Re: [keycloak-user] KC 1.9.4 Error during
by Marek Posolda
Does your keycloak server have certificate signed by known CA authority
or are you using some self-signed? If you have self-signed, you also
need to configure truststore. See
http://keycloak.github.io/docs/userguide/keycloak-server/html/ch08.html#a...
and especially properties related to truststore.
Marek
On 31/05/16 15:00, Emil Posmyk wrote:
> sorry, i forgot to finish title
>
> {
> "realm": "Brandpath",
> "realm-public-key": "key.....",
> "auth-server-url": "https://sabdev_oms.brandpath.net/auth",
> "ssl-required": "external",
> "resource": "oms-web",
> "credentials": {
> "secret": "secret"
> },
> "use-resource-role-mappings": true
> }
>
>
>
> regards
> /--/
> /Emil Posmyk
>
> /
>
> 2016-05-31 14:26 GMT+02:00 Marek Posolda <mposolda(a)redhat.com
> <mailto:mposolda@redhat.com>>:
>
> How is "auth-server-url" in your keycloak.json configured? If
> you're using relative URI, then you can maybe try to use absolute
> URI and see if it help?
>
> Marek
>
>
> On 31/05/16 14:19, Emil Posmyk wrote:
>> Hello
>>
>> I'm reciving error when I try login to our application:
>> ClientProtocolException: URI does not specify a valid host name:
>> https:/auth/realms/Brandpath/protocol/openid-connect/token
>> Http protocol is working fine, no errors, but using https I
>> recive each time uri without host name.
>> Auth page is working fine.
>>
>> What can cause that error ?
>>
>>
>> 14:59:22,937 ERROR
>> [org.keycloak.adapters.OAuthRequestAuthenticator] (default
>> task-2) failed to turn code into token:
>> org.apache.http.client.ClientProtocolException: URI does not
>> specify a valid host name:
>> https:/auth/realms/Brandpath/protocol/openid-connect/token
>> [Server:ms-server1] at
>> org.apache.http.impl.client.CloseableHttpClient.determineTarget(CloseableHttpClient.java:94)
>> [Server:ms-server1] at
>> org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
>> [Server:ms-server1] at
>> org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107)
>> [Server:ms-server1] at
>> org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55)
>> [Server:ms-server1] at
>> org.keycloak.adapters.ServerRequest.invokeAccessCodeToToken(ServerRequest.java:107)
>> [Server:ms-server1] at
>> org.keycloak.adapters.OAuthRequestAuthenticator.resolveCode(OAuthRequestAuthenticator.java:314)
>> [Server:ms-server1] at
>> org.keycloak.adapters.OAuthRequestAuthenticator.authenticate(OAuthRequestAuthenticator.java:260)
>> [Server:ms-server1] at
>> org.keycloak.adapters.RequestAuthenticator.authenticate(RequestAuthenticator.java:112)
>> [Server:ms-server1] at
>> org.keycloak.adapters.undertow.AbstractUndertowKeycloakAuthMech.keycloakAuthenticate(AbstractUndertowKeycloakAuthMech.java:110)
>> [Server:ms-server1] at
>> org.keycloak.adapters.undertow.ServletKeycloakAuthMech.authenticate(ServletKeycloakAuthMech.java:92)
>> [Server:ms-server1] at
>> io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:233)
>> [Server:ms-server1] at
>> io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:250)
>> [Server:ms-server1] at
>> io.undertow.security.impl.SecurityContextImpl$AuthAttempter.access$100(SecurityContextImpl.java:219)
>> [Server:ms-server1] at
>> io.undertow.security.impl.SecurityContextImpl.attemptAuthentication(SecurityContextImpl.java:121)
>> [Server:ms-server1] at
>> io.undertow.security.impl.SecurityContextImpl.authTransition(SecurityContextImpl.java:96)
>> [Server:ms-server1] at
>> io.undertow.security.impl.SecurityContextImpl.authenticate(SecurityContextImpl.java:89)
>> [Server:ms-server1] at
>> io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:55)
>> [Server:ms-server1] at
>> io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:33)
>> [Server:ms-server1] at
>> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>> [Server:ms-server1] at
>> io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:51)
>> [Server:ms-server1] at
>> io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
>> [Server:ms-server1] at
>> io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
>> [Server:ms-server1] at
>> io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:56)
>> [Server:ms-server1] at
>> io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
>> [Server:ms-server1] at
>> io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
>> [Server:ms-server1] at
>> io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
>> [Server:ms-server1] at
>> io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
>> [Server:ms-server1] at
>> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>> [Server:ms-server1] at
>> org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
>> [Server:ms-server1] at
>> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>> [Server:ms-server1] at
>> org.wildfly.mod_cluster.undertow.metric.RunningRequestsHttpHandler.handleRequest(RunningRequestsHttpHandler.java:69)
>> [Server:ms-server1] at
>> org.keycloak.adapters.undertow.ServletPreAuthActionsHandler.handleRequest(ServletPreAuthActionsHandler.java:69)
>> [Server:ms-server1] at
>> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>> [Server:ms-server1] at
>> io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:284)
>> [Server:ms-server1] at
>> io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:263)
>> [Server:ms-server1] at
>> io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
>> [Server:ms-server1] at
>> io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:174)
>> [Server:ms-server1] at
>> io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
>> [Server:ms-server1] at
>> io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:793)
>> [Server:ms-server1] at
>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
>> [Server:ms-server1] at
>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
>> [Server:ms-server1] at java.lang.Thread.run(Thread.java:745)
>>
>> /
>> regards/
>> /--/
>> /Emil Posmyk
>> /
>>
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org>
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
8 years, 6 months
Async request/response processing at Keycloak
by Bystrik Horvath
Hello community,
I found that (since 1.9.2?) there's RealmResourceProvider that gives me the
possibility to provide own REST endpoint. After implementing the endpoint
using async capabilty of jax-rs, I'm getting exception like:
UT010026: Async is not supported for this request, as not all filters or
Servlets were marked as supporting async.
How is it possible to tweak Keycloak (I'm currently on 1.9.3) to
asynchronously respond to my requests in implementation of
RealmResourceProvider?
Thank you for any comment on this.
Best regards,
Bystrik
8 years, 6 months
Help : Problem with CORS - Spring boot - Angular 2
by Cyril Casaucau
Hello,
I have a problem to secure my webservice REST.
I have a spring boot application who is a Webservice REST and an angular 2
application who call the webservice.
I'm using the keycloak-spring-security-adapter with this configuration :
@Configuration
@EnableWebSecurity
@ComponentScan(basePackageClasses = KeycloakSecurityComponents.class)
public class SecurityConfig extends KeycloakWebSecurityConfigurerAdapter
{
/**
* Registers the KeycloakAuthenticationProvider with the
authentication manager.
*/
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth)
throws Exception {
auth.authenticationProvider(keycloakAuthenticationProvider());
}
/**
* Defines the session authentication strategy.
*/
@Bean
@Override
protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
return new NullAuthenticatedSessionStrategy();
}
@Override
protected void configure(HttpSecurity http) throws Exception
{
super.configure(http);
http
.authorizeRequests()
.antMatchers("/userFacade*").hasRole("user")
.anyRequest().permitAll();
}
}
And i have configured CORS in the spring boot config like this :
@Bean
public WebMvcConfigurer corsConfigurer() {
return new WebMvcConfigurerAdapter() {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/userFacade/**")
.allowedMethods("GET", "POST", "PUT", "DELETE", "OPTIONS")
.allowedOrigins("*").allowedHeaders("Authorization", "Content-Type",
"X-Requested-With");
}
};
}
The endpoint :
@RestController
@RequestMapping("/userFacade")
public class UserFacade {
@Autowired
private UserService userService;
@RequestMapping(method = RequestMethod.GET, value = "/getAllUsers")
public List<UserDTO> getAllUsers() {
return userService.getAllUsers();
}
}
When i make the call on the frontend, chrome tell me this :
XMLHttpRequest cannot load http://localhost:8080/userFacade/getAllUsers.
The request was redirected to 'http://localhost:8080/', which is disallowed
for cross-origin requests that require preflight.
My headers on the frontend side :
this.headers.append('Authorization', 'BEARER ' +
localStorage.getItem('token'));
this.headers.append('Content-Type', 'application/json');
this.headers.append('X-Requested-With', 'XMLHttpRequest');
I have tried a lot of things like using the keycloak-spring-boot-adapter
but same kind of error.
Can you help me ?
Thanks,
Best regards,
8 years, 6 months
Keycloak integration with REST service
by Mike Love
Hi Jim,
I would suggest that you achieve this integration using a custom User Federation Provider.
You would need to implement UserFederationProviderFactory & UserFederationProvider
I have an outstanding blog to write re implementing a custom user federation provider.
If you need additional assistance, let me know and I will try to prioritise this
Regards,
Mike
--
www.symbiotics.co.za
********************************************************************************
This email and any accompanying attachments may contain confidential and
proprietary information. This information is private and protected by law
and, accordingly, if you are not the intended recipient, you are requested
to delete this entire communication immediately and are notified that any
disclosure, copying or distribution of or taking any action based on this
information is prohibited.
Emails cannot be guaranteed to be secure or free of errors or viruses. The
sender does not accept any liability or responsibility for any
interception, corruption, destruction, loss, late arrival or incompleteness
of or tampering or interference with any of the information contained in
this email or for its incorrect delivery or non-delivery for whatsoever
reason or for its effect on any electronic device of the recipient.
********************************************************************************
8 years, 6 months
