Good morning my friend, I can't confirm/deny without access to the
sources like the files you did the updates.
Here is what must be done to get UPS working in a separate server from
Keycloak (some steps are very similar with what you already did).
Note: I'm working to make it configurable on UPS, but if you are in a
rush, these steps might help.
1. docker run -it -p 8080:8080 -p 9090:9090 jboss/keycloak
2. Login on Keycloak
3. Add a new realm and import the JSON file from
servers/auth-server/src/main/webapp/WEB-INF/ups-realm.json
4. git clone
5. Change the files to the IP address where KC is located
(
)
5. cd aerogear-unifiedpush-server && git checkout strawman && mvn clean
install
6. Deploy on WildFly
All the steps here are necessary if you want to solve the problem right
now. Now I'm working on it to decouple UPS and these steps will be
configurable for the further releases.
On 2014-11-15, Pratik Parikh wrote:
Hi Burno,
I am working on this as well just from the setup side for below is where
i am stuck i don't know if this helps you or not. But if you find something
wrong in my approach please point me to it.
My goal is get liveoak, aerogear and keycloak working on different
servers. LiveOak uses Keycloak and Aerogear. Following are the steps i
took.
1) Install Keycloak on one server with self signed certificate. It is
accessible via
https://XXX.XXX.XXX.XXX:8443/auth
<
https://xxx.xxx.xxx.xxx:8443/auth>. Worked
2) Installed AreoGear on another server with self signed certificate.
It is accessible via
https://XXX.XXX.XXX.XXX:8443/ag-push
<
https://xxx.xxx.xxx.xxx:8443/ag-push>. Worked
3) Imported attached JSON in as a new aerogear realm in keycloak.
Worked
4) Updated Keycloak to use MongoDB. Worked
5) Update application aerogear with keycloak.json restarted wildfly
server. Updated application under AreoGear to use
https://XXX.XXX.XXX.XXX:8443/ag-push/*
<
https://xxx.xxx.xxx.xxx:8443/ag-push/*> as a redirect uri. Worked.
6) Restarted both the wildfly servers.
7) After restart tried to login to
https://XXX.XXX.XXX.XXX:8443/ag-push/
<
https://xxx.xxx.xxx.xxx:8443/ag-push/> forwarded me to
https://XXX.XXX.XXX.XXX:8443/auth <
https://xxx.xxx.xxx.xxx:8443/auth> login
page. Successfull login was achieved.
8) PROBLEM: After login redirect to
https://XXX.XXX.XXX.XXX:8443/ag-push/
<
https://xxx.xxx.xxx.xxx:8443/ag-push/> where by i get error "No state
cookie" in AreoGear log, which is coming from OAuthRequestAuthenticator
line 116 because the adapter can not find a cookie with name "
OAuth_Token_Request_State" in HTTP.
Troubleshooting Try 1.
1) updated aerogear to use 1.0.1.Beta1 Adapter. Still works does not
solve the problem same error.
Troubleshooting Try 2.
1) updated keycloak.json by adding *"disable-trust-manager": true*.
Still works does not solve the problem same error.
Troubleshooting Try 3.
1) updated keycloak.json by adding *"disable-trust-manager":
false,"truststore": "/path","truststore-password":
"password"*. Still
works doe not solve the problem. I have a question is "*truststore*" a
local path to the keycloak jks cert or this is a path to remote keycloak
cert? I copied the keycloak.jks and pointed to that locally using
${jboss.server.config.dir}/trustcerts/keycloak.jks?
