11:04 a.m.
I wrote a simple reactJS web app ("/rtna2") deployed under Tomcat 7. I followed
the steps below, but keycloak does not seem to work - no login challenge was posed, and
when I type https://<my server ip>/rtna2, it went straight to the the web app.
1 - download the tomcat 7 keycloak adaptor zip and unzip in my tomcat lib/2 - rtna2 app is
deployed under tomcat webapps/3 - modify rtna2/META-INF/context.xml:
<?xml version="1.0" encoding="UTF-8"?><Context
path="/rtna2" debug="0" privileged="true" > <Valve
className="org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve"/></Context>4
- add keycloak.json under rtna2/WEB-INF:
{ "realm": "rtna", "realm-public-key":
"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhvJlVZqi8KaZDZVPPl29y/nnPBHaPvH+NoG71w6BMDwIImw6vkNlO3CSr+kRAyLnpnP/9248gEZx6YwqEKwE4Oy5R6wuuxwOd2FdpYFM2wDw5zhF7U4oYy0WK1m31/hQdLGnpKtDdGReEwdkMOMtG655Nnqw8WdtmF3S2XcEm2t0gaNoYycd6gl4670nRqx6bRxs6UndERHZmHfkzLcL71RflgO1cyuOqMsjMb7oWIDy5bkE4ddB69TAbrpXVzLvwG1OIaM/XdfXOZIaIAajfacP3Vk8bZFa9eAsh5BVaeGzlqktsdk1JjbV0a14OVXQcCRusnV2wE+zSZhPNxhfFwIDAQAB",
"auth-server-url": "https://135.112.180.27:8666/auth",
"ssl-required": "external", "resource": "rtna2",
"public-client": true}
5. modify rtna2/WEB-INF/web.xml:
<?xml version="1.0" encoding="UTF-8"?><web-app
version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" >
<!-- Default page to serve
--><module-name>rtna2</module-name><welcome-file-list>
<welcome-file>index.html</welcome-file>
</welcome-file-list> <security-constraint>
<web-resource-collection>
<web-resource-name>rtna2</web-resource-name>
<url-pattern>/rtna2/*</url-pattern>
</web-resource-collection> <auth-constraint>
<role-name>*</role-name> </auth-constraint>
</security-constraint>
<login-config> <auth-method>BASIC</auth-method>
<realm-name>rtna</realm-name> </login-config>
<security-role> <role-name>admin</role-name>
</security-role> <security-role>
<role-name>user</role-name> </security-role>
<security-role> <role-name>sudo</role-name>
</security-role></web-app>
I have tried "<auth-method>KEYCLOAK</auth-method>" also, does not
work
6. in the keycloak admin console, added a "rtna" realm, and added
"rtna2" client in the realm:
client id: rtna2Access type: public (tried "confidential" also)Authorization
enabled: on ("off" also)Root URL: https://135.112.180.27/rtna2Valid Redirect
URLs: https://135.112.180.27/rtna2/*Base URL: https://135.112.180.27/rtna2Admin
URL: https://135.112.180.27/rtna2Web Origins: https://135.112.180.27/rtna2/*
I found relative paths for these URLs do not work, it gave me Http 404 not found
(https://135.112.180.27/rtna2) error. But once I put the absolute paths, it took me right
to the web app without posing the login challenge!
What could possibly be wrong? Please advise! Thanks!!
12:10 p.m.
