<html>
  <head>
    <meta content="text/html; charset=windows-1252"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <p>So the docs are ok then?<br>
    </p>
    <br>
    <div class="moz-cite-prefix">On 8/10/16 6:17 AM, Paulo Pires wrote:<br>
    </div>
    <blockquote
cite="mid:CAO8YOYULycUpWLk1ipxpqAjWaeSJqSMZ9Q7FWb4FLxhnDe1rdQ@mail.gmail.com"
      type="cite">
      <div dir="ltr">Ah, nice tip. My tests were made with a corporate
        account which has no permissions to enable such API, but I too
        slipped that part in docs.
        <div><br>
        </div>
        <div>Thanks</div>
      </div>
      <div class="gmail_extra"><br>
        <div class="gmail_quote">On Wed, Aug 10, 2016 at 11:03 AM,
          Sigbjørn Dybdahl <span dir="ltr">&lt;<a
              moz-do-not-send="true"
              href="mailto:sigbjorn@fifty-five.com" target="_blank">sigbjorn@fifty-five.com</a>&gt;</span>
          wrote:<br>
          <blockquote class="gmail_quote" style="margin:0 0 0
            .8ex;border-left:1px #ccc solid;padding-left:1ex">
            <div dir="ltr">Thanks for you quick reply, Marek! 
              <div><br>
              </div>
              <div>When re-reading the documentation now I see the part
                on enabling the Google+ API in the Google Developer
                console, which I apparently didn't pay attention to. It
                all works smoothly now, and I can remove the
                user-defined OpenId Connect provider.</div>
              <div><br>
              </div>
              <div><br>
              </div>
              <div>Regards,</div>
              <div>Sigbjørn</div>
              <div>
                <div class="h5">
                  <div class="gmail_extra"><br>
                    <div class="gmail_quote">On 10 August 2016 at 11:49,
                      Marek Posolda <span dir="ltr">&lt;<a
                          moz-do-not-send="true"
                          href="mailto:mposolda@redhat.com"
                          target="_blank">mposolda@redhat.com</a>&gt;</span>
                      wrote:<br>
                      <blockquote class="gmail_quote" style="margin:0 0
                        0 .8ex;border-left:1px #ccc
                        solid;padding-left:1ex">
                        <div bgcolor="#FFFFFF" text="#000000">
                          <div>Did you enable Google+ API in Google
                            admin console? Configuration of this is on
                            Google side, not scopes on Keycloak side on
                            identityProvider page.<br>
                            <br>
                            Marek
                            <div>
                              <div><br>
                                <br>
                                On 10/08/16 10:47, Sigbjørn Dybdahl
                                wrote:<br>
                              </div>
                            </div>
                          </div>
                          <blockquote type="cite">
                            <div>
                              <div>
                                <div dir="ltr">Hello,
                                  <div><br>
                                  </div>
                                  <div>I'm trying to configure an
                                    instance of Keycloak using version
                                    2.1.0.CR1 and I've run into a
                                    problem when using the Google
                                    Identity Provider with the default
                                    configuration. That is, during the
                                    callback I observe
                                    a org.keycloak.broker.provider<wbr>.IdentityBrokerException:
                                    Could not fetch attributes (see
                                    complete stacktrace below for
                                    details) from userinfo endpoint
                                    which seems to be linked to the 403
                                    Forbidden return code when calling <a
                                      moz-do-not-send="true"
                                      href="https://www.googleapis.com/plus/v1/people/me/openIdConnect"
                                      target="_blank">https://www.googleapis<wbr>.com/plus/v1/people/me/<wbr>openIdConnect</a>. </div>
                                  <div><br>
                                  </div>
                                  <div>This seems to be similar to <a
                                      moz-do-not-send="true"
                                      href="https://issues.jboss.org/browse/KEYCLOAK-2942"
                                      target="_blank">https://issues.jboss.org/br<wbr>owse/KEYCLOAK-2942</a>,
                                    but even when adding the additional
                                    Google+ scopes (making scope=openid
                                    profile email <a
                                      moz-do-not-send="true"
                                      href="https://www.googleapis.com/auth/plus.me"
                                      target="_blank">https://www.googleapis.com/aut<wbr>h/plus.me</a>
                                    <a moz-do-not-send="true"
                                      href="https://www.googleapis.com/auth/plus.login"
                                      target="_blank">https://www.googleapis.com/aut<wbr>h/plus.login</a>)
                                    the call fails. As for JIRA-2942,
                                    I've tried setting up a user-defined
                                    OpenId Connect provider with the
                                    default scope, which works just
                                    fine.</div>
                                  <div><br>
                                  </div>
                                  <div>Have I forgotten any important
