681 DEBUG [org.jboss.resteasy.resteasy_jaxrs.i18n]
(default task-14) Interceptor Context :
org.jboss.resteasy.core.interception.ServerWriterInterceptorContext, Method
: writeTo
Thanks for any help about this point.
More information about the keycloak-user
mailing list