Hi Burno,
I am working on this as well just from the setup side for below is where
i am stuck i don't know if this helps you or not. But if you find something
wrong in my approach please point me to it.
My goal is get liveoak, aerogear and keycloak working on different
servers. LiveOak uses Keycloak and Aerogear. Following are the steps i
took.
1) Install Keycloak on one server with self signed certificate. It is
accessible via
https://XXX.XXX.XXX.XXX:8443/auth
<
https://xxx.xxx.xxx.xxx:8443/auth>. Worked
2) Installed AreoGear on another server with self signed certificate.
It is accessible via
https://XXX.XXX.XXX.XXX:8443/ag-push
<
https://xxx.xxx.xxx.xxx:8443/ag-push>. Worked
3) Imported attached JSON in as a new aerogear realm in keycloak.
Worked
4) Updated Keycloak to use MongoDB. Worked
5) Update application aerogear with keycloak.json restarted wildfly
server. Updated application under AreoGear to use
https://XXX.XXX.XXX.XXX:8443/ag-push/*
<
https://xxx.xxx.xxx.xxx:8443/ag-push/*> as a redirect uri. Worked.
6) Restarted both the wildfly servers.
7) After restart tried to login to
https://XXX.XXX.XXX.XXX:8443/ag-push/
<
https://xxx.xxx.xxx.xxx:8443/ag-push/> forwarded me to
https://XXX.XXX.XXX.XXX:8443/auth <
https://xxx.xxx.xxx.xxx:8443/auth> login
page. Successfull login was achieved.
8) PROBLEM: After login redirect to
https://XXX.XXX.XXX.XXX:8443/ag-push/
<
https://xxx.xxx.xxx.xxx:8443/ag-push/> where by i get error "No state
cookie" in AreoGear log, which is coming from OAuthRequestAuthenticator
line 116 because the adapter can not find a cookie with name "
OAuth_Token_Request_State" in HTTP.
Troubleshooting Try 1.
1) updated aerogear to use 1.0.1.Beta1 Adapter. Still works does not
solve the problem same error.
Troubleshooting Try 2.
1) updated keycloak.json by adding *"disable-trust-manager": true*.
Still works does not solve the problem same error.
Troubleshooting Try 3.
1) updated keycloak.json by adding *"disable-trust-manager":
false,"truststore": "/path","truststore-password":
"password"*. Still
works doe not solve the problem. I have a question is "*truststore*" a
local path to the keycloak jks cert or this is a path to remote keycloak
cert? I copied the keycloak.jks and pointed to that locally using
${jboss.server.config.dir}/trustcerts/keycloak.jks?
is this correct? After doing this i tried to invoke
https://XXX.XXX.XXXX.XXXX:8443/ag-push/rest/ping
Get the login screen
then i get Forbidden with below exception:
2014-11-15 18:31:13,664 ERROR
[org.keycloak.adapters.OAuthRequestAuthenticator] (default task-6) failed
to turn code into token: javax.net.ssl.SSLPeerUnverifiedException: peer not
authenticated
at
sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:431)
[jsse.jar:1.8.0_25]
at
org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
[httpclient-4.2.1.jar:4.2.1]
at
org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:572)
[httpclient-4.2.1.jar:4.2.1]
at
org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180)
[httpclient-4.2.1.jar:4.2.1]
at
org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:151)
[httpclient-4.2.1.jar:4.2.1]
at
org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:125)
[httpclient-4.2.1.jar:4.2.1]
at
org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:640)
[httpclient-4.2.1.jar:4.2.1]
at
org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:479)
[httpclient-4.2.1.jar:4.2.1]
at
org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906)
[httpclient-4.2.1.jar:4.2.1]
at
org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:805)
[httpclient-4.2.1.jar:4.2.1]
at
org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:784)
[httpclient-4.2.1.jar:4.2.1]
at
org.keycloak.adapters.ServerRequest.invokeAccessCodeToToken(ServerRequest.java:116)
[keycloak-adapter-core-1.0.4.Final.jar:]
at
org.keycloak.adapters.ServerRequest.invokeAccessCodeToToken(ServerRequest.java:93)
[keycloak-adapter-core-1.0.4.Final.jar:]
at
org.keycloak.adapters.OAuthRequestAuthenticator.resolveCode(OAuthRequestAuthenticator.java:256)
[keycloak-adapter-core-1.0.4.Final.jar:]
at
org.keycloak.adapters.OAuthRequestAuthenticator.authenticate(OAuthRequestAuthenticator.java:205)
[keycloak-adapter-core-1.0.4.Final.jar:]
