8:13 a.m.
Hi everyone,
I am trying to make a simple test and configure a keycloak proxy to protect
an application running on http://localhost:8280/backend/
1.
My proxy.json configuration looks like the following:
{
"target-url": "http://localhost:8280/",
"send-access-token": false,
"bind-address": "localhost",
"http-port": "8080",
"applications": [
{
"base-path": "/backend",
"error-page": "/error.html",
"adapter-config": {
"realm": "demo",
"resource": "sandbox-backend",
"realm-public-key":
"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
"auth-server-url": "http://localhost:8180/auth",
"ssl-required" : "external",
"credentials": {
"secret": "9323cdd6-7e0e-46ce-814f-b5ac79581395"
}
}
}
]
}
2.
I've started the proxy server as specified in the documentation "java -jar
bin/launcher.jar proxy.json"
I am getting an error "ERROR: UT005026: Jetty ALPN support not found on
boot class path, SPDY client will not be available.", but the server still
starts, I don't think there should be a problem with that...
3. In the admin console (keycloak running on port 8180) I've configured the
backend application like the following:
Could you tell me what I am doing wrong? When I put in the app's url in the
browser it goes directly to the application...
Thanks,
Adrian
8:45 a.m.
Can't really see the screenshot, but you have to point keycloak to the
host/port of the proxy.
On 11/19/2015 9:13 AM, Adrian Matei wrote:
Hi everyone,
I am trying to make a simple test and configure a keycloak proxy to
protect an application running on http://localhost:8280/backend/
1.
My proxy.json configuration looks like the following:
{
"target-url": "http://localhost:8280/",
"send-access-token": false,
"bind-address": "localhost",
"http-port": "8080",
"applications": [
{
"base-path": "/backend",
"error-page": "/error.html",
"adapter-config": {
"realm": "demo",
"resource": "sandbox-backend",
"realm-public-key":
"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
"auth-server-url": "http://localhost:8180/auth",
"ssl-required" : "external",
"credentials": {
"secret":
"9323cdd6-7e0e-46ce-814f-b5ac79581395"
}
}
}
]
}
2.
I've started the proxy server as specified in the documentation "java
-jar bin/launcher.jar proxy.json"
I am getting an error "ERROR: UT005026: Jetty ALPN support not found on
boot class path, SPDY client will not be available.", but the server
still starts, I don't think there should be a problem with that...
3. In the admin console (keycloak running on port 8180) I've configured
the backend application like the following:
Could you tell me what I am doing wrong? When I put in the app's url in
the browser it goes directly to the application...
Thanks,
Adrian
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
8:48 a.m.
New subject: keycloak.js correct usage
Hey,
having 2 issues using the keycloak.js correct.
As for now i deployed my keycloak.json in the WEB-INF folder, but
keycloak.js needs it accessible so i have to put it outside of WEB-INF.
This forces me to have it two times, is this correct?
If I login to my test site which is essentially the view.html of the
demo-template/customer-app-js example I'm forced to relogin.
This is as far as I can tell due to the keycloak.init({ onLoad:
'login-required' }) "login-required" if i just call keycloak.init(),
keycloak doesnt retrieve a token at all.
How do i use this api correctly?
Bonus Question: the "myapp/k_query_bearer_token " return an HTTP 200 but
no token. i thought this one could have been an alternative to keycloak.js
Thanks
3:24 a.m.
New subject: keycloak.js correct usage
On 19 November 2015 at 15:48, Ataraxus <atx(a)binaryninja.de> wrote:
Hey,
having 2 issues using the keycloak.js correct.
As for now i deployed my keycloak.json in the WEB-INF folder, but
keycloak.js needs it accessible so i have to put it outside of WEB-INF.
This forces me to have it two times, is this correct?
As you're saying you need it twice I assume you have your rest services and
html5 pages in the same WAR? If so you need to have two different
keycloak.json files. Outside WEB-INF should be for the HTML5 app, which
should be a public client. Inside WEB-INF should be for your REST services
and should be a bearer-only client. Also, make sure your HTML pages and
js-scripts are public (aka doesn't have a security constraint in web.xml).
IMO though it would be cleaner to split the two into separate WARs.
If I login to my test site which is essentially the view.html of the
demo-template/customer-app-js example I'm forced to relogin.
This is as far as I can tell due to the keycloak.init({ onLoad:
'login-required' }) "login-required" if i just call keycloak.init(),
keycloak doesnt retrieve a token at all.
How do i use this api correctly?
onLoad: login-required doesn't force you to re-login. It forces you to
login if you're not already logged-in. If you don't want to force login use
keycloak.login() and wire it up to a button or something. Please read the
docs at
http://keycloak.github.io/docs/userguide/keycloak-server/html/ch08.html#j...
Bonus Question: the "myapp/k_query_bearer_token " return an HTTP 200 but
no token. i thought this one could have been an alternative to keycloak.js
If you are doing a HTML5/js app, you want to use keycloak.js that gives you
a much better experience. You could set a security-constraint in web.xml
for your index.html. Then use server-side login, but you end up with an
http session, etc.. Not very elegant.
Thanks
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
3322
days inactive
3326
days old
3 comments
4 participants
participants (4)
-
Adrian Matei -
Ataraxus -
Bill Burke -
Stian Thorgersen