<div dir="ltr"><div><a href="http://docs.jboss.org/keycloak/docs/1.1.0.Beta1/userguide/html/ch07.html#adapter-config">http://docs.jboss.org/keycloak/docs/1.1.0.Beta1/userguide/html/ch07.html#adapter-config</a></div><div>"client-keystore</div><div>Not supported yet, but we will support in future versions."</div><div>So if my adapter has SSL enabled is not supported yet? Or how do I configure it to work if my adapter has the SSL enabled?</div><div>I tried with an adapter without SSL enabled and the keycloak with the SSL enabled and it worked. But when I tried it with both, the adapter and the keycloak with SSL enabled, it doesn't work. I got the following logs on the adapter:</div><div>ERROR [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-6) failed to turn code into token</div><div>ERROR [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-6) status from server: 404</div><div><br></div><div>Regards</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Nov 20, 2014 at 2:25 AM, Stian Thorgersen <span dir="ltr"><<a href="mailto:stian@redhat.com" target="_blank">stian@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Are there no errors or warning in the server log? Try enabling debug for org.keycloak and see if there's anything interesting.<br>
<br>
First thing try the exact same setup (two servers), but without ssl.<br>
<br>
If that works disable enable ssl, but disable the trust manager in the adapter (disable-trust-manager option on adapter, see <a href="http://docs.jboss.org/keycloak/docs/1.1.0.Beta1/userguide/html/ch07.html#adapter-config" target="_blank">http://docs.jboss.org/keycloak/docs/1.1.0.Beta1/userguide/html/ch07.html#adapter-config</a>).<br>
<br>
If it still works create a truststore and import your certificate. Then set truststore and truststore-password on the adapter.<br>
<span class="im HOEnZb"><br>
----- Original Message -----<br>
> From: "Fabián Silva" <<a href="mailto:afsg77@gmail.com">afsg77@gmail.com</a>><br>
> To: "Stan Silvert" <<a href="mailto:ssilvert@redhat.com">ssilvert@redhat.com</a>><br>
> Cc: <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
</span><span class="im HOEnZb">> Sent: Wednesday, 19 November, 2014 6:35:15 PM<br>
> Subject: Re: [keycloak-user] Error on application log in<br>
><br>
</span><div class="HOEnZb"><div class="h5">> I tried deploying it onto a local wildfly in domain without the SSL enabled<br>
> and it worked. What I can't figure it out is why the SSL is causing conflict<br>
> and how to solve this, I can't simply disable the SSL.<br>
><br>
> Regards<br>
><br>
> On Wed, Nov 19, 2014 at 11:28 AM, Stan Silvert < <a href="mailto:ssilvert@redhat.com">ssilvert@redhat.com</a> > wrote:<br>
><br>
><br>
><br>
> Have you tried it using the two servers but without SSL?<br>
><br>
> You can set ssl-required to "none" on the adapter (application) side. Also on<br>
> the Keycloak server side, try setting Access Type to "public". Do one of<br>
> those at a time and see if either causes it to work. That might narrow it<br>
> down a bit.<br>
><br>
><br>
> On 11/19/2014 11:29 AM, Fabián Silva wrote:<br>
><br>
><br>
><br>
> Hi,<br>
> I'm running out of ideas in here. In simple terms I got a Wildfly running on<br>
> domain on a server and a keycloak on another server. I set the adapters on<br>
> my wildfly and deploy, to this wildfly, a web app that uses keycloak. When I<br>
> try to access the web app it displays the keycloak login, it validates the<br>
> users ok, but when you access with a correct user and password it shows the<br>
> "403 - Forbidden". At first I thought it was some issue with the roles, but<br>
> that didn't fix it.<br>
><br>
> Regards<br>
><br>
> On Fri, Nov 14, 2014 at 10:20 AM, Fabián Silva < <a href="mailto:afsg77@gmail.com">afsg77@gmail.com</a> > wrote:<br>
><br>
><br>
><br>
> Hi,<br>
> It is already set to use the absolute path. And the keycloak is working when<br>
> I deploy the application to my local wildfly domain. The issue is when I try<br>
> to deploy to another wildfly in domain mode on a separate server. The<br>
> application is the same and the only difference I can tell from the two<br>
> wildflys is that the local don't have the SSL/HTTPS enabled. I have the<br>
> keycloak adapter set in both domains.<br>
><br>
> I'm trying to trace those errors on the keycloak code to try to understand<br>
> what is happening, but I haven't been so lucky with this.<br>
><br>
> Regards<br>
> Alejandro Fabián Silva Grifé<br>
><br>
> On Fri, Nov 14, 2014 at 2:27 AM, Marek Posolda < <a href="mailto:mposolda@redhat.com">mposolda@redhat.com</a> > wrote:<br>
><br>
><br>
><br>
> Hi,<br>
><br>
> it failed on the adapter (application) side and error 404 means "Not found".<br>
> So adapter can't find the keycloak server to turn code into token. Make sure<br>
> to configure "auth-server-url" in keycloak.json for your application<br>
> properly. If relative uri doesn't work for some reason, you can rather try<br>
> to use absolute uri for auth-server-url like "<a href="https://localhost:8443/auth" target="_blank">https://localhost:8443/auth</a>" .<br>
><br>
> Marek<br>
><br>
><br>
> On 14.11.2014 01:31, Fabián Silva wrote:<br>
><br>
><br>
><br>
> I have a keycloak installed on wildfly standalone. I'm trying to deploy an<br>
> application, that use this keycloak, on a separate server with wilflly<br>
> running on domain mode. I tried first to deploy on a domain out of the box<br>
> on my local machine, setting the keycloak-wildfly-adapter-dist-1.0.4.Final.<br>
> It deploys fine and does the authentication without any issues. When I try<br>
> to migrate it to the server running my wilfly (also in domain mode and the<br>
> keycloak adapter set), it deploys fine and shows the keycloak login once you<br>
> enter the application. But the problem is that when you login it displays a<br>
> "403 - Forbidden" and on the log I'm seeing<br>
> ERROR [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-6)<br>
> failed to turn code into token<br>
> ERROR [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-6)<br>
> status from server: 404<br>
> The only difference between those two wildfly domain mode is that in the<br>
> local I don't have the the SSL/HTTPS enabled.<br>
><br>
> Have anyone seen this error? or have an idea of what this could be?<br>
><br>
> Regards<br>
><br>
><br>
> _______________________________________________<br>
> keycloak-user mailing list <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
> <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
><br>
><br>
><br>
><br>
><br>
> _______________________________________________<br>
> keycloak-user mailing list <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
> <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
><br>
><br>
> _______________________________________________<br>
> keycloak-user mailing list<br>
> <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
> <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
><br>
><br>
> _______________________________________________<br>
> keycloak-user mailing list<br>
> <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
> <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
</div></div></blockquote></div><br></div>