3:06 a.m.
Hello Bruno,
From my first email:
I have configured the gatekeeper as a confidential client in Keycloak,
and have added the redirect_uri http://gatekeeper:80/oauth/callback
Which of course I got from the documentation here
https://www.keycloak.org/docs/latest/securing_apps/index.html#example-usa...
Thanks in advance,
Ronald
-----Original Message-----
From: Bruno Oliveira <bruno(a)abstractj.org>
Sent: 08.Mar.2019 12:52 AM
To: Ronald Demneri <ronald.demneri(a)amdtia.com>
Cc: keycloak-user(a)lists.jboss.org
Subject: Re: [keycloak-user] Keycloak gatekeeper issue
Hi Ronald, one of the possible reasons for getting this message is the way how you
configured the redirect URL on Keycloak server.
Maybe that's the case?
On 2019-02-15, Ronald Demneri wrote:
Hi all,
I am trying to create an idea on Gatekeeper and have a very simple setup consisting of an
upstream server with Apache and PHP. I run the keycloak-gatekeeper as follows:
./keycloak-gatekeeper --config keycloak-gatekeeper.json --verbose=true
--resources="uri=/*|white-listed=true"
The config file is as follows:
discovery-url: https://keycloak/auth/realms/master
client-id: gatekeeper
client-secret: 94779832-40d7-4342-90d6-12ab52eab831
listen: 10.253.6.41:80
enable-refresh-tokens: true
enable-logging: true
enable-json-logging: true
enable-login-handler: true
enable-token-header: true
enable-metrics: true
enable-default-deny: false
redirection-url: http://gatekeeper:80
//redirection-url: http://10.253.6.41:3000
encryption-key: AgXa7xRcoClDEU0ZDSH4X0XhL5Qy2Z2j
secure-cookie: false
upstream-url: http://127.0.0.1:80
resources:
- uri: /user/test.php
- uri: /admin/*.php
roles:
- admin
In the logs I receive the following upon a successful login:
{"level":"error","ts":1550234109.9775908,"caller":"keycloak-gatekeeper
/middleware.go:108","msg":"no session found in request, redirecting
for authorization","error":"authentication session not found"}
{"level":"info","ts":1550234109.9777544,"caller":"keycloak-gatekeeper/
middleware.go:90","msg":"client
request","latency":0.0002176,"status":307,"bytes":95,"client_ip":"10.2
53.6.24:60575","method":"GET","path":"/user/test.php"}
{"level":"debug","ts":1550234110.0099785,"caller":"keycloak-gatekeeper
/handlers.go:88","msg":"incoming authorization request from client
address","access_type":"","auth_url":"https://keycloak/auth/realms/mas
ter/protocol/openid-connect/auth?client_id=gatekeeper&redirect_uri=htt
p%3A%2F%2Fgatekeeper%3A80%2Foauth%2Fcallback&response_type=code&scope=
openid+email+profile&state=0b8a5bf8-e75c-452e-a650-d644c70e7fea","clie
nt_ip":"10.253.6.24:60575"}
{"level":"info","ts":1550234110.010026,"caller":"keycloak-gatekeeper/m
iddleware.go:90","msg":"client
request","latency":0.0000993,"status":307,"bytes":331,"client_ip":"10.
253.6.24:60575","method":"GET","path":"/oauth/authorize"}
{"level":"error","ts":1550234127.0692794,"caller":"keycloak-gatekeeper
/handlers.go:152","msg":"unable to verify the id
token","error":"the
access token has expired"}
{"level":"info","ts":1550234127.069323,"caller":"keycloak-gatekeeper/m
iddleware.go:90","msg":"client
request","latency":0.1995038,"status":403,"bytes":0,"client_ip":"10.25
3.6.24:60575","method":"GET","path":"/oauth/callback"}
And of course, I am not redirected back to the requested URL.
I have configured the gatekeeper as a confidential client in Keycloak,
and have added the redirect_uri http://gatekeeper:80/oauth/callback
Any hints?
Thanks in advance,
Ronald
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
abstractj