<div dir="ltr"><div><div><div><div><div><div><div>Hello,<br><br></div>I had a working setup of a
Java web application running on machine A secured by keycloak on machine
B (<a href="http://login.restcomm.com">login.restcomm.com</a>). The application running on A provides a REST api is used from the UI. The application also contains a UI (angular) that accesses the REST api. <a href="http://login.restcomm.com">login.restcomm.com</a> is the keycloak running on docker and resolves to 172.17.42.1 (overriden in /etc/hosts). I'm using keycloak 1.2.0.Final. Both the UI and the REST api have been secured and the application worked fine with "ssl-required" -> "external".<br><br></div><div>I switched keycloak configuration to HTTPS (using "all") and i'm experience the following:<br><br></div><div>Login seems to work fine. When trying to access the UI i'm redirected to <a href="https://login.restcomm.com">https://login.restcomm.com</a>, i login and back to the UI. BUT, the request to A's services though succesfull (200 OK) return blank content. As if the adapter get in the way and overrides the response. I'm also getting the following message in A's log:<br></div><div><br>12:21:55,083 DEBUG [org.keycloak.adapters.PreAuthActionsHandler] (http-/192.168.1.39:8080-4) adminRequest <a href="http://192.168.1.39:8080/restcomm-rvd/api/projects" target="_blank">http://192.168.1.39:8080/restcomm-rvd/api/projects</a><br>12:21:55,085 WARN [org.keycloak.adapters.RequestAuthenticator] (http-/192.168.1.39:8080-4) SSL is required to authenticate<br><br><a href="http://192.168.1.39:8080/restcomm-rvd/api/projects">http://192.168.1.39:8080/restcomm-rvd/api/projects</a> is the endpoint that is supposed to return a block of JSON.<br></div><br></div><div>The
same happens when trying to access the endpoint directly using an
independent REST client. I get back a 200 OK and the same message
appears in the log but there is no content in the response.<br></div><div><br></div>Keep in mind that HTTPS is only enabled for accessing keycloak. The web application still runs on HTTP. Is this supported?<br><br></div>I have also made various experiments in keycloak.json (for the REST api) starting from this:<br><br>{<br> "realm": "restcomm",<br> "realm-public-key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",<br> "bearer-only": true,<br> "auth-server-url": "<a href="https://login.restcomm.com/auth" target="_blank">https://login.restcomm.com/auth</a>",<br> "ssl-required": "all",<br> "disable-trust-manager": true,<br> "resource": "restcomm-rvd",<br> "enable-cors": true<br>}<br><br></div>down to this:<br><div><br>{<br> "realm": "restcomm",<br> "realm-public-key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",<br> "bearer-only": true,<br> "auth-server-url": "<a href="https://login.restcomm.com/auth" target="_blank">https://login.restcomm.com/auth</a>",<br> "ssl-required": "all",<br> "allow-any-hostname":true,<br> "disable-trust-manager": false,<br> "truststore": "/tmp/trusted_keycloak.jks",<br> "truststore-password" : "password",<br> "resource": "restcomm-rvd"<br>}<br><br><br></div>Any pointers will be great help.<br><br></div>Thanks in advance<br><br></div>Orestis<br><div><div><br><br></div></div></div>