<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Marko, I think it is properly configured. Both the edge and the
organization service are part of the master realm. The only
difference is that access to edge is public and access to
organization is confidential. From the web browser, I have no
problem in logging in to the edge service and then going to the <i>/organization/organizations</i>
path. The access to that path is not restricted in any other way.<br>
<br>
<div class="moz-cite-prefix">14/01/2016 18:28(e)an,
<a class="moz-txt-link-abbreviated" href="mailto:keycloak-user-request@lists.jboss.org">keycloak-user-request@lists.jboss.org</a> igorleak idatzi zuen:<br>
</div>
<blockquote
cite="mid:mailman.71607.1452792505.3339.keycloak-user@lists.jboss.org"
type="cite">
<pre wrap="">Send keycloak-user mailing list submissions to
<a class="moz-txt-link-abbreviated" href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a>
To subscribe or unsubscribe via the World Wide Web, visit
<a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/keycloak-user">https://lists.jboss.org/mailman/listinfo/keycloak-user</a>
or, via email, send a message with subject or body 'help' to
<a class="moz-txt-link-abbreviated" href="mailto:keycloak-user-request@lists.jboss.org">keycloak-user-request@lists.jboss.org</a>
You can reach the person managing the list at
<a class="moz-txt-link-abbreviated" href="mailto:keycloak-user-owner@lists.jboss.org">keycloak-user-owner@lists.jboss.org</a>
When replying, please edit your Subject line so it is more specific
than "Re: Contents of keycloak-user digest..."
Today's Topics:
1. Re: Login to keycloak from Android app (Marko Strukelj)
2. Re: KEYCLOAK w/ NGINX Reverse Proxy (Christopher Wallace)
----------------------------------------------------------------------
Message: 1
Date: Thu, 14 Jan 2016 17:27:51 +0100
From: Marko Strukelj <a class="moz-txt-link-rfc2396E" href="mailto:mstrukel@redhat.com"><mstrukel@redhat.com></a>
Subject: Re: [keycloak-user] Login to keycloak from Android app
To: Iv?n Perdomo <a class="moz-txt-link-rfc2396E" href="mailto:ivan@akvo.org"><ivan@akvo.org></a>
Cc: keycloak-user <a class="moz-txt-link-rfc2396E" href="mailto:keycloak-user@lists.jboss.org"><keycloak-user@lists.jboss.org></a>
Message-ID:
<a class="moz-txt-link-rfc2396E" href="mailto:CA+1OW+idF1QD8ro+QOqvDMjrhZCA_Z1fMZdDvpCWjpzBCw87Sg@mail.gmail.com"><CA+1OW+idF1QD8ro+QOqvDMjrhZCA_Z1fMZdDvpCWjpzBCw87Sg@mail.gmail.com></a>
Content-Type: text/plain; charset=UTF-8
Is the adapter for your 'organization' REST endpoint properly
configured to use 'master' realm and 'edge' client?
The keycloak.json config file in your organisation.war (or keycloak
subsystem configuration) has to match that of 'edge' client
configuration in your 'master' realm on Keycloak server.
On Thu, Jan 14, 2016 at 4:38 PM, Iv?n Perdomo <a class="moz-txt-link-rfc2396E" href="mailto:ivan@akvo.org"><ivan@akvo.org></a> wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Hi,
I tried this code some months ago and managed to login from Android.
<a class="moz-txt-link-freetext" href="https://github.com/learning-layers/android-openid-connect">https://github.com/learning-layers/android-openid-connect</a>
Cheers,
On 01/14/2016 04:29 PM, Aritz Maeztu wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Many thanks to all of you for the help. I'm so close to achieve it, so I
need some last tip (and think you can do even about not to have mobile
knowledge). That's the steps I've followed to authenticate a user in a
public client in the Android app:
1- Launch a browser app pointing to keycloak's authorization site for
the client:
Intent i = new Intent(Intent.ACTION_VIEW,
Uri.parse(<a class="moz-txt-link-rfc2396E" href="http://192.168.0.230:8080/auth/realms/master/protocol/">"http://192.168.0.230:8080/auth/realms/master/protocol/"</a> +
"openid-connect/auth?response_type=code&client_id=web_service&redirect_uri=android://app"));
startActivity(i);
2- Retrieve the authorization code when coming back to my app and ask
for an access token:
RestTemplate template = new RestTemplate();
template.getMessageConverters().add(new
FormHttpMessageConverter());
template.getMessageConverters().add(new
MappingJackson2HttpMessageConverter());
MultiValueMap<String, String> form = new
LinkedMultiValueMap<>();
form.add("grant_type", "authorization_code");
form.add("client_id", "edge");
form.add("code", accessCode);
form.add("redirect_uri", "tcheck://app");
ResponseEntity rssResponse = template.postForEntity(
<a class="moz-txt-link-rfc2396E" href="http://192.168.0.230:8080/auth/realms/master/protocol/openid-connect/token">"http://192.168.0.230:8080/auth/realms/master/protocol/openid-connect/token"</a>,
form,
AccessToken.class);
I'm passing the parameters in the request body as x-www-form-urlencoded
and it works. I do get an access token, with this format:
{
"access_token" :
"eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiI5OTEzYmRjOS1jZmI0LTRlZjAtYTcxYy0yYWUwYmQ3MTkwZDkiLCJleHAiOjE0NTI3NzUwNDQsIm5iZiI6MCwiaWF0IjoxNDUyNzc0OTg0LCJpc3MiOiJodHRwOi8vMTkyLjE2OC4wLjIzMDo4MDgwL2F1dGgvcmVhbG1zL21hc3RlciIsImF1ZCI6ImVkZ2UiLCJzdWIiOiJhNzE0NzAxNS0zNWM2LTRhZWEtYjNjOC1hNTY1ZTQ5YjcyZDkiLCJ0eXAiOiJCZWFyZXIiLCJhenAiOiJlZGdlIiwic2Vzc2lvbl9zdGF0ZSI6IjdkZDVhZDdiLWQwYWItNGZiYS1iOWNiLWYzNjYxYTk5NGU3OSIsImNsaWVudF9zZXNzaW9uIjoiZDg2MzY1NjctMzg2MS00NjU5LTg0ZjItMDZjYmM5YTI3YTU1IiwiYWxsb3dlZC1vcmlnaW5zIjpbXSwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbIlNVUEVSX0FETUlOIiwiY3JlYXRlLXJlYWxtIiwiVklFV19PUkdBTklaQVRJT04iLCJST0xFX1RDSEVDS19TVVBFUl9BRE1JTiIsIlJPTEVfVENIRUNLX0FETUlOIiwiYWRtaW4iXX0sInJlc291cmNlX2FjY2VzcyI6eyJtYXN0ZXItcmVhbG0iOnsicm9sZXMiOlsibWFuYWdlLWV2ZW50cyIsInZpZXctcmVhbG0iLCJ2aWV3LWlkZW50aXR5LXByb3ZpZGVycyIsIm1hbmFnZS1yZWFsbSIsIm1hbmFnZS1pZGVudGl0eS1wcm92aWRlcnMiLCJpbXBlcnNvbmF0aW9uIiwidmlldy1ldmVudHMiLCJjcmVhdGUtY2xpZW50IiwibWFuYWdlLXVzZXJzIiwidmlldy11c2VycyIsInZpZXctY2xpZW50cyIsIm1h!
