bootstrapping of keycloak for integration testing
by Nils Preusker
Hi guys,
I'm just setting up an integration test project for our application and I'm
wondering what's the best way to bootstrap keycloak within it.
I'm using arquillian for testing and I'm using the maven-dependency-plugin
and maven-resources-plugin to put together a wildfly instance with the
keycloak-wildfly-adapter.
So far, that approach works nicely. However, I'm not quite sure yet how to
go about
* importing a realm and
* creating a bearer/ access token to use in the test cases
One approach would be to deploy the auth-server.war (is there a mvn
repository to pull it from?), POST the realm to the respective URL of the
admin console and do the authentication the same way (POST
http://localhost:8080/auth/rest/realms/TestRealm/tokens/grants/access).
Alternatively, I suppose I could deploy a small helper war or jar that
accesses the core services of keycloak to import the realm and create test
access tokens (some convenience method like "createLogin()" in a test
utility that is deployed with shrink wrap maybe).
Which option do you recommend or is there a third one that I'm missing?
Cheers,
Nils
11 years, 5 months
How to set up CORS for javascript calling a REST app
by Boettcher, Jim
Hi,
I'm trying to get CORS working for a javascript app. The javascript app (gui_app) is making AJAX requests to a different REST app (rest_app).
In the Keycloak admin console I created an application for the rest_app application and set a Web Origin of "*" . I then copied the Installation for Jboss Subsystem XML to the standalone.xml of the JBoss 7.1.1 server that the rest_app is running on. I modified the configuration to add
<enable-cors>true</enable-cors>
When I try to open the gui_app from Chrome I get errors like:
XMLHttpRequest cannot load http://localhost:8080/auth/rest/realms/dp-gui/tokens/login?client_id=rest.... No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://localhost:7116' is therefore not allowed access.
I've tried playing with various settings but can't get anything to work.
Is there an example available for how to get this to work?
Is there anything else that needs to be done on the Keycloak server side? Or on the Adapter side?
Thanks,
Jim
11 years, 5 months
Unable to add Realm
by Rodrigo Del Canto
Hi Guys,
I was using keycloak
1.0-alpha-4<http://sourceforge.net/projects/keycloak/files/1.0-alpha-4/>
to test it and do very basic authentication,in that way I was able to win
some time and continuing the development of my app.
Today I decided to try to build the last code/version and deploy it.
After checked the code out I did: mvn clean install and mvn package, I
made the changes to point the DS to a mysql db I'm using... and then
deployed the war.. no issues so far.
Then I logged in with admin/admin change the password and tried to add a
new Realm but is not working, the new realm is listed in the left menu but
I cannot change the settings.
Is this a bug? Am I missing something?
Thanks,
Rodrigo.
11 years, 6 months
Keycloak Adapter Error
by Ben
I am using Keycloak Beta 1 Snapshot as my SSO but when any user logs in it
gives a 403 forbidden and the error shown below. Any idea what went wrong?