New subject: Fw: KeyCloak either poses no login challenge or throws Null Pointer Exception for web apps deployed in Tomcat
Subject: KeyCloak poses no login challenge or throws NullPointer for web apps deployed in
Tomcat 7
I wrote a simple reactJS web app ("/rtna2") deployed under Tomcat 7. I followed
the steps below, but keycloak does not seem to work - no login challenge was posed, and
when I type https://<my server ip>/rtna2, it went straight to the the web app. I
did similar set up for one of our existing webapp deployed in Tomcat 7, this one throws
Null pointer exception:
HTTP Status 500 -
type Exception reportmessagedescription The server encountered an internal error that
prevented it from fulfilling this request.exceptionjava.lang.NullPointerException
org.keycloak.adapters.PreAuthActionsHandler.preflightCors(PreAuthActionsHandler.java:107)
org.keycloak.adapters.PreAuthActionsHandler.handleRequest(PreAuthActionsHandler.java:79)
org.keycloak.adapters.tomcat.AbstractKeycloakAuthenticatorValve.invoke(AbstractKeycloakAuthenticatorValve.java:181)
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:956)
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:436)
org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:190)
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:625)
org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:316)
java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
java.lang.Thread.run(Unknown Source)
note The full stack trace of the root cause is available in the Apache Tomcat/7.0.69
logs.
Here are the steps I performed:
1 - download the tomcat 7 keycloak adaptor zip and unzip in my tomcat lib/2 - rtna2 app is
deployed under tomcat webapps/3 - modify rtna2/META-INF/context.xml:
<?xml version="1.0" encoding="UTF-8"?><Context
path="/rtna2" debug="0" privileged="true" > <Valve
className="org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve"/></Context>4
- add keycloak.json under rtna2/WEB-INF:
{ "realm": "rtna", "realm-public-key":
"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhvJlVZqi8KaZDZVPPl29y/nnPBHaPvH+NoG71w6BMDwIImw6vkNlO3CSr+kRAyLnpnP/9248gEZx6YwqEKwE4Oy5R6wuuxwOd2FdpYFM2wDw5zhF7U4oYy0WK1m31/hQdLGnpKtDdGReEwdkMOMtG655Nnqw8WdtmF3S2XcEm2t0gaNoYycd6gl4670nRqx6bRxs6UndERHZmHfkzLcL71RflgO1cyuOqMsjMb7oWIDy5bkE4ddB69TAbrpXVzLvwG1OIaM/XdfXOZIaIAajfacP3Vk8bZFa9eAsh5BVaeGzlqktsdk1JjbV0a14OVXQcCRusnV2wE+zSZhPNxhfFwIDAQAB",
"auth-server-url": "https://135.112.180.27:8666/auth",
"ssl-required": "external", "resource": "rtna2",
"public-client": true}
5. modify rtna2/WEB-INF/web.xml:
<?xml version="1.0" encoding="UTF-8"?><web-app
version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" >
<!-- Default page to serve
--><module-name>rtna2</module-name><welcome-file-list>
<welcome-file>index.html</welcome-file>
</welcome-file-list> <security-constraint>
<web-resource-collection>
<web-resource-name>rtna2</web-resource-name>
<url-pattern>/rtna2/*</url-pattern>
</web-resource-collection> <auth-constraint>
<role-name>*</role-name> </auth-constraint>
</security-constraint>
<login-config> <auth-method>BASIC</auth-method>
<realm-name>rtna</realm-name> </login-config>
<security-role> <role-name>admin</role-name>
</security-role> <security-role>
<role-name>user</role-name> </security-role>
<security-role> <role-name>sudo</role-name>
</security-role></web-app>
I have tried "<auth-method>KEYCLOAK</auth-method>" also, does not
work
6. in the keycloak admin console, added a "rtna" realm, and added
"rtna2" client in the realm:
client id: rtna2Access type: public (tried "confidential" also)Authorization
enabled: on ("off" also)Root URL: https://135.112.180.27/rtna2Valid Redirect
URLs: https://135.112.180.27/rtna2/*Base URL: https://135.112.180.27/rtna2Admin
URL: https://135.112.180.27/rtna2Web Origins: https://135.112.180.27/rtna2/*
I found relative paths for these URLs do not work, it gave me Http 404 not found
(https://135.112.180.27/rtna2) error. But once I put the absolute paths, it took me right
to the web app without posing the login challenge!
What could possibly be wrong? Please advise! Thanks!!
7:17 a.m.
I think i know what it is. Your security constraint is wrong. It should
be "/*" for the url pattern, not "/rtna2/*". You are not supposed to
specify the root context in web.xml url patterns.
