Hi,

I am trying to set up the demo as per the youtube videos (#1 and #2). I am using keycloak 1.0.5. I have set up per the video (i think), however things aren't working as expected.

I browse to http://localhost:8080/customer-portal/ and all is fine. I click Customer Listing and I am redirected to login page as expected. I enter my name/pw , this is successful and then I am redirected back to http://localhost:8080/customer-portal/customers/view.jsp but the page is 'Forbidden' (redirect uri appears ok here?)

I am using the 'full' version with bundled wildfly server.



customer app:
keycloak file

{
"realm": "cryo198",
"realm-public-key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCFnsEHg1o9UMBpMoHqLxYesXgDsTHnv1vF0AgrznxAcLfmYUdjvBNdIXZNfB7I7tG9OMHvX21h9arHdcdg2qqk9adLjHuImg/LhYHVOrosJ/sybohrR/Im+k1fTsw/5p/nwZKOF1DLL4/4SZAY2h19FGCi0ZgIvE80psq98UvCNQIDAQAB",
"auth-server-url": "http://localhost:8080/auth",
"ssl-required": "external",
"resource": "customer-portal",
"credentials": {
"secret": "a0872aa0-113d-435c-a9d6-56cd9b270e22"
}
}

web.xml
    <login-config>
        <auth-method>KEYCLOAK</auth-method>
        <realm-name>cryo198</realm-name>
    </login-config>

redirect URI:
/customer-portal/*

database app:
{
    "realm": "cryo198",
    "realm-public-key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCFnsEHg1o9UMBpMoHqLxYesXgDsTHnv1vF0AgrznxAcLfmYUdjvBNdIXZNfB7I7tG9OMHvX21h9arHdcdg2qqk9adLjHuImg/LhYHVOrosJ/sybohrR/Im+k1fTsw/5p/nwZKOF1DLL4/4SZAY2h19FGCi0ZgIvE80psq98UvCNQIDAQAB",
    "auth-server-url": "http://localhost:8080/auth",
    "ssl-required": "NONE",
    "resource": "database",
    "bearer-only": "true"
}



web.xml
    <login-config>
        <auth-method>KEYCLOAK</auth-method>
        <realm-name>cryo198</realm-name>
    </login-config>

redirect URI:
n./a ..set as bearer only

deployed apps:
$ /c/tools/keycloak-appliance-dist-all-1.0.5.Final/keycloak-appliance-dist-all-1.0.5.Final/keycloak/bin/jboss-cli.sh -c --command="deploy -l"
NAME                   RUNTIME-NAME           ENABLED STATUS
admin-access.war       admin-access.war       true    OK
angular-product.war    angular-product.war    true    OK
auth-server.war        auth-server.war        true    OK
customer-portal-js.war customer-portal-js.war true    OK
customer-portal.war    customer-portal.war    true    OK
database.war           database.war           true    OK
product-portal.war     product-portal.war     true    OK