ERROR [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-7)
failed to turn code into token: javax.net.ssl.SSLPeerUnverifiedException:
peer not authenticated
at sun.security.ssl.SSLSessionImpl.getPeerCertificates(
SSLSessionImpl.java:397) [jsse.jar:1.7.0_45]
at org.apache.http.conn.ssl.AbstractVerifier.verify(
AbstractVerifier.java:128)
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(
SSLSocketFactory.java:572)
at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(
DefaultClientConnectionOperator.java:180)
at org.apache.http.impl.conn.AbstractPoolEntry.open(
AbstractPoolEntry.java:151)
at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(
AbstractPooledConnAdapter.java:125)
at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(
DefaultRequestDirector.java:640)
at org.apache.http.impl.client.DefaultRequestDirector.execute(
DefaultRequestDirector.java:479)
at org.apache.http.impl.client.AbstractHttpClient.execute(
AbstractHttpClient.java:906)
at org.apache.http.impl.client.AbstractHttpClient.execute(
AbstractHttpClient.java:805)
at org.apache.http.impl.client.AbstractHttpClient.execute(
AbstractHttpClient.java:784)
at org.keycloak.adapters.ServerRequest.invokeAccessCodeToToken(
ServerRequest.java:78) [keycloak-adapter-core-1.0-beta-1-SNAPSHOT.jar:]
at org.keycloak.adapters.ServerRequest.invokeAccessCodeToToken(
ServerRequest.java:55) [keycloak-adapter-core-1.0-beta-1-SNAPSHOT.jar:]
at org.keycloak.adapters.OAuthRequestAuthenticator.resolveCode(
OAuthRequestAuthenticator.java:256)
[keycloak-adapter-core-1.0-beta-1-SNAPSHOT.jar:]
at org.keycloak.adapters.OAuthRequestAuthenticator.authenticate(
OAuthRequestAuthenticator.java:205)
[keycloak-adapter-core-1.0-beta-1-SNAPSHOT.jar:]
at org.keycloak.adapters.RequestAuthenticator.authenticate(
RequestAuthenticator.java:59)
[keycloak-adapter-core-1.0-beta-1-SNAPSHOT.jar:]
at org.keycloak.adapters.undertow.ServletKeycloakAuthMech.authenticate(
ServletKeycloakAuthMech.java:38)
[keycloak-undertow-adapter-1.0-beta-1-SNAPSHOT.jar:]
at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(
SecurityContextImpl.java:281) [undertow-core-1.0.0.Final.jar:1.0.0.Final]
at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(
SecurityContextImpl.java:298) [undertow-core-1.0.0.Final.jar:1.0.0.Final]
at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.access$100(
SecurityContextImpl.java:268) [undertow-core-1.0.0.Final.jar:1.0.0.Final]
at io.undertow.security.impl.SecurityContextImpl.attemptAuthentication(
SecurityContextImpl.java:131) [undertow-core-1.0.0.Final.jar:1.0.0.Final]
at io.undertow.security.impl.SecurityContextImpl.authTransition(
SecurityContextImpl.java:106) [undertow-core-1.0.0.Final.jar:1.0.0.Final]
at io.undertow.security.impl.SecurityContextImpl.authenticate(
SecurityContextImpl.java:99) [undertow-core-1.0.0.Final.jar:1.0.0.Final]
at io.undertow.security.handlers.AuthenticationCallHandler.handleRequest(
AuthenticationCallHandler.java:50)
[undertow-core-1.0.0.Final.jar:1.0.0.Final]
at
io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(
AuthenticationConstraintHandler.java:51)
[undertow-core-1.0.0.Final.jar:1.0.0.Final]
at
io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(
AbstractConfidentialityHandler.java:45)
[undertow-core-1.0.0.Final.jar:1.0.0.Final]
at
io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(
ServletConfidentialityConstraintHandler.java:61)
[undertow-servlet-1.0.0.Final.jar:1.0.0.Final]
at
io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(
ServletSecurityConstraintHandler.java:56)
[undertow-servlet-1.0.0.Final.jar:1.0.0.Final]
at
io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(
AuthenticationMechanismsHandler.java:58)
[undertow-core-1.0.0.Final.jar:1.0.0.Final]
at
io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(
CachedAuthenticatedSessionHandler.java:70)
[undertow-servlet-1.0.0.Final.jar:1.0.0.Final]
at io.undertow.security.handlers.SecurityInitialHandler.handleRequest(
SecurityInitialHandler.java:76) [undertow-core-1.0.0.Final.jar:1.0.0.Final]
at io.undertow.server.handlers.PredicateHandler.handleRequest(
PredicateHandler.java:25) [undertow-core-1.0.0.Final.jar:1.0.0.Final]
at
org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(
JACCContextIdHandler.java:61)
at io.undertow.server.handlers.PredicateHandler.handleRequest(
PredicateHandler.java:25) [undertow-core-1.0.0.Final.jar:1.0.0.Final]
at
org.keycloak.adapters.undertow.ServletPreAuthActionsHandler.handleRequest(
ServletPreAuthActionsHandler.java:54)
[keycloak-undertow-adapter-1.0-beta-1-SNAPSHOT.jar:]
at io.undertow.server.handlers.PredicateHandler.handleRequest(
PredicateHandler.java:25) [undertow-core-1.0.0.Final.jar:1.0.0.Final]
at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(
ServletInitialHandler.java:240)
[undertow-servlet-1.0.0.Final.jar:1.0.0.Final]
at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(
ServletInitialHandler.java:227)
[undertow-servlet-1.0.0.Final.jar:1.0.0.Final]
at io.undertow.servlet.handlers.ServletInitialHandler.access$000(
ServletInitialHandler.java:73)
[undertow-servlet-1.0.0.Final.jar:1.0.0.Final]
at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(
ServletInitialHandler.java:146)
[undertow-servlet-1.0.0.Final.jar:1.0.0.Final]
at io.undertow.server.Connectors.executeRootHandler(Connectors.java:168)
[undertow-core-1.0.0.Final.jar:1.0.0.Final]
at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:687)
[undertow-core-1.0.0.Final.jar:1.0.0.Final]
at java.util.concurrent.ThreadPoolExecutor.runWorker(
ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_45]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(
ThreadPoolExecutor.java:615) [rt.jar:1.7.0_45]
at java.lang.Thread.run(Thread.java:744) [rt.jar:1.7.0_45]
11 years, 6 months
Pointers Please
by Conrad Winchester
Hi guys,
first of all thank you for making keycloak. I am developing a new restful back-end for a mobile app and I wanted it to support Oauth 2 and social login, and it looks like keycloak seems to fit the bill.
Both key cloak and my app are sitting inside the same Wildfly container, and I have set up a realm and roles etc…
I could do with a few pointers though, because we are a native app and want to avoid directing to web pages if possible. I am trawling through the hours of video, and haven’t found answers yet, but would like to know if the following is possible.
1) Register a new user by REST from a mobile application - Any pointers to an example or description of how to do this please.
2) Login and get a token directly from the auth server for the user of the mobile app by using a grant type of password (i.e. no web page redirection involved)? Any pointers to an example or description of how to do this please.
3) Any pointers on how to link the Keycloak user to the user of my application (which will contain information pertinent to that user not stored in keycloak) - how do I do that at the time of registration?
I know its a pain to get these basic questions, and I hope they are not asked too regularly, but any help would be greatly appreciated.
Conrad
11 years, 6 months
MongoDB - Model provider not found
by Davide Ungari
Hi everybody,
I'm using Mongo as database and it was working fine.
I'm building from source auth-server.war and after update to HEAD now I'm
getting this error at startup:
Caused by: java.lang.RuntimeException: Model provider not found
at
org.keycloak.services.resources.KeycloakApplication.createSessionFactory(KeycloakApplication.java:131)
at
org.keycloak.services.resources.KeycloakApplication.<init>(KeycloakApplication.java:73)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
[rt.jar:1.7.0_51]
at
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
[rt.jar:1.7.0_51]
at
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
[rt.jar:1.7.0_51]
at java.lang.reflect.Constructor.newInstance(Constructor.java:526)
[rt.jar:1.7.0_51]
at
org.jboss.resteasy.core.ConstructorInjectorImpl.construct(ConstructorInjectorImpl.java:148)
... 15 more
Any ideas?
--
Davide
11 years, 6 months
failed verification of token
by Josh
Hi,
Running KeyCloak alpha 4 on Wildfly 8.1.0.CR1. I'm currently trying to get
the bundled examples working but having a hell of a time doing so.
I have my domain setup, domain roles configured, application scope
configured, keycloak.json in WEB-INF, web.xml set to KEYCLOAK.
When I go to access the "Customer Listings" of customer-portal.war it
redirects me to keycloak login, after I successfully login with valid user
with "user" role. Once the keycloak server redirects back to the
application I am greeted with a "Forbidden" page.