at
org.keycloak.adapters.RequestAuthenticator.authenticate(RequestAuthenticator.java:68)
[keycloak-adapter-core-1.0.4.Final.jar:]
at
org.keycloak.adapters.undertow.UndertowKeycloakAuthMech.keycloakAuthenticate(UndertowKeycloakAuthMech.java:82)
[keycloak-undertow-adapter-1.0.4.Final.jar:]
at
org.keycloak.adapters.undertow.ServletKeycloakAuthMech.authenticate(ServletKeycloakAuthMech.java:61)
[keycloak-undertow-adapter-1.0.4.Final.jar:]
at
io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:281)
[undertow-core-1.0.15.Final.jar:1.0.15.Final]
at
io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:298)
[undertow-core-1.0.15.Final.jar:1.0.15.Final]
at
io.undertow.security.impl.SecurityContextImpl$AuthAttempter.access$100(SecurityContextImpl.java:268)
[undertow-core-1.0.15.Final.jar:1.0.15.Final]
at
io.undertow.security.impl.SecurityContextImpl.attemptAuthentication(SecurityContextImpl.java:131)
[undertow-core-1.0.15.Final.jar:1.0.15.Final]
at
io.undertow.security.impl.SecurityContextImpl.authTransition(SecurityContextImpl.java:106)
[undertow-core-1.0.15.Final.jar:1.0.15.Final]
at
io.undertow.security.impl.SecurityContextImpl.authenticate(SecurityContextImpl.java:99)
[undertow-core-1.0.15.Final.jar:1.0.15.Final]
at
io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:54)
[undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
at
io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:27)
[undertow-core-1.0.15.Final.jar:1.0.15.Final]
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25)
[undertow-core-1.0.15.Final.jar:1.0.15.Final]
at
io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:51)
[undertow-core-1.0.15.Final.jar:1.0.15.Final]
at
io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:45)
[undertow-core-1.0.15.Final.jar:1.0.15.Final]
at
io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:61)
[undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
at
io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:56)
[undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
at
io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58)
[undertow-core-1.0.15.Final.jar:1.0.15.Final]
at
io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:70)
[undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
at
io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76)
[undertow-core-1.0.15.Final.jar:1.0.15.Final]
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25)
[undertow-core-1.0.15.Final.jar:1.0.15.Final]
at
org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25)
[undertow-core-1.0.15.Final.jar:1.0.15.Final]
at
org.keycloak.adapters.undertow.ServletPreAuthActionsHandler.handleRequest(ServletPreAuthActionsHandler.java:69)
[keycloak-undertow-adapter-1.0.4.Final.jar:]
at
org.keycloak.adapters.undertow.ServletPreAuthActionsHandler.handleRequest(ServletPreAuthActionsHandler.java:69)
[keycloak-undertow-adapter-1.0.4.Final.jar:]
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25)
[undertow-core-1.0.15.Final.jar:1.0.15.Final]
at
io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:240)
[undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
at
io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:227)
[undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
at
io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:73)
[undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
at
io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:146)
[undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
at
io.undertow.server.Connectors.executeRootHandler(Connectors.java:177)
[undertow-core-1.0.15.Final.jar:1.0.15.Final]
at
io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:727)
[undertow-core-1.0.15.Final.jar:1.0.15.Final]
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
[rt.jar:1.8.0_25]
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
[rt.jar:1.8.0_25]
at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_25]
Please help i feel like i am very close just missing something simple.
Regards,
Pratik Parikh
--
View this message in context:
http://aerogear-dev.1069024.n5.nabble.com/aerogear-dev-AGPUSH-1047-Decoup...
Sent from the aerogear-dev mailing list archive at
Nabble.com.