                                    parameter while configuring the
                                    standard Google support? Or is this
                                    a regression for this release?</div>
                                  <div><br>
                                  </div>
                                  <div><br>
                                  </div>
                                  <div>Regards,</div>
                                  <div>Sigbjørn Dybdahl</div>
                                  <div><br>
                                  </div>
                                  <div>---</div>
                                  <div><br>
                                  </div>
                                  <div>Here's the complete stacktrace
                                    for the exception:</div>
                                  <div>
                                    <div><br>
                                    </div>
                                    <div>
                                      <div>20:07:12,247 ERROR
                                        [org.keycloak.broker.oidc.Abst<wbr>ractOAuth2IdentityProvider]
                                        (default task-20) Failed to make
                                        identity provider oauth
                                        callback:
                                        org.keycloak.broker.provider.I<wbr>dentityBrokerException:
                                        Could not fetch attributes from
                                        userinfo endpoint.</div>
                                      <div>    at
                                        org.keycloak.broker.oidc.OIDCI<wbr>dentityProvider.getFederatedId<wbr>entity(OIDCIdentityProvider.<wbr>java:304)</div>
                                      <div>    at
                                        org.keycloak.broker.oidc.Abstr<wbr>actOAuth2IdentityProvider$<wbr>Endpoint.authResponse(Abstract<wbr>OAuth2IdentityProvider.java:<wbr>230)</div>
                                      <div>    at
                                        sun.reflect.NativeMethodAccess<wbr>orImpl.invoke0(Native
                                        Method)</div>
                                      <div>    at
                                        sun.reflect.NativeMethodAccess<wbr>orImpl.invoke(NativeMethodAcce<wbr>ssorImpl.java:62)</div>
                                      <div>    at
                                        sun.reflect.DelegatingMethodAc<wbr>cessorImpl.invoke(DelegatingMe<wbr>thodAccessorImpl.java:43)</div>
                                      <div>    at
                                        java.lang.reflect.Method.invok<wbr>e(Method.java:498)</div>
                                      <div>    at
                                        org.jboss.resteasy.core.Method<wbr>InjectorImpl.invoke(MethodInje<wbr>ctorImpl.java:139)</div>
                                      <div>    at
                                        org.jboss.resteasy.core.Resour<wbr>ceMethodInvoker.invokeOnTarget<wbr>(ResourceMethodInvoker.java:29<wbr>5)</div>
                                      <div>    at
                                        org.jboss.resteasy.core.Resour<wbr>ceMethodInvoker.invoke(Resourc<wbr>eMethodInvoker.java:249)</div>
                                      <div>    at
                                        org.jboss.resteasy.core.Resour<wbr>ceLocatorInvoker.invokeOnTarge<wbr>tObject(ResourceLocatorInvoker<wbr>.java:138)</div>
                                      <div>    at
                                        org.jboss.resteasy.core.Resour<wbr>ceLocatorInvoker.invoke(Resour<wbr>ceLocatorInvoker.java:107)</div>
                                      <div>    at
                                        org.jboss.resteasy.core.Resour<wbr>ceLocatorInvoker.invokeOnTarge<wbr>tObject(ResourceLocatorInvoker<wbr>.java:133)</div>
                                      <div>    at
                                        org.jboss.resteasy.core.Resour<wbr>ceLocatorInvoker.invoke(Resour<wbr>ceLocatorInvoker.java:101)</div>
                                      <div>    at
                                        org.jboss.resteasy.core.Synchr<wbr>onousDispatcher.invoke(Synchro<wbr>nousDispatcher.java:395)</div>
                                      <div>    at
                                        org.jboss.resteasy.core.Synchr<wbr>onousDispatcher.invoke(Synchro<wbr>nousDispatcher.java:202)</div>
                                      <div>    at
                                        org.jboss.resteasy.plugins.ser<wbr>ver.servlet.ServletContainerDi<wbr>spatcher.service(ServletContai<wbr>nerDispatcher.java:221)</div>
                                      <div>    at
                                        org.jboss.resteasy.plugins.ser<wbr>ver.servlet.HttpServletDispatc<wbr>her.service(HttpServletDispatc<wbr>her.java:56)</div>
                                      <div>    at
                                        org.jboss.resteasy.plugins.ser<wbr>ver.servlet.HttpServletDispatc<wbr>her.service(HttpServletDispatc<wbr>her.java:51)</div>
                                      <div>    at
                                        javax.servlet.http.HttpServlet<wbr>.service(HttpServlet.java:790)</div>
                                      <div>    at
                                        io.undertow.servlet.handlers.S<wbr>ervletHandler.handleRequest(Se<wbr>rvletHandler.java:85)</div>
                                      <div>    at
                                        io.undertow.servlet.handlers.F<wbr>ilterHandler$FilterChainImpl.d<wbr>oFilter(FilterHandler.java:129<wbr>)</div>
                                      <div>    at
                                        org.keycloak.services.filters.<wbr>KeycloakSessionServletFilter.d<wbr>oFilter(KeycloakSessionServlet<wbr>Filter.java:90)</div>
                                      <div>    at
                                        io.undertow.servlet.core.Manag<wbr>edFilter.doFilter(ManagedFilte<wbr>r.java:60)</div>
