<div dir="ltr">Thank you both, very much!<div><br></div><div>Pointing me at the web.xml was the final piece I needed. I spent some more time trying to understand the bits and bobs in that file and finally understood the URL paths of my sample app, and how they were (or were not, in my case) being reflected in the web.xml.</div><div><br></div><div>I was even able to move my working configuration to a Tomcat server and replicate my success there. Many thanks!!</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Mar 31, 2015 at 11:58 PM, Stian Thorgersen <span dir="ltr"><<a href="mailto:stian@redhat.com" target="_blank">stian@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class=""><br>
<br>
----- Original Message -----<br>
> From: "Sebastian Lorenz" <<a href="mailto:sebastian.p.lorenz@gmail.com">sebastian.p.lorenz@gmail.com</a>><br>
> To: <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
> Sent: Wednesday, 1 April, 2015 8:52:25 AM<br>
> Subject: [keycloak-user] Fwd: Help troubleshooting config<br>
><br>
> Hi Tom,<br>
><br>
> I'm also quite new to Keycloak and had some trouble setting it up in the<br>
> beginning.<br>
> That's why I wrote a small tutorial <a href="http://sebplorenz.blogspot.de/" target="_blank">http://sebplorenz.blogspot.de/</a><br>
> Maybe it is of help for you.<br>
><br>
> Since you are not redirected to Keycloak at all, I would assume that either:<br>
><br>
> 1. Your web resource is not listed in the <security-constraint> element in<br>
> web.xml or<br>
<br>
</span>I'd say this is the problem - as 2 and 3 would result in errors not leaving the resource unsecured<br>
<div class="HOEnZb"><div class="h5"><br>
> 2. Your <auth-method> is not set to Keycloak in web.xml or<br>
> 3. Keycloak is not configured correctly in your standalone.xml server<br>
> configuration and therefore does not interrupt the access to the resource.<br>
><br>
> Good Luck. Sebastian<br>
><br>
><br>
><br>
> ---------- Weitergeleitete Nachricht ----------<br>
> From: Thomas LaPorte < <a href="mailto:Thomas.LaPorte@dreamworks.com">Thomas.LaPorte@dreamworks.com</a> ><br>
> To: <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
> Cc:<br>
> Date: Tue, 31 Mar 2015 15:05:32 -0700<br>
> Subject: Re: [keycloak-user] Help troubleshooting config<br>
> Thanks to a list member for some debug setup help, I'm getting much more<br>
> information.<br>
><br>
> Now I can see (and confirm my suspicion), that something is not right and my<br>
> resource is unprotected.<br>
><br>
> For the example customer-portal app, I see that after the "callback-uri: ..."<br>
> message, I get a "Sending redirect to login page:..." message.<br>
><br>
> For my app, it goes directly to "AuthenticatedActionsValve.invoke"<br>
><br>
> -- Tom<br>
><br>
> On Tue, Mar 31, 2015 at 2:49 PM, Guy Davis < <a href="mailto:guydavis.ca@gmail.com">guydavis.ca@gmail.com</a> > wrote:<br>
><br>
><br>
><br>
> Hi Thomas,<br>
><br>
> To dial up logging, try adding this to your standalone.xml file in the<br>
> logging subsystem and re-starting your Wildfly instance:<br>
><br>
> <logger category="org.keycloak"><br>
> <level name="DEBUG"/><br>
> </logger><br>
><br>
> Then, be sure you have the right configuration in your web.xml of your test<br>
> WAR file. See the docs here for details.<br>
><br>
> Hope this helps,<br>
> Guy<br>
><br>
><br>
> On Tue, Mar 31, 2015 at 3:30 PM, Thomas LaPorte <<br>
> <a href="mailto:Thomas.LaPorte@dreamworks.com">Thomas.LaPorte@dreamworks.com</a> > wrote:<br>
><br>
><br>
><br>
> Apologies for cutting off by hitting send prematurely.<br>
><br>
><br>
><br>
> On Tue, Mar 31, 2015 at 2:26 PM, Thomas LaPorte <<br>
> <a href="mailto:Thomas.LaPorte@dreamworks.com">Thomas.LaPorte@dreamworks.com</a> > wrote:<br>
><br>
><br>
><br>
> Greetings. I'm a first-time user of Keycloak, trying to set up a simple<br>
> demonstration after the examples, however, I'm having 0% success in getting<br>
> my configuration correct enough such that my web resource is protected.<br>
><br>
> I have reduced my setup all the way down to a basic "HelloWorld.jsp" in a WAR<br>
> file that is deployed into the standalone Wildfly server that is also<br>
> hosting the Keycloak server.<br>
><br>
> I am convinced that it is a configuration step being missed somewhere, as I<br>
> can always access my URL without intervention from the Keycloak server.<br>
><br>
> My WAR file consists of the following:<br>
><br>
> 0 Tue Mar 31 14:20:20 PDT 2015 META-INF/<br>
> 68 Tue Mar 31 14:20:20 PDT 2015 META-INF/MANIFEST.MF<br>
> 0 Tue Mar 31 14:08:34 PDT 2015 WEB-INF/<br>
> 1584 Tue Mar 31 09:47:52 PDT 2015 WEB-INF/web.xml<br>
> 491 Tue Mar 31 14:08:34 PDT 2015 WEB-INF/keycloak.json<br>
> 308 Tue Mar 31 14:20:18 PDT 2015 index.jsp<br>
><br>
> I have added my application to the demo realm by copying the customer-portal<br>
> application stanza, and replacing the "customer-portal" with my app name:<br>
><br>
> {<br>
> "name": "goalkeepers",<br>
> "enabled": true,<br>
> "adminUrl": "/goalkeepers",<br>
> "baseUrl": "/goalkeepers",<br>
> "redirectUris": [<br>
> "/goalkeepers/*"<br>
> ],<br>
> "secret": "password"<br>
> }<br>
> At this stage I am just looking for suggestions on how best to troubleshoot<br>
> my configuration? What logging properties can I set to enable more<br>
> debugging? Or where else can I look for some clues as to the errors in my<br>
> configuration?<br>
><br>
> I fear I am missing something extremely fundamental, but I can't for the life<br>
> of me see what it is.<br>
><br>
> - Tom<br>
><br>
> _______________________________________________<br>
> keycloak-user mailing list<br>
> <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
> <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
><br>
><br>
><br>
><br>
><br>
> _______________________________________________<br>
> keycloak-user mailing list<br>
> <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
> <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
</div></div></blockquote></div><br></div>