Adding to it,

 

2016-03-30 01:20:29,823 WARN  [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-1) state parameter invalid

2016-03-30 01:20:29,823 WARN  [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-1) cookie: 3/d04bf765-63be-4c34-bb42-5f7211bf8051

 

Is it the reason for the issue?

 

Thanks,

Jayapriya Atheesan

 

From: JAYAPRIYA ATHEESAN [mailto:jayapriya.atheesan@gmail.com]
Sent: Wednesday, March 30, 2016 1:21 PM
To: 'Marek Posolda'; 'keycloak-dev@lists.jboss.org'
Subject: RE: [keycloak-dev] 403 Forbidden when invoking application secured with keycloak

 

Hi Marek,

 

Thanks for your response.

 

Already I have set a role in keycloak application as giggzouser and I have set the same in my web.xml file.

After enabling the logs, it shows up this

 

2016-03-30 03:39:26,843 DEBUG [org.keycloak.adapters.PreAuthActionsHandler] (default task-7) adminRequest http://hostname:8080/appname/rest/giggzoLogin/userLogin

2016-03-30 03:39:26,845 DEBUG [org.keycloak.adapters.undertow.KeycloakUndertowAccount] (default task-7) session is active

2016-03-30 03:39:26,845 DEBUG [org.keycloak.adapters.undertow.ServletSessionTokenStore] (default task-7) Cached account found

2016-03-30 03:39:26,845 DEBUG [org.keycloak.adapters.wildfly.WildflyRequestAuthenticator] (default task-7) propagate security context to wildfly

2016-03-30 03:39:26,845 DEBUG [org.keycloak.adapters.RequestAuthenticator] (default task-7) AUTHENTICATED: was cached

2016-03-30 03:39:26,846 DEBUG [org.keycloak.adapters.AuthenticatedActionsHandler] (default task-7) AuthenticatedActionsValve.invoke http ://hostname:8080/appname /rest/giggzoLogin/userLogin

 

After which, I get forbidden on screen.

 

Please find the web.xml file attached to this mail.

 

Thanks,

Jayapriya Atheesan

 

From: Marek Posolda [mailto:mposolda@redhat.com]
Sent: Wednesday, March 30, 2016 12:42 PM
To: JAYAPRIYA ATHEESAN; keycloak-dev@lists.jboss.org
Subject: Re: [keycloak-dev] 403 Forbidden when invoking application secured with keycloak

 

It looks that your user either doesn't have roles or your client doesn't have scope. Take a look at examples for more inspiration. For logging, you can enable DEBUG logging for category "org.keycloak" in standalone/configuration/standalone.xml

Marek

On 30/03/16 08:13, JAYAPRIYA ATHEESAN wrote:

Hi,

 

Greetings of the day !!

 

I need an urgent help from your team.

 

I have an application deployed in wildfly server. The same has been secured with keycloak server(this runs of a different wildfly box).

The wildfly server has been configured with keycloak adapter.

 

When I invoke a page from the application deployed in wildfly server, the application , redirects to keycloak login page. After I click submit  entering user name and password, I get 403 forbidden error.

 

Is there a way to enable logs for keycloak adapter. I’m not getting any logs related to this error.

 

The issue is similar to the one addressed in http://lists.jboss.org/pipermail/keycloak-user/2015-February/001601.html

http://lists.jboss.org/pipermail/keycloak-user/2014-November/001280.html

 

Please help me in resolving the same.

 

Below are the details of the server :

Wildfly 9.0.0CR2

Keycloak 1.6.0 Final

 

Thanks,

Jayapriya Atheesan

 

 



_______________________________________________
keycloak-dev mailing list
keycloak-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev