<div dir="ltr">I tried deploying it onto a local wildfly in domain without the SSL enabled and it worked. What I can't figure it out is why the SSL is causing conflict and how to solve this, I can't simply disable the SSL.<div><br></div><div>Regards</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Nov 19, 2014 at 11:28 AM, Stan Silvert <span dir="ltr"><<a href="mailto:ssilvert@redhat.com" target="_blank">ssilvert@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<div>Have you tried it using the two servers
but without SSL?<br>
<br>
You can set ssl-required to "none" on the adapter (application)
side. Also on the Keycloak server side, try setting Access Type
to "public". Do one of those at a time and see if either causes
it to work. That might narrow it down a bit.<div><div class="h5"><br>
<br>
On 11/19/2014 11:29 AM, Fabián Silva wrote:<br>
</div></div></div><div><div class="h5">
<blockquote type="cite">
<div dir="ltr">
<div>Hi,</div>
<div>I'm running out of ideas in here. In simple terms I got a
Wildfly running on domain on a server and a keycloak on
another server. I set the adapters on my wildfly and deploy,
to this wildfly, a web app that uses keycloak. When I try to
access the web app it displays the keycloak login, it
validates the users ok, but when you access with a correct
user and password it shows the "403 - Forbidden". At first I
thought it was some issue with the roles, but that didn't fix
it.</div>
<div><br>
</div>
<div>Regards</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Fri, Nov 14, 2014 at 10:20 AM,
Fabián Silva <span dir="ltr"><<a href="mailto:afsg77@gmail.com" target="_blank">afsg77@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">
<div>Hi,</div>
<div>It is already set to use the absolute path. And the
keycloak is working when I deploy the application to
my local wildfly domain. The issue is when I try to
deploy to another wildfly in domain mode on a separate
server. The application is the same and the only
difference I can tell from the two wildflys is that
the local don't have the SSL/HTTPS enabled. I have the
keycloak adapter set in both domains.</div>
<div><br>
</div>
<div>I'm trying to trace those errors on the keycloak
code to try to understand what is happening, but I
haven't been so lucky with this.</div>
<div><br>
</div>
<div>Regards</div>
<div>Alejandro Fabián Silva Grifé</div>
</div>
<div>
<div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Fri, Nov 14, 2014 at
2:27 AM, Marek Posolda <span dir="ltr"><<a href="mailto:mposolda@redhat.com" target="_blank">mposolda@redhat.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div>Hi,<br>
<br>
it failed on the adapter (application) side
and error 404 means "Not found". So adapter
can't find the keycloak server to turn code
into token. Make sure to configure
"auth-server-url" in keycloak.json for your
application properly. If relative uri
doesn't work for some reason, you can rather
try to use absolute uri for auth-server-url
like <a href="https://localhost:8443/auth" target="_blank">"https://localhost:8443/auth"</a>
.<br>
<br>
Marek
<div>
<div><br>
<br>
On 14.11.2014 01:31, Fabián Silva wrote:<br>
</div>
</div>
</div>
<blockquote type="cite">
<div>
<div>
<div dir="ltr">
<div>I have a keycloak installed on
wildfly standalone. I'm trying to
deploy an application, that use this
keycloak, on a separate server with
wilflly running on domain mode. I
tried first to deploy on a domain
out of the box on my local machine,
setting the
keycloak-wildfly-adapter-dist-1.0.4.Final.
It deploys fine and does the
authentication without any issues.
When I try to migrate it to the
server running my wilfly (also in
domain mode and the keycloak adapter
set), it deploys fine and shows the
keycloak login once you enter the
application. But the problem is that
when you login it displays a "403 -
Forbidden" and on the log I'm
seeing </div>
<div>ERROR
[org.keycloak.adapters.OAuthRequestAuthenticator]
(default task-6) failed to turn code
into token</div>
<div>ERROR
[org.keycloak.adapters.OAuthRequestAuthenticator]
(default task-6) status from server:
404</div>
<div>The only difference between those
two wildfly domain mode is that in
the local I don't have the the
SSL/HTTPS enabled.</div>
<div><br>
</div>
<div>Have anyone seen this error? or
have an idea of what this could be?</div>
<div><br>
</div>
<div>Regards</div>
</div>
<br>
<fieldset></fieldset>
<br>
</div>
</div>
<pre>_______________________________________________
keycloak-user mailing list
<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>
</blockquote>
<br>
</div>
</blockquote>
</div>
<br>
</div>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</div>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
keycloak-user mailing list
<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>
</blockquote>
<br>
</div></div></div>
<br>_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br></blockquote></div><br></div>