<div dir="ltr">Hi Bill,<div><br></div><div> Another update: I was able to reslove SSL handsack issue. And can now assure that the trust between keycloak server and aerogear client is established. </div><div><br></div><div> I am still running into an issue whereby upon login the adapter expects a cookie and does not find it? Does aerogear team have to enhance anything to obtain this "state cookie"?? below is the debug trace from aerogear side.</div><div><br></div><div>Aerogear Log:</div><div><div>2014-11-17 07:40:21,804 DEBUG [org.keycloak.adapters.PreAuthActionsHandler] (default task-17) adminRequest <a href="https://XXX.XXX.XXX.XXX:8443/ag-push/index.html?code=IcrbsPykYJ5v8UeXHgmzSEldZpo58vUh2e3Ik9r6Yu8.75228531-4f07-4b99-9c4f-acd5abc111fd&state=322036a7-b0b6-40b7-852f-60aa592bce01">https://XXX.XXX.XXX.XXX:8443/ag-push/index.html?code=IcrbsPykYJ5v8UeXHgmzSEldZpo58vUh2e3Ik9r6Yu8.75228531-4f07-4b99-9c4f-acd5abc111fd&state=322036a7-b0b6-40b7-852f-60aa592bce01</a></div><div>2014-11-17 07:40:21,804 DEBUG [org.keycloak.adapters.PreAuthActionsHandler] (default task-17) adminRequest <a href="https://XXX.XXX.XXX.XXX:8443/ag-push/index.html?code=IcrbsPykYJ5v8UeXHgmzSEldZpo58vUh2e3Ik9r6Yu8.75228531-4f07-4b99-9c4f-acd5abc111fd&state=322036a7-b0b6-40b7-852f-60aa592bce01">https://XXX.XXX.XXX.XXX:8443/ag-push/index.html?code=IcrbsPykYJ5v8UeXHgmzSEldZpo58vUh2e3Ik9r6Yu8.75228531-4f07-4b99-9c4f-acd5abc111fd&state=322036a7-b0b6-40b7-852f-60aa592bce01</a></div><div>2014-11-17 07:40:21,804 DEBUG [org.keycloak.adapters.RequestAuthenticator] (default task-17) Account was not in session, returning null</div><div>2014-11-17 07:40:21,804 DEBUG [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-17) there was a code, resolving</div><div>2014-11-17 07:40:21,804 DEBUG [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-17) checking state cookie for after code</div><div>2014-11-17 07:40:21,804 WARN [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-17) No state cookie</div></div><div><br></div><div>Regards,</div><div>Pratik Parikh</div><div><br></div><div><br></div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Sat, Nov 15, 2014 at 1:39 PM, Pratik Parikh <span dir="ltr"><<a href="mailto:pratik.p.parikh@gmail.com" target="_blank">pratik.p.parikh@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><span class=""><span style="color:rgb(0,0,0);font-family:arial,sans-serif;font-size:13px">Hi Bill,</span><div style="color:rgb(0,0,0);font-family:arial,sans-serif;font-size:13px"><br></div><div style="color:rgb(0,0,0);font-family:arial,sans-serif;font-size:13px"> My goal is get liveoak, aerogear and keycloak working on different servers. LiveOak uses Keycloak and Aerogear. Following are the steps i took.</div><div style="color:rgb(0,0,0);font-family:arial,sans-serif;font-size:13px"><br></div><div style="color:rgb(0,0,0);font-family:arial,sans-serif;font-size:13px"> 1) Install Keycloak on one server with self signed certificate. It is accessible via <a href="https://xxx.xxx.xxx.xxx:8443/auth" target="_blank">https://XXX.XXX.XXX.XXX:8443/auth</a>. Worked</div><div style="color:rgb(0,0,0);font-family:arial,sans-serif;font-size:13px"> 2) Installed AreoGear on another server with self signed certificate. It is accessible via <a href="https://xxx.xxx.xxx.xxx:8443/ag-push" target="_blank">https://XXX.XXX.XXX.XXX:8443/ag-push</a>. Worked</div><div style="color:rgb(0,0,0);font-family:arial,sans-serif;font-size:13px"> 3) Imported attached JSON in as a new aerogear realm in keycloak. Worked</div><div style="color:rgb(0,0,0);font-family:arial,sans-serif;font-size:13px"> 4) Updated Keycloak to use MongoDB. Worked</div><div style="color:rgb(0,0,0);font-family:arial,sans-serif;font-size:13px"> 5) Update application aerogear with keycloak.json restarted wildfly server. Updated application under AreoGear to use <a href="https://xxx.xxx.xxx.xxx:8443/ag-push/*" target="_blank">https://XXX.XXX.XXX.XXX:8443/ag-push/*</a> as a redirect uri. Worked.</div><div style="color:rgb(0,0,0);font-family:arial,sans-serif;font-size:13px"> 6) Restarted both the wildfly servers.</div><div style="color:rgb(0,0,0);font-family:arial,sans-serif;font-size:13px"> 7) After restart tried to login to <a href="https://xxx.xxx.xxx.xxx:8443/ag-push/" target="_blank">https://XXX.XXX.XXX.XXX:8443/ag-push/</a> forwarded me to <a href="https://xxx.xxx.xxx.xxx:8443/auth" target="_blank">https://XXX.XXX.XXX.XXX:8443/auth</a> login page. Successfull login was achieved.</div><div style="color:rgb(0,0,0);font-family:arial,sans-serif;font-size:13px"> 8) PROBLEM: After login redirect to <a href="https://xxx.xxx.xxx.xxx:8443/ag-push/" target="_blank">https://XXX.XXX.XXX.XXX:8443/ag-push/</a> where by i get error "No state cookie" in AreoGear log, which is coming from OAuthRequestAuthenticator line 116 because the adapter can not find a cookie with name "<span style="color:rgb(223,80,0);font-family:Consolas,'Liberation Mono',Menlo,Courier,monospace;font-size:12px;line-height:16.7999992370605px;white-space:pre-wrap">OAuth_Token_Request_State</span>" in HTTP.</div><div style="color:rgb(0,0,0);font-family:arial,sans-serif;font-size:13px"><br></div><div style="color:rgb(0,0,0);font-family:arial,sans-serif;font-size:13px"> Troubleshooting Try 1.</div><div style="color:rgb(0,0,0);font-family:arial,sans-serif;font-size:13px"> 1) updated aerogear to use 1.0.1.Beta1 Adapter. Still works does not solve the problem same error.</div><div style="color:rgb(0,0,0);font-family:arial,sans-serif;font-size:13px"><br></div><div style="color:rgb(0,0,0);font-family:arial,sans-serif;font-size:13px"> Troubleshooting Try 2.</div><div style="color:rgb(0,0,0);font-family:arial,sans-serif;font-size:13px"> 1) updated keycloak.json by adding <i>"disable-trust-manager": true</i>. Still works does not solve the problem same error.</div><div style="color:rgb(0,0,0);font-family:arial,sans-serif;font-size:13px"> </div></span><div style="color:rgb(0,0,0);font-family:arial,sans-serif;font-size:13px"> Troubleshooting Try 3. </div><div style="color:rgb(0,0,0);font-family:arial,sans-serif;font-size:13px"> 1) updated keycloak.json by adding <i>"disable-trust-manager": false,"truststore": "/path","truststore-password": "password"</i>. Still works doe not solve the problem. I have a question is "<i>truststore</i>" a local path to the keycloak jks cert or this is a path to remote keycloak cert? I copied the keycloak.jks and pointed to that locally using <a style="font-family:arial;font-size:small"><code>${jboss.server.config.dir}/trustcerts/keycloak.jks? is this correct? After doing this i tried to invoke </code></a></div><div style="color:rgb(0,0,0);font-family:arial,sans-serif;font-size:13px"><a style="font-family:arial;font-size:small"><code><br></code></a></div><div style="color:rgb(0,0,0);font-family:arial,sans-serif;font-size:13px"><code> <a href="https://XXX.XXX.XXXX.XXXX:8443/ag-push/rest/ping" target="_blank">https://XXX.XXX.XXXX.XXXX:8443/ag-push/rest/ping</a> </code></div><div style="color:rgb(0,0,0);font-family:arial,sans-serif;font-size:13px"><code><br></code></div><div style="color:rgb(0,0,0);font-family:arial,sans-serif;font-size:13px"><code> Get the login screen</code></div><div style="color:rgb(0,0,0);font-family:arial,sans-serif;font-size:13px"><code><br></code></div><div style="color:rgb(0,0,0);font-family:arial,sans-serif;font-size:13px"><code> then i get Forbidden with below exception:</code></div><div style="color:rgb(0,0,0);font-family:arial,sans-serif;font-size:13px"><code> </code></div><div style="color:rgb(0,0,0);font-family:arial,sans-serif;font-size:13px"><code> </code>2014-11-15 18:31:13,664 ERROR [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-6) failed