<div dir="ltr">It is reachable but perhaps it is a truststore issue. <div><br></div><div>Which truststore is used by the server, the one configured in jboss for https connector, or some other ?</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Jan 7, 2015 at 1:25 PM, Stian Thorgersen <span dir="ltr"><<a href="mailto:stian@redhat.com" target="_blank">stian@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Looks like a configuration issue (or a bug) you should not have to implement anything as long as you use our adapters.<br>
<br>
Did you set the admin url correctly for the app? It has to be reachable from the Keycloak server. Also, if your app is behind a proxy or is clustered that can also impact on the config.<br>
<span class="im HOEnZb"><br>
----- Original Message -----<br>
> From: "Hubert Przybysz" <<a href="mailto:h.p.przybysz@gmail.com">h.p.przybysz@gmail.com</a>><br>
</span><div class="HOEnZb"><div class="h5">> To: "Stian Thorgersen" <<a href="mailto:stian@redhat.com">stian@redhat.com</a>><br>
> Cc: "keycloak-user" <<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a>><br>
> Sent: Wednesday, 7 January, 2015 1:18:58 PM<br>
> Subject: Re: [keycloak-user] single logout<br>
><br>
> I'm using your server-side java adapters. When I logout in one application<br>
> I'm getting the exception below when the server tries to logout the second<br>
> application (which led me to think I need to implement something).<br>
><br>
> Logout for application 'app-2' failed:<br>
> org.apache.http.conn.HttpHostConnectException: Connection to https:/<br>
> <a href="http://xx.xx.net" target="_blank">xx.xx.net</a> refused<br>
> at<br>
> org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:190)<br>
> [httpclient-4.2.1-redhat-1.jar:4.2.1-redhat-1]<br>
> at<br>
> org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:151)<br>
> [httpclient-4.2.1-redhat-1.jar:4.2.1-redhat-1]<br>
> at<br>
> org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:125)<br>
> [httpclient-4.2.1-redhat-1.jar:4.2.1-redhat-1]<br>
> at<br>
> org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:640)<br>
> [httpclient-4.2.1-redhat-1.jar:4.2.1-redhat-1]<br>
> at<br>
> org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:479)<br>
> [httpclient-4.2.1-redhat-1.jar:4.2.1-redhat-1]<br>
> at<br>
> org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906)<br>
> [httpclient-4.2.1-redhat-1.jar:4.2.1-redhat-1]<br>
> at<br>
> org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:805)<br>
> [httpclient-4.2.1-redhat-1.jar:4.2.1-redhat-1]<br>
> at<br>
> org.jboss.resteasy.client.core.executors.ApacheHttpClient4Executor.execute(ApacheHttpClient4Executor.java:182)<br>
> [resteasy-jaxrs-2.3.7.Final-redhat-2.jar:2.3.7.Final-redhat-2]<br>
> at<br>
> org.jboss.resteasy.core.interception.ClientExecutionContextImpl.proceed(ClientExecutionContextImpl.java:39)<br>
> [resteasy-jaxrs-2.3.7.Final-redhat-2.jar:2.3.7.Final-redhat-2]<br>
> at<br>
> org.jboss.resteasy.plugins.interceptors.encoding.AcceptEncodingGZIPInterceptor.execute(AcceptEncodingGZIPInterceptor.java:40)<br>
> [resteasy-jaxrs-2.3.7.Final-redhat-2.jar:2.3.7.Final-redhat-2]<br>
> at<br>
> org.jboss.resteasy.core.interception.ClientExecutionContextImpl.proceed(ClientExecutionContextImpl.java:45)<br>
> [resteasy-jaxrs-2.3.7.Final-redhat-2.jar:2.3.7.Final-redhat-2]<br>
> at org.jboss.resteasy.client.ClientRequest.execute(ClientRequest.java:444)<br>
> [resteasy-jaxrs-2.3.7.Final-redhat-2.jar:2.3.7.Final-redhat-2]<br>
> at<br>
> org.jboss.resteasy.client.ClientRequest.httpMethod(ClientRequest.java:688)<br>
> [resteasy-jaxrs-2.3.7.Final-redhat-2.jar:2.3.7.Final-redhat-2]<br>
> at org.jboss.resteasy.client.ClientRequest.post(ClientRequest.java:572)<br>
> [resteasy-jaxrs-2.3.7.Final-redhat-2.jar:2.3.7.Final-redhat-2]<br>
> at<br>
> org.keycloak.services.managers.ResourceAdminManager.sendLogoutRequest(ResourceAdminManager.java:275)<br>
> [keycloak-services-1.1.0.Beta2.jar:1.1.0.Beta2]<br>
> at<br>
> org.keycloak.services.managers.ResourceAdminManager.logoutClientSessions(ResourceAdminManager.java:207)<br>
> [keycloak-services-1.1.0.Beta2.jar:1.1.0.Beta2]<br>
> at<br>
> org.keycloak.services.managers.ResourceAdminManager.logoutClientSession(ResourceAdminManager.java:167)<br>
> [keycloak-services-1.1.0.Beta2.jar:1.1.0.Beta2]<br>
> at<br>
> org.keycloak.protocol.oidc.OpenIDConnect.backchannelLogout(OpenIDConnect.java:143)<br>
> [keycloak-services-1.1.0.Beta2.jar:1.1.0.Beta2]<br>
> at<br>
> org.keycloak.services.managers.AuthenticationManager.logout(AuthenticationManager.java:97)<br>
> [keycloak-services-1.1.0.Beta2.jar:1.1.0.Beta2]<br>
> at<br>
> org.keycloak.protocol.oidc.OpenIDConnectService.logout(OpenIDConnectService.java:994)<br>
> [keycloak-services-1.1.0.Beta2.jar:1.1.0.Beta2]<br>
> at<br>
> org.keycloak.protocol.oidc.OpenIDConnectService.logout(OpenIDConnectService.java:927)<br>
> [keycloak-services-1.1.0.Beta2.jar:1.1.0.Beta2]<br>
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)<br>
> [rt.jar:1.7.0_72]<br>
><br>
><br>
> On Wed, Jan 7, 2015 at 12:53 PM, Stian Thorgersen <<a href="mailto:stian@redhat.com">stian@redhat.com</a>> wrote:<br>
><br>
> > What adapters are you using? Our adapters already have built-in support<br>
> > for this. Server-side adapters (JEE) uses the admin url, while client-side<br>
> > (JS) uses a special iframe to detect logout.<br>
> ><br>
> > ----- Original Message -----<br>
> > > From: "Hubert Przybysz" <<a href="mailto:h.p.przybysz@gmail.com">h.p.przybysz@gmail.com</a>><br>
> > > To: "keycloak-user" <<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a>><br>
> > > Sent: Wednesday, 7 January, 2015 12:19:12 PM<br>
> > > Subject: [keycloak-user] single logout<br>
> > ><br>
> > > Hi,<br>
> > ><br>
> > > I'm looking for information on how to implement single logout across<br>
> > > applications in the realm. There is an Admin URL setting per application<br>
> > in<br>
> > > the realm admin GUI which is to be set if the application supports "the<br>
> > > adapter REST API", but I failed to find any information about this API.<br>
> > Is<br>
> > > this the API to use for single logout ?<br>
> > ><br>
> > > Br / Hubert.<br>
> > ><br>
> > > _______________________________________________<br>
> > > keycloak-user mailing list<br>
> > > <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
> > > <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
> ><br>
><br>
</div></div></blockquote></div><br></div>