Here are my logs:
�[0m�[32m23:22:58,030 DEBUG [org.keycloak.adapters.PreAuthActionsHandler]
(default task-7) adminRequest
http://localhost:8080/customer-portal/customers/view.jsp
�[0m�[32m23:22:58,030 DEBUG [org.keycloak.adapters.PreAuthActionsHandler]
(default task-7) checkCorsPreflight
http://localhost:8080/customer-portal/customers/view.jsp
�[0m�[0m23:22:58,031 INFO [org.keycloak.adapters.RequestAuthenticator]
(default task-7) --> authenticate()
�[0m�[0m23:22:58,031 INFO [org.keycloak.adapters.RequestAuthenticator]
(default task-7) try bearer
�[0m�[0m23:22:58,032 INFO [org.keycloak.adapters.RequestAuthenticator]
(default task-7) try oauth
�[0m�[0m23:22:58,032 INFO [org.keycloak.adapters.RequestAuthenticator]
(default task-7) session was null, returning null
�[0m�[0m23:22:58,032 INFO
[org.keycloak.adapters.OAuthRequestAuthenticator] (default task-7) there
was no code
�[0m�[0m23:22:58,032 INFO
[org.keycloak.adapters.OAuthRequestAuthenticator] (default task-7)
redirecting to auth server
�[0m�[0m23:22:58,032 INFO
[org.keycloak.adapters.OAuthRequestAuthenticator] (default task-7) sending
redirect uri: http://localhost:8080/customer-portal/customers/view.jsp
�[0m�[32m23:22:58,125 DEBUG [org.keycloak.adapters.PreAuthActionsHandler]
(default task-8) adminRequest
http://localhost:8080/customer-portal/customers/view.jsp?code=eyJhbGciOiJ...
�[0m�[32m23:22:58,125 DEBUG [org.keycloak.adapters.PreAuthActionsHandler]
(default task-8) checkCorsPreflight
http://localhost:8080/customer-portal/customers/view.jsp?code=eyJhbGciOiJ...
�[0m�[0m23:22:58,126 INFO [org.keycloak.adapters.RequestAuthenticator]
(default task-8) --> authenticate()
�[0m�[0m23:22:58,126 INFO [org.keycloak.adapters.RequestAuthenticator]
(default task-8) try bearer
�[0m�[0m23:22:58,126 INFO [org.keycloak.adapters.RequestAuthenticator]
(default task-8) try oauth
�[0m�[0m23:22:58,126 INFO [org.keycloak.adapters.RequestAuthenticator]
(default task-8) session was null, returning null
�[0m�[0m23:22:58,126 INFO
[org.keycloak.adapters.OAuthRequestAuthenticator] (default task-8) there
was a code, resolving
�[0m�[0m23:22:58,126 INFO
[org.keycloak.adapters.OAuthRequestAuthenticator] (default task-8)
checking state cookie for after code
�[0m�[0m23:22:58,126 INFO
[org.keycloak.adapters.OAuthRequestAuthenticator] (default task-8) **
reseting application state cookie
�[0m�[32m23:22:58,128 DEBUG
[org.apache.http.impl.conn.tsccm.ThreadSafeClientConnManager] (default
task-8) Get connection: {}->http://localhost:8083, timeout = 0
�[0m�[32m23:22:58,128 DEBUG
[org.apache.http.impl.conn.tsccm.ConnPoolByRoute] (default task-8) [{}->
