<div dir="ltr">yes, after removing underscore everything is working fine now, thanks<br><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature" data-smartmail="gmail_signature"><div><i><br>regards</i></div><div><i>--</i></div><i>Emil Posmyk<br></i></div></div>
<br><div class="gmail_quote">2016-06-01 9:02 GMT+02:00 Marek Posolda <span dir="ltr">&lt;<a href="mailto:mposolda@redhat.com" target="_blank">mposolda@redhat.com</a>&gt;</span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
  
    
  
  <div bgcolor="#FFFFFF" text="#000000">
    <div>Yes, that&#39;s possible. According to
      <a href="http://www.ietf.org/rfc/rfc952.txt" target="_blank">http://www.ietf.org/rfc/rfc952.txt</a> the underscore is not valid
      character in hostname. Maybe it causes issues with Apache HTTP
      client. If you have possibility to remove underscore, it worth a
      try though.<span class="HOEnZb"><font color="#888888"><br>
      <br>
      Marek</font></span><div><div class="h5"><br>
      <br>
      On 31/05/16 16:21, Gregory Orciuch wrote:<br>
    </div></div></div><div><div class="h5">
    <blockquote type="cite">
      <div dir="ltr">Hi, 
        <div>I dont get it. How the truststore/keystore properties are
          related to not having hostname in the returned URL ?</div>
        <div><br>
        </div>
        <div>truststore is usually taken by java low level SSL stack
          (unless KeyCloak using own ssl stack) and even if wrong it
          does produce PKIX exception which is not in Emil&#39;s stack
          trace.</div>
        <div><br>
        </div>
        <div>I suspect the underscore &quot;_&quot; in the  &quot;auth-server-url&quot; or,
          the name is not resolved by DNS from KeyCloak server
          perspective.</div>
        <div><br>
        </div>
        <div>BR,<br>
          Gregory</div>
        <div><br>
        </div>
      </div>
      <div class="gmail_extra"><br>
        <div class="gmail_quote">2016-05-31 15:05 GMT+02:00 Marek
          Posolda <span dir="ltr">&lt;<a href="mailto:mposolda@redhat.com" target="_blank">mposolda@redhat.com</a>&gt;</span>:<br>
          <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
            <div bgcolor="#FFFFFF" text="#000000">
              <div>Does your keycloak server have certificate signed by
                known CA authority or are you using some self-signed? If
                you have self-signed, you also need to configure
                truststore. See <a href="http://keycloak.github.io/docs/userguide/keycloak-server/html/ch08.html#adapter-config" target="_blank">http://keycloak.github.io/docs/userguide/keycloak-server/html/ch08.html#adapter-config</a>
                and especially properties related to truststore.<br>
                <br>
                Marek<br>
                <br>
                On 31/05/16 15:00, Emil Posmyk wrote:<br>
              </div>
              <blockquote type="cite">
                <div dir="ltr">sorry, i forgot to finish title<br>
                  <div><br>
                    {<br>
                      &quot;realm&quot;: &quot;Brandpath&quot;,<br>
                      &quot;realm-public-key&quot;: &quot;key.....&quot;,<br>
                      &quot;auth-server-url&quot;: &quot;<a href="https://sabdev_oms.brandpath.net/auth" target="_blank">https://sabdev_oms.brandpath.net/auth</a>&quot;,<br>
                      &quot;ssl-required&quot;: &quot;external&quot;,<br>
                      &quot;resource&quot;: &quot;oms-web&quot;,<br>
                      &quot;credentials&quot;: {<br>
                        &quot;secret&quot;: &quot;secret&quot;<br>
                      },<br>
                      &quot;use-resource-role-mappings&quot;: true<br>
                    }<br>
                    <br>
                    <br>
                  </div>
                  <div class="gmail_extra"><br clear="all">
                    <div>
                      <div data-smartmail="gmail_signature">regards <span><font color="#888888">
                            <div><i>--</i></div>
                            <i>Emil Posmyk<br>
                              <br>
                            </i></font></span></div>
                    </div>
                    <div>
                      <div> <br>
                        <div class="gmail_quote">2016-05-31 14:26
                          GMT+02:00 Marek Posolda <span dir="ltr">&lt;<a href="mailto:mposolda@redhat.com" target="_blank"></a><a href="mailto:mposolda@redhat.com" target="_blank">mposolda@redhat.com</a>&gt;</span>:<br>
                          <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
                            <div bgcolor="#FFFFFF" text="#000000">
                              <div>How is &quot;auth-server-url&quot; in your
                                keycloak.json configured? If you&#39;re
                                using relative URI, then you can maybe
                                try to use absolute URI and see if it
                                help?<br>
                                <br>
                                Marek
                                <div>
                                  <div><br>
                                    <br>
                                    On 31/05/16 14:19, Emil Posmyk
                                    wrote:<br>
                                  </div>
                                </div>
                              </div>
                              <blockquote type="cite">
                                <div>
                                  <div>
                                    <div dir="ltr">
                                      <div>
                                        <div>Hello<br>
                                          <br>
                                        </div>
                                        I&#39;m reciving error when I try
                                        login to our application:
                                        ClientProtocolException: URI
                                        does not specify a valid host
                                        name: <a href="https:/auth/realms/Brandpath/protocol/openid-connect/token" target="_blank">https:/auth/realms/Brandpath/protocol/openid-connect/token</a><br>
                                      </div>
                                      Http protocol is working fine, no
                                      errors, but using https I recive
                                      each time uri without host name.<br>
                                      <div>Auth page is working fine.<br>
                                        <div><br>
                                        </div>
                                        <div>What can cause that error ?<br>
                                        </div>
                                        <div><br>
                                          <br>
                                          14:59:22,937 ERROR
                                          [org.keycloak.adapters.OAuthRequestAuthenticator]
                                          (default task-2) failed to
                                          turn code into token:
                                          org.apache.http.client.ClientProtocolException:
                                          URI does not specify a valid
                                          host name: <a href="https:/auth/realms/Brandpath/protocol/openid-connect/token" target="_blank"></a><a href="https:/auth/realms/Brandpath/protocol/openid-connect/token" target="_blank">https:/auth/realms/Brandpath/protocol/openid-connect/token</a><br>
                                          [Server:ms-server1]     at
org.apache.http.impl.client.CloseableHttpClient.determineTarget(CloseableHttpClient.java:94)<br>