</pre>
</blockquote>
</blockquote>
<pre wrap=""> bmF!
</pre>
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">nZS1jbGl
lbnRzIl19LCJhY2NvdW50Ijp7InJvbGVzIjpbIm1hbmFnZS1hY2NvdW50Iiwidmlldy1wcm9maWxlIl19fSwibmFtZSI6IiIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIn0.GMoAPe9aUQBRign5J0TvOt4tg1SWwyfJkvJjuWDZ_Ayj3GBnFjhgbjb5qLreKsm87NHymPcpvCv7uHkKJRsx44TjC0514O0oBSiVIiKfcJdbE-y7nPplzYAJF6I2JlsQkw9Na67vNSvhsBNg6AfBop4xpAF9HtTU7Ca7gFwOS01bgDRO09WlJYivzOd5t-vQGNwRVlTqaCstIMiBLaUfdkc82DNQwnoP5VO9R7xZn-7O5BE288_CX0C2V96_vooIoTbB3Qoa-gV6f3s6ZSyJnRGBgoe_2QY3mjCBarFQ_mKH_sbF2qMpm-a5igoNoD_3Xlc7iluP206ZJdQn4NZdQg",
"expires_in" : 60,
"refresh_expires_in" : 1800,
"refresh_token" :
"eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiJkOTBmNzY5Ni00NDIwLTQ3NDUtYmQ3NS01Y2Q4MDNlMWY0YjQiLCJleHAiOjE0NTI3NzY3ODQsIm5iZiI6MCwiaWF0IjoxNDUyNzc0OTg0LCJpc3MiOiJodHRwOi8vMTkyLjE2OC4wLjIzMDo4MDgwL2F1dGgvcmVhbG1zL21hc3RlciIsImF1ZCI6bnVsbCwic3ViIjoiYTcxNDcwMTUtMzVjNi00YWVhLWIzYzgtYTU2NWU0OWI3MmQ5IiwidHlwIjoiUmVmcmVzaCIsImF6cCI6ImVkZ2UiLCJzZXNzaW9uX3N0YXRlIjoiN2RkNWFkN2ItZDBhYi00ZmJhLWI5Y2ItZjM2NjFhOTk0ZTc5IiwiY2xpZW50X3Nlc3Npb24iOiJkODYzNjU2Ny0zODYxLTQ2NTktODRmMi0wNmNiYzlhMjdhNTUiLCJyZWFsbV9hY2Nlc3MiOnsicm9sZXMiOlsiU1VQRVJfQURNSU4iLCJjcmVhdGUtcmVhbG0iLCJWSUVXX09SR0FOSVpBVElPTiIsIlJPTEVfVENIRUNLX1NVUEVSX0FETUlOIiwiUk9MRV9UQ0hFQ0tfQURNSU4iLCJhZG1pbiJdfSwicmVzb3VyY2VfYWNjZXNzIjp7Im1hc3Rlci1yZWFsbSI6eyJyb2xlcyI6WyJtYW5hZ2UtZXZlbnRzIiwidmlldy1yZWFsbSIsInZpZXctaWRlbnRpdHktcHJvdmlkZXJzIiwibWFuYWdlLXJlYWxtIiwibWFuYWdlLWlkZW50aXR5LXByb3ZpZGVycyIsImltcGVyc29uYXRpb24iLCJ2aWV3LWV2ZW50cyIsImNyZWF0ZS1jbGllbnQiLCJtYW5hZ2UtdXNlcnMiLCJ2aWV3LXVzZXJzIiwidmlldy1jbGllbnRzIiwibWFuYWdlLWNsaWVudHMiXX0sImFjY291!
</pre>
</blockquote>
</blockquote>
<pre wrap=""> bnQ!