http://localhost:8083] total kept alive: 1, total issued: 0, total
allocated: 1 out of 20
�[0m�[32m23:22:58,128 DEBUG
[org.apache.http.impl.conn.tsccm.ConnPoolByRoute] (default task-8) Getting
free connection [{}->http://localhost:8083][null]
�[0m�[32m23:22:58,128 DEBUG [org.apache.http.impl.client.DefaultHttpClient]
(default task-8) Stale connection check
�[0m�[32m23:22:58,130 DEBUG
[org.apache.http.client.protocol.RequestAddCookies] (default task-8)
CookieSpec selected: best-match
�[0m�[32m23:22:58,130 DEBUG
[org.apache.http.client.protocol.RequestAuthCache] (default task-8) Auth
cache not set in the context
�[0m�[32m23:22:58,130 DEBUG
[org.apache.http.client.protocol.RequestProxyAuthentication] (default
task-8) Proxy auth state: UNCHALLENGED
�[0m�[32m23:22:58,130 DEBUG [org.apache.http.impl.client.DefaultHttpClient]
(default task-8) Attempt 1 to execute request
�[0m�[32m23:22:58,130 DEBUG
[org.apache.http.impl.conn.DefaultClientConnection] (default task-8)
Sending request: POST /auth/rest/realms/demo/tokens/access/codes HTTP/1.1
�[0m�[32m23:22:58,131 DEBUG [org.apache.http.wire] (default task-8) >>
"POST /auth/rest/realms/demo/tokens/access/codes HTTP/1.1[\r][\n]"
�[0m�[32m23:22:58,131 DEBUG [org.apache.http.wire] (default task-8) >>
"Authorization: Basic
Y3VzdG9tZXItcG9ydGFsOjQxMmU1NzUzLWZiMTAtNGViMS05NjAzLTQzOWY5ZTdkZjZkOA==[\r][\n]"
�[0m�[32m23:22:58,131 DEBUG [org.apache.http.wire] (default task-8) >>
"Content-Length: 549[\r][\n]"
�[0m�[32m23:22:58,131 DEBUG [org.apache.http.wire] (default task-8) >>
"Content-Type: application/x-www-form-urlencoded; charset=UTF-8[\r][\n]"
�[0m�[32m23:22:58,131 DEBUG [org.apache.http.wire] (default task-8) >>
"Host: localhost:8083[\r][\n]"
�[0m�[32m23:22:58,131 DEBUG [org.apache.http.wire] (default task-8) >>
"Connection: Keep-Alive[\r][\n]"
�[0m�[32m23:22:58,131 DEBUG [org.apache.http.wire] (default task-8) >>
"[\r][\n]"
�[0m�[32m23:22:58,131 DEBUG [org.apache.http.headers] (default task-8) >>
POST /auth/rest/realms/demo/tokens/access/codes HTTP/1.1
�[0m�[32m23:22:58,131 DEBUG [org.apache.http.headers] (default task-8) >>
Authorization: Basic
Y3VzdG9tZXItcG9ydGFsOjQxMmU1NzUzLWZiMTAtNGViMS05NjAzLTQzOWY5ZTdkZjZkOA==
�[0m�[32m23:22:58,131 DEBUG [org.apache.http.headers] (default task-8) >>
Content-Length: 549
�[0m�[32m23:22:58,131 DEBUG [org.apache.http.headers] (default task-8) >>
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
�[0m�[32m23:22:58,131 DEBUG [org.apache.http.headers] (default task-8) >>
Host: localhost:8083
�[0m�[32m23:22:58,131 DEBUG [org.apache.http.headers] (default task-8) >>
Connection: Keep-Alive
�[0m�[32m23:22:58,132 DEBUG [org.apache.http.wire] (default task-8) >>
