Hi Bill,

    My goal is get liveoak, aerogear and keycloak working on different servers.  LiveOak uses Keycloak and Aerogear.  Following are the steps i took.

    1) Install Keycloak on one server with self signed certificate.  It is accessible via https://XXX.XXX.XXX.XXX:8443/auth.  Worked
    2) Installed AreoGear on another server with self signed certificate.  It is accessible via https://XXX.XXX.XXX.XXX:8443/ag-push.  Worked
    3) Imported attached  JSON in as a new aerogear realm in keycloak.   Worked
    4) Updated Keycloak to use MongoDB. Worked
    5) Update application aerogear with keycloak.json restarted wildfly server. Updated application under AreoGear to use https://XXX.XXX.XXX.XXX:8443/ag-push/* as a redirect uri. Worked.
    6) Restarted both the wildfly servers.
    7) After restart tried to login to https://XXX.XXX.XXX.XXX:8443/ag-push/ forwarded me to https://XXX.XXX.XXX.XXX:8443/auth login page.  Successfull login was achieved.
    8) PROBLEM: After login redirect to https://XXX.XXX.XXX.XXX:8443/ag-push/ where by i get error "No state cookie" in AreoGear log, which is coming from OAuthRequestAuthenticator line 116 because the adapter can not find a cookie with name "OAuth_Token_Request_State" in HTTP.

   Troubleshooting Try 1.
   1) updated aerogear to use 1.0.1.Beta1 Adapter.  Still works does not solve the problem same error.

   Troubleshooting Try 2.
   1) updated keycloak.json by adding "disable-trust-manager": true.  Still works does not solve the problem same error.
   
   Troubleshooting Try 2.  Still have not done but will do today is 
   1) updated keycloak.json by adding "disable-trust-manager": false,"truststore": "/path","truststore-password": "password".  Will report back shortly.

Regards,
Pratik Parikh

On Fri, Nov 14, 2014 at 8:46 AM, Bill Burke <bburke@redhat.com> wrote:
Can you explain your problem again?  I think I am misunderstanding what
problems you are having.  You linked this message:

http://lists.jboss.org/pipermail/keycloak-user/2014-November/001170.html

We do not support OIDC scope param, but you can limit the application's
scope in the admin console.

On 11/13/2014 10:28 PM, Pratik Parikh wrote:
> Hi Bill,
>
>      Is this because both of my server (keycloak and aerogear are
> https).  Do i need to establish trust between them?
>
> Regards,
> Pratik Parikh
>
> On Thu, Nov 13, 2014 at 8:18 PM, Pratik Parikh
> <pratik.p.parikh@gmail.com <mailto:pratik.p.parikh@gmail.com>> wrote:
>
>     Hi Bill,
>
>          Thanks i turned the scope off under the application but that
>     did not help.  Could you please help us understand what is going
>     on.  I am trying to look the code but seems like it is going to take
>     be a bit to figure it out.  It seems like HttpFacade.Cookies is
>     suppose to have state cookie which is contained in
>     KeycloakDeployment. I did try what you suggest was that not
>     correctly understood by me? I am new to keycloak but this is a great
>     project would like to understand it and use it to its fullest
>     extend. Can you help me get past this problem. Thanks in advance.
>
>     Regards,
>     --
>     Pratik Parikh
>     - Mantra - Keep It Simple and Straightforward
>
>
>
>
> --
> Pratik Parikh
> - Mantra - Keep It Simple and Straightforward
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user@lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>

--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user



--
Pratik Parikh
- Mantra - Keep It Simple and Straightforward