On 5/26/17 12:04 PM, shimin q wrote:
I wrote a simple reactJS web app ("/rtna2") deployed under
Tomcat 7. I followed the steps below, but keycloak does not seem to work - no login
challenge was posed, and when I type https://<my server ip>/rtna2, it went straight
to the the web app.
1 - download the tomcat 7 keycloak adaptor zip and unzip in my tomcat lib/2 - rtna2 app
is deployed under tomcat webapps/3 - modify rtna2/META-INF/context.xml:
<?xml version="1.0" encoding="UTF-8"?><Context
path="/rtna2" debug="0" privileged="true" > <Valve
className="org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve"/></Context>4
- add keycloak.json under rtna2/WEB-INF:
{ "realm": "rtna", "realm-public-key":
"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhvJlVZqi8KaZDZVPPl29y/nnPBHaPvH+NoG71w6BMDwIImw6vkNlO3CSr+kRAyLnpnP/9248gEZx6YwqEKwE4Oy5R6wuuxwOd2FdpYFM2wDw5zhF7U4oYy0WK1m31/hQdLGnpKtDdGReEwdkMOMtG655Nnqw8WdtmF3S2XcEm2t0gaNoYycd6gl4670nRqx6bRxs6UndERHZmHfkzLcL71RflgO1cyuOqMsjMb7oWIDy5bkE4ddB69TAbrpXVzLvwG1OIaM/XdfXOZIaIAajfacP3Vk8bZFa9eAsh5BVaeGzlqktsdk1JjbV0a14OVXQcCRusnV2wE+zSZhPNxhfFwIDAQAB",
"auth-server-url": "https://135.112.180.27:8666/auth",
"ssl-required": "external", "resource": "rtna2",
"public-client": true}
5. modify rtna2/WEB-INF/web.xml:
<?xml version="1.0" encoding="UTF-8"?><web-app
version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" >
<!-- Default page to serve
--><module-name>rtna2</module-name><welcome-file-list>
<welcome-file>index.html</welcome-file> </welcome-file-list>
<security-constraint> <web-resource-collection>
<web-resource-name>rtna2</web-resource-name>
<url-pattern>/rtna2/*</url-pattern> </web-resource-collection>
<auth-constraint> <role-name>*</role-name>
</auth-constraint> </security-constraint>
<login-config> <auth-method>BASIC</auth-method>
<realm-name>rtna</realm-name> </login-config>
<security-role> <role-name>admin</role-name>
</security-role> <security-role>
<role-name>user</role-name> </security-role> <security-role>
<role-name>sudo</role-name> </security-role></web-app>
I have tried "<auth-method>KEYCLOAK</auth-method>" also, does not
work
6. in the keycloak admin console, added a "rtna" realm, and added
"rtna2" client in the realm:
client id: rtna2Access type: public (tried "confidential" also)Authorization
enabled: on ("off" also)Root URL: https://135.112.180.27/rtna2Valid Redirect
URLs: https://135.112.180.27/rtna2/*Base URL: https://135.112.180.27/rtna2Admin URL:
https://135.112.180.27/rtna2Web Origins: https://135.112.180.27/rtna2/*
I found relative paths for these URLs do not work, it gave me Http 404 not found
(https://135.112.180.27/rtna2) error. But once I put the absolute paths, it took me right
to the web app without posing the login challenge!
What could possibly be wrong? Please advise! Thanks!!
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
3:28 p.m.
Thanks. a bit of progress, once I changed from "/rtna2/*" to "/*", it
is redirecting my web app URL
https://135.112.180.27/rtna2
to
https://135.112.180.27:8666/auth/realms/rtna/protocol/openid-connect/auth...