</pre>
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">iOnsicm9
sZXMiOlsibWFuYWdlLWFjY291bnQiLCJ2aWV3LXByb2ZpbGUiXX19fQ.OZkivKxU1HJecrqKb1KDSabakruHJLUaUpNOy_DY7UW1R-4Qv6kLnPy_3soeRPP0FwYNrjzNMw94S-naE8JNCD91LqTTEyJ6o6q_1LDiDbVbfsKeyRkJDZDAbHUYtY-r35z_21SqdHxzzMcero6DoCpFaGOZZFQ86FZD7NiRE3oVzCIz1VJAFBIsSjH0W5_UQa2CEEIOxDanPnhbtdB8XZ6oQeKPB15AvobCgukvWcDufmCeJpUMcIjaTcnBdXRz6MIOp6VjQ5SyqJzn7jja8ILs3zEd8eeocAIix8Gv1CRs6PWBtWZJDss_fh4A8R2guKRBcFwQIeoncFgQeFeaoA",
"token_type" : "bearer",
"id_token" :
"eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiI0OTUyOGQxNS1kZmEyLTQ1YTUtYjJiYy1hNzZhY2E2M2IwYjEiLCJleHAiOjE0NTI3NzUwNDQsIm5iZiI6MCwiaWF0IjoxNDUyNzc0OTg0LCJpc3MiOiJodHRwOi8vMTkyLjE2OC4wLjIzMDo4MDgwL2F1dGgvcmVhbG1zL21hc3RlciIsImF1ZCI6ImVkZ2UiLCJzdWIiOiJhNzE0NzAxNS0zNWM2LTRhZWEtYjNjOC1hNTY1ZTQ5YjcyZDkiLCJ0eXAiOiJJRCIsImF6cCI6ImVkZ2UiLCJzZXNzaW9uX3N0YXRlIjoiN2RkNWFkN2ItZDBhYi00ZmJhLWI5Y2ItZjM2NjFhOTk0ZTc5IiwibmFtZSI6IiIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIn0.yOs1HGLQyV33ihDIzL4CiKlKj58zlZzNpJizOlWXg59DkdnL1W5RIT4-Jw5VToy267gWv1o0XIwI2oCVHjbaXKgWZzt7NlVdGnNyGL19VQUPlISlMyyoOhaBGufC4JycQ6BrQh0fnMYUVQOvGE6HGnVwUbrLHiVL579AVhUSmVZ052fzN4VySpm03L7eQBt6BTKMo_7fmL39WvdwY2gEhoi6rz2P8cXp8vbidwqb4nNF7C1wfM7GYgbO-1yaMq_c4JiOoga9YswD68XvKpjjwVZs2WvHpvwZrQjfiqa6EtxkTeRYncMW-RutB8P09wJ3WRaBooDreVBMFB2Tw6nWnQ",
"not-before-policy" : 1452694301,
"session-state" : "7dd5ad7b-d0ab-4fba-b9cb-f3661a994e79"
}
I now finally want to access some resource. As docs state, the only
thing I want to do is to pass that access token in the Authorization
header, starting with the Bearer keyword:
HttpHeaders headers = new HttpHeaders();
headers.set("Authorization", "Bearer " + token.getToken());
HttpEntity<String> entity = new HttpEntity<>("parameters",
headers);
ResponseEntity rssResponse = template.exchange(
<a class="moz-txt-link-rfc2396E" href="http://192.168.0.230:8765/organization/organizations">"http://192.168.0.230:8765/organization/organizations"</a>,
HttpMethod.GET,
entity,
OrganizationExchangeSet.class);
But I get 401 Unauthorized from keycloak. If I do the GET request using
Postman, I get the Unauthorized code too:
Request:
/Url:/
<a class="moz-txt-link-freetext" href="http://192.168.0.230:8765/organization/organizations">http://192.168.0.230:8765/organization/organizations</a>
/Headers:/
Authorization: Bearer
eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiI5OTEzYmRjOS1jZmI0LTRlZjAtYTcxYy0yYWUwYmQ3MTkwZDkiLCJleHAiOjE0NTI3NzUwNDQsIm5iZiI6MCwiaWF0IjoxNDUyNzc0OTg0LCJpc3MiOiJodHRwOi8vMTkyLjE2OC4wLjIzMDo4MDgwL2F1dGgvcmVhbG1zL21hc3RlciIsImF1ZCI6ImVkZ2UiLCJzdWIiOiJhNzE0NzAxNS0zNWM2LTRhZWEtYjNjOC1hNTY1ZTQ5YjcyZDkiLCJ0eXAiOiJCZWFyZXIiLCJhenAiOiJlZGdlIiwic2Vzc2lvbl9zdGF0ZSI6IjdkZDVhZDdiLWQwYWItNGZiYS1iOWNiLWYzNjYxYTk5NGU3OSIsImNsaWVudF9zZXNzaW9uIjoiZDg2MzY1NjctMzg2MS00NjU5LTg0ZjItMDZjYmM5YTI3YTU1IiwiYWxsb3dlZC1vcmlnaW5zIjpbXSwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbIlNVUEVSX0FETUlOIiwiY3JlYXRlLXJlYWxtIiwiVklFV19PUkdBTklaQVRJT04iLCJST0xFX1RDSEVDS19TVVBFUl9BRE1JTiIsIlJPTEVfVENIRUNLX0FETUlOIiwiYWRtaW4iXX0sInJlc291cmNlX2FjY2VzcyI6eyJtYXN0ZXItcmVhbG0iOnsicm9sZXMiOlsibWFuYWdlLWV2ZW50cyIsInZpZXctcmVhbG0iLCJ2aWV3LWlkZW50aXR5LXByb3ZpZGVycyIsIm1hbmFnZS1yZWFsbSIsIm1hbmFnZS1pZGVudGl0eS1wcm92aWRlcnMiLCJpbXBlcnNvbmF0aW9uIiwidmlldy1ldmVudHMiLCJjcmVhdGUtY2xpZW50IiwibWFuYWdlLXVzZXJzIiwidmlldy11c2VycyIsInZpZXctY2xpZW50cyIsIm1hb!
</pre>
</blockquote>
</blockquote>
<pre wrap=""> mFn!
