11:10 a.m.
Hi,
i have a little Spring Boot Application and it runs pretty nice
together with the keycloak setup on my dev machine. Now when deploying
the same application to another server i get something strange:
When trying to access a protected resource, my browser gets a 302 to
/sso/login which is ok but this URL should also produce a 302 to the
final Keycloak Login Page. Instead i get a 403 on the sso/login
request. The crazy thing is, on my local dev machine the /sso/login
doesnt get a 403 but a 302 with the resulting valid and perfect URL
(http://localhost:16177/auth/realms/XXXX/protocol/openid-connect/auth?resp...)
What i want to say is.... i dont have a clue why i get a 403 on a
resource /sso/login, which as i assume, is provided by spring keycloak
adapter. And even crazier... its the same application.
thanks for any hints.
marc
3:49 a.m.
it appears that your remote app is still connecting to keycloak on
localhost. looking at the redirect url you can see that it is then
attempting to redirect back to your app on localhost.
Simon.
On Mon, Mar 26, 2018 at 5:10 PM, Marc Logemann <marc.logemann(a)gmail.com>
wrote:
Hi,
i have a little Spring Boot Application and it runs pretty nice
together with the keycloak setup on my dev machine. Now when deploying
the same application to another server i get something strange:
When trying to access a protected resource, my browser gets a 302 to
/sso/login which is ok but this URL should also produce a 302 to the
final Keycloak Login Page. Instead i get a 403 on the sso/login
request. The crazy thing is, on my local dev machine the /sso/login
doesnt get a 403 but a 302 with the resulting valid and perfect URL
(http://localhost:16177/auth/realms/XXXX/protocol/openid-
connect/auth?response_type=code&client_id=swaggerUI&
redirect_uri=http%3A%2F%2Flocalhost%3A8091%2Fsso%
2Flogin&state=d919e1d0-3804-4e47-9cfe-d8647eb6fd5f&login=true&scope=openid
)
What i want to say is.... i dont have a clue why i get a 403 on a
resource /sso/login, which as i assume, is provided by spring keycloak
adapter. And even crazier... its the same application.
thanks for any hints.
marc
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
7:53 a.m.
Hi,
it was slightly more annoying. In my spring-boot application i defined
sslRequired = EXTERNAL. Unfortunately, my tests on the other machine
were not "local" anymore, thus the keycloak adapter went into SSL mode
and tried to construct the redirect URL. But then i didnt specify an
SSL port so it was a -1 per default. All this resulted in a standard
403. Logging could be way better for such a scenario because i
debugged aprox. 2 hours to get the idea.
Anyway... now it works.
Marc
2018-03-27 10:49 GMT+02:00 Simon Payne <simonpayne58(a)gmail.com>:
it appears that your remote app is still connecting to keycloak on
localhost. looking at the redirect url you can see that it is then
attempting to redirect back to your app on localhost.
Simon.
On Mon, Mar 26, 2018 at 5:10 PM, Marc Logemann <marc.logemann(a)gmail.com>
wrote:
>
> Hi,
>
> i have a little Spring Boot Application and it runs pretty nice
> together with the keycloak setup on my dev machine. Now when deploying
> the same application to another server i get something strange:
>
> When trying to access a protected resource, my browser gets a 302 to
> /sso/login which is ok but this URL should also produce a 302 to the
> final Keycloak Login Page. Instead i get a 403 on the sso/login
> request. The crazy thing is, on my local dev machine the /sso/login
> doesnt get a 403 but a 302 with the resulting valid and perfect URL
>
>
(http://localhost:16177/auth/realms/XXXX/protocol/openid-connect/auth?resp...)
>
> What i want to say is.... i dont have a clue why i get a 403 on a
> resource /sso/login, which as i assume, is provided by spring keycloak
> adapter. And even crazier... its the same application.
>
> thanks for any hints.
>
> marc
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
2468
days inactive
2469
days old
2 comments
2 participants
participants (2)
-
Marc Logemann -
Simon Payne