Unfortunately, still no login challenges, I got the following error message instead
"We are sorry...invalid user name or password"
I am trying to figure out where I configured realm "rtna" or client
"rtna2" wrong...here is the keycloak.json that I used (generated under the
Installation tab of the client "rtna2":
{ "realm": "rtna", "realm-public-key":
"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhvJlVZqi8KaZDZVPPl29y/nnPBHaPvH+NoG71w6BMDwIImw6vkNlO3CSr+kRAyLnpnP/9248gEZx6YwqEKwE4Oy5R6wuuxwOd2FdpYFM2wDw5zhF7U4oYy0WK1m31/hQdLGnpKtDdGReEwdkMOMtG655Nnqw8WdtmF3S2XcEm2t0gaNoYycd6gl4670nRqx6bRxs6UndERHZmHfkzLcL71RflgO1cyuOqMsjMb7oWIDy5bkE4ddB69TAbrpXVzLvwG1OIaM/XdfXOZIaIAajfacP3Vk8bZFa9eAsh5BVaeGzlqktsdk1JjbV0a14OVXQcCRusnV2wE+zSZhPNxhfFwIDAQAB",
"auth-server-url": "https://135.112.180.27:8666/auth",
"ssl-required": "all", "resource": "rtna2",
"public-client": true, "use-resource-role-mappings": true}
Please, any tips/ideas why I am now getting the "invalid user name or password"
instead of a keycloak login form? Thanks!
From: Bill Burke <bburke(a)redhat.com>
To: keycloak-user(a)lists.jboss.org
Sent: Saturday, May 27, 2017 1:29 PM
Subject: Re: [keycloak-user] KeyCloak pose no login challenge
I think i know what it is. Your security constraint is wrong. It should
be "/*" for the url pattern, not "/rtna2/*". You are not supposed to
specify the root context in web.xml url patterns.
On 5/26/17 12:04 PM, shimin q wrote:
I wrote a simple reactJS web app ("/rtna2") deployed under
Tomcat 7. I followed the steps below, but keycloak does not seem to work - no login
challenge was posed, and when I type https://<my server ip>/rtna2, it went straight
to the the web app.
1 - download the tomcat 7 keycloak adaptor zip and unzip in my tomcat lib/2 - rtna2 app
is deployed under tomcat webapps/3 - modify rtna2/META-INF/context.xml:
<?xml version="1.0" encoding="UTF-8"?><Context
path="/rtna2" debug="0" privileged="true" > <Valve
className="org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve"/></Context>4
- add keycloak.json under rtna2/WEB-INF:
{ "realm": "rtna", "realm-public-key":
"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhvJlVZqi8KaZDZVPPl29y/nnPBHaPvH+NoG71w6BMDwIImw6vkNlO3CSr+kRAyLnpnP/9248gEZx6YwqEKwE4Oy5R6wuuxwOd2FdpYFM2wDw5zhF7U4oYy0WK1m31/hQdLGnpKtDdGReEwdkMOMtG655Nnqw8WdtmF3S2XcEm2t0gaNoYycd6gl4670nRqx6bRxs6UndERHZmHfkzLcL71RflgO1cyuOqMsjMb7oWIDy5bkE4ddB69TAbrpXVzLvwG1OIaM/XdfXOZIaIAajfacP3Vk8bZFa9eAsh5BVaeGzlqktsdk1JjbV0a14OVXQcCRusnV2wE+zSZhPNxhfFwIDAQAB",
"auth-server-url": "https://135.112.180.27:8666/auth",
"ssl-required": "external", "resource": "rtna2",
"public-client": true}
5. modify rtna2/WEB-INF/web.xml:
<?xml version="1.0" encoding="UTF-8"?><web-app
version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" >
<!-- Default page to serve
--><module-name>rtna2</module-name><welcome-file-list>
<welcome-file>index.html</welcome-file> </welcome-file-list>
<security-constraint> <web-resource-collection>
<web-resource-name>rtna2</web-resource-name>
<url-pattern>/rtna2/*</url-pattern> </web-resource-collection>
<auth-constraint> <role-name>*</role-name>
</auth-constraint> </security-constraint>
<login-config> <auth-method>BASIC</auth-method>
<realm-name>rtna</realm-name> </login-config>
<security-role> <role-name>admin</role-name>
</security-role> <security-role>
<role-name>user</role-name> </security-role>
<security-role> <role-name>sudo</role-name>
</security-role></web-app>
I have tried "<auth-method>KEYCLOAK</auth-method>" also, does not
work
6. in the keycloak admin console, added a "rtna" realm, and added
"rtna2" client in the realm:
client id: rtna2Access type: public (tried "confidential" also)Authorization
enabled: on ("off" also)Root URL: https://135.112.180.27/rtna2Valid Redirect
URLs: https://135.112.180.27/rtna2/*Base URL: https://135.112.180.27/rtna2Admin URL:
https://135.112.180.27/rtna2Web Origins: https://135.112.180.27/rtna2/*
I found relative paths for these URLs do not work, it gave me Http 404 not found
(https://135.112.180.27/rtna2) error. But once I put the absolute paths, it took me right
to the web app without posing the login challenge!