"grant_type=authorization_code&code=eyJhbGciOiJSUzI1NiJ9.NWRkZjJjZmYtNTJhNi00YzRhLWI2N2QtNzcwYjU4ZjRkYTFmMTM5OTc4NTM2NzYyNg.VZ713boG0lvc9Qq5Su3QLYITgHknYGKBcc0NYyGEoIou__cEWwUEcGGnQB4_HAW8RNko1gwVNtgY08NJfxWCubCzPqhkJBsO5ywDJDqBj1sps19wnSmLNWac3wSHfm9O5c-_YxKi3XmhjHtQXl7AWnBhcn8zgI1-yBAFB4pPD7w0cv3DE36xUt2fRuBWud9iHzwTDl0iEhMkZP9r9VtqJee8WByaLlkCir7HOFLjzN-ZReEwacFR86ra_eD6TJdb1gb_L5-SL2IAl6mpMo-JnJP0fwx90VbXnx8yVdviO_-DeRdneUmrOWZPawU_DPt4FHdoaffAMdZQM-9b2dv79A&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Fcustomer-portal%2Fcustomers%2Fview.jsp"
�[0m�[32m23:22:58,161 DEBUG [org.apache.http.wire] (default task-8) <<
"HTTP/1.1 200 OK[\r][\n]"
�[0m�[32m23:22:58,162 DEBUG [org.apache.http.wire] (default task-8) <<
"Connection: keep-alive[\r][\n]"
�[0m�[32m23:22:58,162 DEBUG [org.apache.http.wire] (default task-8) <<
"X-Powered-By: Undertow 1[\r][\n]"
�[0m�[32m23:22:58,162 DEBUG [org.apache.http.wire] (default task-8) <<
"Server: Wildfly 8[\r][\n]"
�[0m�[32m23:22:58,162 DEBUG [org.apache.http.wire] (default task-8) <<
"Transfer-Encoding: chunked[\r][\n]"
�[0m�[32m23:22:58,162 DEBUG [org.apache.http.wire] (default task-8) <<
"Content-Type: application/json[\r][\n]"
�[0m�[32m23:22:58,162 DEBUG [org.apache.http.wire] (default task-8) <<
"Date: Sun, 11 May 2014 05:16:07 GMT[\r][\n]"
�[0m�[32m23:22:58,162 DEBUG [org.apache.http.wire] (default task-8) <<
"[\r][\n]"
�[0m�[32m23:22:58,162 DEBUG
[org.apache.http.impl.conn.DefaultClientConnection] (default task-8)
Receiving response: HTTP/1.1 200 OK
�[0m�[32m23:22:58,162 DEBUG [org.apache.http.headers] (default task-8) <<
HTTP/1.1 200 OK
�[0m�[32m23:22:58,162 DEBUG [org.apache.http.headers] (default task-8) <<
Connection: keep-alive
�[0m�[32m23:22:58,162 DEBUG [org.apache.http.headers] (default task-8) <<
X-Powered-By: Undertow 1
�[0m�[32m23:22:58,162 DEBUG [org.apache.http.headers] (default task-8) <<
Server: Wildfly 8
�[0m�[32m23:22:58,162 DEBUG [org.apache.http.headers] (default task-8) <<
Transfer-Encoding: chunked
�[0m�[32m23:22:58,162 DEBUG [org.apache.http.headers] (default task-8) <<
Content-Type: application/json
�[0m�[32m23:22:58,163 DEBUG [org.apache.http.headers] (default task-8) <<
Date: Sun, 11 May 2014 05:16:07 GMT
�[0m�[32m23:22:58,163 DEBUG [org.apache.http.impl.client.DefaultHttpClient]
(default task-8) Connection can be kept alive indefinitely
�[0m�[32m23:22:58,163 DEBUG [org.apache.http.wire] (default task-8) <<
"08bd[\r][\n]"