                                          [Server:ms-server1]     at
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)<br>
                                          [Server:ms-server1]     at
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107)<br>
                                          [Server:ms-server1]     at
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55)<br>
                                          [Server:ms-server1]     at
org.keycloak.adapters.ServerRequest.invokeAccessCodeToToken(ServerRequest.java:107)<br>
                                          [Server:ms-server1]     at
org.keycloak.adapters.OAuthRequestAuthenticator.resolveCode(OAuthRequestAuthenticator.java:314)<br>
                                          [Server:ms-server1]     at
org.keycloak.adapters.OAuthRequestAuthenticator.authenticate(OAuthRequestAuthenticator.java:260)<br>
                                          [Server:ms-server1]     at
org.keycloak.adapters.RequestAuthenticator.authenticate(RequestAuthenticator.java:112)<br>
                                          [Server:ms-server1]     at
org.keycloak.adapters.undertow.AbstractUndertowKeycloakAuthMech.keycloakAuthenticate(AbstractUndertowKeycloakAuthMech.java:110)<br>
                                          [Server:ms-server1]     at
org.keycloak.adapters.undertow.ServletKeycloakAuthMech.authenticate(ServletKeycloakAuthMech.java:92)<br>
                                          [Server:ms-server1]     at
io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:233)<br>
                                          [Server:ms-server1]     at
io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:250)<br>
                                          [Server:ms-server1]     at
io.undertow.security.impl.SecurityContextImpl$AuthAttempter.access$100(SecurityContextImpl.java:219)<br>
                                          [Server:ms-server1]     at
io.undertow.security.impl.SecurityContextImpl.attemptAuthentication(SecurityContextImpl.java:121)<br>
                                          [Server:ms-server1]     at
io.undertow.security.impl.SecurityContextImpl.authTransition(SecurityContextImpl.java:96)<br>
                                          [Server:ms-server1]     at
io.undertow.security.impl.SecurityContextImpl.authenticate(SecurityContextImpl.java:89)<br>
                                          [Server:ms-server1]     at
io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:55)<br>
                                          [Server:ms-server1]     at
io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:33)<br>
                                          [Server:ms-server1]     at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)<br>
                                          [Server:ms-server1]     at
io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:51)<br>
                                          [Server:ms-server1]     at
io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)<br>
                                          [Server:ms-server1]     at
io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)<br>
                                          [Server:ms-server1]     at
io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:56)<br>
                                          [Server:ms-server1]     at
io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)<br>
                                          [Server:ms-server1]     at
io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)<br>
                                          [Server:ms-server1]     at
io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)<br>
                                          [Server:ms-server1]     at
io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)<br>
                                          [Server:ms-server1]     at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)<br>
                                          [Server:ms-server1]     at
org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)<br>
                                          [Server:ms-server1]     at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)<br>
                                          [Server:ms-server1]     at
org.wildfly.mod_cluster.undertow.metric.RunningRequestsHttpHandler.handleRequest(RunningRequestsHttpHandler.java:69)<br>
                                          [Server:ms-server1]     at
org.keycloak.adapters.undertow.ServletPreAuthActionsHandler.handleRequest(ServletPreAuthActionsHandler.java:69)<br>
                                          [Server:ms-server1]     at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)<br>
                                          [Server:ms-server1]     at
io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:284)<br>
                                          [Server:ms-server1]     at
io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:263)<br>
                                          [Server:ms-server1]     at
io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)<br>
                                          [Server:ms-server1]     at
io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:174)<br>
                                          [Server:ms-server1]     at
                                          io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)<br>
                                          [Server:ms-server1]     at
                                          io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:793)<br>
                                          [Server:ms-server1]     at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)<br>
                                          [Server:ms-server1]     at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)<br>
                                          [Server:ms-server1]     at
                                          java.lang.Thread.run(Thread.java:745)<br>
                                          <br clear="all">
                                          <div>
                                            <div>
                                              <div data-smartmail="gmail_signature">
                                                <div><i><br>
                                                    regards</i></div>
                                                <div><i>--</i></div>
                                                <i>Emil Posmyk<br>
                                                </i></div>
                                            </div>
                                          </div>
                                        </div>
                                      </div>
                                    </div>
                                    <br>
                                    <fieldset></fieldset>
                                    <br>
                                  </div>
                                </div>
                                <pre>_______________________________________________
keycloak-user mailing list
<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>
                              </blockquote>
                              <br>
                            </div>
                          </blockquote>
                        </div>
                        <br>
                      </div>
                    </div>
                  </div>
                </div>
              </blockquote>
              <br>
            </div>
            <br>
            _______________________________________________<br>
            keycloak-user mailing list<br>
            <a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>
            <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
          </blockquote>
        </div>
        <br>
      </div>
    </blockquote>
    <br>
  </div></div></div>

</blockquote></div><br></div></div>