<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">You can check in admin console if user
authenticated from Twitter (or github) was successfully registered
and can be seen in keycloak admin console. If yes, it's likely an
authorization issue and you need to assign some roles to thpse
newly created users, so they have access to your application. You
can use default roles to assign some roles "by default" at the
time when user is registered. See docs for more details.<br>
<br>
Marek<br>
<br>
On 01/02/16 22:05, Martin Min wrote:<br>
</div>
<blockquote
cite="mid:CAKUZDO6UZGWJQ7nRKMTtoFJ6HuOhGrgaJyGPBBYGHoJzY+YW7Q@mail.gmail.com"
type="cite">
<div dir="ltr">I restarted my keycloak server and my
application,and clicked "Twitter" to log in, and I received a
different error message. When it redirects to my log in page
from twitter, I got a single "Forbidden" message on the login
page. It looks like the authentication through the identity
broker is right, but somehow the login page is now not allowed
to be accessed from my client (browser). I tried github and got
the same problem.
<div><br>
</div>
<div>What may cause this? Thank you. </div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Mon, Feb 1, 2016 at 12:43 PM, Martin
Min <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:lingvisa@gmail.com" target="_blank">lingvisa@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">Hi, Marek and all:
<div><br>
</div>
<div>I received this message for Google and github now. I
followed the instruction in the doc and created the
identity broker:</div>
<div><br>
</div>
<div>
<div>12:40:39,607 WARN [org.keycloak.events] (default
task-63) type=IDENTITY_PROVIDER_LOGIN_ERROR,
realmId=bword, clientId=null, userId=null,
ipAddress=127.0.0.1,
error=couldNotSendAuthenticationRequestMessage,
identity_provider=github</div>
<div>12:40:39,608 ERROR
[org.keycloak.services.resources.IdentityBrokerService]
(default task-63)
couldNotSendAuthenticationRequestMessage:
org.keycloak.broker.provider.IdentityBrokerException:
Invalid code, please login again through your client.</div>
</div>
<div><br>
</div>
<div>
<div> at
org.keycloak.services.resources.IdentityBrokerService.parseClientSessionCode(IdentityBrokerService.java:551)</div>
<div> at
org.keycloak.services.resources.IdentityBrokerService.performLogin(IdentityBrokerService.java:149)</div>
<div> at
sun.reflect.NativeMethodAccessorImpl.invoke0(Native
Method)</div>
<div> at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)</div>
<div> at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)</div>
<div> at
java.lang.reflect.Method.invoke(Method.java:483)</div>
<div> at
org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:137)</div>
<div> at
org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:296)</div>
<div> at
org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:250)</div>
<div> at
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:140)</div>
<div> at
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:103)</div>
<div> at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:356)</div>
<div> at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)</div>
<div> at
org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)</div>
<div> at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)</div>
<div> at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)</div>
<div> at
javax.servlet.http.HttpServlet.service(HttpServlet.java:790)</div>
<div> at
io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:86)</div>
<div> at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:130)</div>
<div> at
org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:61)</div>
<div> at
io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)</div>
<div> at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132)</div>
<div> at
io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:85)</div>
<div> at
io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)</div>
<div> at
io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)</div>
<div> at
org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)</div>
<div> at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)</div>
<div> at
io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)</div>
<div> at
io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)</div>
<div> at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)</div>
<div> at
io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)</div>
<div> at
io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)</div>
<div> at
io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58)</div>
<div> at
io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:72)</div>
<div> at
io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)</div>
<div> at
io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76)</div>
<div> at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)</div>
<div> at
org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)</div>
<div> at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)</div>
<div> at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)</div>
<div> at
io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:282)</div>
<div> at
io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:261)</div>
<div> at
io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:80)</div>
<div> at
io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:172)</div>
<div> at
io.undertow.server.Connectors.executeRootHandler(Connectors.java:199)</div>
<div> at
io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:774)</div>
<div> at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)</div>
<div> at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)</div>
<div> at java.lang.Thread.run(Thread.java:744)</div>
</div>
<div><br>
</div>
<div>Thank you.</div>
</div>
<div class="HOEnZb">
<div class="h5">
<div class="gmail_extra"><br>
<div class="gmail_quote">On Mon, Feb 1, 2016 at 12:00
AM, Marek Posolda <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:mposolda@redhat.com"
target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:mposolda@redhat.com">mposolda@redhat.com</a></a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div>I suggest to upgrade to 1.8 where this is
fixed. Or you can workaround in 1.7 by edit
file
$KEYCLOAK_HOME/modules/system/layers/base/org/keycloak/keycloak-login-freemarker/main/module.xml
and add the line:<br>
<br>
<module
name="org.keycloak.keycloak-broker-core"/><br>
<br>
into dependencies section. Same for module
$KEYCLOAK_HOME/modules/system/layers/base/org/keycloak/keycloak-email-freemarker/main/module.xml<br>
<br>
Marek
<div>
<div><br>
<br>
On 29/01/16 23:49, Martin Min wrote:<br>
</div>
</div>
</div>
<blockquote type="cite">
<div>
<div>
<div dir="ltr">Hello, I am configuring the
social login with google, twitter and
github. Everything else works fine until
this point, namely, after it's
authorized, at the "update account
information" page, after I fill out the
fields on this page, clicked the
"submitted" and I received this error
message.
<div><br>
</div>
<div>What could cause this? I followed
the instruction carefully, but not
sure what caused this.<br>
<div><br>
</div>
<div>
<div>Context Path:</div>
<div>/auth</div>
<br>
<div>Servlet Path:</div>
<br>
<div>Path Info:</div>
<div>/realms/myproject/login-actions/first-broker-login</div>
<br>
<div>Query String:</div>
<div>code=Rp6yjxlbY0_IIjk8_-IpyOy_x8m_hC0d8zz4t-hp7vI.9ea99589-bf8d-4a13-930a-c58661dfb925</div>
<br>
<b>Stack Trace</b><br>
java.lang.RuntimeException: request
path:
/auth/realms/myproject/login-actions/first-broker-login<br>
org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:75)<br>
io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)<br>
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132)<br>
io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:85)<br>
io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)<br>
io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)<br>
org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)<br>
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)<br>
io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)<br>
io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)<br>
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)<br>
io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)<br>
io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)<br>
io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58)<br>
io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:72)<br>
io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)<br>
io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76)<br>
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)<br>
org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)<br>
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)<br>
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)<br>
io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:282)<br>
io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:261)<br>
io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:80)<br>
io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:172)<br>
io.undertow.server.Connectors.executeRootHandler(Connectors.java:199)<br>
io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:774)<br>
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)<br>
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)<br>
java.lang.Thread.run(Thread.java:745)<br>
</div>
<div><br>
</div>
<div>
<div>Caused by:
org.jboss.resteasy.spi.UnhandledException:
java.lang.NoClassDefFoundError:
org/keycloak/broker/provider/BrokeredIdentityContext
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
</div>
</div>
</div>
<br>
<fieldset></fieldset>
<br>
</div>
</div>
<pre>_______________________________________________
keycloak-user mailing list
<a moz-do-not-send="true" href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a>
<a moz-do-not-send="true" href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>
</blockquote>
<br>
</div>
</blockquote>
</div>
<br>
</div>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
</body>
</html>