                                      <div>    at
                                        io.undertow.servlet.handlers.F<wbr>ilterHandler$FilterChainImpl.d<wbr>oFilter(FilterHandler.java:131<wbr>)</div>
                                      <div>    at
                                        io.undertow.servlet.handlers.F<wbr>ilterHandler.handleRequest(Fil<wbr>terHandler.java:84)</div>
                                      <div>    at
                                        io.undertow.servlet.handlers.s<wbr>ecurity.ServletSecurityRoleHan<wbr>dler.handleRequest(ServletSecu<wbr>rityRoleHandler.java:62)</div>
                                      <div>    at
                                        io.undertow.servlet.handlers.S<wbr>ervletDispatchingHandler.handl<wbr>eRequest(ServletDispatchingHan<wbr>dler.java:36)</div>
                                      <div>    at
                                        org.wildfly.extension.undertow<wbr>.security.SecurityContextAssoc<wbr>iationHandler.handleRequest(Se<wbr>curityContextAssociationHandle<wbr>r.java:78)</div>
                                      <div>    at
                                        <a moz-do-not-send="true"
                                          href="http://io.undertow.server.handlers.Pr">io.undertow.server.handlers.Pr</a><wbr>edicateHandler.handleRequest(P<wbr>redicateHandler.java:43)</div>
                                      <div>    at
                                        io.undertow.servlet.handlers.s<wbr>ecurity.SSLInformationAssociat<wbr>ionHandler.handleRequest(SSLIn<wbr>formationAssociationHandler.<wbr>java:131)</div>
                                      <div>    at
                                        io.undertow.servlet.handlers.s<wbr>ecurity.ServletAuthenticationC<wbr>allHandler.handleRequest(Servl<wbr>etAuthenticationCallHandler.<wbr>java:57)</div>
                                      <div>    at
                                        <a moz-do-not-send="true"
                                          href="http://io.undertow.server.handlers.Pr">io.undertow.server.handlers.Pr</a><wbr>edicateHandler.handleRequest(P<wbr>redicateHandler.java:43)</div>
                                      <div>    at
                                        io.undertow.security.handlers.<wbr>AbstractConfidentialityHandler<wbr>.handleRequest(AbstractConfide<wbr>ntialityHandler.java:46)</div>
                                      <div>    at
                                        io.undertow.servlet.handlers.s<wbr>ecurity.ServletConfidentiality<wbr>ConstraintHandler.<wbr>handleRequest(ServletConfident<wbr>ialityConstraintHandler.java:<wbr>64)</div>
                                      <div>    at
                                        io.undertow.security.handlers.<wbr>AuthenticationMechanismsHandle<wbr>r.handleRequest(Authentication<wbr>MechanismsHandler.java:60)</div>
                                      <div>    at
                                        io.undertow.servlet.handlers.s<wbr>ecurity.CachedAuthenticatedSes<wbr>sionHandler.handleRequest(Cach<wbr>edAuthenticatedSessionHandler.<wbr>java:77)</div>
                                      <div>    at
                                        io.undertow.security.handlers.<wbr>NotificationReceiverHandler.ha<wbr>ndleRequest(NotificationReceiv<wbr>erHandler.java:50)</div>
                                      <div>    at
                                        io.undertow.security.handlers.<wbr>AbstractSecurityContextAssocia<wbr>tionHandler.handleRequest(Abst<wbr>ractSecurityContextAssociation<wbr>Handler.java:43)</div>
                                      <div>    at
                                        <a moz-do-not-send="true"
                                          href="http://io.undertow.server.handlers.Pr">io.undertow.server.handlers.Pr</a><wbr>edicateHandler.handleRequest(P<wbr>redicateHandler.java:43)</div>
                                      <div>    at
                                        org.wildfly.extension.undertow<wbr>.security.jacc.JACCContextIdHa<wbr>ndler.handleRequest(JACCContex<wbr>tIdHandler.java:61)</div>
                                      <div>    at
                                        <a moz-do-not-send="true"
                                          href="http://io.undertow.server.handlers.Pr">io.undertow.server.handlers.Pr</a><wbr>edicateHandler.handleRequest(P<wbr>redicateHandler.java:43)</div>
                                      <div>    at
                                        <a moz-do-not-send="true"
                                          href="http://io.undertow.server.handlers.Pr">io.undertow.server.handlers.Pr</a><wbr>edicateHandler.handleRequest(P<wbr>redicateHandler.java:43)</div>
                                      <div>    at
                                        io.undertow.servlet.handlers.S<wbr>ervletInitialHandler.handleFir<wbr>stRequest(ServletInitialHandle<wbr>r.java:284)</div>
                                      <div>    at
                                        io.undertow.servlet.handlers.S<wbr>ervletInitialHandler.dispatchR<wbr>equest(ServletInitialHandler.<wbr>java:263)</div>
                                      <div>    at
                                        io.undertow.servlet.handlers.S<wbr>ervletInitialHandler.access$00<wbr>0(ServletInitialHandler.java:<wbr>81)</div>
                                      <div>    at
                                        io.undertow.servlet.handlers.S<wbr>ervletInitialHandler$1.handleR<wbr>equest(ServletInitialHandler.<wbr>java:174)</div>
                                      <div>    at
                                        io.undertow.server.Connectors.<wbr>executeRootHandler(Connectors.<wbr>java:202)</div>
                                      <div>    at
                                        io.undertow.server.HttpServerE<wbr>xchange$1.run(HttpServerExchan<wbr>ge.java:793)</div>
                                      <div>    at
                                        java.util.concurrent.ThreadPoo<wbr>lExecutor.runWorker(ThreadPool<wbr>Executor.java:1142)</div>