What could possibly be wrong? Please advise! Thanks!!
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
7:40 p.m.
Another piece of info when the "We're sorry...invalid user name or password"
message was shown (without login challenge ever posted)... keycloak server.log file has
this warning:
2017-05-27 20:33:59,936 WARN [org.keycloak.events] (default task-80) type=LOGIN_ERROR,
realmId=rtna, clientId=rtna2, userId=null, ipAddress=135.224.13.68,
error=invalid_user_credentials, auth_method=openid-connect, auth_type=code,
response_type=code, redirect_uri=https://135.112.180.27/rtna2/,
code_id=689abbad-ccad-469a-86be-1e489b0dba15, response_mode=query
How could this be, there was no login challenge so I couldn't even input user name and
password!
From: shimin q <shimin_q(a)yahoo.com>
To: Bill Burke <bburke(a)redhat.com>; "keycloak-user(a)lists.jboss.org"
<keycloak-user(a)lists.jboss.org>
Sent: Saturday, May 27, 2017 4:28 PM
Subject: Re: [keycloak-user] KeyCloak pose no login challenge
Thanks. a bit of progress, once I changed from "/rtna2/*" to "/*", it
is redirecting my web app URL
https://135.112.180.27/rtna2
to
https://135.112.180.27:8666/auth/realms/rtna/protocol/openid-connect/auth...
Unfortunately, still no login challenges, I got the following error message instead
"We are sorry...invalid user name or password"
I am trying to figure out where I configured realm "rtna" or client
"rtna2" wrong...here is the keycloak.json that I used (generated under the
Installation tab of the client "rtna2":
{ "realm": "rtna", "realm-public-key":
"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhvJlVZqi8KaZDZVPPl29y/nnPBHaPvH+NoG71w6BMDwIImw6vkNlO3CSr+kRAyLnpnP/9248gEZx6YwqEKwE4Oy5R6wuuxwOd2FdpYFM2wDw5zhF7U4oYy0WK1m31/hQdLGnpKtDdGReEwdkMOMtG655Nnqw8WdtmF3S2XcEm2t0gaNoYycd6gl4670nRqx6bRxs6UndERHZmHfkzLcL71RflgO1cyuOqMsjMb7oWIDy5bkE4ddB69TAbrpXVzLvwG1OIaM/XdfXOZIaIAajfacP3Vk8bZFa9eAsh5BVaeGzlqktsdk1JjbV0a14OVXQcCRusnV2wE+zSZhPNxhfFwIDAQAB",
"auth-server-url": "https://135.112.180.27:8666/auth",
"ssl-required": "all", "resource": "rtna2",
"public-client": true, "use-resource-role-mappings": true}
Please, any tips/ideas why I am now getting the "invalid user name or password"
instead of a keycloak login form? Thanks!
From: Bill Burke <bburke(a)redhat.com>
To: keycloak-user(a)lists.jboss.org
Sent: Saturday, May 27, 2017 1:29 PM
Subject: Re: [keycloak-user] KeyCloak pose no login challenge
I think i know what it is. Your security constraint is wrong. It should
be "/*" for the url pattern, not "/rtna2/*". You are not supposed to
specify the root context in web.xml url patterns.
