Re: [keycloak-user] Noob question -- 'forbidden' on demo after redirect

Hi, I am trying to set up the demo as per the youtube videos (#1 and #2). I am using keycloak 1.0.5. I have set up per the video (i think), however things aren't working as expected. I browse to http://localhost:8080/customer-portal/ and all is fine. I click Customer Listing and I am redirected to login page as expected. I enter my name/pw , this is successful and then I am redirected back to http://localhost:8080/customer-portal/customers/view.jsp but the page is 'Forbidden' (redirect uri appears ok here?) I am using the 'full' version with bundled wildfly server. *customer app:* keycloak file { "realm": "cryo198", "realm-public-key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCFnsEHg1o9UMBpMoHqLxYesXgDsTHnv1vF0AgrznxAcLfmYUdjvBNdIXZNfB7I7tG9OMHvX21h9arHdcdg2qqk9adLjHuImg/LhYHVOrosJ/sybohrR/Im+k1fTsw/5p/nwZKOF1DLL4/4SZAY2h19FGCi0ZgIvE80psq98UvCNQIDAQAB", "auth-server-url": "http://localhost:8080/auth", "ssl-required": "external", "resource": "customer-portal", "credentials": { "secret": "a0872aa0-113d-435c-a9d6-56cd9b270e22" } } *web.xml* <login-config> <auth-method>KEYCLOAK</auth-method> <realm-name>cryo198</realm-name> </login-config> *redirect URI:* /customer-portal/* *database app:* { "realm": "cryo198", "realm-public-key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCFnsEHg1o9UMBpMoHqLxYesXgDsTHnv1vF0AgrznxAcLfmYUdjvBNdIXZNfB7I7tG9OMHvX21h9arHdcdg2qqk9adLjHuImg/LhYHVOrosJ/sybohrR/Im+k1fTsw/5p/nwZKOF1DLL4/4SZAY2h19FGCi0ZgIvE80psq98UvCNQIDAQAB", "auth-server-url": "http://localhost:8080/auth", "ssl-required": "NONE", "resource": "database", "bearer-only": "true" } *web.xml* <login-config> <auth-method>KEYCLOAK</auth-method> <realm-name>cryo198</realm-name> </login-config> *redirect URI:* n./a ..set as bearer only *deployed apps:* $ /c/tools/keycloak-appliance-dist-all-1.0.5.Final/keycloak-appliance-dist-all-1.0.5.Final/keycloak/bin/jboss-cli.sh -c --command="deploy -l" NAME RUNTIME-NAME ENABLED STATUS admin-access.war admin-access.war true OK angular-product.war angular-product.war true OK auth-server.war auth-server.war true OK customer-portal-js.war customer-portal-js.war true OK customer-portal.war customer-portal.war true OK database.war database.war true OK product-portal.war product-portal.war true OK *Log:* 2015-02-13 21:22:29,665 DEBUG [org.keycloak.adapters.PreAuthActionsHandler] (default task-41) adminRequest http://localhost:8080/customer-portal/custo mers/view.jsp 2015-02-13 21:22:29,667 TRACE [org.keycloak.adapters.RequestAuthenticator] (default task-41) --> authenticate() 2015-02-13 21:22:29,668 TRACE [org.keycloak.adapters.RequestAuthenticator] (default task-41) try bearer 2015-02-13 21:22:29,669 TRACE [org.keycloak.adapters.RequestAuthenticator] (default task-41) try oauth 2015-02-13 21:22:29,669 DEBUG [org.keycloak.adapters.RequestAuthenticator] (default task-41) session was null, returning null 2015-02-13 21:22:29,670 DEBUG [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-41) there was no code 2015-02-13 21:22:29,670 DEBUG [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-41) redirecting to auth server 2015-02-13 21:22:29,671 DEBUG [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-41) callback uri: http://localhost:8080/customer-portal/ customers/view.jsp 2015-02-13 21:22:29,672 DEBUG [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-41) Sending redirect to login page: http://localhost:808 0/auth/realms/cryo198/tokens/login?client_id=customer-portal&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Fcustomer-portal%2Fcustomers%2Fview.jsp&state =2%2F8185a8ea-5a38-4a91-b990-1b32ccabb2e8&login=true 2015-02-13 21:22:29,701 DEBUG [org.keycloak.services.resources.TokenService] (default task-42) replacing relative valid redirect with: http://localhos t:8080/customer-portal/* 2015-02-13 21:22:29,702 DEBUG [org.keycloak.services.managers.AuthenticationManager] (default task-42) Could not find cookie: KEYCLOAK_IDENTITY 2015-02-13 21:22:46,300 DEBUG [org.keycloak.services.resources.TokenService] (default task-43) replacing relative valid redirect with: http://localhos t:8080/customer-portal/* 2015-02-13 21:22:46,301 DEBUG [org.keycloak.services.managers.AuthenticationManager] (default