Do you get anything in server logs ? It may be related with invalid client credentials.
On 12/6/2016 12:41:38 PM, Richard van Duijn <rjvduijn(a)gmail.com> wrote:
I'm creating a POC application using playframework and angular. The
frontend will be protected using the keycloak javascript adapter and the
backend rest services will be a bearer-only application.
Without the policies turned on in the keycloak.json everything goes well.
But when I turn the policies by adding "policy-enforcer": { } on for the
rest services, I get an 400 Bad Request response from the Keycloak server
during initialization.
After some debugging I noticed it had to do with the initialization of the
PolicyEnforcer which attempts to call the following server keycloak
endpoint:
http://127.0.0.1:8080/auth/realms/local.development/protocol/openid-conne...
Below you will find the stacktrace and request and response objects.
Hope someone can point me in the right direction. For instance how to
configure keycloak logging to get some more details on what the reason for
the 400 bad request is.
Many many thanks!
/Richard
*Stacktrace*:
at
org.keycloak.authorization.client.util.HttpMethod.execute(HttpMethod.java:92)
at
org.keycloak.authorization.client.util.HttpMethodResponse$2.execute(HttpMethodResponse.java:48)
at
org.keycloak.authorization.client.AuthzClient.obtainAccessToken(AuthzClient.java:112)
at
org.keycloak.authorization.client.AuthzClient.protection(AuthzClient.java:91)
at
org.keycloak.adapters.authorization.PolicyEnforcer.(PolicyEnforcer.java:57)
at
org.keycloak.adapters.KeycloakDeploymentBuilder.internalBuild(KeycloakDeploymentBuilder.java:126)
at
org.keycloak.adapters.KeycloakDeploymentBuilder.build(KeycloakDeploymentBuilder.java:135)
at
security.KeycloakSecurityModule.configure(KeycloakSecurityModule.java:53)
at com.google.inject.AbstractModule.configure(AbstractModule.java:62)
... many google guice calls ...
at
play.core.server.DevServerStart$$anonfun$mainDev$1$$anon$1$$anonfun$get$1.apply(DevServerStart.scala:129)
at
play.core.server.DevServerStart$$anonfun$mainDev$1$$anon$1$$anonfun$get$1.apply(DevServerStart.scala:121)
*Request object*:
builder = {RequestBuilder@12557}
method = "POST"
charset = {UTF_8@12563} "UTF-8"
version = null
uri = {URI@12564} "
http://127.0.0.1:8080/auth/realms/local.development/protocol/openid-conne...
"
headergroup = {HeaderGroup@12565} "[Authorization: Basic
YmFja2VuZC1jbGllbnQ6NmNlNzE4YWQtMmFiMS00MmZmLWJmMDEtMzVhMDNlYWIzYWVl]"
entity = null
parameters = {LinkedList@12566} size = 1
0 = {BasicNameValuePair@12576} "grant_type=client_credentials"
config = null
*Response object*:
HTTP/1.1 400 Bad Request [Connection: keep-alive, X-Powered-By: Undertow/1,
Server: WildFly/10, Content-Type: application/json, Content-Length: 72,
Date: Tue, 06 Dec 2016 12:24:28 GMT]
org.apache.http.conn.BasicManagedEntity@1f8d1780
response = {$Proxy16@12554} "HTTP/1.1 400 Bad Request [Connection:
keep-alive, X-Powered-By: Undertow/1, Server: WildFly/10, Content-Type:
application/json, Content-Length: 72, Date: Tue, 06 Dec 2016 12:24:28 GMT]
org.apache.http.conn.BasicManagedEntity@1f8d1780"
h = {CloseableHttpResponseProxy@12583}
original = {BasicHttpResponse@12584} "HTTP/1.1 400 Bad Request
[Connection: keep-alive, X-Powered-By: Undertow/1, Server: WildFly/10,
Content-Type: application/json, Content-Length: 72, Date: Tue, 06 Dec 2016
12:24:28 GMT] org.apache.http.conn.BasicManagedEntity@1f8d1780"
statusline = {BasicStatusLine@12556} "HTTP/1.1 400 Bad Request"
ver = {HttpVersion@12586} "HTTP/1.1"
code = 400
reasonPhrase = "Bad Request"
entity = {BasicManagedEntity@12555}
reasonCatalog = {EnglishReasonPhraseCatalog@12588}
locale = {Locale@12589} "en_US"
headergroup = {HeaderGroup@12590} "[Connection: keep-alive,
X-Powered-By: Undertow/1, Server: WildFly/10, Content-Type:
application/json, Content-Length: 72, Date: Tue, 06 Dec 2016 12:24:28 GMT]"
params = {ClientParamsStack@12591}
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user