On 5/26/17 12:04 PM, shimin q wrote:
I wrote a simple reactJS web app ("/rtna2") deployed under
Tomcat 7. I followed the steps below, but keycloak does not seem to work - no login
challenge was posed, and when I type https://<my server ip>/rtna2, it went straight
to the the web app.
1 - download the tomcat 7 keycloak adaptor zip and unzip in my tomcat lib/2 - rtna2 app
is deployed under tomcat webapps/3 - modify rtna2/META-INF/context.xml:
<?xml version="1.0" encoding="UTF-8"?><Context
path="/rtna2" debug="0" privileged="true" > <Valve
className="org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve"/></Context>4
- add keycloak.json under rtna2/WEB-INF:
{ "realm": "rtna", "realm-public-key":
"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhvJlVZqi8KaZDZVPPl29y/nnPBHaPvH+NoG71w6BMDwIImw6vkNlO3CSr+kRAyLnpnP/9248gEZx6YwqEKwE4Oy5R6wuuxwOd2FdpYFM2wDw5zhF7U4oYy0WK1m31/hQdLGnpKtDdGReEwdkMOMtG655Nnqw8WdtmF3S2XcEm2t0gaNoYycd6gl4670nRqx6bRxs6UndERHZmHfkzLcL71RflgO1cyuOqMsjMb7oWIDy5bkE4ddB69TAbrpXVzLvwG1OIaM/XdfXOZIaIAajfacP3Vk8bZFa9eAsh5BVaeGzlqktsdk1JjbV0a14OVXQcCRusnV2wE+zSZhPNxhfFwIDAQAB",
"auth-server-url": "https://135.112.180.27:8666/auth",
"ssl-required": "external", "resource": "rtna2",
"public-client": true}
5. modify rtna2/WEB-INF/web.xml:
<?xml version="1.0" encoding="UTF-8"?><web-app
version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" >
<!-- Default page to serve
--><module-name>rtna2</module-name><welcome-file-list>
<welcome-file>index.html</welcome-file> </welcome-file-list>
<security-constraint> <web-resource-collection>
<web-resource-name>rtna2</web-resource-name>
<url-pattern>/rtna2/*</url-pattern> </web-resource-collection>
<auth-constraint> <role-name>*</role-name>
</auth-constraint> </security-constraint>
<login-config> <auth-method>BASIC</auth-method>
<realm-name>rtna</realm-name> </login-config>
<security-role> <role-name>admin</role-name>
</security-role> <security-role>
<role-name>user</role-name> </security-role>
<security-role> <role-name>sudo</role-name>
</security-role></web-app>
I have tried "<auth-method>KEYCLOAK</auth-method>" also, does not
work
6. in the keycloak admin console, added a "rtna" realm, and added
"rtna2" client in the realm:
client id: rtna2Access type: public (tried "confidential" also)Authorization
enabled: on ("off" also)Root URL: https://135.112.180.27/rtna2Valid Redirect
URLs: https://135.112.180.27/rtna2/*Base URL: https://135.112.180.27/rtna2Admin URL:
https://135.112.180.27/rtna2Web Origins: https://135.112.180.27/rtna2/*
I found relative paths for these URLs do not work, it gave me Http 404 not found
(https://135.112.180.27/rtna2) error. But once I put the absolute paths, it took me right
to the web app without posing the login challenge!
What could possibly be wrong? Please advise! Thanks!!
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
1:22 a.m.
Try again in an inconginito window and empty your cash.
BTW, you mentioned you have a ReactJS app , have also considered using the
keycloak JS lib to secure your web app ?
Le dim. 28 mai 2017 à 05:59, shimin q <shimin_q(a)yahoo.com> a écrit :
Another piece of info when the "We're sorry...invalid user
name or
password" message was shown (without login challenge ever posted)...
keycloak server.log file has this warning:
2017-05-27 20:33:59,936 WARN [org.keycloak.events] (default task-80)
type=LOGIN_ERROR, realmId=rtna, clientId=rtna2, userId=null,
ipAddress=135.224.13.68, error=invalid_user_credentials,
auth_method=openid-connect, auth_type=code, response_type=code,
redirect_uri=https://135.112.180.27/rtna2/,
code_id=689abbad-ccad-469a-86be-1e489b0dba15, response_mode=query
How could this be, there was no login challenge so I couldn't even input
user name and password!