to turn code into token: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated</div><div style="color:rgb(0,0,0);font-family:arial,sans-serif;font-size:13px"> at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:431) [jsse.jar:1.8.0_25]</div><div style="color:rgb(0,0,0);font-family:arial,sans-serif;font-size:13px"> at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128) [httpclient-4.2.1.jar:4.2.1]</div><div style="color:rgb(0,0,0);font-family:arial,sans-serif;font-size:13px"> at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:572) [httpclient-4.2.1.jar:4.2.1]</div><div style="color:rgb(0,0,0);font-family:arial,sans-serif;font-size:13px"> at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180) [httpclient-4.2.1.jar:4.2.1]</div><div style="color:rgb(0,0,0);font-family:arial,sans-serif;font-size:13px"> at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:151) [httpclient-4.2.1.jar:4.2.1]</div><div style="color:rgb(0,0,0);font-family:arial,sans-serif;font-size:13px"> at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:125) [httpclient-4.2.1.jar:4.2.1]</div><div style="color:rgb(0,0,0);font-family:arial,sans-serif;font-size:13px"> at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:640) [httpclient-4.2.1.jar:4.2.1]</div><div style="color:rgb(0,0,0);font-family:arial,sans-serif;font-size:13px"> at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:479) [httpclient-4.2.1.jar:4.2.1]</div><div style="color:rgb(0,0,0);font-family:arial,sans-serif;font-size:13px"> at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906) [httpclient-4.2.1.jar:4.2.1]</div><div style="color:rgb(0,0,0);font-family:arial,sans-serif;font-size:13px"> at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:805) [httpclient-4.2.1.jar:4.2.1]</div><div style="color:rgb(0,0,0);font-family:arial,sans-serif;font-size:13px"> at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:784) [httpclient-4.2.1.jar:4.2.1]</div><div style="color:rgb(0,0,0);font-family:arial,sans-serif;font-size:13px"> at org.keycloak.adapters.ServerRequest.invokeAccessCodeToToken(ServerRequest.java:116) [keycloak-adapter-core-1.0.4.Final.jar:]</div><div style="color:rgb(0,0,0);font-family:arial,sans-serif;font-size:13px"> at org.keycloak.adapters.ServerRequest.invokeAccessCodeToToken(ServerRequest.java:93) [keycloak-adapter-core-1.0.4.Final.jar:]</div><div style="color:rgb(0,0,0);font-family:arial,sans-serif;font-size:13px"> at org.keycloak.adapters.OAuthRequestAuthenticator.resolveCode(OAuthRequestAuthenticator.java:256) [keycloak-adapter-core-1.0.4.Final.jar:]</div><div style="color:rgb(0,0,0);font-family:arial,sans-serif;font-size:13px"> at org.keycloak.adapters.OAuthRequestAuthenticator.authenticate(OAuthRequestAuthenticator.java:205) [keycloak-adapter-core-1.0.4.Final.jar:]</div><div style="color:rgb(0,0,0);font-family:arial,sans-serif;font-size:13px"> at org.keycloak.adapters.RequestAuthenticator.authenticate(RequestAuthenticator.java:68) [keycloak-adapter-core-1.0.4.Final.jar:]</div><div style="color:rgb(0,0,0);font-family:arial,sans-serif;font-size:13px"> at org.keycloak.adapters.undertow.UndertowKeycloakAuthMech.keycloakAuthenticate(UndertowKeycloakAuthMech.java:82) [keycloak-undertow-adapter-1.0.4.Final.jar:]</div><div style="color:rgb(0,0,0);font-family:arial,sans-serif;font-size:13px"> at org.keycloak.adapters.undertow.ServletKeycloakAuthMech.authenticate(ServletKeycloakAuthMech.java:61) [keycloak-undertow-adapter-1.0.4.Final.jar:]</div><div style="color:rgb(0,0,0);font-family:arial,sans-serif;font-size:13px"> at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:281) [undertow-core-1.0.15.Final.jar:1.0.15.Final]</div><div style="color:rgb(0,0,0);font-family:arial,sans-serif;font-size:13px"> at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:298) [undertow-core-1.0.15.Final.jar:1.0.15.Final]</div><div