</pre>
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">ZS1jbGll
bnRzIl19LCJhY2NvdW50Ijp7InJvbGVzIjpbIm1hbmFnZS1hY2NvdW50Iiwidmlldy1wcm9maWxlIl19fSwibmFtZSI6IiIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIn0.GMoAPe9aUQBRign5J0TvOt4tg1SWwyfJkvJjuWDZ_Ayj3GBnFjhgbjb5qLreKsm87NHymPcpvCv7uHkKJRsx44TjC0514O0oBSiVIiKfcJdbE-y7nPplzYAJF6I2JlsQkw9Na67vNSvhsBNg6AfBop4xpAF9HtTU7Ca7gFwOS01bgDRO09WlJYivzOd5t-vQGNwRVlTqaCstIMiBLaUfdkc82DNQwnoP5VO9R7xZn-7O5BE288_CX0C2V96_vooIoTbB3Qoa-gV6f3s6ZSyJnRGBgoe_2QY3mjCBarFQ_mKH_sbF2qMpm-a5igoNoD_3Xlc7iluP206ZJdQn4NZdQg
/Response:/
{
"timestamp": 1452784544622,
"status": 401,
"error": "Unauthorized",
"message": "Unable to authenticate bearer token",
"path": "/organization/organizations"
}
How to solve this?
--
Aritz Maeztu Ota?o
Departamento Desarrollo de Software
<a class="moz-txt-link-rfc2396E" href="https://www.linkedin.com/profile/preview?vpa=pub&locale=es_ES"><https://www.linkedin.com/profile/preview?vpa=pub&locale=es_ES></a>
<a class="moz-txt-link-rfc2396E" href="http://www.tesicnor.com"><http://www.tesicnor.com></a>
Pol. Ind. Mocholi. C/Rio Elorz, Nave 13E 31110 Noain (Navarra)
Telf.: 948 21 40 40
Fax.: 948 21 40 41
Antes de imprimir este e-mail piense bien si es necesario hacerlo: El
medioambiente es cosa de todos.
_______________________________________________
keycloak-user mailing list
<a class="moz-txt-link-abbreviated" href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a>
<a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/keycloak-user">https://lists.jboss.org/mailman/listinfo/keycloak-user</a>
</pre>
</blockquote>
<pre wrap="">
--
Iv?n
_______________________________________________
keycloak-user mailing list
<a class="moz-txt-link-abbreviated" href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a>
<a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/keycloak-user">https://lists.jboss.org/mailman/listinfo/keycloak-user</a>
</pre>
</blockquote>
<pre wrap="">
------------------------------
Message: 2
Date: Thu, 14 Jan 2016 17:28:10 +0000
From: Christopher Wallace <a class="moz-txt-link-rfc2396E" href="mailto:cjwallac@gmail.com"><cjwallac@gmail.com></a>
Subject: Re: [keycloak-user] KEYCLOAK w/ NGINX Reverse Proxy
To: Marko Strukelj <a class="moz-txt-link-rfc2396E" href="mailto:mstrukel@redhat.com"><mstrukel@redhat.com></a>
Cc: <a class="moz-txt-link-rfc2396E" href="mailto:keycloak-user@lists.jboss.org">"keycloak-user@lists.jboss.org"</a> <a class="moz-txt-link-rfc2396E" href="mailto:keycloak-user@lists.jboss.org"><keycloak-user@lists.jboss.org></a>
Message-ID:
<a class="moz-txt-link-rfc2396E" href="mailto:CAKpG1FQbgx_TRqKQi21FjKx1S8t9_p2M-LXjDcR3Md9WHyxvfg@mail.gmail.com"><CAKpG1FQbgx_TRqKQi21FjKx1S8t9_p2M-LXjDcR3Md9WHyxvfg@mail.gmail.com></a>
Content-Type: text/plain; charset="utf-8"
Again Marko Thanks for the information!
We did already configure our standalone server like this. What I did find
is that we updated the .JS adapter script and enable CORS
<a class="moz-txt-link-freetext" href="http://serverfault.com/questions/162429/how-do-i-add-access-control-allow-origin-in-nginx">http://serverfault.com/questions/162429/how-do-i-add-access-control-allow-origin-in-nginx</a>
Now
we are getting to the TOKEN step in the life cycle
1. Request URL:
<a class="moz-txt-link-freetext" href="https://sso2.company.com/auth/realms/master/protocol/openid-connect/token">https://sso2.company.com/auth/realms/master/protocol/openid-connect/token</a>
2. Request Method:
POST
3. Status Code:
400 Bad Request
4. Remote Address:
99.99.99.99:443
1. Response Headersview source
1. Connection:
keep-alive
2. Content-Type:
application/json
3. Date:
Thu, 14 Jan 2016 17:10:45 GMT
4. Server:
nginx/1.4.6 (Ubuntu)
5. Transfer-Encoding:
chunked
6. X-Powered-By:
Undertow/1
2. Request Headersview source
1. Accept:
*/*
2. Accept-Encoding:
gzip, deflate
3. Accept-Language:
en-US,en;q=0.8
4. Authorization:
Basic bXByLXBsYXRmb3JtOmU1MGYxO
5. Connection:
keep-alive
6. Content-Length:
202
7. Content-type:
application/x-www-form-urlencoded
8. Cookie:
KEYCLOAK_IDENTITY=eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiIzOWIxMzg3OS1mYjY5LTQ2MTAtYTdlZS1mZjA2ZjgyOTI4MzUiLCJleHAiOjE0NTI4Mjc0NDcsIm5iZiI6MCwiaWF0IjoxNDUyNzkxNDQ3LCJpc3MiOiJodHRwczovL3NzbzIubWVkaWNhbHBheXJldmlldy5jb20vYXV0aC9yZWFsbXMvbWFzdGVyIiwiYXVkIjpudWxsLCJzdWIiOiJhNWM2MzJiYy0xNmNlLTQ3NzgtOGNmMy05MWQ4MmMzNTE3NmYiLCJzZXNzaW9uX3N0YXRlIjoiYjkwMTViMGItYTUyNC00ZDVkLWJiYjMtMDI2OTk3NjY0NjM1IiwicmVzb3VyY2VfYWNjZXNzIjp7fX0.nCUDrU2Q9DQM5c2xcxLoW1pqVJNYcc-ZCUWe6HTlBVh1rwwk0V1q15Mbq0HzWcEkDWqatUTTQ0PEysH18hsOzuJdqRaaplBURwzW4S
9. DNT:
1
10. Host:
sso2.company.com
