<div dir="ltr">Just released i was using the wrong url-pattern. All good.</div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Jun 2, 2016 at 2:28 PM, Gareth Healy <span dir="ltr">&lt;<a href="mailto:gahealy@redhat.com" target="_blank">gahealy@redhat.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">I am trying to secure a URL with KeyCloak, backed by Kerberos. I&#39;ve followed the below link, but sadly not not seeing what i would expect.<br clear="all"><div><br></div><div><ul><li><a href="https://github.com/keycloak/keycloak-documentation/blob/master/topics/jboss-adapter.adoc#required-per-war-configuration" target="_blank">https://github.com/keycloak/keycloak-documentation/blob/master/topics/jboss-adapter.adoc#required-per-war-configuration</a><br></li></ul></div><div>The exploded war web.xml contains:</div><div><br></div><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px">&lt;?xml version=&quot;1.0&quot; encoding=&quot;UTF-8&quot;?&gt;</div></div><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px">&lt;web-app xmlns:xsi=&quot;<a href="http://www.w3.org/2001/XMLSchema-instance" target="_blank">http://www.w3.org/2001/XMLSchema-instance</a>&quot; xmlns=&quot;<a href="http://java.sun.com/xml/ns/javaee" target="_blank">http://java.sun.com/xml/ns/javaee</a>&quot;</div></div><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px">  xmlns:web=&quot;<a href="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" target="_blank">http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd</a>&quot; xsi:schemaLocation=&quot;<a href="http://java.sun.com/xml/ns/javaee" target="_blank">http://java.sun.com/xml/ns/javaee</a> <a href="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" target="_blank">http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd</a>&quot;</div></div><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px">  version=&quot;2.5&quot;&gt;</div></div><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px"><br></div></div><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px">  &lt;listener&gt;</div></div><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px">    &lt;listener-class&gt;io.apiman.gateway.platforms.war.listeners.WarGatewayBootstrapper&lt;/listener-class&gt;</div></div><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px">  &lt;/listener&gt;</div></div><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px"><br></div></div><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px">  &lt;!-- Gateway Servlet --&gt;</div></div><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px">  &lt;servlet&gt;</div></div><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px">    &lt;servlet-name&gt;GatewayServlet&lt;/servlet-name&gt;</div></div><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px">    &lt;servlet-class&gt;io.apiman.gateway.platforms.war.servlets.WarGatewayServlet&lt;/servlet-class&gt;</div></div><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px">  &lt;/servlet&gt;</div></div><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px">  &lt;servlet-mapping&gt;</div></div><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px">    &lt;servlet-name&gt;GatewayServlet&lt;/servlet-name&gt;</div></div><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px">    &lt;url-pattern&gt;/*&lt;/url-pattern&gt;</div></div><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px">  &lt;/servlet-mapping&gt;</div></div><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px"><br></div></div><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px">  &lt;security-constraint&gt;</div></div><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px">        &lt;web-resource-collection&gt;</div></div><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px">            &lt;web-resource-name&gt;apiman-gateway&lt;/web-resource-name&gt;</div></div><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px">            &lt;url-pattern&gt;/apiman-gateway/*&lt;/url-pattern&gt;</div></div><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px">        &lt;/web-resource-collection&gt;</div></div><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px">        &lt;auth-constraint&gt;</div></div><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px">            &lt;role-name&gt;user&lt;/role-name&gt;</div></div><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px">        &lt;/auth-constraint&gt;</div></div><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px">        &lt;user-data-constraint&gt;</div></div><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px">            &lt;transport-guarantee&gt;CONFIDENTIAL&lt;/transport-guarantee&gt;</div></div><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px">        &lt;/user-data-constraint&gt;</div></div><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px">    &lt;/security-constraint&gt;</div></div><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px"><br></div></div><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px"><br></div></div><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px">&lt;login-config&gt;</div></div><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px">        &lt;auth-method&gt;KEYCLOAK&lt;/auth-method&gt;</div></div><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px">        &lt;realm-name&gt;this is ignored currently&lt;/realm-name&gt;</div></div><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px">    &lt;/login-config&gt;</div></div><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px"><br></div></div><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px">    &lt;security-role&gt;</div></div><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px">        &lt;role-name&gt;user&lt;/role-name&gt;</div></div><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px">    &lt;/security-role&gt;</div></div><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px"><br></div></div><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px">&lt;/web-app&gt;</div></div></blockquote><div><br></div><div>And the keycloak.json file in the WEB-INF folder contains:</div><div><br></div><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px">{</div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px">  &quot;realm&quot;: &quot;apiman&quot;,</div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px">  &quot;realm-public-key&quot;: &quot;MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxyG61ohrfJQKNmDA/ePZtqZVpPXjwn3k3T+iWiTvMsxW2+WlnqIEmL5qZ09DMhBH9r50WZRO2gVoCb657Er9x0vfD6GNf/47XU2y33TX8axhP+hSwkv/VViaDlu4jQrfgPWz/FXMjWIZxg1xQS+nOBF2ScCRYWNQ/ZnUNnvrq8dGC2/AlyeYcgDUOdwlJuvgkGlF0QoVPQiRPurR3RwlG+BjL8JB3hbaAZhdJqwqApmGQbcpgLj2tODnlrZnEAp5cPPU/lgqCE1OOp78BAEiE91ZLPl/+D8qDHk+Maz0Io3bkeRZMXPpvtbL3qN+3GlF8Yz264HDSsTNrH+nd19tFQIDAQAB&quot;,</div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px">  &quot;auth-server-url&quot;: &quot;<a href="https://reuxgbls359:8443/auth" target="_blank">https://reuxgbls359:8443/auth</a>&quot;,</div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px">  &quot;ssl-required&quot;: &quot;none&quot;,</div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px">  &quot;resource&quot;: &quot;apiman-gateway&quot;,</div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px">  &quot;public-client&quot;: true</div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px">}</div></div></blockquote><div><br></div><div>When i hit the URL, i see the below debug:</div><div><br></div><blockquote style="margin:0 0 0 40px;border:none;padding:0px"><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px">2016-06-02 13:20:10,460 DEBUG [org.keycloak.adapters.PreAuthActionsHandler] (default task-43) adminRequest <a href="https://reuxgbls359:8443/apiman-gateway/bp/mapping/1.0?wsdl" target="_blank">https://reuxgbls359:8443/apiman-gateway/bp/mapping/1.0?wsdl</a></div></div><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px">2016-06-02 13:20:10,461 DEBUG [org.keycloak.adapters.undertow.ServletSessionTokenStore] (default task-43) session was null, returning null</div></div><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px">2016-06-02 13:20:10,461 DEBUG [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-43) there was no code</div></div><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px">2016-06-02 13:20:10,461 DEBUG [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-43) redirecting to auth server</div></div><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px">2016-06-02 13:20:10,462 DEBUG [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-43) callback uri: <a href="https://reuxgbls359:8443/apiman-gateway/bp/mapping/1.0?wsdl" target="_blank">https://reuxgbls359:8443/apiman-gateway/bp/mapping/1.0?wsdl</a></div></div><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px">2016-06-02 13:20:10,463 DEBUG [org.keycloak.adapters.AuthenticatedActionsHandler] (default task-43) AuthenticatedActionsValve.invoke <a href="https://reuxgbls359:8443/apiman-gateway/bp/mapping/1.0?wsdl" target="_blank">https://reuxgbls359:8443/apiman-gateway/bp/mapping/1.0?wsdl</a></div></div></blockquote><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px"><br></div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px">But i never get redirected to the auth/login page.</div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px"><br></div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px">Any ideas what i am doing wrong?</div><span class="HOEnZb"><font color="#888888"><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px"><div><br></div></div></font></span></div><span class="HOEnZb"><font color="#888888">-- <br><div data-smartmail="gmail_signature"><div dir="ltr"><span style="font-size:small">Gareth Healy </span><br><span style="font-size:small">UKI Middleware Consultant </span><br><span style="font-size:small">Red Hat UK Ltd </span><br><span style="font-size:small">200 Fowler Avenue </span><br><span style="font-size:small">Farnborough, Hants </span><br><span style="font-size:small">GU14 7JP, UK </span><br><br><span style="font-size:small">Mobile: <a href="tel:%2B44%280%297818511214" value="+447818511214" target="_blank">+44(0)7818511214</a> </span><br><span style="font-size:small">E-Mail: <a href="mailto:gahealy@redhat.com" target="_blank">gahealy@redhat.com</a> </span><br><br><span style="font-size:small">Registered in England and Wales under Company Registration No. 03798903</span><br></div></div>
</font></span></div>
<br>_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><span style="font-size:small">Gareth Healy </span><br><span style="font-size:small">UKI Middleware Consultant </span><br><span style="font-size:small">Red Hat UK Ltd </span><br><span style="font-size:small">200 Fowler Avenue </span><br><span style="font-size:small">Farnborough, Hants </span><br><span style="font-size:small">GU14 7JP, UK </span><br><br><span style="font-size:small">Mobile: +44(0)7818511214 </span><br><span style="font-size:small">E-Mail: <a href="mailto:gahealy@redhat.com" target="_blank">gahealy@redhat.com</a> </span><br><br><span style="font-size:small">Registered in England and Wales under Company Registration No. 03798903</span><br></div></div>
</div>