style="color:rgb(0,0,0);font-family:arial,sans-serif;font-size:13px"> at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.access$100(SecurityContextImpl.java:268) [undertow-core-1.0.15.Final.jar:1.0.15.Final]</div><div style="color:rgb(0,0,0);font-family:arial,sans-serif;font-size:13px"> at io.undertow.security.impl.SecurityContextImpl.attemptAuthentication(SecurityContextImpl.java:131) [undertow-core-1.0.15.Final.jar:1.0.15.Final]</div><div style="color:rgb(0,0,0);font-family:arial,sans-serif;font-size:13px"> at io.undertow.security.impl.SecurityContextImpl.authTransition(SecurityContextImpl.java:106) [undertow-core-1.0.15.Final.jar:1.0.15.Final]</div><div style="color:rgb(0,0,0);font-family:arial,sans-serif;font-size:13px"> at io.undertow.security.impl.SecurityContextImpl.authenticate(SecurityContextImpl.java:99) [undertow-core-1.0.15.Final.jar:1.0.15.Final]</div><div style="color:rgb(0,0,0);font-family:arial,sans-serif;font-size:13px"> at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:54) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]</div><div style="color:rgb(0,0,0);font-family:arial,sans-serif;font-size:13px"> at io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:27) [undertow-core-1.0.15.Final.jar:1.0.15.Final]</div><div style="color:rgb(0,0,0);font-family:arial,sans-serif;font-size:13px"> at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) [undertow-core-1.0.15.Final.jar:1.0.15.Final]</div><div style="color:rgb(0,0,0);font-family:arial,sans-serif;font-size:13px"> at io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:51) [undertow-core-1.0.15.Final.jar:1.0.15.Final]</div><div style="color:rgb(0,0,0);font-family:arial,sans-serif;font-size:13px"> at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:45) [undertow-core-1.0.15.Final.jar:1.0.15.Final]</div><div style="color:rgb(0,0,0);font-family:arial,sans-serif;font-size:13px"> at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:61) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]</div><div style="color:rgb(0,0,0);font-family:arial,sans-serif;font-size:13px"> at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:56) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]</div><div style="color:rgb(0,0,0);font-family:arial,sans-serif;font-size:13px"> at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58) [undertow-core-1.0.15.Final.jar:1.0.15.Final]</div><div style="color:rgb(0,0,0);font-family:arial,sans-serif;font-size:13px"> at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:70) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]</div><div style="color:rgb(0,0,0);font-family:arial,sans-serif;font-size:13px"> at io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76) [undertow-core-1.0.15.Final.jar:1.0.15.Final]</div><div style="color:rgb(0,0,0);font-family:arial,sans-serif;font-size:13px"> at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) [undertow-core-1.0.15.Final.jar:1.0.15.Final]</div><div style="color:rgb(0,0,0);font-family:arial,sans-serif;font-size:13px"> at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)</div><div style="color:rgb(0,0,0);font-family:arial,sans-serif;font-size:13px"> at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) [undertow-core-1.0.15.Final.jar:1.0.15.Final]</div><div style="color:rgb(0,0,0);font-family:arial,sans-serif;font-size:13px"> at org.keycloak.adapters.undertow.ServletPreAuthActionsHandler.handleRequest(ServletPreAuthActionsHandler.java:69) [keycloak-undertow-adapter-1.0.4.Final.jar:]</div><div style="color:rgb(0,0,0);font-family:arial,sans-serif;font-size:13px"> at org.keycloak.adapters.undertow.ServletPreAuthActionsHandler.handleRequest(ServletPreAuthActionsHandler.java:69) [keycloak-undertow-adapter-1.0.4.Final.jar:]</div><div