From: shimin q <shimin_q(a)yahoo.com>
To: Bill Burke <bburke(a)redhat.com>; "keycloak-user(a)lists.jboss.org"
<
keycloak-user(a)lists.jboss.org>
Sent: Saturday, May 27, 2017 4:28 PM
Subject: Re: [keycloak-user] KeyCloak pose no login challenge
Thanks. a bit of progress, once I changed from "/rtna2/*" to "/*",
it is
redirecting my web app URL
https://135.112.180.27/rtna2
to
https://135.112.180.27:8666/auth/realms/rtna/protocol/openid-connect/auth...
Unfortunately, still no login challenges, I got the following error
message instead
"We are sorry...invalid user name or password"
I am trying to figure out where I configured realm "rtna" or client
"rtna2" wrong...here is the keycloak.json that I used (generated under the
Installation tab of the client "rtna2":
{ "realm": "rtna", "realm-public-key":
"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhvJlVZqi8KaZDZVPPl29y/nnPBHaPvH+NoG71w6BMDwIImw6vkNlO3CSr+kRAyLnpnP/9248gEZx6YwqEKwE4Oy5R6wuuxwOd2FdpYFM2wDw5zhF7U4oYy0WK1m31/hQdLGnpKtDdGReEwdkMOMtG655Nnqw8WdtmF3S2XcEm2t0gaNoYycd6gl4670nRqx6bRxs6UndERHZmHfkzLcL71RflgO1cyuOqMsjMb7oWIDy5bkE4ddB69TAbrpXVzLvwG1OIaM/XdfXOZIaIAajfacP3Vk8bZFa9eAsh5BVaeGzlqktsdk1JjbV0a14OVXQcCRusnV2wE+zSZhPNxhfFwIDAQAB",
"auth-server-url": "https://135.112.180.27:8666/auth",
"ssl-required":
"all", "resource": "rtna2", "public-client":
true,
"use-resource-role-mappings": true}
Please, any tips/ideas why I am now getting the "invalid user name or
password" instead of a keycloak login form? Thanks!
From: Bill Burke <bburke(a)redhat.com>
To: keycloak-user(a)lists.jboss.org
Sent: Saturday, May 27, 2017 1:29 PM
Subject: Re: [keycloak-user] KeyCloak pose no login challenge
I think i know what it is. Your security constraint is wrong. It should
be "/*" for the url pattern, not "/rtna2/*". You are not supposed
to
specify the root context in web.xml url patterns.
On 5/26/17 12:04 PM, shimin q wrote:
> I wrote a simple reactJS web app ("/rtna2") deployed under Tomcat 7. I
followed the steps below, but keycloak does not seem to work - no login
challenge was posed, and when I type https://<my server ip>/rtna2, it
went straight to the the web app.
