{
"realm": "worktrac",
"realm-public-key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCJSuOKHBTZxV4/KKAZH8i4+nB/65IY8VDe+70pWrJSpm0pJICfSbnSmJ3YFKKK3B1RR1Ev8mxFRyVTVm+TZgflkZ8HJM+wfEGgySMZvBlRAsR2yI0mmTrbGBA8c6RJAA4B2+9nxk0/iXCJGq545aDvbXjPMuhy6zf3OqpdqgcFYQIDAQAB",
"auth-server-url": "http://localhost:8082/auth",
"ssl-required": "none",
"resource": "account",
"public-client": true,
"use-resource-role-mappings": true,
"enable-cors" : true,
"cors-max-age" : 1000,
"cors-allowed-methods": "POST, PUT, DELETE, GET"
}
I am receiving Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://localhost:8082/auth/realms/worktrac/protocol/openid-connect/userinfo. This can be fixed by moving the resource to the same domain or enabling CORS. What 'application' does the http://localhost:8082/auth/realms/worktrac/protocol/openid-connect/userinfo url use for it's origins? I have worktrac realm worktrac app and account app both configured with http://localhost:8080/* which is the origin. Also it seems like that's the errors it's indicated, but I also see a 404 error for this URL. I have valid Subject, idtoken and token as I printed them to the console and included below. I also pasted the java code and my keycloak.json which seems to be working upto "Here 2". It seems this is 90% there it's just failing at the actual call."subject""441e652f-fc78-453e-90dd-2b998eb771d7"
"idtoken"
"eyJhbGciOiJSUzI1NiJ9.eyJuYW1lIjoiQ2hyaXMgV2FsbGFjZSBXYWxsYWNlIiwiZW1haWwiOiJjaHJpcy53YWxhbGNlQG1lZGljYWxwYXlyZXZpZXcuY29tIiwianRpIjoiNWJmZDlkYzItYzU1NC00YTY2LWE0MDAtN2EwNmQxODZjNDNmIiwiZXhwIjoxNDI0ODY3NTA4LCJuYmYiOjAsImlhdCI6MTQyNDg2NzIwOCwiaXNzIjoid29ya3RyYWMiLCJhdWQiOiJhY2NvdW50Iiwic3ViIjoiNDQxZTY1MmYtZmM3OC00NTNlLTkwZGQtMmI5OThlYjc3MWQ3IiwiYXpwIjoiYWNjb3VudCIsImdpdmVuX25hbWUiOiJDaHJpcyBXYWxsYWNlIiwiZmFtaWx5X25hbWUiOiJXYWxsYWNlIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiY2p3IiwiZW1haWxfdmVyaWZpZWQiOmZhbHNlfQ.HNR7tHN7jngluZNEJsrL-CVDzP96mIm4jMZVqvy56w_rsRjvvTuvj8Ke4raWyDVXzbZv4TmSk5iobPAzXlUCx4KLlHlrC6W5yTGXJ20Mgn73PHlsM3dCOJIyFYs6o2J19a8iZyHtuS5BwXiR44Ba5xPmzw9LVNmOm4ppropTPgE" MyController.js:86
"token"
"eyJhbGciOiJSUzI1NiJ9.eyJuYW1lIjoiQ2hyaXMgV2FsbGFjZSBXYWxsYWNlIiwiZW1haWwiOiJjaHJpcy53YWxhbGNlQG1lZGljYWxwYXlyZXZpZXcuY29tIiwianRpIjoiMzY0YjE3YjQtNjJkZS00NDY5LWFkYjUtNDdmMmYzNGU1NDBjIiwiZXhwIjoxNDI0ODY3NTA4LCJuYmYiOjAsImlhdCI6MTQyNDg2NzIwOCwiaXNzIjoid29ya3RyYWMiLCJhdWQiOiJhY2NvdW50Iiwic3ViIjoiNDQxZTY1MmYtZmM3OC00NTNlLTkwZGQtMmI5OThlYjc3MWQ3IiwiYXpwIjoiYWNjb3VudCIsImdpdmVuX25hbWUiOiJDaHJpcyBXYWxsYWNlIiwiZmFtaWx5X25hbWUiOiJXYWxsYWNlIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiY2p3IiwiZW1haWxfdmVyaWZpZWQiOmZhbHNlLCJzZXNzaW9uX3N0YXRlIjoiZmQzNTY4OTAtMDUyMy00Y2JkLWE2OTEtZTk0MDQxOTYyZDc1IiwiYWxsb3dlZC1vcmlnaW5zIjpbImh0dHA6Ly9sb2NhbGhvc3Q6ODA4MC8qIiwiaHR0cDovL2xvY2FsaG9zdDo4MDgwIl0sInJlc291cmNlX2FjY2VzcyI6eyJ3b3JrdHJhYyI6eyJyb2xlcyI6WyJhZG1pbiIsInVzZXIiXX0sImFjY291bnQiOnsicm9sZXMiOlsibWFuYWdlLWFjY291bnQiLCJ2aWV3LXByb2ZpbGUiXX19fQ.R8NdAIf2P3-6JfxE9maP6PtPGE04zdM8LgaUbLqqfKOEDu2Pe5JMoUO5tbD20_oYMe_gr6jZOJsOmY01VtuWHVYczS7KIRXm3KnmrKIBeNXETPineb1wT7MgtzKYcf3MqoLcje1vR48iTbVlSszb2Np8Jqo4wa7cGSfadaZApgU"