Log:
2015-02-13 21:22:29,665 DEBUG [org.keycloak.adapters.PreAuthActionsHandler] (default task-41) adminRequest http://localhost:8080/customer-portal/custo
mers/view.jsp
2015-02-13 21:22:29,667 TRACE [org.keycloak.adapters.RequestAuthenticator] (default task-41) --> authenticate()
2015-02-13 21:22:29,668 TRACE [org.keycloak.adapters.RequestAuthenticator] (default task-41) try bearer
2015-02-13 21:22:29,669 TRACE [org.keycloak.adapters.RequestAuthenticator] (default task-41) try oauth
2015-02-13 21:22:29,669 DEBUG [org.keycloak.adapters.RequestAuthenticator] (default task-41) session was null, returning null
2015-02-13 21:22:29,670 DEBUG [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-41) there was no code
2015-02-13 21:22:29,670 DEBUG [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-41) redirecting to auth server
2015-02-13 21:22:29,671 DEBUG [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-41) callback uri: http://localhost:8080/customer-portal/
customers/view.jsp
2015-02-13 21:22:29,672 DEBUG [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-41) Sending redirect to login page: http://localhost:808
0/auth/realms/cryo198/tokens/login?client_id=customer-portal&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Fcustomer-portal%2Fcustomers%2Fview.jsp&state
=2%2F8185a8ea-5a38-4a91-b990-1b32ccabb2e8&login=true
2015-02-13 21:22:29,701 DEBUG [org.keycloak.services.resources.TokenService] (default task-42) replacing relative valid redirect with: http://localhos
t:8080/customer-portal/*
2015-02-13 21:22:29,702 DEBUG [org.keycloak.services.managers.AuthenticationManager] (default task-42) Could not find cookie: KEYCLOAK_IDENTITY
2015-02-13 21:22:46,300 DEBUG [org.keycloak.services.resources.TokenService] (default task-43) replacing relative valid redirect with: http://localhos
t:8080/customer-portal/*
2015-02-13 21:22:46,301 DEBUG [org.keycloak.services.managers.AuthenticationManager] (default task-43) validating password for user: walt
2015-02-13 21:22:46,306 DEBUG [org.keycloak.services.managers.AuthenticationManager] (default task-43) Expiring remember me cookie
2015-02-13 21:22:46,307 DEBUG [org.keycloak.services.managers.AuthenticationManager] (default task-43) Expiring cookie: KEYCLOAK_REMEMBER_ME path: /au
th/realms/cryo198
2015-02-13 21:22:46,308 DEBUG [org.keycloak.services.resources.flows.OAuthFlows] (default task-43) processAccessCode: isResource: true
2015-02-13 21:22:46,308 DEBUG [org.keycloak.services.resources.flows.OAuthFlows] (default task-43) processAccessCode: go to oauth page?: false
2015-02-13 21:22:46,329 DEBUG [org.keycloak.services.resources.flows.OAuthFlows] (default task-43) redirectAccessCode: state: 2/8185a8ea-5a38-4a91-b99
0-1b32ccabb2e8
2015-02-13 21:22:46,340 DEBUG [org.keycloak.services.managers.AuthenticationManager] (default task-43) Create login cookie - name: KEYCLOAK_IDENTITY,
path: /auth/realms/cryo198, max-age: -1
2015-02-13 21:22:46,387 DEBUG [org.keycloak.adapters.PreAuthActionsHandler] (default task-44) adminRequest http://localhost:8080/customer-portal/custo
mers/view.jsp?code=zf9VUvG6-QkAWtF8xDFcJfnBnrY.OTY1YjllMzMtZDdlNS00YWQwLWEwMzgtZjIzMTJhODZjMTIx&state=2%2F8185a8ea-5a38-4a91-b990-1b32ccabb2e8
2015-02-13 21:22:46,388 TRACE [org.keycloak.adapters.RequestAuthenticator] (default task-44) --> authenticate()
2015-02-13 21:22:46,389 TRACE [org.keycloak.adapters.RequestAuthenticator] (default task-44) try bearer
2015-02-13 21:22:46,389 TRACE [org.keycloak.adapters.RequestAuthenticator] (default task-44) try oauth
2015-02-13 21:22:46,389 DEBUG [org.keycloak.adapters.RequestAuthenticator] (default task-44) session was null, returning null
2015-02-13 21:22:46,390 DEBUG [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-44) there was a code, resolving
2015-02-13 21:22:46,390 DEBUG [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-44) checking state cookie for after code
2015-02-13 21:22:46,390 DEBUG [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-44) ** reseting application state cookie
2015-02-13 21:22:46,477 DEBUG [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-44) Token Verification succeeded!
2015-02-13 21:22:46,478 DEBUG [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-44) successful authenticated
2015-02-13 21:22:46,478 TRACE [org.keycloak.adapters.RefreshableKeycloakSecurityContext] (default task-44) checking whether to refresh.
2015-02-13 21:22:46,478 TRACE [org.keycloak.adapters.undertow.KeycloakUndertowAccount] (default task-44) use realm role mappings
2015-02-13 21:22:46,479 DEBUG [org.keycloak.adapters.wildfly.WildflyRequestAuthenticator] (default task-44) propagate security context to wildfly
2015-02-13 21:22:46,481 TRACE [org.keycloak.adapters.RefreshableKeycloakSecurityContext] (default task-44) checking whether to refresh.
2015-02-13 21:22:46,484 DEBUG [org.keycloak.adapters.RequestAuthenticator] (default task-44) AUTHENTICATED
2015-02-13 21:22:46,502 DEBUG [org.keycloak.adapters.PreAuthActionsHandler] (default task-46) adminRequest http://localhost:8080/customer-portal/custo
mers/view.jsp
2015-02-13 21:22:46,505 TRACE [org.keycloak.adapters.RequestAuthenticator] (default task-46) --> authenticate()
2015-02-13 21:22:46,506 TRACE [org.keycloak.adapters.RequestAuthenticator] (default task-46) try bearer
2015-02-13 21:22:46,506 TRACE [org.keycloak.adapters.RequestAuthenticator] (default task-46) try oauth
2015-02-13 21:22:46,507 DEBUG [org.keycloak.adapters.undertow.KeycloakUndertowAccount] (default task-46) session is active
2015-02-13 21:22:46,508 DEBUG [org.keycloak.adapters.RequestAuthenticator] (default task-46) Cached account found
2015-02-13 21:22:46,508 DEBUG [org.keycloak.adapters.wildfly.WildflyRequestAuthenticator] (default task-46) propagate security context to wildfly
2015-02-13 21:22:46,509 DEBUG [org.keycloak.adapters.RequestAuthenticator] (default task-46) AUTHENTICATED: was cached
2015-02-13 21:22:46,510 DEBUG [org.keycloak.adapters.AuthenticatedActionsHandler] (default task-46) AuthenticatedActionsValve.invoke http://localhost:
8080/customer-portal/customers/view.jsp


Many thanks
W