{"access_token":"eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiJlYTBjZTliNS1kMWY2LTQ4YjUtODc3Ny04ZDIwNGU2ZjU5YjMiLCJleHAiOjEzOTk3ODU2NjcsIm5iZiI6MCwiaWF0IjoxMzk5Nzg1MzY3LCJpc3MiOiJiaWdnZXJiZWFyIiwiYXVkIjoiYmlnZ2VyYmVhciIsInN1YiI6IjQ5M2I5Yzk2LWFhNzMtNGRhZi1iZWYwLTM5Y2FiMDVkY2YxZCIsImF6cCI6ImN1c3RvbWVyLXBvcnRhbCIsInByZWZlcnJlZF91c2VybmFtZSI6InNteXNuayIsImFsbG93ZWQtb3JpZ2lucyI6W10sInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJ1c2VyIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnt9fQ.b959FHRFh5coZeJw5su_SS4fjZ5R9cB5m_Tg93Xtu_Cw38ghqkL1bQaY0CwN-3ZBUNw9uuTMxWsIwHMzqU2rGcCCnj1Bx85L6QPQQuexvYA02Kc_8A6qmVwpOCu5mXy6FtRAvIB2LA260v7IS7zIQqqEopMo6TI45tpDUJaJDnzxKrtfPiGpQE_Y3hvs8k_KYDN9jqH9lSXPi7ZY4-kYeMQbXm6viOIDZ3QQirjpsOHwOYJs2tp5ct1W7TYc_JFLRKOhWiptGnv0dcLivASNCgREiHzPD_8MC8TarqXJ2mZ7oBx7gBXXXyUVdFjR7j9OTMNqHZfEsjU97lh0zuoImQ","expires_in":300,"refresh_token":"eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiIzYjVhNDFiZi00Y2FlLTQwYTMtOTJlYS1hYWY3OGJlOWMxZmYiLCJleHAiOjEzOTk4MjEzNjcsIm5iZiI6MCwiaWF0IjoxMzk5Nzg1MzY3LCJpc3MiOiJiaWdnZXJiZWFyIiwic3ViIjoiNDkzYjljOTYtYWE3My00ZGFmLWJlZjAtMzljYWIwNWRjZjFkIiwidHlwIjoiUkVGUkVTSCIsImF6cCI6ImN1c3RvbWVyLXBvcnRhbCIsInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJ1c2VyIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnt9fQ.FPueXowyHa7vcREfxMEsWh7JKfTkDgtbEaS_0AYPJFEsv1rF8JvWAaiW6FDkU1a8fDKYbTrr7TbxmQS7PJQBZcDAoSkYM2LE5W0O_yk9jF41jwMkS-Go4VwwNm28stlwVDH_LRG1yRyozQdK8b5Q3FzaES7yLklDGi5PARFt8WBTW2Jb_phjUk0HRDqEakxnHj0x-zUkQASfqNFyE_yQo1g6xwiLSkxGnRDuzfUb6iiJ6ZzYyNYcyiiSGGUF9duzHuGOW8ahWUqQZr9YaL1RQR-uOB_EfrJ2L-5lLLMF8ZsDE7VRLfr66vWaER1hx3C_95wOzZg16rhz3UmZOEfsQg","token_type":"bearer","id_token":"eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiI5ODEzYmEyNy01MmUwLTRhZjMtOWY5Ny0yNDNjOTVmNmQxMWYiLCJleHAiOjEzOTk3ODU2NjcsIm5iZiI6MCwiaWF0IjoxMzk5Nzg1MzY3LCJpc3MiOiJiaWdnZXJiZWFyIiwiYXVkIjoiYmlnZ2VyYmVhciIsInN1YiI6IjQ5M2I5Yzk2LWFhNzMtNGRhZi1iZWYwLTM5Y2FiMDVkY2YxZCIsImF6cCI6ImN1c3RvbWVyLXBvcnRhbCIsInByZWZlcnJlZF91c2VybmFtZSI6InNteXNuayJ9.AghauR6v63SLqna4jBERvRL-Lzl0j0PaHqprr1qZSt7qQ6jLtXHQVfuUAoU1nAWBb3MWcNmA13_BIvT7nsqTZEadfgJJxvYrOI-omvEhy0OGfmYP2r1rtK6ijc2anxzf4G3J15p87Zekf498ccGaKzFIpyP70XwCWeA5zzZkrYgnbJrpOdENIkYIE__OOooX_bwZxIQZgEoucD12QQFprcuUDnRzSbg0yS-2kVTqJUdigqAP1ANGACLrXC-SNDyNhrgasspGanabBmdFvOeCgMMbIrm4BjSQa948dRwHkUC3zcjX5URi4hjQfmoe-QH0Phl9jKlCEtjr8gir0TvIPQ","not-before-policy":0}�[0m�[32m23:22:58,315
DEBUG [org.apache.http.wire] (default task-8) << "[\r][\n]"
�[0m�[32m23:22:58,315 DEBUG [org.apache.http.wire] (default task-8) <<
"0[\r][\n]"
�[0m�[32m23:22:58,315 DEBUG [org.apache.http.wire] (default task-8) <<
"[\r][\n]"
�[0m�[32m23:22:58,315 DEBUG
[org.apache.http.impl.conn.tsccm.ThreadSafeClientConnManager] (default
task-8) Released connection is reusable.