var keycloak = Keycloak();
var loadData = function () {
console.log(keycloak.subject);
console.log('idtoken');
console.log(keycloak.idToken);
console.log('token');
console.log(keycloak.token);
var url = 'http://localhost:8082/auth/realms/worktrac/protocol/openid-connect/userinfo';
var req = new XMLHttpRequest();
req.open('GET', url, true);
req.setRequestHeader('Accept', 'application/json');
req.setRequestHeader('Authorization', 'Bearer ' + keycloak.token);
console.log('Here 1');
req.onreadystatechange = function () {
if (req.readyState == 4) {
console.log('Here 2');
if (req.status == 200) {
console.log('render page 3');
var users = JSON.parse(req.responseText);
var html = '';
for (var i = 0; i < users.length; i++) {
html += '<p>' + users[i] + '</p>';
}
console.log('HTML');
console.log(html);
console.log('finished loading data');
}
}
};
req.send();
};
var loadFailure = function () {
document.getElementById('customers').innerHTML = '<b>Failed to load data. Check console log</b>';
};
var reloadData = function () {
keycloak.updateToken(10)
.success(loadData)
.error(function() {
document.getElementById('customers').innerHTML = '<b>Failed to load data. User is logged out.</b>';
});
};
keycloak.init({ onLoad: 'login-required' }).success(reloadData);keycloak.json
{
"realm": "worktrac",
"realm-public-key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCJSuOKHBTZxV4/KKAZH8i4+nB/65IY8VDe+70pWrJSpm0pJICfSbnSmJ3YFKKK3B1RR1Ev8mxFRyVTVm+TZgflkZ8HJM+wfEGgySMZvBlRAsR2yI0mmTrbGBA8c6RJAA4B2+9nxk0/iXCJGq545aDvbXjPMuhy6zf3OqpdqgcFYQIDAQAB",
"auth-server-url": "http://localhost:8082/auth",
"ssl-required": "none",
"resource": "worktrac",
"public-client": true,
"use-resource-role-mappings": true,
"enable-cors" : true,
"cors-max-age" : 1000,
"cors-allowed-methods": "POST, PUT, DELETE, GET"
}On Wed, Feb 25, 2015 at 12:10 AM, Stian Thorgersen <stian@redhat.com> wrote:
----- Original Message -----
> From: "Christopher Wallace" <cjwallac@gmail.com>
> To: "Stian Thorgersen" <stian@redhat.com>
> Cc: yonim@odoro.co.il, keycloak-user@lists.jboss.org
> Sent: Tuesday, February 24, 2015 7:21:11 PM
> Subject: Re: [keycloak-user] Endpoint URL's
>
> I am actually not able to access any of the REST urls I tried from
> http://docs.jboss.org/keycloak/docs/1.1.0.Final/rest-api/overview-index.html
> is this something that needs to be enabled or installed speratly from the
> keycloak appliance?
They should work fine as long as you have a token to invoke them with. Have you look at admin-access-app example? We also have a Java wrapper for this that makes it easier to invoke from Java, see the admin-client example for that.