                                      <div>    at
                                        java.util.concurrent.ThreadPoo<wbr>lExecutor$Worker.run(ThreadPoo<wbr>lExecutor.java:617)</div>
                                      <div>    at
                                        java.lang.Thread.run(Thread.ja<wbr>va:745)</div>
                                      <div>Caused by:
                                        java.io.IOException: Server
                                        returned HTTP response code: 403
                                        for URL: <a
                                          moz-do-not-send="true"
                                          href="https://www.googleapis.com/plus/v1/people/me/openIdConnect"
                                          target="_blank">https://www.googleapis.com/plu<wbr>s/v1/people/me/openIdConnect</a></div>
                                      <div>    at
                                        sun.reflect.NativeConstructorA<wbr>ccessorImpl.newInstance0(<wbr>Native
                                        Method)</div>
                                      <div>    at
                                        sun.reflect.NativeConstructorA<wbr>ccessorImpl.newInstance(Native<wbr>ConstructorAccessorImpl.java:<wbr>62)</div>
                                      <div>    at
                                        sun.reflect.DelegatingConstruc<wbr>torAccessorImpl.newInstance(De<wbr>legatingConstructorAccessorImp<wbr>l.java:45)</div>
                                      <div>    at
                                        java.lang.reflect.Constructor.<wbr>newInstance(Constructor.java:4<wbr>23)</div>
                                      <div>    at
                                        sun.net.www.protocol.http.Http<wbr>URLConnection$10.run(HttpURLCo<wbr>nnection.java:1890)</div>
                                      <div>    at
                                        sun.net.www.protocol.http.Http<wbr>URLConnection$10.run(HttpURLCo<wbr>nnection.java:1885)</div>
                                      <div>    at
                                        java.security.AccessController<wbr>.doPrivileged(Native
                                        Method)</div>
                                      <div>    at
                                        sun.net.www.protocol.http.Http<wbr>URLConnection.getChainedExcept<wbr>ion(HttpURLConnection.java:<wbr>1884)</div>
                                      <div>    at
                                        sun.net.www.protocol.http.Http<wbr>URLConnection.getInputStream0(<wbr>HttpURLConnection.java:1457)</div>
                                      <div>    at
                                        sun.net.www.protocol.http.Http<wbr>URLConnection.getInputStream(H<wbr>ttpURLConnection.java:1441)</div>
                                      <div>    at
                                        sun.net.www.protocol.https.Htt<wbr>psURLConnectionImpl.getInputSt<wbr>ream(HttpsURLConnectionImpl.<wbr>java:254)</div>
                                      <div>    at
                                        org.keycloak.broker.provider.u<wbr>til.SimpleHttp.asString(Simple<wbr>Http.java:148)</div>
                                      <div>    at
                                        org.keycloak.broker.oidc.util.<wbr>JsonSimpleHttp.asJson(JsonSimp<wbr>leHttp.java:46)</div>
                                      <div>    at
                                        org.keycloak.broker.oidc.OIDCI<wbr>dentityProvider.getFederatedId<wbr>entity(OIDCIdentityProvider.<wbr>java:267)</div>
                                      <div>    ... 50 more</div>
                                      <div>Caused by:
                                        java.io.IOException: Server
                                        returned HTTP response code: 403
                                        for URL: <a
                                          moz-do-not-send="true"
                                          href="https://www.googleapis.com/plus/v1/people/me/openIdConnect"
                                          target="_blank">https://www.googleapis.com/plu<wbr>s/v1/people/me/openIdConnect</a></div>
                                      <div>    at
                                        sun.net.www.protocol.http.Http<wbr>URLConnection.getInputStream0(<wbr>HttpURLConnection.java:1840)</div>
                                      <div>    at
                                        sun.net.www.protocol.http.Http<wbr>URLConnection.getInputStream(H<wbr>ttpURLConnection.java:1441)</div>
                                      <div>    at
                                        sun.net.www.protocol.http.Http<wbr>URLConnection.getHeaderField(H<wbr>ttpURLConnection.java:2943)</div>
                                      <div>    at
                                        sun.net.www.protocol.https.Htt<wbr>psURLConnectionImpl.getHeaderF<wbr>ield(HttpsURLConnectionImpl.<wbr>java:291)</div>
                                      <div>    at
                                        org.keycloak.broker.provider.u<wbr>til.SimpleHttp.asString(Simple<wbr>Http.java:147)</div>
                                      <div>    ... 52 more</div>
                                      <div><br>
                                      </div>
                                    </div>
                                  </div>
                                </div>
                                <br>
                                <fieldset></fieldset>
                                <br>
                              </div>
                            </div>
                            <pre>______________________________<wbr>_________________
keycloak-user mailing list
<a moz-do-not-send="true" href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a>
<a moz-do-not-send="true" href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailma<wbr>n/listinfo/keycloak-user</a></pre>
    </blockquote>
    

