<div dir="ltr"><div>I have tried "disable-trust-manager": true, but did not worked. I still get the "403 - Forbidden".</div><div>I tried also to set the "truststore" : "path/to/truststore.jks" and "truststore-password" : "pass" and also did not worked. </div><div>The only thing that has worked is to deploy it with a wildfly without the SSL enabled.</div><div>Is there another thing I can try, to make it worked with a domain wildfly with SSL enabled?</div><div><br></div><div>Regards</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Nov 24, 2014 at 2:29 AM, Stian Thorgersen <span dir="ltr"><<a href="mailto:stian@redhat.com" target="_blank">stian@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">The options you're after are truststore, truststore-password and disable-trust-manager, not client-keystore.<br>
<span class="im HOEnZb"><br>
----- Original Message -----<br>
> From: "Fabián Silva" <<a href="mailto:afsg77@gmail.com">afsg77@gmail.com</a>><br>
</span><span class="im HOEnZb">> To: "Stian Thorgersen" <<a href="mailto:stian@redhat.com">stian@redhat.com</a>><br>
> Cc: "Stan Silvert" <<a href="mailto:ssilvert@redhat.com">ssilvert@redhat.com</a>>, <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
> Sent: Saturday, 22 November, 2014 12:58:16 AM<br>
> Subject: Re: [keycloak-user] Error on application log in<br>
><br>
</span><div class="HOEnZb"><div class="h5">> <a href="http://docs.jboss.org/keycloak/docs/1.1.0.Beta1/userguide/html/ch07.html#adapter-config" target="_blank">http://docs.jboss.org/keycloak/docs/1.1.0.Beta1/userguide/html/ch07.html#adapter-config</a><br>
> "client-keystore<br>
> Not supported yet, but we will support in future versions."<br>
> So if my adapter has SSL enabled is not supported yet? Or how do I<br>
> configure it to work if my adapter has the SSL enabled?<br>
> I tried with an adapter without SSL enabled and the keycloak with the SSL<br>
> enabled and it worked. But when I tried it with both, the adapter and the<br>
> keycloak with SSL enabled, it doesn't work. I got the following logs on the<br>
> adapter:<br>
> ERROR [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-6)<br>
> failed to turn code into token<br>
> ERROR [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-6)<br>
> status from server: 404<br>
><br>
> Regards<br>
><br>
> On Thu, Nov 20, 2014 at 2:25 AM, Stian Thorgersen <<a href="mailto:stian@redhat.com">stian@redhat.com</a>> wrote:<br>
><br>
> > Are there no errors or warning in the server log? Try enabling debug for<br>
> > org.keycloak and see if there's anything interesting.<br>
> ><br>
> > First thing try the exact same setup (two servers), but without ssl.<br>
> ><br>
> > If that works disable enable ssl, but disable the trust manager in the<br>
> > adapter (disable-trust-manager option on adapter, see<br>
> > <a href="http://docs.jboss.org/keycloak/docs/1.1.0.Beta1/userguide/html/ch07.html#adapter-config" target="_blank">http://docs.jboss.org/keycloak/docs/1.1.0.Beta1/userguide/html/ch07.html#adapter-config</a><br>
> > ).<br>
> ><br>
> > If it still works create a truststore and import your certificate. Then<br>
> > set truststore and truststore-password on the adapter.<br>
> ><br>
> > ----- Original Message -----<br>
> > > From: "Fabián Silva" <<a href="mailto:afsg77@gmail.com">afsg77@gmail.com</a>><br>
> > > To: "Stan Silvert" <<a href="mailto:ssilvert@redhat.com">ssilvert@redhat.com</a>><br>
> > > Cc: <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
> > > Sent: Wednesday, 19 November, 2014 6:35:15 PM<br>
> > > Subject: Re: [keycloak-user] Error on application log in<br>
> > ><br>
> > > I tried deploying it onto a local wildfly in domain without the SSL<br>
> > enabled<br>
> > > and it worked. What I can't figure it out is why the SSL is causing<br>
> > conflict<br>
> > > and how to solve this, I can't simply disable the SSL.<br>
> > ><br>
> > > Regards<br>
> > ><br>
> > > On Wed, Nov 19, 2014 at 11:28 AM, Stan Silvert < <a href="mailto:ssilvert@redhat.com">ssilvert@redhat.com</a> ><br>
> > wrote:<br>
> > ><br>
> > ><br>
> > ><br>
> > > Have you tried it using the two servers but without SSL?<br>
> > ><br>
> > > You can set ssl-required to "none" on the adapter (application) side.<br>
> > Also on<br>
> > > the Keycloak server side, try setting Access Type to "public". Do one of<br>
> > > those at a time and see if either causes it to work. That might narrow it<br>
> > > down a bit.<br>
> > ><br>
> > ><br>
> > > On 11/19/2014 11:29 AM, Fabián Silva wrote:<br>
> > ><br>
> > ><br>
> > ><br>
> > > Hi,<br>
> > > I'm running out of ideas in here. In simple terms I got a Wildfly<br>
