Re: [keycloak-user] Error on application log in

From: "Fabián Silva" <afsg77(a)gmail.com&gt; To: "Stan Silvert" <ssilvert(a)redhat.com&gt; Cc: keycloak-user(a)lists.jboss.org Sent: Wednesday, 19 November, 2014 6:35:15 PM Subject: Re: [keycloak-user] Error on application log in I tried deploying it onto a local wildfly in domain without the SSL enabled and it worked. What I can't figure it out is why the SSL is causing conflict and how to solve this, I can't simply disable the SSL. Regards On Wed, Nov 19, 2014 at 11:28 AM, Stan Silvert < ssilvert(a)redhat.com > wrote: Have you tried it using the two servers but without SSL? You can set ssl-required to "none" on the adapter (application) side. Also on the Keycloak server side, try setting Access Type to "public". Do one of those at a time and see if either causes it to work. That might narrow it down a bit. On 11/19/2014 11:29 AM, Fabián Silva wrote: Hi, I'm running out of ideas in here. In simple terms I got a Wildfly running on domain on a server and a keycloak on another server. I set the adapters on my wildfly and deploy, to this wildfly, a web app that uses keycloak. When I try to access the web app it displays the keycloak login, it validates the users ok, but when you access with a correct user and password it shows the "403 - Forbidden". At first I thought it was some issue with the roles, but that didn't fix it. Regards On Fri, Nov 14, 2014 at 10:20 AM, Fabián Silva < afsg77(a)gmail.com > wrote: Hi, It is already set to use the absolute path. And the keycloak is working when I deploy the application to my local wildfly domain. The issue is when I try to deploy to another wildfly in domain mode on a separate server. The application is the same and the only difference I can tell from the two wildflys is that the local don't have the SSL/HTTPS enabled. I have the keycloak adapter set in both domains. I'm trying to trace those errors on the keycloak code to try to understand what is happening, but I haven't been so lucky with this. Regards Alejandro Fabián Silva Grifé On Fri, Nov 14, 2014 at 2:27 AM, Marek Posolda < mposolda(a)redhat.com > wrote: Hi, it failed on the adapter (application) side and error 404 means "Not found". So adapter can't find the keycloak server to turn code into token. Make sure to configure "auth-server-url" in keycloak.json for your application properly. If relative uri doesn't work for some reason, you can rather try to use absolute uri for auth-server-url like "https://localhost:8443/auth" . Marek On 14.11.2014 01:31, Fabián Silva wrote: I have a keycloak installed on wildfly standalone. I'm trying to deploy an application, that use this keycloak, on a separate server with wilflly running on domain mode. I tried first to deploy on a domain out of the box on my local machine, setting the keycloak-wildfly-adapter-dist-1.0.4.Final. It deploys fine and does the authentication without any issues. When I try to migrate it to the server running my wilfly (also in domain mode and the keycloak adapter set), it deploys fine and shows the keycloak login once you enter the application. But the problem is that when you login it displays a "403 - Forbidden" and on the log I'm seeing ERROR [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-6) failed to turn code into token ERROR [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-6) status from server: 404 The only difference between those two wildfly domain mode is that in the local I don't have the the SSL/HTTPS enabled. Have anyone seen this error? or have an idea of what this could be? Regards _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user