I suppose you're using Keycloak 1.7? There is known issue related to
this NoClassDefFoundError . You can workaround it by edit file
$KEYCLOAK_HOME/modules/system/layers/base/org/keycloak/keycloak-login-freemarker/main/module.xml
and add the line:
<module name="org.keycloak.keycloak-broker-core"/>
into dependencies section. Same for module
$KEYCLOAK_HOME/modules/system/layers/base/org/keycloak/keycloak-email-freemarker/main/module.xml
Marek
On 28/01/16 06:47, Adrian Matei wrote:
Hi everyone,
I am experimenting "too many redirects"/infinite loops issues in the
browser when I try to connect with social providers. I am also getting
internal server error on Chrome via google account (Caused by:
java.lang.NoClassDefFoundError:
org/keycloak/broker/provider/BrokeredIdentityContext). It might be my
configuration, but I did everything "by the book":
# realm Require SSL:none
#nginx
http {
gzip on;
gzip_proxied any;
#gzip_proxied no-cache no-store private expired auth;
gzip_types text/plain text/html text/css application/json
application/x-javascript application/xml application/xml+rss
text/javascript application/javascript text/x-js;
#gzip_min_length 1000;
server_tokens off; #hides nginx version and OS running on
include /etc/nginx/mime.types;
upstream tomcat_server {
server localhost:8080;
}
upstream keycloak_server {
server localhost:8180;
}
server {
listen 80;
server_name podcastmania.ro <
http://podcastmania.ro/>;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name podcastmania.ro <
http://podcastmania.ro/>
www.podcastmania.ro <
http://www.podcastmania.ro/>;
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
location / {
root /opt/tomcat/webapps/ROOT;
try_files $uri /maintenance.html @tomcat;
}
location @tomcat {
proxy_pass
http://tomcat_server <
http://tomcat_server/>;
proxy_set_header Host $host; #to change the "Host"
header set by default to $proxy_host to $host - the originating host
request
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For
$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /auth/ {
root
/opt/keycloak/standalone/configuration/themes/keycloak/;
try_files $uri @keycloak;
}
location @keycloak {
proxy_pass
http://keycloak_server
<
http://keycloak_server/>;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For
$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port 443;
}
}
# standalone.xml
<subsystem xmlns="urn:jboss:domain:undertow:2.0">
<buffer-cache name="default"/>
<server name="default-server">
<http-listener name="default"
socket-binding="http"
*redirect-socket="proxy-https"
proxy-address-forwarding="true"*/>
<host name="default-host" alias="localhost">
<location name="/"
handler="welcome-content"/>
<filter-ref name="server-header"/>
<filter-ref name="x-powered-by-header"/>
</host>
</server>
<socket-binding-group name="standard-sockets"
default-interface="public"
port-offset="${jboss.socket.binding.port-offset:100}">
<socket-binding name="management-http"
interface="management"
port="${jboss.management.http.port:9990}"/>
<socket-binding name="management-https"
interface="management"
port="${jboss.management.https.port:9993}"/>
<socket-binding name="ajp"
port="${jboss.ajp.port:8009}"/>
<socket-binding name="http"
port="${jboss.http.port:8080}"/>
<socket-binding name="https"
port="${jboss.https.port:8443}"/>
<socket-binding name="txn-recovery-environment"
port="4712"/>
<socket-binding name="txn-status-manager"
port="4713"/>
* <socket-binding name="proxy-https" port="443"/>*
<outbound-socket-binding name="mail-smtp">
<remote-destination host="localhost" port="25"/>
</outbound-socket-binding>
</socket-binding-group>
# app:spring security configuration
<context:component-scan
base-package="org.keycloak.adapters.springsecurity" />
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider ref="keycloakAuthenticationProvider"
/>
</security:authentication-manager>
<bean id="adapterDeploymentContext"
class="org.keycloak.adapters.springsecurity.AdapterDeploymentContextBean">
<constructor-arg value="classpath:keycloak.json" />
</bean>
<bean id="keycloakAuthenticationEntryPoint"
class="org.keycloak.adapters.springsecurity.authentication.KeycloakAuthenticationEntryPoint"
/>
<bean id="keycloakAuthenticationProvider"
class="org.keycloak.adapters.springsecurity.authentication.KeycloakAuthenticationProvider"
/>
<bean id="keycloakPreAuthActionsFilter"
class="org.keycloak.adapters.springsecurity.filter.KeycloakPreAuthActionsFilter"
/>
<bean id="keycloakAuthenticationProcessingFilter"
class="org.keycloak.adapters.springsecurity.filter.KeycloakAuthenticationProcessingFilter">
<constructor-arg name="authenticationManager"
ref="authenticationManager" />
</bean>
<bean id="keycloakLogoutHandler"
class="org.keycloak.adapters.springsecurity.authentication.KeycloakLogoutHandler">
<constructor-arg ref="adapterDeploymentContext" />
</bean>
<bean id="logoutFilter"
class="org.springframework.security.web.authentication.logout.LogoutFilter">
<constructor-arg name="logoutSuccessUrl" value="/" />
<constructor-arg name="handlers">
<list>
<ref bean="keycloakLogoutHandler" />
<bean
class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"
/>
</list>
</constructor-arg>
<property name="logoutRequestMatcher">
<bean
class="org.springframework.security.web.util.matcher.AntPathRequestMatcher">
<constructor-arg name="pattern" value="/sso/logout**"
/>
<constructor-arg name="httpMethod" value="GET" />
</bean>
</property>
</bean>
<security:http auto-config="false" use-expressions="true"
entry-point-ref="keycloakAuthenticationEntryPoint">
<security:custom-filter ref="keycloakPreAuthActionsFilter"
before="LOGOUT_FILTER" />
<security:custom-filter ref="keycloakAuthenticationProcessingFilter"
before="FORM_LOGIN_FILTER" />
<security:intercept-url pattern="/users/registration"
access="permitAll"/>
<security:intercept-url pattern="/users/registration/confirm-email"
access="permitAll"/>
<security:intercept-url pattern="/users/registration/confirmed"
access="permitAll"/>
<security:intercept-url pattern="/users/password-forgotten"
access="permitAll"/>
<security:intercept-url
pattern="/users/password-forgotten/confirm-email"
access="permitAll"/>
<security:intercept-url pattern="/users/password-forgotten/confirmed"
access="permitAll"/>
<security:intercept-url pattern="/users/**/*"
access="hasRole('ROLE_USER')"/>
<security:intercept-url pattern="/**" access="permitAll"/>
<security:custom-filter ref="logoutFilter"
position="LOGOUT_FILTER" />
</security:http>
Has anyone faced similar issues?
Thanks,
Adrian
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user