> > running on<br>
> > > domain on a server and a keycloak on another server. I set the adapters<br>
> > on<br>
> > > my wildfly and deploy, to this wildfly, a web app that uses keycloak.<br>
> > When I<br>
> > > try to access the web app it displays the keycloak login, it validates<br>
> > the<br>
> > > users ok, but when you access with a correct user and password it shows<br>
> > the<br>
> > > "403 - Forbidden". At first I thought it was some issue with the roles,<br>
> > but<br>
> > > that didn't fix it.<br>
> > ><br>
> > > Regards<br>
> > ><br>
> > > On Fri, Nov 14, 2014 at 10:20 AM, Fabián Silva < <a href="mailto:afsg77@gmail.com">afsg77@gmail.com</a> ><br>
> > wrote:<br>
> > ><br>
> > ><br>
> > ><br>
> > > Hi,<br>
> > > It is already set to use the absolute path. And the keycloak is working<br>
> > when<br>
> > > I deploy the application to my local wildfly domain. The issue is when I<br>
> > try<br>
> > > to deploy to another wildfly in domain mode on a separate server. The<br>
> > > application is the same and the only difference I can tell from the two<br>
> > > wildflys is that the local don't have the SSL/HTTPS enabled. I have the<br>
> > > keycloak adapter set in both domains.<br>
> > ><br>
> > > I'm trying to trace those errors on the keycloak code to try to<br>
> > understand<br>
> > > what is happening, but I haven't been so lucky with this.<br>
> > ><br>
> > > Regards<br>
> > > Alejandro Fabián Silva Grifé<br>
> > ><br>
> > > On Fri, Nov 14, 2014 at 2:27 AM, Marek Posolda < <a href="mailto:mposolda@redhat.com">mposolda@redhat.com</a> ><br>
> > wrote:<br>
> > ><br>
> > ><br>
> > ><br>
> > > Hi,<br>
> > ><br>
> > > it failed on the adapter (application) side and error 404 means "Not<br>
> > found".<br>
> > > So adapter can't find the keycloak server to turn code into token. Make<br>
> > sure<br>
> > > to configure "auth-server-url" in keycloak.json for your application<br>
> > > properly. If relative uri doesn't work for some reason, you can rather<br>
> > try<br>
> > > to use absolute uri for auth-server-url like "<br>
> > <a href="https://localhost:8443/auth" target="_blank">https://localhost:8443/auth</a>" .<br>
> > ><br>
> > > Marek<br>
> > ><br>
> > ><br>
> > > On 14.11.2014 01:31, Fabián Silva wrote:<br>
> > ><br>
> > ><br>
> > ><br>
> > > I have a keycloak installed on wildfly standalone. I'm trying to deploy<br>
> > an<br>
> > > application, that use this keycloak, on a separate server with wilflly<br>
> > > running on domain mode. I tried first to deploy on a domain out of the<br>
> > box<br>
> > > on my local machine, setting the<br>
> > keycloak-wildfly-adapter-dist-1.0.4.Final.<br>
> > > It deploys fine and does the authentication without any issues. When I<br>
> > try<br>
> > > to migrate it to the server running my wilfly (also in domain mode and<br>
> > the<br>
> > > keycloak adapter set), it deploys fine and shows the keycloak login once<br>
> > you<br>
> > > enter the application. But the problem is that when you login it<br>
> > displays a<br>
> > > "403 - Forbidden" and on the log I'm seeing<br>
> > > ERROR [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-6)<br>
> > > failed to turn code into token<br>
> > > ERROR [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-6)<br>
> > > status from server: 404<br>
> > > The only difference between those two wildfly domain mode is that in the<br>
> > > local I don't have the the SSL/HTTPS enabled.<br>
> > ><br>
> > > Have anyone seen this error? or have an idea of what this could be?<br>
> > ><br>
> > > Regards<br>
> > ><br>
> > ><br>
> > > _______________________________________________<br>
> > > keycloak-user mailing list <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
> > > <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
> > ><br>
> > ><br>
> > ><br>
> > ><br>
> > ><br>
> > > _______________________________________________<br>
> > > keycloak-user mailing list <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
> > > <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
> > ><br>
> > ><br>
> > > _______________________________________________<br>
> > > keycloak-user mailing list<br>
> > > <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
> > > <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
> > ><br>
> > ><br>
> > > _______________________________________________<br>
> > > keycloak-user mailing list<br>
> > > <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
> > > <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
> ><br>
><br>
</div></div></blockquote></div><br></div>