>
> On Tue, Feb 24, 2015 at 12:19 PM, Christopher Wallace <cjwallac@gmail.com>
> wrote:
>
> > Yoni,
> >
> > Where you able to get this to work? I am attempting to get user
> > information also using
> > http://localhost:8082/auth/realms/<realm>/protocol/openid-connect/userinfo
> > and it doesn't bring back any data. Any trics?
> >
> > Chris W.
> >
> > On Mon, Feb 23, 2015 at 8:16 AM, Stian Thorgersen <stian@redhat.com>
> > wrote:
> >
> >>
> >>
> >> ----- Original Message -----
> >> > From: yonim@odoro.co.il
> >> > To: "Stian Thorgersen" <stian@redhat.com>
> >> > Cc: keycloak-user@lists.jboss.org
> >> > Sent: Monday, February 23, 2015 10:39:14 AM
> >> > Subject: RE: [keycloak-user] Endpoint URL's
> >> >
> >> > Ok.. a bit frustrating.
> >> >
> >> > Any change the 1.2.0 Beta solves some of the issues? I can build it if
> >> > needed...
> >>
> >> Afraid not. We are planning to add the discovery endpoint, but it may be
> >> a month or so before we get time.
> >>
> >> >
> >> > I've tried openid4java (on top of spring security ) and another client
> >> > (mitred one, their client not the server) and both looked for the
> >> discovery
> >> > endpoint.
> >> >
> >> > Assuming I switch from opened-connect to OAuth - how can I get the
> >> userinfo
> >> > after that? any special endpoint to oauth userinfo after I got the
> >> token?
> >>
> >> You can invoke /auth/realms/{name}/protocol/openid-connect/userinfo with
> >> the token.
> >>
> >> >
> >> > Cheers,
> >> > Yoni
> >> >
> >> >
> >> >
> >> >
> >> >
> >> >
> >> > -----Original Message-----
> >> > From: Stian Thorgersen [mailto:stian@redhat.com]
> >> > Sent: Monday, February 23, 2015 10:52 AM
> >> > To: Yoni Moses
> >> > Cc: keycloak-user@lists.jboss.org
> >> > Subject: Re: [keycloak-user] Endpoint URL's
> >> >
> >> > Hi,
> >> >
> >> > We haven't added the discovery part of OpenID Connect yet and there are
> >> some
> >> > issues with the docs as the protocol related endpoints are missing. The
> >> > endpoints of interest to you are:
> >> >
> >> > * /auth/realms/{name}/protocol/openid-connect/login
> >> > * /auth/realms/{name}/protocol/openid-connect/access/codes
> >> > * /auth/realms/{name}/protocol/openid-connect/refresh
> >> > * /auth/realms/{name}/protocol/openid-connect/userinfo
> >> >
> >> > We are actively working on better integration with other openid connect
> >> > client libraries, so let us know what works and what doesn't.
> >> >
> >> > ----- Original Message -----
> >> > > From: "Yoni Moses" <yonim@odoro.co.il>
> >> > > To: keycloak-user@lists.jboss.org
> >> > > Sent: Sunday, February 22, 2015 1:07:36 PM
> >> > > Subject: [keycloak-user] Endpoint URL's
> >> > >
> >> > > Hi,
> >> > >
> >> > > I've been trying keycloak , very impressive!
> >> > > I don't intended to use it as the sample in jee but rather through
> >> openid
> >> > > provider in my case its openid4java with spring security.
> >> > > I've been struggling with configuration of the endpoint especially
> >> with
> >> > > discovery end point..
> >> > > is there somewhere in the doc the list of endpoints keycloak has?
> >> > > so far I've been trying with /auth/realms/{name}
> >> > >
> >> > >
> >> > > Thanks,
> >> > > Yoni
> >> > >
> >> > >
> >> > > _______________________________________________
> >> > > keycloak-user mailing list
> >> > > keycloak-user@lists.jboss.org
> >> > > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >> >
> >> >
> >> _______________________________________________
> >> keycloak-user mailing list
> >> keycloak-user@lists.jboss.org
> >> https://lists.jboss.org/mailman/listinfo/keycloak-user
> >>
> >
> >
> >
> > --
> > Chris Wallace
> > cjwallac@gmail.com
> > c: 570.582.9955
> >
>
>
>
> --
> Chris Wallace
> cjwallac@gmail.com
> c: 570.582.9955
>
--