style="color:rgb(0,0,0);font-family:arial,sans-serif;font-size:13px"> at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) [undertow-core-1.0.15.Final.jar:1.0.15.Final]</div><div style="color:rgb(0,0,0);font-family:arial,sans-serif;font-size:13px"> at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:240) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]</div><div style="color:rgb(0,0,0);font-family:arial,sans-serif;font-size:13px"> at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:227) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]</div><div style="color:rgb(0,0,0);font-family:arial,sans-serif;font-size:13px"> at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:73) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]</div><div style="color:rgb(0,0,0);font-family:arial,sans-serif;font-size:13px"> at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:146) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]</div><div style="color:rgb(0,0,0);font-family:arial,sans-serif;font-size:13px"> at io.undertow.server.Connectors.executeRootHandler(Connectors.java:177) [undertow-core-1.0.15.Final.jar:1.0.15.Final]</div><div style="color:rgb(0,0,0);font-family:arial,sans-serif;font-size:13px"> at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:727) [undertow-core-1.0.15.Final.jar:1.0.15.Final]</div><div style="color:rgb(0,0,0);font-family:arial,sans-serif;font-size:13px"> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [rt.jar:1.8.0_25]</div><div style="color:rgb(0,0,0);font-family:arial,sans-serif;font-size:13px"> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [rt.jar:1.8.0_25]</div><div style="color:rgb(0,0,0);font-family:arial,sans-serif;font-size:13px"> at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_25]</div><div><br></div><div> Please help i feel like i am very close just missing something simple.</div><div><br></div><div style="color:rgb(0,0,0);font-family:arial,sans-serif;font-size:13px"><br></div><div style="color:rgb(0,0,0);font-family:arial,sans-serif;font-size:13px">Regards,</div><div style="color:rgb(0,0,0);font-family:arial,sans-serif;font-size:13px">Pratik Parikh</div></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Nov 14, 2014 at 9:34 AM, Pratik Parikh <span dir="ltr"><<a href="mailto:pratik.p.parikh@gmail.com" target="_blank">pratik.p.parikh@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi Bill,<div><br></div><div> My goal is get liveoak, aerogear and keycloak working on different servers. LiveOak uses Keycloak and Aerogear. Following are the steps i took.</div><div><br></div><div> 1) Install Keycloak on one server with self signed certificate. It is accessible via <a href="https://XXX.XXX.XXX.XXX:8443/auth" target="_blank">https://XXX.XXX.XXX.XXX:8443/auth</a>. Worked</div><div> 2) Installed AreoGear on another server with self signed certificate. It is accessible via <a href="https://XXX.XXX.XXX.XXX:8443/ag-push" target="_blank">https://XXX.XXX.XXX.XXX:8443/ag-push</a>. Worked</div><div> 3) Imported attached JSON in as a new aerogear realm in keycloak. Worked</div><div> 4) Updated Keycloak to use MongoDB. Worked</div><div> 5) Update application aerogear with keycloak.json restarted wildfly server. Updated application under AreoGear to use <a href="https://XXX.XXX.XXX.XXX:8443/ag-push/*" target="_blank">https://XXX.XXX.XXX.XXX:8443/ag-push/*</a> as a redirect uri. Worked.</div><div> 6) Restarted both the wildfly servers.</div><div> 7) After restart tried to login to <a href="https://XXX.XXX.XXX.XXX:8443/ag-push/" target="_blank">https://XXX.XXX.XXX.XXX:8443/ag-push/</a> forwarded me to <a href="https://XXX.XXX.XXX.XXX:8443/auth" target="_blank">https://XXX.XXX.XXX.XXX:8443/auth</a> login page. Successfull login was achieved.