11:30 a.m.
The problem was down to the fact that the unified-push application wasn't set to
bearer-only and Undertow seems to invoke the authentication mechanism even though it's
a non-secured resource.
What happens in details are:
1. /index.html is loaded
2. keycloak.js redirects to login page
3. Keycloak returns ?code=...
4. Undertow invokes authentication mechanism (even though /index.html is not secured),
sees the code, checks for a state cookie, doesn't find one, returns 400
One AS7 it works because AS7 doesn't invoke the authentication mechanism at all for
/index.html (which seems the correct way to me, as the resource is not part of a
secured-constraint).
Setting unified-push to bearerOnly (which it should be in any case as it's used for
jax-rs endpoints) works around the issue as our Undertow adapter will only look for bearer
token and not do anything else.
Question: is this a bug in Undertow? is it something we have to add a solution to our
Undertow adapter?
----- Original Message -----
From: "Stian Thorgersen" <stian(a)redhat.com>
To: "Bruno Oliveira" <bruno(a)abstractj.org>
Cc: "keycloak dev" <keycloak-dev(a)lists.jboss.org>
Sent: Thursday, 24 July, 2014 3:52:48 PM
Subject: Re: [keycloak-dev] Wildfly integration
Got the same issue here, looking into it now
----- Original Message -----
> From: "Bruno Oliveira" <bruno(a)abstractj.org>
> To: "keycloak dev" <keycloak-dev(a)lists.jboss.org>
> Sent: Thursday, 24 July, 2014 1:57:38 PM
> Subject: [keycloak-dev] Wildfly integration
>
> Good morning guys, I'm banging my head against the wall with this issue:
> https://gist.github.com/abstractj/b5b79bf3a5eb77e7989a, basically what I'm
> trying to
> do is integrate the latest changes on master with UPS on AeroGear.
>
> On AS7 the application runs with no errors, but when I try to deploy on
> Wildfly I get HTTP 400 after login.
>
> Probably is some misconfiguration on my end, but I already double checked
> project-integrations, checked the examples, tried to debug on IntelliJ and
> Chrome.
>
> Here are the steps to reproduce:
>
> git clone git@github.com:keycloak/keycloak.git && cd keycloak &&
mvn
> clean install -DskipTests=true -Dcheckstyle.skip=true
> cd ..
> git clone git@github.com:aerogear/aerogear-parent.git && cd
> aerogear-parent && git checkout KeycloakBeta4 && mvn clean install
> cd ..
> git clone git@github.com:aerogear/aerogear-unifiedpush-server.git && cd
> aerogear-unifiedpush-server && git checkout KeycloakBeta4 && mvn
clean
> install -Pwildfly -DskipTests=true -Dcheckstyle.skip=true
>
> cp databases/unifiedpush-h2-ds.xml $JBOSS_HOME/standalone/deployments
> cp auth-server/target/auth-server.war
> $JBOSS_HOME/standalone/deployments/
> cp server/target/ag-push.war $JBOSS_HOME/standalone/deployments
>
> $JBOSS_HOME/bin/standalone.sh
>
> If you have an idea, let me know.
>
> --
>
> abstractj
> PGP: 0x84DC9914
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev