Re: [keycloak-user] Keycloak gatekeeper issue

From the logs looks like it's already expired when you send it to the Gatekeeper.

Hello everyone! Any feedback on the matter? Does anyone use Gatekeeper at the moment? Regards, Ronald -----Original Message----- From: Ronald Demneri <ronald.demneri(a)amdtia.com&gt; Sent: 15.Feb.2019 1:59 PM To: Ronald Demneri <ronald.demneri(a)amdtia.com>; keycloak-user(a)lists.jboss.org Subject: RE: Keycloak gatekeeper issue I forgot to mention that I am using Keycloak version 4.5 in my test environment, so if it is a compatibility issue, please let me know so that I upgrade Keycloak. Thanks in advance, Ronald -----Original Message----- From: keycloak-user-bounces(a)lists.jboss.org <keycloak-user-bounces(a)lists.jboss.org&gt; On Behalf Of Ronald Demneri Sent: 15.Feb.2019 1:41 PM To: keycloak-user(a)lists.jboss.org Subject: [keycloak-user] Keycloak gatekeeper issue Hi all, I am trying to create an idea on Gatekeeper and have a very simple setup consisting of an upstream server with Apache and PHP. I run the keycloak-gatekeeper as follows: ./keycloak-gatekeeper --config keycloak-gatekeeper.json --verbose=true --resources="uri=/*|white-listed=true" The config file is as follows: discovery-url: https://keycloak/auth/realms/master client-id: gatekeeper client-secret: 94779832-40d7-4342-90d6-12ab52eab831 listen: 10.253.6.41:80 enable-refresh-tokens: true enable-logging: true enable-json-logging: true enable-login-handler: true enable-token-header: true enable-metrics: true enable-default-deny: false redirection-url: http://gatekeeper:80 //redirection-url: http://10.253.6.41:3000 encryption-key: AgXa7xRcoClDEU0ZDSH4X0XhL5Qy2Z2j secure-cookie: false upstream-url: http://127.0.0.1:80 resources: - uri: /user/test.php - uri: /admin/*.php roles: - admin In the logs I receive the following upon a successful login: {"level":"error","ts":1550234109.9775908,"caller":"keycloak-gatekeeper /middleware.go:108","msg":"no session found in request, redirecting for authorization","error":"authentication session not found"} {"level":"info","ts":1550234109.9777544,"caller":"keycloak-gatekeeper/ middleware.go:90","msg":"client request","latency":0.0002176,"status":307,"bytes":95,"client_ip":"10.2 53.6.24:60575","method":"GET","path":"/user/test.php"} {"level":"debug","ts":1550234110.0099785,"caller":"keycloak-gatekeeper /handlers.go:88","msg":"incoming authorization request from client address","access_type":"","auth_url":"https://keycloak/auth/realms/mas ter/protocol/openid-connect/auth?client_id=gatekeeper&redirect_uri=htt p%3A%2F%2Fgatekeeper%3A80%2Foauth%2Fcallback&response_type=code&scope= openid+email+profile&state=0b8a5bf8-e75c-452e-a650-d644c70e7fea","clie nt_ip":"10.253.6.24:60575"} {"level":"info","ts":1550234110.010026,"caller":"keycloak-gatekeeper/m iddleware.go:90","msg":"client request","latency":0.0000993,"status":307,"bytes":331,"client_ip":"10. 253.6.24:60575","method":"GET","path":"/oauth/authorize"} {"level":"error","ts":1550234127.0692794,"caller":"keycloak-gatekeeper /handlers.go:152","msg":"unable to verify the id token","error":"the access token has expired"} {"level":"info","ts":1550234127.069323,"caller":"keycloak-gatekeeper/m iddleware.go:90","msg":"client request","latency":0.1995038,"status":403,"bytes":0,"client_ip":"10.25 3.6.24:60575","method":"GET","path":"/oauth/callback"} And of course, I am not redirected back to the requested URL. I have configured the gatekeeper as a confidential client in Keycloak, and have added the redirect_uri http://gatekeeper:80/oauth/callback Any hints? Thanks in advance, Ronald _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user