<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">Yes, that's possible. According to
<a class="moz-txt-link-freetext" href="http://www.ietf.org/rfc/rfc952.txt">http://www.ietf.org/rfc/rfc952.txt</a> the underscore is not valid
character in hostname. Maybe it causes issues with Apache HTTP
client. If you have possibility to remove underscore, it worth a
try though.<br>
<br>
Marek<br>
<br>
On 31/05/16 16:21, Gregory Orciuch wrote:<br>
</div>
<blockquote
cite="mid:CAJOtheznXMBija5wJmXJ2HkMCk7jo7uR9oLpzuo_Mx4ErHhr4g@mail.gmail.com"
type="cite">
<div dir="ltr">Hi,
<div>I dont get it. How the truststore/keystore properties are
related to not having hostname in the returned URL ?</div>
<div><br>
</div>
<div>truststore is usually taken by java low level SSL stack
(unless KeyCloak using own ssl stack) and even if wrong it
does produce PKIX exception which is not in Emil's stack
trace.</div>
<div><br>
</div>
<div>I suspect the underscore "_" in the "auth-server-url" or,
the name is not resolved by DNS from KeyCloak server
perspective.</div>
<div><br>
</div>
<div>BR,<br>
Gregory</div>
<div><br>
</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">2016-05-31 15:05 GMT+02:00 Marek
Posolda <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:mposolda@redhat.com" target="_blank">mposolda@redhat.com</a>></span>:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div>Does your keycloak server have certificate signed by
known CA authority or are you using some self-signed? If
you have self-signed, you also need to configure
truststore. See <a moz-do-not-send="true"
href="http://keycloak.github.io/docs/userguide/keycloak-server/html/ch08.html#adapter-config"
target="_blank">http://keycloak.github.io/docs/userguide/keycloak-server/html/ch08.html#adapter-config</a>
and especially properties related to truststore.<br>
<br>
Marek<br>
<br>
On 31/05/16 15:00, Emil Posmyk wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">sorry, i forgot to finish title<br>
<div><br>
{<br>
"realm": "Brandpath",<br>
"realm-public-key": "key.....",<br>
"auth-server-url": "<a moz-do-not-send="true"
href="https://sabdev_oms.brandpath.net/auth"
target="_blank">https://sabdev_oms.brandpath.net/auth</a>",<br>
"ssl-required": "external",<br>
"resource": "oms-web",<br>
"credentials": {<br>
"secret": "secret"<br>
},<br>
"use-resource-role-mappings": true<br>
}<br>
<br>
<br>
</div>
<div class="gmail_extra"><br clear="all">
<div>
<div data-smartmail="gmail_signature">regards <span
class="HOEnZb"><font color="#888888">
<div><i>--</i></div>
<i>Emil Posmyk<br>
<br>
</i></font></span></div>
</div>
<div>
<div class="h5"> <br>
<div class="gmail_quote">2016-05-31 14:26
GMT+02:00 Marek Posolda <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:mposolda@redhat.com"
target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:mposolda@redhat.com">mposolda@redhat.com</a></a>></span>:<br>
<blockquote class="gmail_quote"
style="margin:0 0 0 .8ex;border-left:1px
#ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div>How is "auth-server-url" in your
keycloak.json configured? If you're
using relative URI, then you can maybe
try to use absolute URI and see if it
help?<br>
<br>
Marek
<div>
<div><br>
<br>
On 31/05/16 14:19, Emil Posmyk
wrote:<br>
</div>
</div>
</div>
<blockquote type="cite">
<div>
<div>
<div dir="ltr">
<div>
<div>Hello<br>
<br>
</div>
I'm reciving error when I try
login to our application:
ClientProtocolException: URI
does not specify a valid host
name: <a moz-do-not-send="true"
href="https:/auth/realms/Brandpath/protocol/openid-connect/token"
target="_blank">https:/auth/realms/Brandpath/protocol/openid-connect/token</a><br>
</div>
Http protocol is working fine, no
errors, but using https I recive
each time uri without host name.<br>
<div>Auth page is working fine.<br>
<div><br>
</div>
<div>What can cause that error ?<br>
</div>
<div><br>
<br>
14:59:22,937 ERROR
[org.keycloak.adapters.OAuthRequestAuthenticator]
(default task-2) failed to
turn code into token:
org.apache.http.client.ClientProtocolException:
URI does not specify a valid
host name: <a
moz-do-not-send="true"
href="https:/auth/realms/Brandpath/protocol/openid-connect/token"
target="_blank"><a class="moz-txt-link-freetext" href="https:/auth/realms/Brandpath/protocol/openid-connect/token">https:/auth/realms/Brandpath/protocol/openid-connect/token</a></a><br>
[Server:ms-server1] at
org.apache.http.impl.client.CloseableHttpClient.determineTarget(CloseableHttpClient.java:94)<br>
[Server:ms-server1] at
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)<br>
[Server:ms-server1] at
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107)<br>
[Server:ms-server1] at