  </div>

</blockquote></div><div>
</div>
</div></div></div></div>

______________________________<wbr>_________________

keycloak-user mailing list

<a moz-do-not-send="true" href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a>

<a moz-do-not-send="true" href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/<wbr>mailman/listinfo/keycloak-user</a>
</blockquote></div>

<div>
</div>-- 
<div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div class="gmail_signature" data-smartmail="gmail_signature"><p style="font-size:13px;color:rgb(80,0,80);font-family:'Times New Roman',serif;margin:0in 0in 0.0001pt"><b style="line-height:11.25pt;background-color:transparent"><span style="font-family:Helvetica,sans-serif;color:rgb(61,55,50)">Paulo Pires</span></b></p><p style="font-size:13px;font-family:'Times New Roman',serif;color:rgb(80,0,80);margin:0in 0in 0.0001pt;line-height:12pt"><span style="font-family:Helvetica,sans-serif;color:rgb(61,55,50)">senior infrastructure engineer | </span><a moz-do-not-send="true" href="http://www.google.com/url?q=http%3A%2F%2Flittlebits.cc%2F&amp;sa=D&amp;sntz=1&amp;usg=AFrqEzdmD1TfneYzn_vRGBO0a4wHpG-Ivg" style="color:rgb(120,43,144);font-family:Helvetica" target="_blank">littleBits</a></p><p style="font-size:12.8px;margin:0in 0in 0.0001pt;line-height:12pt"><font face="arial, helvetica, sans-serif" size="1"><b><font color="#212121">T</font></b> (917) 464-4577</font><font face="arial, helvetica, sans-serif" size="1">
</font><a moz-do-not-send="true" href="https://youtu.be/fMg5QPQQOOI" style="font-family:Helvetica,sans-serif;font-size:x-small" target="_blank">unleash your inner inventor.</a></p></div></div></div>
</div>


<fieldset class="mimeAttachmentHeader"></fieldset>
<pre wrap="">_______________________________________________
keycloak-user mailing list
<a class="moz-txt-link-abbreviated" href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a>
<a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/keycloak-user">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>

</blockquote>
</body></html>