<div dir="ltr">Hi everyone,<div><br></div><div>The problem was that our engineering team had set up a jboss cluster via a reverse-proxy/load-balancer server and that's why some of the token sessions were invalid...</div><div><br></div><div>Best regards,</div><div>Adrian</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Feb 24, 2016 at 7:56 PM, Stian Thorgersen <span dir="ltr"><<a href="mailto:sthorger@redhat.com" target="_blank">sthorger@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Looks like the token session isn't valid. <div><br></div><div><a href="https://github.com/keycloak/keycloak/blob/1.7.x/services/src/main/java/org/keycloak/protocol/oidc/endpoints/UserInfoEndpoint.java#L130" target="_blank">https://github.com/keycloak/keycloak/blob/1.7.x/services/src/main/java/org/keycloak/protocol/oidc/endpoints/UserInfoEndpoint.java#L130</a><br></div></div><div class="gmail_extra"><br><div class="gmail_quote"><div><div class="h5">On 24 February 2016 at 11:35, Adrian Matei <span dir="ltr"><<a href="mailto:adrianmatei@gmail.com" target="_blank">adrianmatei@gmail.com</a>></span> wrote:<br></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="h5"><div dir="ltr">Hi everybody,<div><br></div><div>Could you help me please with a hard nut to crack? We have the following situation:</div><div>When calling the userinfo endpoint over an enterprise proxy server (js adapter loadUserInfo() method):</div><div><br></div><div><a href="https://hostname/auth/realms/realmname/protocol/openid-connect/userinfo" target="_blank">https://hostname/auth/realms/realmname/protocol/openid-connect/userinfo</a><br></div><div><br></div><div>we get 403 Forbidden with no Access-Controls headers set. Here is the funny part - it happens only in Chrome, Firefox and Opera. With Safari and IE11 it seems to be working. </div><div><br></div><div>The stacktrace from server.log does not tell me much....:</div><div><div style="font-family:Calibri;font-size:14.6667px">11:30:31,906 ERROR [org.jboss.resteasy.resteasy_jaxrs.i18n] (http-/159.232.186.74:8443-6) RESTEASY000105: Failed to execute: org.keycloak.services.ErrorResponseException</div><div style="font-family:Calibri;font-size:14.6667px"> at org.keycloak.protocol.oidc.endpoints.UserInfoEndpoint.issueUserInfo(UserInfoEndpoint.java:130) [keycloak-services-1.7.0.Final.jar:1.7.0.Final]</div><div style="font-family:Calibri;font-size:14.6667px"> at org.keycloak.protocol.oidc.endpoints.UserInfoEndpoint.issueUserInfoGet(UserInfoEndpoint.java:103) [keycloak-services-1.7.0.Final.jar:1.7.0.Final]</div><div style="font-family:Calibri;font-size:14.6667px"> at sun.reflect.GeneratedMethodAccessor342.invoke(Unknown Source) [:1.8.0_66]</div><div style="font-family:Calibri;font-size:14.6667px"> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.8.0_66]</div><div style="font-family:Calibri;font-size:14.6667px"> at java.lang.reflect.Method.invoke(Method.java:497) [rt.jar:1.8.0_66]</div><div style="font-family:Calibri;font-size:14.6667px"> at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:168) [resteasy-jaxrs-2.3.12.Final-redhat-1.jar:]</div><div style="font-family:Calibri;font-size:14.6667px"> at org.jboss.resteasy.core.ResourceMethod.invokeOnTarget(ResourceMethod.java:269) [resteasy-jaxrs-2.3.12.Final-redhat-1.jar:]</div><div style="font-family:Calibri;font-size:14.6667px"> at org.jboss.resteasy.core.ResourceMethod.invoke(ResourceMethod.java:227) [resteasy-jaxrs-2.3.12.Final-redhat-1.jar:]</div><div style="font-family:Calibri;font-size:14.6667px"> at org.jboss.resteasy.core.ResourceLocator.invokeOnTargetObject(ResourceLocator.java:158) [resteasy-jaxrs-2.3.12.Final-redhat-1.jar:]</div><div style="font-family:Calibri;font-size:14.6667px"> at org.jboss.resteasy.core.ResourceLocator.invoke(ResourceLocator.java:106) [resteasy-jaxrs-2.3.12.Final-redhat-1.jar:]</div><div style="font-family:Calibri;font-size:14.6667px"> at org.jboss.resteasy.core.ResourceLocator.invokeOnTargetObject(ResourceLocator.java:153) [resteasy-jaxrs-2.3.12.Final-redhat-1.jar:]</div><div style="font-family:Calibri;font-size:14.6667px"> at org.jboss.resteasy.core.ResourceLocator.invoke(ResourceLocator.java:91) [resteasy-jaxrs-2.3.12.Final-redhat-1.jar:]</div><div style="font-family:Calibri;font-size:14.6667px"> at