11. Origin:
<a class="moz-txt-link-freetext" href="http://portal.app.company.local.medicalpayreview.com">http://portal.app.company.local.medicalpayreview.com</a>
12. Referer:
<a class="moz-txt-link-freetext" href="http://portal.app.company.local.medicalpayreview.com/App/">http://portal.app.company.local.medicalpayreview.com/App/</a>
13. User-Agent:
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_0) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/47.0.2526.106 Safari/537.36
3. Form Dataview sourceview URL encoded
1. code:
Mk9BGw2vGHNBtO-caT1Z1MEpwixV4Ke5yi5YFEubDes.d82b1938-d6a6-4c3c-99eb-0a0d1c2636be
2. grant_type:
authorization_code
3. redirect_uri:
<a class="moz-txt-link-freetext" href="http://portal.app.local.medicalpayreview.com/App/">http://portal.app.local.medicalpayreview.com/App/</a>
We find the following WARNING in the KEYCLOAK logs
17:10:48,891 WARN [org.keycloak.events] (default task-13)
type=CODE_TO_TOKEN_ERROR, realmId=master, clientId=platform, userId=null,
ipAddress=72.77.99.99, error=invalid_client_credentials,
grant_type=authorization_code
And and error the browser console:
XMLHttpRequest cannot load
<a class="moz-txt-link-freetext" href="https://sso2.medicalpayreview.com/auth/realms/master/protocol/openid-connect/token">https://sso2.medicalpayreview.com/auth/realms/master/protocol/openid-connect/token</a>.
No 'Access-Control-Allow-Origin' header is present on the requested
resource. Origin '<a class="moz-txt-link-freetext" href="http://portal.app.company.local.medicalpayreview.com">http://portal.app.company.local.medicalpayreview.com</a>' is
therefore not allowed access. The response had HTTP status code 400.
We appreciate everyones input on getting over this challenge.
On Thu, Jan 14, 2016 at 10:06 AM Marko Strukelj <a class="moz-txt-link-rfc2396E" href="mailto:mstrukel@redhat.com"><mstrukel@redhat.com></a> wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Maybe take a look at advice in this thread:
<a class="moz-txt-link-freetext" href="http://lists.jboss.org/pipermail/keycloak-user/2016-January/004413.html">http://lists.jboss.org/pipermail/keycloak-user/2016-January/004413.html</a>
On Thu, Jan 14, 2016 at 3:44 PM, Christopher Wallace <a class="moz-txt-link-rfc2396E" href="mailto:cjwallac@gmail.com"><cjwallac@gmail.com></a>
wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Marko, Thanks for your feedback!
We have successfully pass that problem and are able to login to KEYCLOAK
behind NGINX using HTTPS Proxy. Our challenge now is when our
</pre>
</blockquote>
<pre wrap="">applications
</pre>
<blockquote type="cite">
<pre wrap="">attempt to access we get the following error:
Request URL:
<a class="moz-txt-link-freetext" href="https://sso2.company.com/auth/realms/master/tokens/access/codes">https://sso2.company.com/auth/realms/master/tokens/access/codes</a>
Request Method:
POST
Status Code:
400 Bad Request
Remote Address:
99.99.99.99:443
Response Headersview source
Connection:
keep-alive
Content-Type:
application/json
Date:
Thu, 14 Jan 2016 14:35:52 GMT
Server:
nginx/1.4.6 (Ubuntu)
Transfer-Encoding:
chunked
X-Powered-By:
Undertow/1
Request Headersview source
Accept:
*/*
Accept-Encoding:
gzip, deflate
Accept-Language:
en-US,en;q=0.8
Authorization:
Basic bXByLXBsYXRmb3JtOmU1MGYxODEyLTYzYTQtNGM0YS05NWQ
Connection:
keep-alive
Content-Length:
172
Content-type:
application/x-www-form-urlencoded
Cookie:
</pre>
</blockquote>
<pre wrap="">KEYCLOAK_IDENTITY=eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiIzNGY0ZDI1OS02NzJjLTQzYjUtOGFmOC1hNzkwMWRiMDUxMmYiLCJleHAiOjE0NTI4MTgxNTMsIm5iZiI6MCwiaWF0IjoxNDUyNzgyMTUzLCJpc3MiOiJodHRwczovL3NzbzIubWVkaWNhbHBheXJldmlldy5jb20vYXV0aC9yZWFsbXMvbWFzdGVyIiwiYXVkIjpudWxsLCJzdWIiOiJhNWM2MzJiYy0xNmNlLTQ3NzgtOGNmMy05MWQ4MmMzNTE3NmYiLCJzZXNzaW9uX3N0YXRlIjoiOWRiNjdhNGQtOWIwMS00NjgxLTlmYmMtZDQ3N2Y1NTgyMGYyIiwicmVzb3VyY2VfYWNjZXNzIjp7fX0.JyQIOJk5214-n4y0RkpEuLJWY4u6Z4Fu_086Z9nwM9BU8TarV-oH6cxZEBYakyL8pvmwf0CWHMmN3XNF-Zv4b1UPutcLP7IChM1EEr4F1tPxwmddYS1M90NdY7Bzn2R36mnASZqczMMAisd-OE2TU8oDgMyg0Rb0iZNIi_jJU_Rd-na4qhfuBojF_u8BSFjSJsd3agjF5ZZ9ok9mo2McCMDaV21vozVryIkR1vfAKPWf6WI8fEQBpDAFsh37M_k
</pre>
<blockquote type="cite">
<pre wrap="">DNT:
1
Host:
sso2.company.com
Origin:
<a class="moz-txt-link-freetext" href="http://app.local.company.com">http://app.local.company.com</a>
Referer:
<a class="moz-txt-link-freetext" href="http://app.local.company.com/App/">http://app.local.company.com/App/</a>
User-Agent:
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_0) AppleWebKit/537.36
</pre>
</blockquote>
<pre wrap="">(KHTML,
</pre>
<blockquote type="cite">
<pre wrap="">like Gecko) Chrome/47.0.2526.106 Safari/537.36
