Yes, that's possible. According to
the underscore is not valid character in hostname. Maybe it causes
issues with Apache HTTP client. If you have possibility to remove
underscore, it worth a try though.
Marek
On 31/05/16 16:21, Gregory Orciuch wrote:
Hi,
I dont get it. How the truststore/keystore properties are related to
not having hostname in the returned URL ?
truststore is usually taken by java low level SSL stack (unless
KeyCloak using own ssl stack) and even if wrong it does produce PKIX
exception which is not in Emil's stack trace.
I suspect the underscore "_" in the "auth-server-url" or, the name
is
not resolved by DNS from KeyCloak server perspective.
BR,
Gregory
2016-05-31 15:05 GMT+02:00 Marek Posolda <mposolda(a)redhat.com
<mailto:mposolda@redhat.com>>:
Does your keycloak server have certificate signed by known CA
authority or are you using some self-signed? If you have
self-signed, you also need to configure truststore. See
http://keycloak.github.io/docs/userguide/keycloak-server/html/ch08.html#a...
and especially properties related to truststore.
Marek
On 31/05/16 15:00, Emil Posmyk wrote:
> sorry, i forgot to finish title
>
> {
> "realm": "Brandpath",
> "realm-public-key": "key.....",
> "auth-server-url":
"https://sabdev_oms.brandpath.net/auth",
> "ssl-required": "external",
> "resource": "oms-web",
> "credentials": {
> "secret": "secret"
> },
> "use-resource-role-mappings": true
> }
>
>
>
> regards
> /--/
> /Emil Posmyk
>
> /
>
> 2016-05-31 14:26 GMT+02:00 Marek Posolda <mposolda(a)redhat.com
> <mailto:mposolda@redhat.com>>:
>
> How is "auth-server-url" in your keycloak.json configured? If
> you're using relative URI, then you can maybe try to use
> absolute URI and see if it help?
>
> Marek
>
>
> On 31/05/16 14:19, Emil Posmyk wrote:
>> Hello
>>
>> I'm reciving error when I try login to our application:
>> ClientProtocolException: URI does not specify a valid host
>> name: https:/auth/realms/Brandpath/protocol/openid-connect/token
>> Http protocol is working fine, no errors, but using https I
>> recive each time uri without host name.
>> Auth page is working fine.
>>
>> What can cause that error ?
>>
>>
>> 14:59:22,937 ERROR
>> [org.keycloak.adapters.OAuthRequestAuthenticator] (default
>> task-2) failed to turn code into token:
>> org.apache.http.client.ClientProtocolException: URI does not
>> specify a valid host name:
>> https:/auth/realms/Brandpath/protocol/openid-connect/token
>> [Server:ms-server1] at
>>
org.apache.http.impl.client.CloseableHttpClient.determineTarget(CloseableHttpClient.java:94)
>> [Server:ms-server1] at
>>
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
>> [Server:ms-server1] at
>>
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107)
>> [Server:ms-server1] at
>>
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55)
>> [Server:ms-server1] at
>>
org.keycloak.adapters.ServerRequest.invokeAccessCodeToToken(ServerRequest.java:107)
>> [Server:ms-server1] at
>>
org.keycloak.adapters.OAuthRequestAuthenticator.resolveCode(OAuthRequestAuthenticator.java:314)
>> [Server:ms-server1] at
>>
org.keycloak.adapters.OAuthRequestAuthenticator.authenticate(OAuthRequestAuthenticator.java:260)
>> [Server:ms-server1] at
>>
org.keycloak.adapters.RequestAuthenticator.authenticate(RequestAuthenticator.java:112)
>> [Server:ms-server1] at
>>
org.keycloak.adapters.undertow.AbstractUndertowKeycloakAuthMech.keycloakAuthenticate(AbstractUndertowKeycloakAuthMech.java:110)
>> [Server:ms-server1] at
>>
org.keycloak.adapters.undertow.ServletKeycloakAuthMech.authenticate(ServletKeycloakAuthMech.java:92)
>> [Server:ms-server1] at
>>
io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:233)
>> [Server:ms-server1] at
>>
io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:250)
>> [Server:ms-server1] at
>>
io.undertow.security.impl.SecurityContextImpl$AuthAttempter.access$100(SecurityContextImpl.java:219)
>> [Server:ms-server1] at
>>
io.undertow.security.impl.SecurityContextImpl.attemptAuthentication(SecurityContextImpl.java:121)
>> [Server:ms-server1] at
>>
io.undertow.security.impl.SecurityContextImpl.authTransition(SecurityContextImpl.java:96)
>> [Server:ms-server1] at
>>
io.undertow.security.impl.SecurityContextImpl.authenticate(SecurityContextImpl.java:89)
>> [Server:ms-server1] at
>>
io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:55)
>> [Server:ms-server1] at
>>
io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:33)
>> [Server:ms-server1] at
>>
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>> [Server:ms-server1] at
>>
io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:51)
>> [Server:ms-server1] at
>>
io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
>> [Server:ms-server1] at
>>
io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
>> [Server:ms-server1] at
>>
io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:56)
>> [Server:ms-server1] at
>>
io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
>> [Server:ms-server1] at
>>
io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
>> [Server:ms-server1] at
>>
io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
>> [Server:ms-server1] at
>>
io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
>> [Server:ms-server1] at
>>
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>> [Server:ms-server1] at
>>
org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
>> [Server:ms-server1] at
>>
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>> [Server:ms-server1] at
>>
org.wildfly.mod_cluster.undertow.metric.RunningRequestsHttpHandler.handleRequest(RunningRequestsHttpHandler.java:69)
>> [Server:ms-server1] at
>>
org.keycloak.adapters.undertow.ServletPreAuthActionsHandler.handleRequest(ServletPreAuthActionsHandler.java:69)
>> [Server:ms-server1] at
>>
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>> [Server:ms-server1] at
>>
io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:284)
>> [Server:ms-server1] at
>>
io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:263)
>> [Server:ms-server1] at
>>
io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
>> [Server:ms-server1] at
>>
io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:174)
>> [Server:ms-server1] at
>> io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
>> [Server:ms-server1] at
>> io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:793)
>> [Server:ms-server1] at
>>
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
>> [Server:ms-server1] at
>>
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
>> [Server:ms-server1] at java.lang.Thread.run(Thread.java:745)
>>
>> /
>> regards/
>> /--/
>> /Emil Posmyk
>> /
>>
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user(a)lists.jboss.org
>> <mailto:keycloak-user@lists.jboss.org>
>>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user