org.jboss.resteasy.core.SynchronousDispatcher.getResponse(SynchronousDispatcher.java:561) [resteasy-jaxrs-2.3.12.Final-redhat-1.jar:]</div><div style="font-family:Calibri;font-size:14.6667px"> at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:543) [resteasy-jaxrs-2.3.12.Final-redhat-1.jar:]</div><div style="font-family:Calibri;font-size:14.6667px"> at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:128) [resteasy-jaxrs-2.3.12.Final-redhat-1.jar:]</div><div style="font-family:Calibri;font-size:14.6667px"> at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:208) [resteasy-jaxrs-2.3.12.Final-redhat-1.jar:]</div><div style="font-family:Calibri;font-size:14.6667px"> at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:55) [resteasy-jaxrs-2.3.12.Final-redhat-1.jar:]</div><div style="font-family:Calibri;font-size:14.6667px"> at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:50) [resteasy-jaxrs-2.3.12.Final-redhat-1.jar:]</div><div style="font-family:Calibri;font-size:14.6667px"> at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) [jboss-servlet-api_3.0_spec-1.0.2.Final-redhat-2.jar:1.0.2.Final-redhat-2]</div><div style="font-family:Calibri;font-size:14.6667px"> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:295) [jbossweb-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]</div><div style="font-family:Calibri;font-size:14.6667px"> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) [jbossweb-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]</div><div style="font-family:Calibri;font-size:14.6667px"> at org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:61) [keycloak-services-1.7.0.Final.jar:1.7.0.Final]</div><div style="font-family:Calibri;font-size:14.6667px"> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:246) [jbossweb-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]</div><div style="font-family:Calibri;font-size:14.6667px"> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) [jbossweb-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]</div><div style="font-family:Calibri;font-size:14.6667px"> at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:231) [jbossweb-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]</div><div style="font-family:Calibri;font-size:14.6667px"> at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:149) [jbossweb-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]</div><div style="font-family:Calibri;font-size:14.6667px"> at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:169) [jboss-as-web-7.5.5.Final-redhat-3.jar:7.5.5.Final-redhat-3]</div><div style="font-family:Calibri;font-size:14.6667px"> at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:150) [jbossweb-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]</div><div style="font-family:Calibri;font-size:14.6667px"> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:97) [jbossweb-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]</div><div style="font-family:Calibri;font-size:14.6667px"> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:102) [jbossweb-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]</div><div style="font-family:Calibri;font-size:14.6667px"> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:344) [jbossweb-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]</div><div style="font-family:Calibri;font-size:14.6667px"> at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:854) [jbossweb-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]</div><div style="font-family:Calibri;font-size:14.6667px"> at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:653) [jbossweb-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]</div><div style="font-family:Calibri;font-size:14.6667px"> at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:926) [jbossweb-7.5.12.Final-redhat-1.jar:7.5.12.Final-redhat-1]</div><div style="font-family:Calibri;font-size:14.6667px"> at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_66]</div></div><div><br></div><div><br></div><div>Thanks,</div><div>Adrian</div><div><br></div></div>
<br></div></div>_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br></blockquote></div><br></div>
</blockquote></div><br></div>