The options you're after are truststore, truststore-password and
disable-trust-manager, not client-keystore.
----- Original Message -----
From: "Fabián Silva" <afsg77(a)gmail.com>
To: "Stian Thorgersen" <stian(a)redhat.com>
Cc: "Stan Silvert" <ssilvert(a)redhat.com>, keycloak-user(a)lists.jboss.org
Sent: Saturday, 22 November, 2014 12:58:16 AM
Subject: Re: [keycloak-user] Error on application log in
http://docs.jboss.org/keycloak/docs/1.1.0.Beta1/userguide/html/ch07.html#...
"client-keystore
Not supported yet, but we will support in future versions."
So if my adapter has SSL enabled is not supported yet? Or how do I
configure it to work if my adapter has the SSL enabled?
I tried with an adapter without SSL enabled and the keycloak with the SSL
enabled and it worked. But when I tried it with both, the adapter and the
keycloak with SSL enabled, it doesn't work. I got the following logs on the
adapter:
ERROR [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-6)
failed to turn code into token
ERROR [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-6)
status from server: 404
Regards
On Thu, Nov 20, 2014 at 2:25 AM, Stian Thorgersen <stian(a)redhat.com> wrote:
> Are there no errors or warning in the server log? Try enabling debug for
> org.keycloak and see if there's anything interesting.
>
> First thing try the exact same setup (two servers), but without ssl.
>
> If that works disable enable ssl, but disable the trust manager in the
> adapter (disable-trust-manager option on adapter, see
>
http://docs.jboss.org/keycloak/docs/1.1.0.Beta1/userguide/html/ch07.html#...
> ).
>
> If it still works create a truststore and import your certificate. Then
> set truststore and truststore-password on the adapter.
>
> ----- Original Message -----
> > From: "Fabián Silva" <afsg77(a)gmail.com>
> > To: "Stan Silvert" <ssilvert(a)redhat.com>
> > Cc: keycloak-user(a)lists.jboss.org
> > Sent: Wednesday, 19 November, 2014 6:35:15 PM
> > Subject: Re: [keycloak-user] Error on application log in
> >
> > I tried deploying it onto a local wildfly in domain without the SSL
> enabled
> > and it worked. What I can't figure it out is why the SSL is causing
> conflict
> > and how to solve this, I can't simply disable the SSL.
> >
> > Regards
> >
> > On Wed, Nov 19, 2014 at 11:28 AM, Stan Silvert < ssilvert(a)redhat.com >
> wrote:
> >
> >
> >
> > Have you tried it using the two servers but without SSL?
> >
> > You can set ssl-required to "none" on the adapter (application)
side.
> Also on
> > the Keycloak server side, try setting Access Type to "public". Do one
of
> > those at a time and see if either causes it to work. That might narrow it
> > down a bit.
> >
> >
> > On 11/19/2014 11:29 AM, Fabián Silva wrote:
> >
> >
> >
> > Hi,
> > I'm running out of ideas in here. In simple terms I got a Wildfly
> running on
> > domain on a server and a keycloak on another server. I set the adapters
> on
> > my wildfly and deploy, to this wildfly, a web app that uses keycloak.
> When I
> > try to access the web app it displays the keycloak login, it validates
> the
> > users ok, but when you access with a correct user and password it shows
> the
> > "403 - Forbidden". At first I thought it was some issue with the
roles,
> but
> > that didn't fix it.
> >
> > Regards
> >
> > On Fri, Nov 14, 2014 at 10:20 AM, Fabián Silva < afsg77(a)gmail.com >
> wrote:
> >
> >
> >
> > Hi,
> > It is already set to use the absolute path. And the keycloak is working
> when
> > I deploy the application to my local wildfly domain. The issue is when I
> try
> > to deploy to another wildfly in domain mode on a separate server. The
> > application is the same and the only difference I can tell from the two
> > wildflys is that the local don't have the SSL/HTTPS enabled. I have the
> > keycloak adapter set in both domains.
> >
> > I'm trying to trace those errors on the keycloak code to try to
> understand
> > what is happening, but I haven't been so lucky with this.
> >
> > Regards
> > Alejandro Fabián Silva Grifé
> >
> > On Fri, Nov 14, 2014 at 2:27 AM, Marek Posolda < mposolda(a)redhat.com >
> wrote:
> >
> >
> >
> > Hi,
> >
> > it failed on the adapter (application) side and error 404 means "Not
> found".
> > So adapter can't find the keycloak server to turn code into token. Make
> sure
> > to configure "auth-server-url" in keycloak.json for your application
> > properly. If relative uri doesn't work for some reason, you can rather
> try
> > to use absolute uri for auth-server-url like "
>
https://localhost:8443/auth" .
> >
> > Marek
> >
> >
> > On 14.11.2014 01:31, Fabián Silva wrote:
> >
> >
> >
> > I have a keycloak installed on wildfly standalone. I'm trying to deploy
> an
> > application, that use this keycloak, on a separate server with wilflly
> > running on domain mode. I tried first to deploy on a domain out of the
> box
> > on my local machine, setting the
> keycloak-wildfly-adapter-dist-1.0.4.Final.
> > It deploys fine and does the authentication without any issues. When I
> try
> > to migrate it to the server running my wilfly (also in domain mode and
> the
> > keycloak adapter set), it deploys fine and shows the keycloak login once
> you
> > enter the application. But the problem is that when you login it
> displays a
> > "403 - Forbidden" and on the log I'm seeing
> > ERROR [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-6)
> > failed to turn code into token
> > ERROR [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-6)
> > status from server: 404
> > The only difference between those two wildfly domain mode is that in the
> > local I don't have the the SSL/HTTPS enabled.
> >
> > Have anyone seen this error? or have an idea of what this could be?
> >
> > Regards
> >
> >
> > _______________________________________________
> > keycloak-user mailing list keycloak-user(a)lists.jboss.org
> >
https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
> >
> >
> >
> >
> > _______________________________________________
> > keycloak-user mailing list keycloak-user(a)lists.jboss.org
> >
https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
> >
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user(a)lists.jboss.org
> >
https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
> >
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user(a)lists.jboss.org
> >
https://lists.jboss.org/mailman/listinfo/keycloak-user
>