Form Dataview sourceview URL encoded
code:
</pre>
</blockquote>
<pre wrap="">Vyzj7f-Aq2anYTJy7AoK4e6h0s2Ypp0vQ6okx7lWlRo.d2acab15-f708-4838-bd4b-2562fd46f8e2
</pre>
<blockquote type="cite">
<pre wrap="">redirect_uri:
<a class="moz-txt-link-freetext" href="http://app.local.company.com/App/">http://app.local.company.com/App/</a>
Please do note that this same application is able KEYCLOAK using
</pre>
</blockquote>
<pre wrap="">basically
</pre>
<blockquote type="cite">
<pre wrap="">the same configuration without NGINX in the MIX. Have any thoughts was to
what we should look to configure differently with NGIX in the mix?
On Mon, Jan 4, 2016 at 7:16 AM Marko Strukelj <a class="moz-txt-link-rfc2396E" href="mailto:mstrukel@redhat.com"><mstrukel@redhat.com></a>
</pre>
</blockquote>
<pre wrap="">wrote:
</pre>
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">
The error 'org.apache.http.conn.HttpHostConnectException: Connection to
<a class="moz-txt-link-freetext" href="https://sso2.domain.com">https://sso2.domain.com</a> refused' means that either there is a server
</pre>
</blockquote>
</blockquote>
<pre wrap="">side
</pre>
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">problem - your Nginx isn't started and listening on port 443, a firewall
preventing incoming connections - or there is a client side problem - a
</pre>
</blockquote>
</blockquote>
<pre wrap="">DNS
</pre>
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">issue improperly resolving sso2.domain.com into IP on the host where
</pre>
</blockquote>
</blockquote>
<pre wrap="">Tomcat
</pre>
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">is running.
At this point no SSL handshaking was attempted yet.
If you try 'curl <a class="moz-txt-link-freetext" href="https://sso2.domain.com">https://sso2.domain.com</a>' or 'telnet sso2.domain.com
</pre>
</blockquote>
</blockquote>
<pre wrap="">443'
</pre>
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">from the server running your Tomcat you'll see the same issue. Once that
starts to work, only then will any SSL / proxying related configuration
issues start to manifest themselves.
On Wed, Dec 30, 2015 at 11:34 PM, Christopher Wallace <
</pre>
</blockquote>
</blockquote>
<pre wrap=""><a class="moz-txt-link-abbreviated" href="mailto:cjwallac@gmail.com">cjwallac@gmail.com</a>>
</pre>
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">wrote:
</pre>
<blockquote type="cite">
<pre wrap="">
Community, I have spent a decent amount of time attempting to get
KEYCLOAK behind an NGINX Reverse Proxy to protect a TOMCAT
</pre>
</blockquote>
</blockquote>
</blockquote>
<pre wrap="">Application. It
</pre>
<blockquote type="cite">
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">does work without the proxy, but I need the proxy to handle
</pre>
</blockquote>
</blockquote>
</blockquote>
<pre wrap="">certificates. I
</pre>
<blockquote type="cite">
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">think I am pretty close to having it working, but somethings seems to
</pre>
</blockquote>
</blockquote>
</blockquote>
<pre wrap="">be
</pre>
<blockquote type="cite">
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">missing... I have done the following. I appreciate any insight you may
</pre>
</blockquote>
</blockquote>
</blockquote>
<pre wrap="">have
</pre>
<blockquote type="cite">
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">as I think I have exhausted other resources.
1. Configure a server in NGINX
server {
listen 443;
ssl on;
ssl_certificate /etc/ssl/certs/dcf30de94f28f16f.crt;
ssl_certificate_key /etc/ssl/certs/*.domain.key;
server_name sso2. domain.com;
access_log /var/log/nginx/nginx.sso.access.log;
error_log /var/log/nginx/nginx.sso.error.log;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port 443;
proxy_pass <a class="moz-txt-link-freetext" href="http://internalip:8080">http://internalip:8080</a>;
}
}
2. Enable SSL on a Reverse Proxy
First add proxy-address-forwarding and redirect-socket to the
http-listener element:
<subsystem xmlns="urn:jboss:domain:undertow:1.1">
...
<http-listener name="default" socket-binding="http"
proxy-address-forwarding="true" redirect-socket="proxy-https"/>
...
</subsystem>
Then add a new socket-binding element to the socket-binding-group
element:
<socket-binding-group name="standard-sockets"
</pre>
</blockquote>
</blockquote>
</blockquote>
<pre wrap="">default-interface="public"
</pre>
<blockquote type="cite">
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">port-offset="${jboss.socket.binding.port-offset:0}">
...
<socket-binding name="proxy-https" port="443"/>
...
