4:20 a.m.
I am using embedded Jetty 9.2. If I use a public client with env vars in
JSON everything works, if I use env vars for confidential client it
breaks with "503 service unavailable".
Works:
{
"realm": "${env.KC_REALM}",
"realm-public-key": "${env.KC_PUBLIC_KEY}",
"auth-server-url": "${env.KC_BASE_URL}",
"ssl-required": "${env.KC_SSL_REQUIRED}",
"resource": "${env.KC_RESOURCE}",
"public-client": true
}
Fails:
{
"realm": "${env.KC_REALM}",
"realm-public-key": "${env.KC_PUBLIC_KEY}",
"auth-server-url": "${env.KC_BASE_URL}",
"ssl-required": "${env.KC_SSL_REQUIRED}",
"resource": "${env.KC_CLIENT}",
"credentials": {
"secret": "${env.KC_CLIENT_SECRET}"
},
"use-resource-mappings": true
}
Confidential client works if I copy-paste the JSON from "Installation"
tab directly (without env vars).
I checked at least 10 times that my env vars are correct and that I
don't have a typo somewhere.
Unfortunately there are zero logs from Jetty or Keycloak adapter about
the problem. How would I go troubleshooting this?
6:31 a.m.
Did you bump to trace log on Keycloak server and Jetty? Maybe that'll show
something interesting. Where's the 503 coming from? Keycloak or Jetty? What
about remote debugging it?
On 4 January 2017 at 11:20, cen <imbacen(a)gmail.com> wrote:
I am using embedded Jetty 9.2. If I use a public client with env vars
in
JSON everything works, if I use env vars for confidential client it
breaks with "503 service unavailable".
Works:
{
"realm": "${env.KC_REALM}",
"realm-public-key": "${env.KC_PUBLIC_KEY}",
"auth-server-url": "${env.KC_BASE_URL}",
"ssl-required": "${env.KC_SSL_REQUIRED}",
"resource": "${env.KC_RESOURCE}",
"public-client": true
}
Fails:
{
"realm": "${env.KC_REALM}",
"realm-public-key": "${env.KC_PUBLIC_KEY}",
"auth-server-url": "${env.KC_BASE_URL}",
"ssl-required": "${env.KC_SSL_REQUIRED}",
"resource": "${env.KC_CLIENT}",
"credentials": {
"secret": "${env.KC_CLIENT_SECRET}"
},
"use-resource-mappings": true
}
Confidential client works if I copy-paste the JSON from "Installation"
tab directly (without env vars).
I checked at least 10 times that my env vars are correct and that I
don't have a typo somewhere.
Unfortunately there are zero logs from Jetty or Keycloak adapter about
the problem. How would I go troubleshooting this?
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
8:51 a.m.
It was due to "use-resource-mappings": true not existing (adapter vs
server version mismatch). But the main problem was jetty logging not
being configured, hiding the stacktrace.
Thanks.
Stian Thorgersen je 04. 01. 2017 ob 13:31 napisal:
Did you bump to trace log on Keycloak server and Jetty? Maybe
that'll
show something interesting. Where's the 503 coming from? Keycloak or
Jetty? What about remote debugging it?
On 4 January 2017 at 11:20, cen <imbacen(a)gmail.com
<mailto:imbacen@gmail.com>> wrote:
I am using embedded Jetty 9.2. If I use a public client with env
vars in
JSON everything works, if I use env vars for confidential client it
breaks with "503 service unavailable".
Works:
{
"realm": "${env.KC_REALM}",
"realm-public-key": "${env.KC_PUBLIC_KEY}",
"auth-server-url": "${env.KC_BASE_URL}",
"ssl-required": "${env.KC_SSL_REQUIRED}",
"resource": "${env.KC_RESOURCE}",
"public-client": true
}
Fails:
{
"realm": "${env.KC_REALM}",
"realm-public-key": "${env.KC_PUBLIC_KEY}",
"auth-server-url": "${env.KC_BASE_URL}",
"ssl-required": "${env.KC_SSL_REQUIRED}",
"resource": "${env.KC_CLIENT}",
"credentials": {
"secret": "${env.KC_CLIENT_SECRET}"
},
"use-resource-mappings": true
}
Confidential client works if I copy-paste the JSON from "Installation"
tab directly (without env vars).
I checked at least 10 times that my env vars are correct and that I
don't have a typo somewhere.
Unfortunately there are zero logs from Jetty or Keycloak adapter about
the problem. How would I go troubleshooting this?
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user
<https://lists.jboss.org/mailman/listinfo/keycloak-user>
3324
days inactive
3324
days old
2 comments
2 participants
participants (2)
-
cen -
Stian Thorgersen