<div dir="ltr">Hi, <div>I dont get it. How the truststore/keystore properties are related to not having hostname in the returned URL ?</div><div><br></div><div>truststore is usually taken by java low level SSL stack (unless KeyCloak using own ssl stack) and even if wrong it does produce PKIX exception which is not in Emil's stack trace.</div><div><br></div><div>I suspect the underscore "_" in the "auth-server-url" or, the name is not resolved by DNS from KeyCloak server perspective.</div><div><br></div><div>BR,<br>Gregory</div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">2016-05-31 15:05 GMT+02:00 Marek Posolda <span dir="ltr"><<a href="mailto:mposolda@redhat.com" target="_blank">mposolda@redhat.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div>Does your keycloak server have
certificate signed by known CA authority or are you using some
self-signed? If you have self-signed, you also need to configure
truststore. See
<a href="http://keycloak.github.io/docs/userguide/keycloak-server/html/ch08.html#adapter-config" target="_blank">http://keycloak.github.io/docs/userguide/keycloak-server/html/ch08.html#adapter-config</a>
and especially properties related to truststore.<br>
<br>
Marek<br>
<br>
On 31/05/16 15:00, Emil Posmyk wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">sorry, i forgot to finish title<br>
<div><br>
{<br>
"realm": "Brandpath",<br>
"realm-public-key": "key.....",<br>
"auth-server-url": "<a href="https://sabdev_oms.brandpath.net/auth" target="_blank">https://sabdev_oms.brandpath.net/auth</a>",<br>
"ssl-required": "external",<br>
"resource": "oms-web",<br>
"credentials": {<br>
"secret": "secret"<br>
},<br>
"use-resource-role-mappings": true<br>
}<br>
<br>
<br>
</div>
<div class="gmail_extra"><br clear="all">
<div>
<div data-smartmail="gmail_signature">regards
<span class="HOEnZb"><font color="#888888"><div><i>--</i></div>
<i>Emil Posmyk<br>
<br>
</i></font></span></div>
</div><div><div class="h5">
<br>
<div class="gmail_quote">2016-05-31 14:26 GMT+02:00 Marek
Posolda <span dir="ltr"><<a href="mailto:mposolda@redhat.com" target="_blank">mposolda@redhat.com</a>></span>:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div>How is "auth-server-url" in your keycloak.json
configured? If you're using relative URI, then you can
maybe try to use absolute URI and see if it help?<br>
<br>
Marek
<div>
<div><br>
<br>
On 31/05/16 14:19, Emil Posmyk wrote:<br>
</div>
</div>
</div>
<blockquote type="cite">
<div>
<div>
<div dir="ltr">
<div>
<div>Hello<br>
<br>
</div>
I'm reciving error when I try login to our
application: ClientProtocolException: URI does
not specify a valid host name: <a href="https:/auth/realms/Brandpath/protocol/openid-connect/token" target="_blank"></a><a href="https:/auth/realms/Brandpath/protocol/openid-connect/token" target="_blank">https:/auth/realms/Brandpath/protocol/openid-connect/token</a><br>
</div>
Http protocol is working fine, no errors, but
using https I recive each time uri without host
name.<br>
<div>Auth page is working fine.<br>
<div><br>
</div>
<div>What can cause that error ?<br>
</div>
<div><br>
<br>
14:59:22,937 ERROR
[org.keycloak.adapters.OAuthRequestAuthenticator]
(default task-2) failed to turn code into
token:
org.apache.http.client.ClientProtocolException:
URI does not specify a valid host name: <a href="https:/auth/realms/Brandpath/protocol/openid-connect/token" target="_blank"></a><a href="https:/auth/realms/Brandpath/protocol/openid-connect/token" target="_blank">https:/auth/realms/Brandpath/protocol/openid-connect/token</a><br>
[Server:ms-server1] at
org.apache.http.impl.client.CloseableHttpClient.determineTarget(CloseableHttpClient.java:94)<br>
[Server:ms-server1] at
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)<br>
[Server:ms-server1] at
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107)<br>
[Server:ms-server1] at
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55)<br>
[Server:ms-server1] at
org.keycloak.adapters.ServerRequest.invokeAccessCodeToToken(ServerRequest.java:107)<br>
[Server:ms-server1] at
org.keycloak.adapters.OAuthRequestAuthenticator.resolveCode(OAuthRequestAuthenticator.java:314)<br>
[Server:ms-server1] at
org.keycloak.adapters.OAuthRequestAuthenticator.authenticate(OAuthRequestAuthenticator.java:260)<br>
[Server:ms-server1] at
org.keycloak.adapters.RequestAuthenticator.authenticate(RequestAuthenticator.java:112)<br>
[Server:ms-server1] at
org.keycloak.adapters.undertow.AbstractUndertowKeycloakAuthMech.keycloakAuthenticate(AbstractUndertowKeycloakAuthMech.java:110)<br>
[Server:ms-server1] at
org.keycloak.adapters.undertow.ServletKeycloakAuthMech.authenticate(ServletKeycloakAuthMech.java:92)<br>
[Server:ms-server1] at
io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:233)<br>
[Server:ms-server1] at
io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:250)<br>
[Server:ms-server1] at
io.undertow.security.impl.SecurityContextImpl$AuthAttempter.access$100(SecurityContextImpl.java:219)<br>
[Server:ms-server1] at
io.undertow.security.impl.SecurityContextImpl.attemptAuthentication(SecurityContextImpl.java:121)<br>
[Server:ms-server1] at
io.undertow.security.impl.SecurityContextImpl.authTransition(SecurityContextImpl.java:96)<br>
[Server:ms-server1] at
io.undertow.security.impl.SecurityContextImpl.authenticate(SecurityContextImpl.java:89)<br>
[Server:ms-server1] at
io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:55)<br>
[Server:ms-server1] at
io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:33)<br>
[Server:ms-server1] at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)<br>
[Server:ms-server1] at
io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:51)<br>
[Server:ms-server1] at
io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)<br>
[Server:ms-server1] at
io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)<br>
[Server:ms-server1] at
io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:56)<br>
[Server:ms-server1] at
io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)<br>
[Server:ms-server1] at
io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)<br>
[Server:ms-server1] at
io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)<br>
[Server:ms-server1] at
io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)<br>
[Server:ms-server1] at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)<br>
[Server:ms-server1] at
org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)<br>
[Server:ms-server1] at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)<br>
[Server:ms-server1] at
org.wildfly.mod_cluster.undertow.metric.RunningRequestsHttpHandler.handleRequest(RunningRequestsHttpHandler.java:69)<br>
[Server:ms-server1] at
org.keycloak.adapters.undertow.ServletPreAuthActionsHandler.handleRequest(ServletPreAuthActionsHandler.java:69)<br>
[Server:ms-server1] at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)<br>
[Server:ms-server1] at
io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:284)<br>
[Server:ms-server1] at
io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:263)<br>
[Server:ms-server1] at
io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)<br>
[Server:ms-server1] at
io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:174)<br>
[Server:ms-server1] at
io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)<br>
[Server:ms-server1] at
io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:793)<br>
[Server:ms-server1] at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)<br>
[Server:ms-server1] at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)<br>
[Server:ms-server1] at
java.lang.Thread.run(Thread.java:745)<br>
<br clear="all">
<div>
<div>
<div data-smartmail="gmail_signature">
<div><i><br>
regards</i></div>
<div><i>--</i></div>
<i>Emil Posmyk<br>
</i></div>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset></fieldset>
<br>
</div>
</div>
<pre>_______________________________________________
keycloak-user mailing list
<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>
</blockquote>
<br>
</div>
</blockquote>
</div>
<br>
</div></div></div>
</div>
</blockquote>
<br>
</div>
<br>_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br></blockquote></div><br></div>