Just released i was using the wrong url-pattern. All good.
On Thu, Jun 2, 2016 at 2:28 PM, Gareth Healy <gahealy(a)redhat.com> wrote:
I am trying to secure a URL with KeyCloak, backed by Kerberos.
I've
followed the below link, but sadly not not seeing what i would expect.
-
https://github.com/keycloak/keycloak-documentation/blob/master/topics/jbo...
The exploded war web.xml contains:
<?xml version="1.0" encoding="UTF-8"?>
<web-app
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="
http://java.sun.com/xml/ns/javaee"
xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
version="2.5">
<listener>
<listener-class>io.apiman.gateway.platforms.war.listeners.WarGatewayBootstrapper</listener-class>
</listener>
<!-- Gateway Servlet -->
<servlet>
<servlet-name>GatewayServlet</servlet-name>
<servlet-class>io.apiman.gateway.platforms.war.servlets.WarGatewayServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>GatewayServlet</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>apiman-gateway</web-resource-name>
<url-pattern>/apiman-gateway/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>KEYCLOAK</auth-method>
<realm-name>this is ignored currently</realm-name>
</login-config>
<security-role>
<role-name>user</role-name>
</security-role>
</web-app>
And the keycloak.json file in the WEB-INF folder contains:
{
"realm": "apiman",
"realm-public-key":
"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxyG61ohrfJQKNmDA/ePZtqZVpPXjwn3k3T+iWiTvMsxW2+WlnqIEmL5qZ09DMhBH9r50WZRO2gVoCb657Er9x0vfD6GNf/47XU2y33TX8axhP+hSwkv/VViaDlu4jQrfgPWz/FXMjWIZxg1xQS+nOBF2ScCRYWNQ/ZnUNnvrq8dGC2/AlyeYcgDUOdwlJuvgkGlF0QoVPQiRPurR3RwlG+BjL8JB3hbaAZhdJqwqApmGQbcpgLj2tODnlrZnEAp5cPPU/lgqCE1OOp78BAEiE91ZLPl/+D8qDHk+Maz0Io3bkeRZMXPpvtbL3qN+3GlF8Yz264HDSsTNrH+nd19tFQIDAQAB",
"auth-server-url": "https://reuxgbls359:8443/auth",
"ssl-required": "none",
"resource": "apiman-gateway",
"public-client": true
}
When i hit the URL, i see the below debug:
2016-06-02 13:20:10,460 DEBUG
[org.keycloak.adapters.PreAuthActionsHandler] (default task-43)
adminRequest
https://reuxgbls359:8443/apiman-gateway/bp/mapping/1.0?wsdl
2016-06-02 13:20:10,461 DEBUG
[org.keycloak.adapters.undertow.ServletSessionTokenStore] (default task-43)
session was null, returning null
2016-06-02 13:20:10,461 DEBUG
[org.keycloak.adapters.OAuthRequestAuthenticator] (default task-43) there
was no code
2016-06-02 13:20:10,461 DEBUG
[org.keycloak.adapters.OAuthRequestAuthenticator] (default task-43)
redirecting to auth server
2016-06-02 13:20:10,462 DEBUG
[org.keycloak.adapters.OAuthRequestAuthenticator] (default task-43)
callback uri:
https://reuxgbls359:8443/apiman-gateway/bp/mapping/1.0?wsdl
2016-06-02 13:20:10,463 DEBUG
[org.keycloak.adapters.AuthenticatedActionsHandler] (default task-43)
AuthenticatedActionsValve.invoke
https://reuxgbls359:8443/apiman-gateway/bp/mapping/1.0?wsdl
But i never get redirected to the auth/login page.
Any ideas what i am doing wrong?
--
Gareth Healy
UKI Middleware Consultant
Red Hat UK Ltd
200 Fowler Avenue
Farnborough, Hants
GU14 7JP, UK
Mobile: +44(0)7818511214
E-Mail: gahealy(a)redhat.com
Registered in England and Wales under Company Registration No. 03798903
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
Gareth Healy
UKI Middleware Consultant
Red Hat UK Ltd
200 Fowler Avenue
Farnborough, Hants
GU14 7JP, UK
Mobile: +44(0)7818511214
E-Mail: gahealy(a)redhat.com
Registered in England and Wales under Company Registration No. 03798903