Re: [keycloak-user] Error on application log in

The options you're after are truststore, truststore-password and disable-trust-manager, not client-keystore. ----- Original Message ----- > From: "Fabián Silva" <afsg77(a)gmail.com&gt; > To: "Stian Thorgersen" <stian(a)redhat.com&gt; > Cc: "Stan Silvert" <ssilvert(a)redhat.com&gt;, keycloak-user(a)lists.jboss.org > Sent: Saturday, 22 November, 2014 12:58:16 AM > Subject: Re: [keycloak-user] Error on application log in > > http://docs.jboss.org/keycloak/docs/1.1.0.Beta1/userguide/html/ch07.html#... > "client-keystore > Not supported yet, but we will support in future versions." > So if my adapter has SSL enabled is not supported yet? Or how do I > configure it to work if my adapter has the SSL enabled? > I tried with an adapter without SSL enabled and the keycloak with the SSL > enabled and it worked. But when I tried it with both, the adapter and the > keycloak with SSL enabled, it doesn't work. I got the following logs on the > adapter: > ERROR [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-6) > failed to turn code into token > ERROR [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-6) > status from server: 404 > > Regards > > On Thu, Nov 20, 2014 at 2:25 AM, Stian Thorgersen <stian(a)redhat.com&gt; wrote: > > > Are there no errors or warning in the server log? Try enabling debug for > > org.keycloak and see if there's anything interesting. > > > > First thing try the exact same setup (two servers), but without ssl. > > > > If that works disable enable ssl, but disable the trust manager in the > > adapter (disable-trust-manager option on adapter, see > > http://docs.jboss.org/keycloak/docs/1.1.0.Beta1/userguide/html/ch07.html#... > > ). > > > > If it still works create a truststore and import your certificate. Then > > set truststore and truststore-password on the adapter. > > > > ----- Original Message ----- > > > From: "Fabián Silva" <afsg77(a)gmail.com&gt; > > > To: "Stan Silvert" <ssilvert(a)redhat.com&gt; > > > Cc: keycloak-user(a)lists.jboss.org > > > Sent: Wednesday, 19 November, 2014 6:35:15 PM > > > Subject: Re: [keycloak-user] Error on application log in > > > > > > I tried deploying it onto a local wildfly in domain without the SSL > > enabled > > > and it worked. What I can't figure it out is why the SSL is causing > > conflict > > > and how to solve this, I can't simply disable the SSL. > > > > > > Regards > > > > > > On Wed, Nov 19, 2014 at 11:28 AM, Stan Silvert < ssilvert(a)redhat.com > > > wrote: > > > > > > > > > > > > Have you tried it using the two servers but without SSL? > > > > > > You can set ssl-required to "none" on the adapter (application) side. > > Also on > > > the Keycloak server side, try setting Access Type to "public". Do one of > > > those at a time and see if either causes it to work. That might narrow it > > > down a bit. > > > > > > > > > On 11/19/2014 11:29 AM, Fabián Silva wrote: > > > > > > > > > > > > Hi, > > > I'm running out of ideas in here. In simple terms I got a Wildfly > > running on > > > domain on a server and a keycloak on another server. I set the adapters > > on > > > my wildfly and deploy, to this wildfly, a web app that uses keycloak. > > When I > > > try to access the web app it displays the keycloak login, it validates > > the > > > users ok, but when you access with a correct user and password it shows > > the > > > "403 - Forbidden". At first I thought it was some issue with the roles, > > but > > > that didn't fix it. > > > > > > Regards > > > > > > On Fri, Nov 14, 2014 at 10:20 AM, Fabián Silva < afsg77(a)gmail.com > > > wrote: > > > > > > > > > > > > Hi, > > > It is already set to use the absolute path. And the keycloak is working > > when > > > I deploy the application to my local wildfly domain. The issue is when I > > try > > > to deploy to another wildfly in domain mode on a separate server. The > > > application is the same and the only difference I can tell from the two > > > wildflys is that the local don't have the SSL/HTTPS enabled. I have the > > > keycloak adapter set in both domains. > > > > > > I'm trying to trace those errors on the keycloak code to try to > > understand > > > what is happening, but I haven't been so lucky with this. > > > > > > Regards > > > Alejandro Fabián Silva Grifé > > > > > > On Fri, Nov 14, 2014 at 2:27 AM, Marek Posolda < mposolda(a)redhat.com > > > wrote: > > > > > > > > > > > > Hi, > > > > > > it failed on the adapter (application) side and error 404 means "Not > > found". > > > So adapter can't find the keycloak server to turn code into token. Make > > sure > > > to configure "auth-server-url" in keycloak.json for your application > > > properly. If relative uri doesn't work for some reason, you can rather > > try > > > to use absolute uri for auth-server-url like " > > https://localhost:8443/auth" . > > > > > > Marek > > > > > > > > > On 14.11.2014 01:31, Fabián Silva wrote: > > > > > > > > > > > > I have a keycloak installed on wildfly standalone. I'm trying to deploy > > an > > > application, that use this keycloak, on a separate server with wilflly > > > running on domain mode. I tried first to deploy on a domain out of the > > box > > > on my local machine, setting the > > keycloak-wildfly-adapter-dist-1.0.4.Final. > > > It deploys fine and does the authentication without any issues. When I > > try > > > to migrate it to the server running my wilfly (also in domain mode and > > the > > > keycloak adapter set), it deploys fine and shows the keycloak login once > > you > > > enter the application. But the problem is that when you login it > > displays a > > > "403 - Forbidden" and on the log I'm seeing > > > ERROR [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-6) > > > failed to turn code into token > > > ERROR [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-6) > > > status from server: 404 > > > The only difference between those two wildfly domain mode is that in the > > > local I don't have the the SSL/HTTPS enabled. > > > > > > Have anyone seen this error? or have an idea of what this could be? > > > > > > Regards > > > > > > > > > _______________________________________________ > > > keycloak-user mailing list keycloak-user(a)lists.jboss.org > > > https://lists.jboss.org/mailman/listinfo/keycloak-user > > > > > > > > > > > > > > > > > > _______________________________________________ > > > keycloak-user mailing list keycloak-user(a)lists.jboss.org > > > https://lists.jboss.org/mailman/listinfo/keycloak-user > > > > > > > > > _______________________________________________ > > > keycloak-user mailing list > > > keycloak-user(a)lists.jboss.org > > > https://lists.jboss.org/mailman/listinfo/keycloak-user > > > > > > > > > _______________________________________________ > > > keycloak-user mailing list > > > keycloak-user(a)lists.jboss.org > > > https://lists.jboss.org/mailman/listinfo/keycloak-user > > >