</socket-binding-group>
RECIVE THE FOLLOWING ERROR in TOMCAT:
1807906 [http-nio-8080-exec-9] ERROR o.k.a.OAuthRequestAuthenticator -
failed to turn code into token
org.apache.http.conn.HttpHostConnectException: Connection to
<a class="moz-txt-link-freetext" href="https://sso2.domain.com">https://sso2.domain.com</a> refused
at
</pre>
</blockquote>
</blockquote>
</blockquote>
<pre wrap="">org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:190)
</pre>
<blockquote type="cite">
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">~[httpclient-4.2.1.jar:4.2.1]
at
</pre>
</blockquote>
</blockquote>
</blockquote>
<pre wrap="">org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:151)
</pre>
<blockquote type="cite">
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">~[httpclient-4.2.1.jar:4.2.1]
at
</pre>
</blockquote>
</blockquote>
</blockquote>
<pre wrap="">org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:125)
</pre>
<blockquote type="cite">
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">~[httpclient-4.2.1.jar:4.2.1]
at
</pre>
</blockquote>
</blockquote>
</blockquote>
<pre wrap="">org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:640)
</pre>
<blockquote type="cite">
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">~[httpclient-4.2.1.jar:4.2.1]
at
</pre>
</blockquote>
</blockquote>
</blockquote>
<pre wrap="">org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:479)
</pre>
<blockquote type="cite">
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">~[httpclient-4.2.1.jar:4.2.1]
at
</pre>
</blockquote>
</blockquote>
</blockquote>
<pre wrap="">org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906)
</pre>
<blockquote type="cite">
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">~[httpclient-4.2.1.jar:4.2.1]
at
</pre>
</blockquote>
</blockquote>
</blockquote>
<pre wrap="">org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:805)
</pre>
<blockquote type="cite">
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">~[httpclient-4.2.1.jar:4.2.1]
at
</pre>
</blockquote>
</blockquote>
</blockquote>
<pre wrap="">org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:784)
</pre>
<blockquote type="cite">
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">~[httpclient-4.2.1.jar:4.2.1]
at
</pre>
</blockquote>
</blockquote>
</blockquote>
<pre wrap="">org.keycloak.adapters.ServerRequest.invokeAccessCodeToToken(ServerRequest.java:90)
</pre>
<blockquote type="cite">
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">~[keycloak-adapter-core-1.7.0.Final.jar:1.7.0.Final]
at
</pre>
</blockquote>
</blockquote>
</blockquote>
<pre wrap="">org.keycloak.adapters.OAuthRequestAuthenticator.resolveCode(OAuthRequestAuthenticator.java:297)
</pre>
<blockquote type="cite">
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">[keycloak-adapter-core-1.7.0.Final.jar:1.7.0.Final]
at
</pre>
</blockquote>
</blockquote>
</blockquote>
<pre wrap="">org.keycloak.adapters.OAuthRequestAuthenticator.authenticate(OAuthRequestAuthenticator.java:243)
</pre>
<blockquote type="cite">
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">[keycloak-adapter-core-1.7.0.Final.jar:1.7.0.Final]
at
</pre>
</blockquote>
</blockquote>
</blockquote>
<pre wrap="">org.keycloak.adapters.RequestAuthenticator.authenticate(RequestAuthenticator.java:95)
</pre>
<blockquote type="cite">
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">[keycloak-adapter-core-1.7.0.Final.jar:1.7.0.Final]
at
</pre>
</blockquote>
</blockquote>
</blockquote>
<pre wrap="">org.keycloak.adapters.tomcat.AbstractKeycloakAuthenticatorValve.authenticateInternal(AbstractKeycloakAuthenticatorValve.java:189)
</pre>
<blockquote type="cite">
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">[keycloak-tomcat-core-adapter-1.7.0.Final.jar:1.7.0.Final]
at
</pre>
</blockquote>
</blockquote>
</blockquote>
<pre wrap="">org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve.authenticate(KeycloakAuthenticatorValve.java:28)
</pre>
<blockquote type="cite">
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">[keycloak-tomcat8-adapter-1.7.0.Final.jar:1.7.0.Final]
at
</pre>
</blockquote>
</blockquote>
</blockquote>
<pre wrap="">org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:470)
</pre>
<blockquote type="cite">
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">[lib/:na]
at
</pre>
</blockquote>
</blockquote>
</blockquote>
<pre wrap="">org.keycloak.adapters.tomcat.AbstractKeycloakAuthenticatorValve.invoke(AbstractKeycloakAuthenticatorValve.java:170)
</pre>
<blockquote type="cite">
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">[keycloak-tomcat-core-adapter-1.7.0.Final.jar:1.7.0.Final]
at
</pre>
</blockquote>
</blockquote>
</blockquote>
<pre wrap="">org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:142)
</pre>
<blockquote type="cite">
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">[lib/:na]
at
</pre>
</blockquote>
</blockquote>
</blockquote>
<pre wrap="">org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
</pre>
<blockquote type="cite">
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">[lib/:na]
at
</pre>
</blockquote>
</blockquote>
</blockquote>
<pre wrap="">org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:610)
</pre>
<blockquote type="cite">
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">[lib/:na]
at
</pre>
</blockquote>
</blockquote>
</blockquote>
<pre wrap="">org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88)
</pre>
<blockquote type="cite">
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">[lib/:na]
at
</pre>
</blockquote>
</blockquote>
</blockquote>
<pre wrap="">org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:516)
</pre>
<blockquote type="cite">
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">[lib/:na]
at
</pre>
</blockquote>
</blockquote>
</blockquote>
<pre wrap="">org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1086)
</pre>
<blockquote type="cite">
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">[tomcat-coyote.jar:8.0.18]
at
</pre>
</blockquote>
</blockquote>
</blockquote>
