<div dir="ltr">I am trying to secure a URL with KeyCloak, backed by Kerberos. I've followed the below link, but sadly not not seeing what i would expect.<br clear="all"><div><br></div><div><ul><li><a href="https://github.com/keycloak/keycloak-documentation/blob/master/topics/jboss-adapter.adoc#required-per-war-configuration">https://github.com/keycloak/keycloak-documentation/blob/master/topics/jboss-adapter.adoc#required-per-war-configuration</a><br></li></ul></div><div>The exploded war web.xml contains:</div><div><br></div><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px"><?xml version="1.0" encoding="UTF-8"?></div></div><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px"><web-app xmlns:xsi="<a href="http://www.w3.org/2001/XMLSchema-instance">http://www.w3.org/2001/XMLSchema-instance</a>" xmlns="<a href="http://java.sun.com/xml/ns/javaee">http://java.sun.com/xml/ns/javaee</a>"</div></div><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px"> xmlns:web="<a href="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd</a>" xsi:schemaLocation="<a href="http://java.sun.com/xml/ns/javaee">http://java.sun.com/xml/ns/javaee</a> <a href="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd</a>"</div></div><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px"> version="2.5"></div></div><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px"><br></div></div><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px"> <listener></div></div><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px"> <listener-class>io.apiman.gateway.platforms.war.listeners.WarGatewayBootstrapper</listener-class></div></div><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px"> </listener></div></div><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px"><br></div></div><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px"> <!-- Gateway Servlet --></div></div><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px"> <servlet></div></div><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px"> <servlet-name>GatewayServlet</servlet-name></div></div><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px"> <servlet-class>io.apiman.gateway.platforms.war.servlets.WarGatewayServlet</servlet-class></div></div><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px"> </servlet></div></div><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px"> <servlet-mapping></div></div><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px"> <servlet-name>GatewayServlet</servlet-name></div></div><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px"> <url-pattern>/*</url-pattern></div></div><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px"> </servlet-mapping></div></div><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px"><br></div></div><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px"> <security-constraint></div></div><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px"> <web-resource-collection></div></div><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px"> <web-resource-name>apiman-gateway</web-resource-name></div></div><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px"> <url-pattern>/apiman-gateway/*</url-pattern></div></div><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px"> </web-resource-collection></div></div><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px"> <auth-constraint></div></div><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px"> <role-name>user</role-name></div></div><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px"> </auth-constraint></div></div><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px"> <user-data-constraint></div></div><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px"> <transport-guarantee>CONFIDENTIAL</transport-guarantee></div></div><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px"> </user-data-constraint></div></div><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px"> </security-constraint></div></div><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px"><br></div></div><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px"><br></div></div><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px"><login-config></div></div><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px"> <auth-method>KEYCLOAK</auth-method></div></div><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px"> <realm-name>this is ignored currently</realm-name></div></div><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px"> </login-config></div></div><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px"><br></div></div><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px"> <security-role></div></div><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px"> <role-name>user</role-name></div></div><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px"> </security-role></div></div><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px"><br></div></div><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px"></web-app></div></div></blockquote><div><br></div><div>And the keycloak.json file in the WEB-INF folder contains:</div><div><br></div><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px">{</div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px"> "realm": "apiman",</div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px"> "realm-public-key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxyG61ohrfJQKNmDA/ePZtqZVpPXjwn3k3T+iWiTvMsxW2+WlnqIEmL5qZ09DMhBH9r50WZRO2gVoCb657Er9x0vfD6GNf/47XU2y33TX8axhP+hSwkv/VViaDlu4jQrfgPWz/FXMjWIZxg1xQS+nOBF2ScCRYWNQ/ZnUNnvrq8dGC2/AlyeYcgDUOdwlJuvgkGlF0QoVPQiRPurR3RwlG+BjL8JB3hbaAZhdJqwqApmGQbcpgLj2tODnlrZnEAp5cPPU/lgqCE1OOp78BAEiE91ZLPl/+D8qDHk+Maz0Io3bkeRZMXPpvtbL3qN+3GlF8Yz264HDSsTNrH+nd19tFQIDAQAB",</div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px"> "auth-server-url": "<a href="https://reuxgbls359:8443/auth">https://reuxgbls359:8443/auth</a>",</div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px"> "ssl-required": "none",</div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px"> "resource": "apiman-gateway",</div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px"> "public-client": true</div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px">}</div></div></blockquote><div><br></div><div>When i hit the URL, i see the below debug:</div><div><br></div><blockquote style="margin:0 0 0 40px;border:none;padding:0px"><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px">2016-06-02 13:20:10,460 DEBUG [org.keycloak.adapters.PreAuthActionsHandler] (default task-43) adminRequest <a href="https://reuxgbls359:8443/apiman-gateway/bp/mapping/1.0?wsdl">https://reuxgbls359:8443/apiman-gateway/bp/mapping/1.0?wsdl</a></div></div><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px">2016-06-02 13:20:10,461 DEBUG [org.keycloak.adapters.undertow.ServletSessionTokenStore] (default task-43) session was null, returning null</div></div><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px">2016-06-02 13:20:10,461 DEBUG [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-43) there was no code</div></div><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px">2016-06-02 13:20:10,461 DEBUG [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-43) redirecting to auth server</div></div><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px">2016-06-02 13:20:10,462 DEBUG [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-43) callback uri: <a href="https://reuxgbls359:8443/apiman-gateway/bp/mapping/1.0?wsdl">https://reuxgbls359:8443/apiman-gateway/bp/mapping/1.0?wsdl</a></div></div><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px">2016-06-02 13:20:10,463 DEBUG [org.keycloak.adapters.AuthenticatedActionsHandler] (default task-43) AuthenticatedActionsValve.invoke <a href="https://reuxgbls359:8443/apiman-gateway/bp/mapping/1.0?wsdl">https://reuxgbls359:8443/apiman-gateway/bp/mapping/1.0?wsdl</a></div></div></blockquote><div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px"><br></div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px">But i never get redirected to the auth/login page.</div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px"><br></div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px">Any ideas what i am doing wrong?</div><div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px"><div><br></div></div></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><span style="font-size:small">Gareth Healy </span><br><span style="font-size:small">UKI Middleware Consultant </span><br><span style="font-size:small">Red Hat UK Ltd </span><br><span style="font-size:small">200 Fowler Avenue </span><br><span style="font-size:small">Farnborough, Hants </span><br><span style="font-size:small">GU14 7JP, UK </span><br><br><span style="font-size:small">Mobile: +44(0)7818511214 </span><br><span style="font-size:small">E-Mail: <a href="mailto:gahealy@redhat.com" target="_blank">gahealy@redhat.com</a> </span><br><br><span style="font-size:small">Registered in England and Wales under Company Registration No. 03798903</span><br></div></div>
</div>