is this correct? After doing this i tried to invoke
https://XXX.XXX.XXXX.XXXX:8443/ag-push/rest/ping
Get the login screen
then i get Forbidden with below exception:
2014-11-15 18:31:13,664 ERROR
[org.keycloak.adapters.OAuthRequestAuthenticator] (default task-6) failed
to turn code into token: javax.net.ssl.SSLPeerUnverifiedException: peer not
authenticated
at
sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:431)
[jsse.jar:1.8.0_25]
at
org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
[httpclient-4.2.1.jar:4.2.1]
at
org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:572)
[httpclient-4.2.1.jar:4.2.1]
at
org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180)
[httpclient-4.2.1.jar:4.2.1]
at
org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:151)
[httpclient-4.2.1.jar:4.2.1]
at
org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:125)
[httpclient-4.2.1.jar:4.2.1]
at
org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:640)
[httpclient-4.2.1.jar:4.2.1]
at
org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:479)
[httpclient-4.2.1.jar:4.2.1]
at
org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906)
[httpclient-4.2.1.jar:4.2.1]
at
org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:805)
[httpclient-4.2.1.jar:4.2.1]
at
org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:784)
[httpclient-4.2.1.jar:4.2.1]
at
org.keycloak.adapters.ServerRequest.invokeAccessCodeToToken(ServerRequest.java:116)
[keycloak-adapter-core-1.0.4.Final.jar:]
at
org.keycloak.adapters.ServerRequest.invokeAccessCodeToToken(ServerRequest.java:93)
[keycloak-adapter-core-1.0.4.Final.jar:]
at
org.keycloak.adapters.OAuthRequestAuthenticator.resolveCode(OAuthRequestAuthenticator.java:256)
[keycloak-adapter-core-1.0.4.Final.jar:]
at
org.keycloak.adapters.OAuthRequestAuthenticator.authenticate(OAuthRequestAuthenticator.java:205)
[keycloak-adapter-core-1.0.4.Final.jar:]
at
org.keycloak.adapters.RequestAuthenticator.authenticate(RequestAuthenticator.java:68)
[keycloak-adapter-core-1.0.4.Final.jar:]
at
org.keycloak.adapters.undertow.UndertowKeycloakAuthMech.keycloakAuthenticate(UndertowKeycloakAuthMech.java:82)
[keycloak-undertow-adapter-1.0.4.Final.jar:]
at
org.keycloak.adapters.undertow.ServletKeycloakAuthMech.authenticate(ServletKeycloakAuthMech.java:61)
[keycloak-undertow-adapter-1.0.4.Final.jar:]
at
io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:281)
[undertow-core-1.0.15.Final.jar:1.0.15.Final]
at
io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:298)
[undertow-core-1.0.15.Final.jar:1.0.15.Final]
at
io.undertow.security.impl.SecurityContextImpl$AuthAttempter.access$100(SecurityContextImpl.java:268)
[undertow-core-1.0.15.Final.jar:1.0.15.Final]
at
io.undertow.security.impl.SecurityContextImpl.attemptAuthentication(SecurityContextImpl.java:131)
[undertow-core-1.0.15.Final.jar:1.0.15.Final]
at
io.undertow.security.impl.SecurityContextImpl.authTransition(SecurityContextImpl.java:106)
[undertow-core-1.0.15.Final.jar:1.0.15.Final]
at
io.undertow.security.impl.SecurityContextImpl.authenticate(SecurityContextImpl.java:99)
[undertow-core-1.0.15.Final.jar:1.0.15.Final]
at
io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:54)
[undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
at
io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:27)
[undertow-core-1.0.15.Final.jar:1.0.15.Final]
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25)
[undertow-core-1.0.15.Final.jar:1.0.15.Final]
at
io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:51)
[undertow-core-1.0.15.Final.jar:1.0.15.Final]
at
io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:45)
[undertow-core-1.0.15.Final.jar:1.0.15.Final]
at
io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:61)
[undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
at
io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:56)
[undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
at
io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58)
[undertow-core-1.0.15.Final.jar:1.0.15.Final]
at
io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:70)
[undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
at
io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76)
[undertow-core-1.0.15.Final.jar:1.0.15.Final]
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25)
[undertow-core-1.0.15.Final.jar:1.0.15.Final]
at
org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25)
[undertow-core-1.0.15.Final.jar:1.0.15.Final]
at
org.keycloak.adapters.undertow.ServletPreAuthActionsHandler.handleRequest(ServletPreAuthActionsHandler.java:69)
[keycloak-undertow-adapter-1.0.4.Final.jar:]
at
org.keycloak.adapters.undertow.ServletPreAuthActionsHandler.handleRequest(ServletPreAuthActionsHandler.java:69)
[keycloak-undertow-adapter-1.0.4.Final.jar:]
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25)
[undertow-core-1.0.15.Final.jar:1.0.15.Final]
at
io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:240)
[undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
at
io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:227)
[undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
at
io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:73)
[undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
at
io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:146)
[undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
at
io.undertow.server.Connectors.executeRootHandler(Connectors.java:177)
[undertow-core-1.0.15.Final.jar:1.0.15.Final]
at
io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:727)
[undertow-core-1.0.15.Final.jar:1.0.15.Final]
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
[rt.jar:1.8.0_25]
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
[rt.jar:1.8.0_25]
at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_25]
Please help i feel like i am very close just missing something simple.
Regards,
Pratik Parikh
--
View this message in context:
http://aerogear-dev.1069024.n5.nabble.com/aerogear-dev-AGPUSH-1047-Decoup...
Sent from the aerogear-dev mailing list archive at
Nabble.com.
_______________________________________________
aerogear-dev mailing list
aerogear-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev