So the docs are ok then?
On 8/10/16 6:17 AM, Paulo Pires wrote:
Ah, nice tip. My tests were made with a corporate account which has no permissions to enable such API, but I too slipped that part in docs.
Thanks
On Wed, Aug 10, 2016 at 11:03 AM, Sigbjørn Dybdahl <sigbjorn@fifty-five.com> wrote:
Thanks for you quick reply, Marek!______________________________
When re-reading the documentation now I see the part on enabling the Google+ API in the Google Developer console, which I apparently didn't pay attention to. It all works smoothly now, and I can remove the user-defined OpenId Connect provider.
Regards,Sigbjørn
On 10 August 2016 at 11:49, Marek Posolda <mposolda@redhat.com> wrote:
Did you enable Google+ API in Google admin console? Configuration of this is on Google side, not scopes on Keycloak side on identityProvider page.
Marek
On 10/08/16 10:47, Sigbjørn Dybdahl wrote:
Hello,
I'm trying to configure an instance of Keycloak using version 2.1.0.CR1 and I've run into a problem when using the Google Identity Provider with the default configuration. That is, during the callback I observe a org.keycloak.broker.provider.IdentityBrokerException: Could not fetch attributes (see complete stacktrace below for details) from userinfo endpoint which seems to be linked to the 403 Forbidden return code when calling https://www.googleapis .com/plus/v1/people/me/openIdC .onnect
This seems to be similar to https://issues.jboss.org/browse/KEYCLOAK-2942 , but even when adding the additional Google+ scopes (making scope=openid profile email https://www.googleapis.com/auth/plus.me https://www.googleapis.com/auth/plus.login ) the call fails. As for JIRA-2942, I've tried setting up a user-defined OpenId Connect provider with the default scope, which works just fine.
Have I forgotten any important parameter while configuring the standard Google support? Or is this a regression for this release?
Regards,Sigbjørn Dybdahl
---
Here's the complete stacktrace for the exception:
20:07:12,247 ERROR [org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider] (default task-20) Failed to make identity provider oauth callback: org.keycloak.broker.provider.I dentityBrokerException: Could not fetch attributes from userinfo endpoint. at org.keycloak.broker.oidc.OIDCIdentityProvider.getFederatedId entity(OIDCIdentityProvider.ja va:304) at org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider$Endp oint.authResponse(AbstractOAut h2IdentityProvider.java:230) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAcce ssorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMe thodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInje ctorImpl.java:139) at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget (ResourceMethodInvoker.java:29 5) at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(Resourc eMethodInvoker.java:249) at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTarge tObject(ResourceLocatorInvoker .java:138) at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(Resour ceLocatorInvoker.java:107) at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTarge tObject(ResourceLocatorInvoker .java:133) at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(Resour ceLocatorInvoker.java:101) at org.jboss.resteasy.core.SynchronousDispatcher.invoke(Synchro nousDispatcher.java:395) at org.jboss.resteasy.core.SynchronousDispatcher.invoke(Synchro nousDispatcher.java:202) at org.jboss.resteasy.plugins.server.servlet.ServletContainerDi spatcher.service(ServletContai nerDispatcher.java:221) at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatc her.service(HttpServletDispatc her.java:56) at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatc her.service(HttpServletDispatc her.java:51) at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) at io.undertow.servlet.handlers.ServletHandler.handleRequest(Se rvletHandler.java:85) at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.d oFilter(FilterHandler.java:129 ) at org.keycloak.services.filters.KeycloakSessionServletFilter.d oFilter(KeycloakSessionServlet Filter.java:90) at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilte r.java:60) at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.d oFilter(FilterHandler.java:131 ) at io.undertow.servlet.handlers.FilterHandler.handleRequest(Fil terHandler.java:84) at io.undertow.servlet.handlers.security.ServletSecurityRoleHan dler.handleRequest(ServletSecu rityRoleHandler.java:62) at io.undertow.servlet.handlers.ServletDispatchingHandler.handl eRequest(ServletDispatchingHan dler.java:36) at org.wildfly.extension.undertow.security.SecurityContextAssoc iationHandler.handleRequest(Se curityContextAssociationHandle r.java:78) at io.undertow.server.handlers.PredicateHandler.handleRequest(P