task-43) validating password for user: walt 2015-02-13 21:22:46,306 DEBUG [org.keycloak.services.managers.AuthenticationManager] (default task-43) Expiring remember me cookie 2015-02-13 21:22:46,307 DEBUG [org.keycloak.services.managers.AuthenticationManager] (default task-43) Expiring cookie: KEYCLOAK_REMEMBER_ME path: /au th/realms/cryo198 2015-02-13 21:22:46,308 DEBUG [org.keycloak.services.resources.flows.OAuthFlows] (default task-43) processAccessCode: isResource: true 2015-02-13 21:22:46,308 DEBUG [org.keycloak.services.resources.flows.OAuthFlows] (default task-43) processAccessCode: go to oauth page?: false 2015-02-13 21:22:46,329 DEBUG [org.keycloak.services.resources.flows.OAuthFlows] (default task-43) redirectAccessCode: state: 2/8185a8ea-5a38-4a91-b99 0-1b32ccabb2e8 2015-02-13 21:22:46,340 DEBUG [org.keycloak.services.managers.AuthenticationManager] (default task-43) Create login cookie - name: KEYCLOAK_IDENTITY, path: /auth/realms/cryo198, max-age: -1 2015-02-13 21:22:46,387 DEBUG [org.keycloak.adapters.PreAuthActionsHandler] (default task-44) adminRequest http://localhost:8080/customer-portal/custo mers/view.jsp?code=zf9VUvG6-QkAWtF8xDFcJfnBnrY.OTY1YjllMzMtZDdlNS00YWQwLWEwMzgtZjIzMTJhODZjMTIx&state=2%2F8185a8ea-5a38-4a91-b990-1b32ccabb2e8 2015-02-13 21:22:46,388 TRACE [org.keycloak.adapters.RequestAuthenticator] (default task-44) --> authenticate() 2015-02-13 21:22:46,389 TRACE [org.keycloak.adapters.RequestAuthenticator] (default task-44) try bearer 2015-02-13 21:22:46,389 TRACE [org.keycloak.adapters.RequestAuthenticator] (default task-44) try oauth 2015-02-13 21:22:46,389 DEBUG [org.keycloak.adapters.RequestAuthenticator] (default task-44) session was null, returning null 2015-02-13 21:22:46,390 DEBUG [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-44) there was a code, resolving 2015-02-13 21:22:46,390 DEBUG [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-44) checking state cookie for after code 2015-02-13 21:22:46,390 DEBUG [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-44) ** reseting application state cookie 2015-02-13 21:22:46,477 DEBUG [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-44) Token Verification succeeded! 2015-02-13 21:22:46,478 DEBUG [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-44) successful authenticated 2015-02-13 21:22:46,478 TRACE [org.keycloak.adapters.RefreshableKeycloakSecurityContext] (default task-44) checking whether to refresh. 2015-02-13 21:22:46,478 TRACE [org.keycloak.adapters.undertow.KeycloakUndertowAccount] (default task-44) use realm role mappings 2015-02-13 21:22:46,479 DEBUG [org.keycloak.adapters.wildfly.WildflyRequestAuthenticator] (default task-44) propagate security context to wildfly 2015-02-13 21:22:46,481 TRACE [org.keycloak.adapters.RefreshableKeycloakSecurityContext] (default task-44) checking whether to refresh. 2015-02-13 21:22:46,484 DEBUG [org.keycloak.adapters.RequestAuthenticator] (default task-44) AUTHENTICATED 2015-02-13 21:22:46,502 DEBUG [org.keycloak.adapters.PreAuthActionsHandler] (default task-46) adminRequest http://localhost:8080/customer-portal/custo mers/view.jsp 2015-02-13 21:22:46,505 TRACE [org.keycloak.adapters.RequestAuthenticator] (default task-46) --> authenticate() 2015-02-13 21:22:46,506 TRACE [org.keycloak.adapters.RequestAuthenticator] (default task-46) try bearer 2015-02-13 21:22:46,506 TRACE [org.keycloak.adapters.RequestAuthenticator] (default task-46) try oauth 2015-02-13 21:22:46,507 DEBUG [org.keycloak.adapters.undertow.KeycloakUndertowAccount] (default task-46) session is active 2015-02-13 21:22:46,508 DEBUG [org.keycloak.adapters.RequestAuthenticator] (default task-46) Cached account found 2015-02-13 21:22:46,508 DEBUG [org.keycloak.adapters.wildfly.WildflyRequestAuthenticator] (default task-46) propagate security context to wildfly 2015-02-13 21:22:46,509 DEBUG [org.keycloak.adapters.RequestAuthenticator] (default task-46) AUTHENTICATED: was cached 2015-02-13 21:22:46,510 DEBUG [org.keycloak.adapters.AuthenticatedActionsHandler] (default task-46) AuthenticatedActionsValve.invoke http://localhost: 8080/customer-portal/customers/view.jsp Many thanks W _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user