</div><div> 8) PROBLEM: After login redirect to <a href="https://XXX.XXX.XXX.XXX:8443/ag-push/" target="_blank">https://XXX.XXX.XXX.XXX:8443/ag-push/</a> where by i get error "No state cookie" in AreoGear log, which is coming from OAuthRequestAuthenticator line 116 because the adapter can not find a cookie with name "<span style="color:rgb(223,80,0);font-family:Consolas,'Liberation Mono',Menlo,Courier,monospace;font-size:12px;line-height:16.7999992370605px;white-space:pre-wrap">OAuth_Token_Request_State</span>" in HTTP.</div><div><br></div><div> Troubleshooting Try 1.</div><div> 1) updated aerogear to use 1.0.1.Beta1 Adapter. Still works does not solve the problem same error.</div><div><br></div><div> Troubleshooting Try 2.</div><div> 1) updated keycloak.json by adding <i>"disable-trust-manager": true</i>. Still works does not solve the problem same error.</div><div> </div><div> Troubleshooting Try 2. Still have not done but will do today is </div><div> 1) updated keycloak.json by adding <i>"disable-trust-manager": false,"truststore": "/path","truststore-password": "password"</i>. Will report back shortly.</div><div><br></div><div>Regards,</div><div>Pratik Parikh</div></div><div><div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Nov 14, 2014 at 8:46 AM, Bill Burke <span dir="ltr"><<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Can you explain your problem again? I think I am misunderstanding what<br>
problems you are having. You linked this message:<br>
<br>
<a href="http://lists.jboss.org/pipermail/keycloak-user/2014-November/001170.html" target="_blank">http://lists.jboss.org/pipermail/keycloak-user/2014-November/001170.html</a><br>
<br>
We do not support OIDC scope param, but you can limit the application's<br>
scope in the admin console.<br>
<span><br>
On 11/13/2014 10:28 PM, Pratik Parikh wrote:<br>
> Hi Bill,<br>
><br>
> Is this because both of my server (keycloak and aerogear are<br>
> https). Do i need to establish trust between them?<br>
><br>
> Regards,<br>
> Pratik Parikh<br>
><br>
> On Thu, Nov 13, 2014 at 8:18 PM, Pratik Parikh<br>
</span><span>> <<a href="mailto:pratik.p.parikh@gmail.com" target="_blank">pratik.p.parikh@gmail.com</a> <mailto:<a href="mailto:pratik.p.parikh@gmail.com" target="_blank">pratik.p.parikh@gmail.com</a>>> wrote:<br>
><br>
> Hi Bill,<br>
><br>
> Thanks i turned the scope off under the application but that<br>
> did not help. Could you please help us understand what is going<br>
> on. I am trying to look the code but seems like it is going to take<br>
> be a bit to figure it out. It seems like HttpFacade.Cookies is<br>
> suppose to have state cookie which is contained in<br>
> KeycloakDeployment. I did try what you suggest was that not<br>
> correctly understood by me? I am new to keycloak but this is a great<br>
> project would like to understand it and use it to its fullest<br>
> extend. Can you help me get past this problem. Thanks in advance.<br>
><br>
> Regards,<br>
> --<br>
> Pratik Parikh<br>
> - Mantra - Keep It Simple and Straightforward<br>
><br>
><br>
><br>
><br>
> --<br>
> Pratik Parikh<br>
> - Mantra - Keep It Simple and Straightforward<br>
><br>
><br>
</span><div><div>> _______________________________________________<br>
> keycloak-user mailing list<br>
> <a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>
> <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
><br>
<br>
--<br>
Bill Burke<br>
JBoss, a division of Red Hat<br>
<a href="http://bill.burkecentral.com" target="_blank">http://bill.burkecentral.com</a><br>
_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br><div>Pratik Parikh<br>- Mantra - Keep It Simple and Straightforward</div>
</div>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br><div>Pratik Parikh<br>- Mantra - Keep It Simple and Straightforward</div>
</div>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature">Pratik Parikh<br>- Mantra - Keep It Simple and Straightforward</div>
</div>