redicateHandler.java:43) at io.undertow.servlet.handlers.security.SSLInformationAssociat ionHandler.handleRequest(SSLIn formationAssociationHandler.ja va:131) at io.undertow.servlet.handlers.security.ServletAuthenticationC allHandler.handleRequest(Servl etAuthenticationCallHandler.ja va:57) at io.undertow.server.handlers.PredicateHandler.handleRequest(P redicateHandler.java:43) at io.undertow.security.handlers.AbstractConfidentialityHandler .handleRequest(AbstractConfide ntialityHandler.java:46) at io.undertow.servlet.handlers.security.ServletConfidentiality ConstraintHandler.handleReques t(ServletConfidentialityConstr aintHandler.java:64) at io.undertow.security.handlers.AuthenticationMechanismsHandle r.handleRequest(Authentication MechanismsHandler.java:60) at io.undertow.servlet.handlers.security.CachedAuthenticatedSes sionHandler.handleRequest(Cach edAuthenticatedSessionHandler. java:77) at io.undertow.security.handlers.NotificationReceiverHandler.ha ndleRequest(NotificationReceiv erHandler.java:50) at io.undertow.security.handlers.AbstractSecurityContextAssocia tionHandler.handleRequest(Abst ractSecurityContextAssociation Handler.java:43) at io.undertow.server.handlers.PredicateHandler.handleRequest(P redicateHandler.java:43) at org.wildfly.extension.undertow.security.jacc.JACCContextIdHa ndler.handleRequest(JACCContex tIdHandler.java:61) at io.undertow.server.handlers.PredicateHandler.handleRequest(P redicateHandler.java:43) at io.undertow.server.handlers.PredicateHandler.handleRequest(P redicateHandler.java:43) at io.undertow.servlet.handlers.ServletInitialHandler.handleFir stRequest(ServletInitialHandle r.java:284) at io.undertow.servlet.handlers.ServletInitialHandler.dispatchR equest(ServletInitialHandler.j ava:263) at io.undertow.servlet.handlers.ServletInitialHandler.access$00 0(ServletInitialHandler.java:8 1) at io.undertow.servlet.handlers.ServletInitialHandler$1.handleR equest(ServletInitialHandler.j ava:174) at io.undertow.server.Connectors.executeRootHandler(Connectors. java:202) at io.undertow.server.HttpServerExchange$1.run(HttpServerExchan ge.java:793) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPool Executor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoo lExecutor.java:617) at java.lang.Thread.run(Thread.java:745) Caused by: java.io.IOException: Server returned HTTP response code: 403 for URL: https://www.googleapis.com/plus/v1/people/me/openIdConnect at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Nativ e Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(Native ConstructorAccessorImpl.java:6 2) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(De legatingConstructorAccessorImp l.java:45) at java.lang.reflect.Constructor.newInstance(Constructor.java:4 23) at sun.net.www.protocol.http.HttpURLConnection$10.run(HttpURLCo nnection.java:1890) at sun.net.www.protocol.http.HttpURLConnection$10.run(HttpURLCo nnection.java:1885) at java.security.AccessController.doPrivileged(Native Method) at sun.net.www.protocol.http.HttpURLConnection.getChainedExcept ion(HttpURLConnection.java:188 4) at sun.net.www.protocol.http.HttpURLConnection.getInputStream0( HttpURLConnection.java:1457) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(H ttpURLConnection.java:1441) at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputSt ream(HttpsURLConnectionImpl.ja va:254) at org.keycloak.broker.provider.util.SimpleHttp.asString(Simple Http.java:148) at org.keycloak.broker.oidc.util.JsonSimpleHttp.asJson(JsonSimp leHttp.java:46) at org.keycloak.broker.oidc.OIDCIdentityProvider.getFederatedId entity(OIDCIdentityProvider.ja va:267) ... 50 moreCaused by: java.io.IOException: Server returned HTTP response code: 403 for URL: https://www.googleapis.com/plus/v1/people/me/openIdConnect at sun.net.www.protocol.http.HttpURLConnection.getInputStream0( HttpURLConnection.java:1840) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(H ttpURLConnection.java:1441) at sun.net.www.protocol.http.HttpURLConnection.getHeaderField(H ttpURLConnection.java:2943) at sun.net.www.protocol.https.HttpsURLConnectionImpl.getHeaderF ield(HttpsURLConnectionImpl.ja va:291) at org.keycloak.broker.provider.util.SimpleHttp.asString(Simple Http.java:147) ... 52 more
_______________________________________________ keycloak-user mailing list keycloak-user@lists.jboss.org https://lists.jboss.org/mailma n/listinfo/keycloak-user _________________ keycloak-user mailing list keycloak-user@lists.jboss.org https://lists.jboss.org/mailma n/listinfo/keycloak-user --_______________________________________________ keycloak-user mailing list keycloak-user@lists.jboss.org https://lists.jboss.org/ mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user