[keycloak-user] Proxy support in policy enforcement/authorization services
Bruce Wings
testoauth55 at gmail.com
Tue Nov 6 04:27:17 EST 2018
I think I may have got my previous post slightly wrong. Problem I am facing
is that my keycloak server is running behind a proxy.
My keycloak server is running on *pc-bruce:8100*, but I am accessing it
through *pc-bruce:7100*.
And I am able to run Jetty adapter as well as Keycloak Installed adapter
with *pc-bruce:7100 *like this:
{
"realm": "myRealm",
"auth-server-url": "http://pc-bruce:7100/auth",
"ssl-required": "external",
"resource": "myClient",
"credentials": {
"secret": "***********"
},
"confidential-port": 0
}
But as soon as I put *"policy-enforcer": {} *line in json to enable
authorization, I get *Could not obtain configuration from server. This
error does not come if either policy enforcer line is removed or if policy
enforcer line is kept and port is changed to 8100 (original keycloak port )*
Exception trace:
java.lang.RuntimeException: Could not obtain configuration from server [
http://pc-bruce:7100/auth/realms/ myRealm /.well-known/uma2-configuration].
at
org.keycloak.authorization.client.AuthzClient.<init>(AuthzClient.java:242)
at org.keycloak.authorization.client.AuthzClient.create(AuthzClient.java:85)
at
org.keycloak.adapters.authorization.PolicyEnforcer.<init>(PolicyEnforcer.java:66)
at
org.keycloak.adapters.KeycloakDeploymentBuilder.internalBuild(KeycloakDeploymentBuilder.java:144)
at
org.keycloak.adapters.KeycloakDeploymentBuilder.build(KeycloakDeploymentBuilder.java:170)
at
org.keycloak.adapters.jetty.core.AbstractKeycloakJettyAuthenticator.initializeKeycloak(AbstractKeycloakJettyAuthenticator.java:248)
at
org.keycloak.adapters.jetty.core.AbstractKeycloakJettyAuthenticator.setConfiguration(AbstractKeycloakJettyAuthenticator.java:174)
at
org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:384)
at
org.eclipse.jetty.security.ConstraintSecurityHandler.doStart(ConstraintSecurityHandler.java:449)
at
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
at
org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:132)
at
org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:114)
at
org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:61)
at
org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120)
at
org.eclipse.jetty.server.session.SessionHandler.doStart(SessionHandler.java:116)
at
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
at
org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:132)
at
org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:114)
at
org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:61)
at
org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120)
at
org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:784)
at
org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:294)
at
org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:741)
at
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
at
org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:132)
at
org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:114)
at
org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:61)
at
org.eclipse.jetty.server.handler.ContextHandlerCollection.doStart(ContextHandlerCollection.java:163)
at
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
at
org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:132)
at
org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:114)
at
org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:61)
at
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
at
org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:132)
at org.eclipse.jetty.server.Server.start(Server.java:387)
at
org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:114)
at
org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:61)
at org.eclipse.jetty.server.Server.doStart(Server.java:354)
at
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
Caused by: java.lang.RuntimeException: Error executing http method
[org.apache.http.client.methods.RequestBuilder at 72ec16f8]. Response : null
at
org.keycloak.authorization.client.util.HttpMethod.execute(HttpMethod.java:106)
at
org.keycloak.authorization.client.util.HttpMethodResponse$2.execute(HttpMethodResponse.java:50)
at
org.keycloak.authorization.client.AuthzClient.<init>(AuthzClient.java:240)
... 43 more
Caused by: java.net.ConnectException: Connection refused: connect
at java.net.DualStackPlainSocketImpl.connect0(Native Method)
at
java.net.DualStackPlainSocketImpl.socketConnect(DualStackPlainSocketImpl.java:79)
at
java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)
at
java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)
at
java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)
at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:172)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
at java.net.Socket.connect(Socket.java:589)
at
org.apache.http.conn.scheme.PlainSocketFactory.connectSocket(PlainSocketFactory.java:117)
at
org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:177)
at
org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:144)
at
org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:131)
at
org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:611)
at
org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:446)
at
org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:882)
at
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
at
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107)
at
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55)
at
org.keycloak.authorization.client.util.HttpMethod.execute(HttpMethod.java:84)
On Tue, Nov 6, 2018 at 2:43 PM Bruce Wings <testoauth55 at gmail.com> wrote:
> As per the mailing list:
> http://lists.jboss.org/pipermail/keycloak-user/2016-December/008876.html
>
> There wasn't any support for proxy in case of policy enforcement. Since
> the thread is quite old, can someone from Keycloak team kindly confirm
> whether proxy support has been added yet or not?
>
More information about the keycloak-user
mailing list