<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal"><span style="color:#1F497D">The messages that I see in the command-line are these.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">If I comment<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:Consolas;color:black">registration.addInitParameter(</span><span style="font-size:10.0pt;font-family:Consolas;color:#2A00FF">"keycloak.config.file"</span><span style="font-size:10.0pt;font-family:Consolas;color:black">,
</span><span style="font-size:10.0pt;font-family:Consolas;color:#2A00FF">"D:/OpenIDM/keycloak.json"</span><span style="font-size:10.0pt;font-family:Consolas;color:black">);</span><span style="font-size:10.0pt;font-family:Consolas"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">I see<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">15:13:03,404 WARN [org.keycloak.events] (default task-48) type=LOGIN_ERROR, rea<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">lmId=master, clientId=null, userId=null, ipAddress=127.0.0.1, error=invalid_code<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">If I don’t comment that line I see this. I am assuming in this case the filter is validating but don’t know what this means.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">13:37:34,896 WARN [org.keycloak.events] (default task-38) type=REFRESH_TOKEN_ER<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">ROR, realmId=master, clientId=Pearson, userId=f145fdaf-4c98-468f-bdd8-2a37e1e35b<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">b8, ipAddress=127.0.0.1, error=invalid_token, grant_type=refresh_token, refresh_<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">token_type=Refresh, refresh_token_id=48565291-f694-4961-8bc5-8f36910de464, clien<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">t_auth_method=client-secret<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Thanks,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Mohan<o:p></o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b>From:</b> Radhakrishnan, Mohan (Cognizant) <br>
<b>Sent:</b> Friday, July 29, 2016 1:56 PM<br>
<b>To:</b> 'keycloak-user@lists.jboss.org' <keycloak-user@lists.jboss.org><br>
<b>Subject:</b> Implicit flow test<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Hi,<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">I am using keycloak-2.0.0.Final standalone server and I have enabled ‘Implicit’<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman",serif"><a href="http://localhost:8080/auth/realms/Pearson/protocol/openid-connect/auth?response_type=id_token&redirect_uri=http://localhost:8000/keycloak/greeting/&realm=Pearson&client_id=Pearson&scope=user"><span style="color:blue">http://localhost:8080/auth/realms/Pearson/protocol/openid-connect/auth?response_type=id_token&redirect_uri=http://localhost:8000/keycloak/greeting/&realm=Pearson&client_id=Pearson&scope=user</span></a><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman",serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman",serif">The URL shown above shows me the login page and redirects after obtaining the id_token and I get the proper output in the b rowser.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman",serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><a href="http://localhost:8000/keycloak/greeting/#id_token=eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiTc3NjM2ZS1lOWI0LTRhOGQtOTZiOS0yNTQ5NDc5ZjZmZWQiLCJleHAiOjE0Njk3ODEwODMsIm5iZiI6MCwiaWF0IjoxNDY5NzgwMTgzLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvYXV0aC9yZWFsbXMvUGVhcnNvbiIsImF1ZCI6IlBlYXJzb24iLCJzdWIiOiJmMTQ1ZmRhZi00Yzk4LTQ2OGYtYmRkOC0yYTM3ZTFlMzViYjgiLCJ0eXAiOiJJRCIsImF6cCI6IlBlYXJzb24iLCJzZXNzaW9uX3N0YXRlIjoiZmNmNTNiN2ItNDUzNi00MjRhLTk0OWItYmZiZmQ4NzQ2N2FmIiwibmFtZSI6IiIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIn0.OmtVkjW8gGxMpbkH1LIL6rd97J7BYza5BETp86R4t_hM826rCgOpVbH4O9ZLqJ6TsnYlKOHpsU3N1Nu-vrQuwfI1gTgR3ulDHyg1PJbv-Q9hgycT2nQC-3uLW3i5nzaXEWQDsCVqe1kJHMq-UcwgshGyu7rKSxyLFOZDBRLmLDL1-vOsUk4-bRe6ulC9QL3cCqvNh8X8rzxEtTPc9LihNpphcURYW5-5r7oVFSA2-RaKbhMwsDEtZVZAbPH2HqQM17poPEJFKPwFhmH8RivMuX7x_ThwYc0VimPUSBIi0O4mQ9Kl3kb-wanj01jzelzR8LrTFZbRaMUig8o-FwvhjA&not-before-policy=0">http://localhost:8000/keycloak/greeting/#id_token=eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiTc3NjM2ZS1lOWI0LTRhOGQtOTZiOS0yNTQ5NDc5ZjZmZWQiLCJleHAiOjE0Njk3ODEwODMsIm5iZiI6MCwiaWF0IjoxNDY5NzgwMTgzLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvYXV0aC9yZWFsbXMvUGVhcnNvbiIsImF1ZCI6IlBlYXJzb24iLCJzdWIiOiJmMTQ1ZmRhZi00Yzk4LTQ2OGYtYmRkOC0yYTM3ZTFlMzViYjgiLCJ0eXAiOiJJRCIsImF6cCI6IlBlYXJzb24iLCJzZXNzaW9uX3N0YXRlIjoiZmNmNTNiN2ItNDUzNi00MjRhLTk0OWItYmZiZmQ4NzQ2N2FmIiwibmFtZSI6IiIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIn0.OmtVkjW8gGxMpbkH1LIL6rd97J7BYza5BETp86R4t_hM826rCgOpVbH4O9ZLqJ6TsnYlKOHpsU3N1Nu-vrQuwfI1gTgR3ulDHyg1PJbv-Q9hgycT2nQC-3uLW3i5nzaXEWQDsCVqe1kJHMq-UcwgshGyu7rKSxyLFOZDBRLmLDL1-vOsUk4-bRe6ulC9QL3cCqvNh8X8rzxEtTPc9LihNpphcURYW5-5r7oVFSA2-RaKbhMwsDEtZVZAbPH2HqQM17poPEJFKPwFhmH8RivMuX7x_ThwYc0VimPUSBIi0O4mQ9Kl3kb-wanj01jzelzR8LrTFZbRaMUig8o-FwvhjA&not-before-policy=0</a><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">My filter configuration is this.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:Consolas;color:black">
</span><span style="font-size:10.0pt;font-family:Consolas;color:#646464">@</span><span style="font-size:10.0pt;font-family:Consolas;color:black">Bean</span><span style="font-size:10.0pt;font-family:Consolas"><o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:Consolas;color:black">
</span><b><span style="font-size:10.0pt;font-family:Consolas;color:#7F0055">public</span></b><span style="font-size:10.0pt;font-family:Consolas;color:black"> FilterRegistrationBean someFilterRegistration() {</span><span style="font-size:10.0pt;font-family:Consolas"><o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:Consolas"><o:p> </o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:Consolas;color:black"> FilterRegistrationBean registration =
</span><b><span style="font-size:10.0pt;font-family:Consolas;color:#7F0055">new</span></b><span style="font-size:10.0pt;font-family:Consolas;color:black"> FilterRegistrationBean();</span><span style="font-size:10.0pt;font-family:Consolas"><o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:Consolas;color:black"> registration.setFilter(keycloakOIDCFilter());</span><span style="font-size:10.0pt;font-family:Consolas"><o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:Consolas;color:black"> registration.addUrlPatterns(</span><span style="font-size:10.0pt;font-family:Consolas;color:#2A00FF">"/keycloak/*"</span><span style="font-size:10.0pt;font-family:Consolas;color:black">);</span><span style="font-size:10.0pt;font-family:Consolas"><o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:Consolas;color:black"> registration.addInitParameter(</span><span style="font-size:10.0pt;font-family:Consolas;color:#2A00FF">"keycloak.config.file"</span><span style="font-size:10.0pt;font-family:Consolas;color:black">,
</span><span style="font-size:10.0pt;font-family:Consolas;color:#2A00FF">"D:/OpenIDM/keycloak.json"</span><span style="font-size:10.0pt;font-family:Consolas;color:black">);</span><span style="font-size:10.0pt;font-family:Consolas"><o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:Consolas;color:black"> registration.setName(</span><span style="font-size:10.0pt;font-family:Consolas;color:#2A00FF">"keycloakOIDCFilter"</span><span style="font-size:10.0pt;font-family:Consolas;color:black">);</span><span style="font-size:10.0pt;font-family:Consolas"><o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:Consolas;color:black"> registration.setOrder(1);</span><span style="font-size:10.0pt;font-family:Consolas"><o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:Consolas;color:black">
</span><b><span style="font-size:10.0pt;font-family:Consolas;color:#7F0055">return</span></b><span style="font-size:10.0pt;font-family:Consolas;color:black"> registration;</span><span style="font-size:10.0pt;font-family:Consolas"><o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:Consolas;color:black"> }
</span><span style="font-size:10.0pt;font-family:Consolas"><o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Is the id_token getting validated by the filter ? How do I know that it is ? Have I misunderstood the validation ? Logging for the filter or keycloak should be enabled. How ?<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Thanks,<o:p></o:p></p>
<p class="MsoNormal">Mohan<o:p></o:p></p>
</div>
This e-mail and any files transmitted with it are for the sole use of the intended recipient(s) and may contain confidential and privileged information. If you are not the intended recipient(s), please reply to the sender and destroy all copies of the original
message. Any unauthorized review, use, disclosure, dissemination, forwarding, printing or copying of this email, and/or any action taken in reliance on the contents of this e-mail is strictly prohibited and may be unlawful. Where permitted by applicable law,
this e-mail and other e-mail communications sent to and from Cognizant e-mail addresses may be monitored.
</body>
</html>