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55)<br>
[Server:ms-server1] at
org.keycloak.adapters.ServerRequest.invokeAccessCodeToToken(ServerRequest.java:107)<br>
[Server:ms-server1] at
org.keycloak.adapters.OAuthRequestAuthenticator.resolveCode(OAuthRequestAuthenticator.java:314)<br>
[Server:ms-server1] at
org.keycloak.adapters.OAuthRequestAuthenticator.authenticate(OAuthRequestAuthenticator.java:260)<br>
[Server:ms-server1] at
org.keycloak.adapters.RequestAuthenticator.authenticate(RequestAuthenticator.java:112)<br>
[Server:ms-server1] at
org.keycloak.adapters.undertow.AbstractUndertowKeycloakAuthMech.keycloakAuthenticate(AbstractUndertowKeycloakAuthMech.java:110)<br>
[Server:ms-server1] at
org.keycloak.adapters.undertow.ServletKeycloakAuthMech.authenticate(ServletKeycloakAuthMech.java:92)<br>
[Server:ms-server1] at
io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:233)<br>
[Server:ms-server1] at
io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:250)<br>
[Server:ms-server1] at
io.undertow.security.impl.SecurityContextImpl$AuthAttempter.access$100(SecurityContextImpl.java:219)<br>
[Server:ms-server1] at
io.undertow.security.impl.SecurityContextImpl.attemptAuthentication(SecurityContextImpl.java:121)<br>
[Server:ms-server1] at
io.undertow.security.impl.SecurityContextImpl.authTransition(SecurityContextImpl.java:96)<br>
[Server:ms-server1] at
io.undertow.security.impl.SecurityContextImpl.authenticate(SecurityContextImpl.java:89)<br>
[Server:ms-server1] at
io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:55)<br>
[Server:ms-server1] at
io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:33)<br>
[Server:ms-server1] at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)<br>
[Server:ms-server1] at
io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:51)<br>
[Server:ms-server1] at
io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)<br>
[Server:ms-server1] at
io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)<br>
[Server:ms-server1] at
io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:56)<br>
[Server:ms-server1] at
io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)<br>
[Server:ms-server1] at
io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)<br>
[Server:ms-server1] at
io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)<br>
[Server:ms-server1] at
io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)<br>
[Server:ms-server1] at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)<br>
[Server:ms-server1] at
org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)<br>
[Server:ms-server1] at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)<br>
[Server:ms-server1] at
org.wildfly.mod_cluster.undertow.metric.RunningRequestsHttpHandler.handleRequest(RunningRequestsHttpHandler.java:69)<br>
[Server:ms-server1] at
org.keycloak.adapters.undertow.ServletPreAuthActionsHandler.handleRequest(ServletPreAuthActionsHandler.java:69)<br>
[Server:ms-server1] at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)<br>
[Server:ms-server1] at
io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:284)<br>
[Server:ms-server1] at
io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:263)<br>
[Server:ms-server1] at
io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)<br>
[Server:ms-server1] at
io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:174)<br>
[Server:ms-server1] at
io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)<br>
[Server:ms-server1] at
io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:793)<br>
[Server:ms-server1] at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)<br>
[Server:ms-server1] at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)<br>
[Server:ms-server1] at
java.lang.Thread.run(Thread.java:745)<br>
<br clear="all">
<div>
<div>
<div
data-smartmail="gmail_signature">
<div><i><br>
regards</i></div>
<div><i>--</i></div>
<i>Emil Posmyk<br>
</i></div>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset></fieldset>
<br>
</div>
</div>
<pre>_______________________________________________
keycloak-user mailing list
<a moz-do-not-send="true" href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a>
<a moz-do-not-send="true" href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>
</blockquote>
<br>
</div>
</blockquote>
</div>
<br>
</div>
</div>
</div>
</div>
</blockquote>
<br>
</div>
<br>
_______________________________________________<br>
keycloak-user mailing list<br>
<a moz-do-not-send="true"
href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
<a moz-do-not-send="true"
href="https://lists.jboss.org/mailman/listinfo/keycloak-user"
rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
</body>
</html>