�[0m�[32m23:22:58,315 DEBUG
[org.apache.http.impl.conn.tsccm.ConnPoolByRoute] (default task-8)
Releasing connection [{}->http://localhost:8083][null]
�[0m�[32m23:22:58,315 DEBUG
[org.apache.http.impl.conn.tsccm.ConnPoolByRoute] (default task-8) Pooling
connection [{}->http://localhost:8083][null]; keep alive indefinitely
�[0m�[32m23:22:58,315 DEBUG
[org.apache.http.impl.conn.tsccm.ConnPoolByRoute] (default task-8)
Notifying no-one, there are no waiting threads
�[0m�[31m23:22:58,318 ERROR
[org.keycloak.adapters.OAuthRequestAuthenticator] (default task-8) failed
verification of token
�[0m�[32m23:23:00,262 DEBUG [org.jboss.ejb.client.txn] (Periodic Recovery)
Send recover request for transaction origin node identifier 1 to EJB
receiver with node name joshuas-macbook-pro
�[0m�[32m23:23:05,995 DEBUG [org.keycloak.adapters.PreAuthActionsHandler]
(default task-9) adminRequest
http://localhost:8080/customer-portal/customers/view.jsp?code=eyJhbGciOiJ...
�[0m�[32m23:23:05,996 DEBUG [org.keycloak.adapters.PreAuthActionsHandler]
(default task-9) checkCorsPreflight
http://localhost:8080/customer-portal/customers/view.jsp?code=eyJhbGciOiJ...
�[0m�[0m23:23:05,996 INFO [org.keycloak.adapters.RequestAuthenticator]
(default task-9) --> authenticate()
�[0m�[0m23:23:05,996 INFO [org.keycloak.adapters.RequestAuthenticator]
(default task-9) try bearer
�[0m�[0m23:23:05,996 INFO [org.keycloak.adapters.RequestAuthenticator]
(default task-9) try oauth
�[0m�[0m23:23:05,997 INFO [org.keycloak.adapters.RequestAuthenticator]
(default task-9) session was null, returning null
�[0m�[0m23:23:05,997 INFO
[org.keycloak.adapters.OAuthRequestAuthenticator] (default task-9) there
was a code, resolving
�[0m�[0m23:23:05,997 INFO
[org.keycloak.adapters.OAuthRequestAuthenticator] (default task-9)
checking state cookie for after code
�[0m�[33m23:23:05,997 WARN
[org.keycloak.adapters.OAuthRequestAuthenticator] (default task-9) No
state cookie
�[
Any help would be appreciated, thank you!
- Josh
11 years, 6 months
Token Grant
by Rodrigo Sasaki
Hello everyone,
Fist of all I apologize if I do anything that isn't normal, this is the 1st
time I subscribe to a mailing list, please let me know if I should have
done anything differently.
Alright then, my question is this: Is there a way for me to get a token
providing only user and password? Let me try and clarify it better.
We are using a homegrown solution based on SkeletonKey and we have a flow
where we use an URL that requires username and password and returns
directly an Access Token, with no Access Codes envolved. We use this so
that our own mobile apps can get access to our REST services.
Is there any way I could get around this with Keycloak? Getting an access
token directly to my mobile app?
11 years, 6 months
CORS Setup
by Ben
I am trying to get user information from a keycloak instance running on a
separate server. However I am getting an error when I try to retrieve this
info. Interestingly I can use a Google chrome app to get the information no
problem. Ideas?
11 years, 6 months