<pre wrap="">org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:659)
</pre>
<blockquote type="cite">
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">[tomcat-coyote.jar:8.0.18]
at
</pre>
</blockquote>
</blockquote>
</blockquote>
<pre wrap="">org.apache.coyote.http11.Http11NioProtocol$Http11ConnectionHandler.process(Http11NioProtocol.java:223)
</pre>
<blockquote type="cite">
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">[tomcat-coyote.jar:8.0.18]
at
org.apache.tomcat.util.net
</pre>
</blockquote>
</blockquote>
</blockquote>
<pre wrap="">.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1558)
</pre>
<blockquote type="cite">
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">[tomcat-coyote.jar:8.0.18]
at
org.apache.tomcat.util.net
</pre>
</blockquote>
</blockquote>
</blockquote>
<pre wrap="">.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1515)
</pre>
<blockquote type="cite">
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">[tomcat-coyote.jar:8.0.18]
at
</pre>
</blockquote>
</blockquote>
</blockquote>
<pre wrap="">java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
</pre>
<blockquote type="cite">
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">[na:1.8.0_25]
at
</pre>
</blockquote>
</blockquote>
</blockquote>
<pre wrap="">java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
</pre>
<blockquote type="cite">
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">[na:1.8.0_25]
at
</pre>
</blockquote>
</blockquote>
</blockquote>
<pre wrap="">org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
</pre>
<blockquote type="cite">
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">[tomcat-util.jar:8.0.18]
at java.lang.Thread.run(Thread.java:745) [na:1.8.0_25]
Caused by: java.net.ConnectException: Connection timed out
at java.net.PlainSocketImpl.socketConnect(Native Method) ~[na:1.8.0_25]
at
java.net
</pre>
</blockquote>
</blockquote>
</blockquote>
<pre wrap="">.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:345)
</pre>
<blockquote type="cite">
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">~[na:1.8.0_25]
at
java.net
</pre>
</blockquote>
</blockquote>
</blockquote>
<pre wrap="">.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)
</pre>
<blockquote type="cite">
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">~[na:1.8.0_25]
at
java.net
</pre>
</blockquote>
</blockquote>
</blockquote>
<pre wrap="">.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)
</pre>
<blockquote type="cite">
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">~[na:1.8.0_25]
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
~[na:1.8.0_25]
at java.net.Socket.connect(Socket.java:589) ~[na:1.8.0_25]
at sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:649)
~[na:1.8.0_25]
at
</pre>
</blockquote>
</blockquote>
</blockquote>
<pre wrap="">org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:549)
</pre>
<blockquote type="cite">
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">~[httpclient-4.2.1.jar:4.2.1]
at
</pre>
</blockquote>
</blockquote>
</blockquote>
<pre wrap="">org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180)
</pre>
<blockquote type="cite">
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">~[httpclient-4.2.1.jar:4.2.1]
... 29 common frames omitted
_______________________________________________
keycloak-user mailing list
<a class="moz-txt-link-abbreviated" href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a>
<a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/keycloak-user">https://lists.jboss.org/mailman/listinfo/keycloak-user</a>
</pre>
</blockquote>
<pre wrap="">
</pre>
</blockquote>
<pre wrap="">
</pre>
</blockquote>
<pre wrap="">
</pre>
</blockquote>
<pre wrap="">-------------- next part --------------
An HTML attachment was scrubbed...
URL: <a class="moz-txt-link-freetext" href="http://lists.jboss.org/pipermail/keycloak-user/attachments/20160114/02aa8993/attachment.html">http://lists.jboss.org/pipermail/keycloak-user/attachments/20160114/02aa8993/attachment.html</a>
------------------------------
_______________________________________________
keycloak-user mailing list
<a class="moz-txt-link-abbreviated" href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a>
<a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/keycloak-user">https://lists.jboss.org/mailman/listinfo/keycloak-user</a>
End of keycloak-user Digest, Vol 25, Issue 61
*********************************************
</pre>
</blockquote>
<br>
<div class="moz-signature">-- <br>
<meta http-equiv="content-type" content="text/html;
charset=windows-1252">
<div class="moz-signature">
<table style="cellspadding: 0; width: 600; align: left;
border-collapse: collapse;">
<tbody>
<tr>
<td style="border-bottom-width: 1px; border-bottom-style:
solid; border-bottom-color: #989898;"> <span
style="font-weight:bold">Aritz Maeztu Otaņo</span><br>
<span style="font-size: 12px;">Departamento Desarrollo
de Software</span> </td>
<td style="border-bottom-width: 1px; border-bottom-style:
solid; border-bottom-color: #989898; padding-left:
20px;"> <a target="_blank"
href="https://www.linkedin.com/profile/preview?vpa=pub&locale=es_ES">
<img src="cid:part1.04000303.08020107@tesicnor.com"
border="0">
<!--<img src="linkdin.gif" border="0" />--> </a> </td>
</tr>
<tr>
<td> <a target="_blank" href="http://www.tesicnor.com"> <img
shrinktofit="true"
src="cid:part3.00010804.07010100@tesicnor.com"
border="0" width="143">
<!--<img shrinktofit="true" src="logo.png" width="143" border="0" />-->
</a> </td>
<td style="font-size: 12px;">
<p style="padding-left: 20px;"> <span>Pol. Ind.
Mocholi.</span> <span>C/Rio Elorz, Nave 13E </span><span
style="font-weight:bold">31110 Noain (Navarra)</span><br>
<span>Telf.: 948 21 40 40</span> <br>
<span>Fax.: 948 21 40 41</span> <br>
</p>
</td>
</tr>
<tr>
<td colspan="2"> <span style="color: #009900;font-size:
12px;">Antes de imprimir este e-mail piense bien si es
necesario hacerlo: El medioambiente es cosa de todos.</span>
</td>
</tr>
</tbody>
</table>
</div>
</div>
</body>
</html>