> 1 - download the tomcat 7 keycloak adaptor zip and unzip in my tomcat
lib/2 - rtna2 app is deployed under tomcat webapps/3 - modify
rtna2/META-INF/context.xml:
> <?xml version="1.0" encoding="UTF-8"?><Context
path="/rtna2" debug="0"
privileged="true" > <Valve
className="org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve"/></Context>4
- add keycloak.json under rtna2/WEB-INF:
>
> { "realm": "rtna", "realm-public-key":
"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhvJlVZqi8KaZDZVPPl29y/nnPBHaPvH+NoG71w6BMDwIImw6vkNlO3CSr+kRAyLnpnP/9248gEZx6YwqEKwE4Oy5R6wuuxwOd2FdpYFM2wDw5zhF7U4oYy0WK1m31/hQdLGnpKtDdGReEwdkMOMtG655Nnqw8WdtmF3S2XcEm2t0gaNoYycd6gl4670nRqx6bRxs6UndERHZmHfkzLcL71RflgO1cyuOqMsjMb7oWIDy5bkE4ddB69TAbrpXVzLvwG1OIaM/XdfXOZIaIAajfacP3Vk8bZFa9eAsh5BVaeGzlqktsdk1JjbV0a14OVXQcCRusnV2wE+zSZhPNxhfFwIDAQAB",
"auth-server-url": "https://135.112.180.27:8666/auth",
"ssl-required":
"external", "resource": "rtna2",
"public-client": true}
> 5. modify rtna2/WEB-INF/web.xml:
> <?xml version="1.0" encoding="UTF-8"?><web-app
version="2.5" xmlns="
http://java.sun.com/xml/ns/javaee" xmlns:xsi="
http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="
http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" >
>
> <!-- Default page to serve
--><module-name>rtna2</module-name><welcome-file-list>
<welcome-file>index.html</welcome-file> </welcome-file-list>
<security-constraint> <web-resource-collection>
<web-resource-name>rtna2</web-resource-name>
<url-pattern>/rtna2/*</url-pattern> </web-resource-collection>
<auth-constraint> <role-name>*</role-name>
</auth-constraint> </security-constraint>
> <login-config> <auth-method>BASIC</auth-method>
<realm-name>rtna</realm-name> </login-config>
> <security-role> <role-name>admin</role-name>
</security-role> <security-role>
<role-name>user</role-name>
</security-role> <security-role>
<role-name>sudo</role-name>
</security-role></web-app>
> I have tried "<auth-method>KEYCLOAK</auth-method>" also, does
not work
> 6. in the keycloak admin console, added a "rtna" realm, and added
"rtna2" client in the realm:
> client id: rtna2Access type: public (tried "confidential"
also)Authorization enabled: on ("off" also)Root URL:
https://135.112.180.27/rtna2Valid Redirect URLs:
https://135.112.180.27/rtna2/*Base URL: https://135.112.180.27/rtna2Admin
URL: https://135.112.180.27/rtna2Web Origins:
https://135.112.180.27/rtna2/*
> I found relative paths for these URLs do not work, it gave me Http 404
not found (https://135.112.180.27/rtna2) error. But once I put the
absolute paths, it took me right to the web app without posing the login
challenge!
> What could possibly be wrong? Please advise! Thanks!!
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
9:57 a.m.
Thanks for your suggestion. I just tried incognito chrome window and cleared the browser
cache and Java cache. Unfortunately, https://135.112.180.27/rtna2 , after redirecting
to
https://135.112.180.27:8666/auth/realms/rtna/protocol/openid-connect/auth...
"We're Sorry...invalid user name or password" came up again (still no login
challenge)
server.log:
2017-05-28 10:38:49,866 WARN [org.keycloak.events] (default task-104) type=LOGIN_ERROR,
realmId=rtna, clientId=rtna2, userId=null, ipAddress=135.224.18.117,
error=invalid_user_credentials, auth_method=openid-connect, auth_type=code,
response_type=code, redirect_uri=https://135.112.180.27/rtna2/,
code_id=260dc630-40e5-4b83-955a-df76d8d04d63, response_mode=query
I also tried another existing GWT web app (https://135.112.180.27/nara) deployed under the
same Tomcat server. Same config/set up, but this one is even worse, it never even got to
the redirecting to keycloak auth, instead it is throwing me an exception: (of course, no
login challenge/form either)
HTTP Status 500 -
type Exception reportmessagedescription The server encountered an internal error that
prevented it from fulfilling this request.exceptionjava.lang.NullPointerException
org.keycloak.adapters.PreAuthActionsHandler.preflightCors(PreAuthActionsHandler.java:107)
org.keycloak.adapters.PreAuthActionsHandler.handleRequest(PreAuthActionsHandler.java:79)
org.keycloak.adapters.tomcat.AbstractKeycloakAuthenticatorValve.invoke(AbstractKeycloakAuthenticatorValve.java:181)
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:956)
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:436)
org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:190)
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:625)
org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:316)
java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
java.lang.Thread.run(Unknown Source)
note The full stack trace of the root cause is available in the Apache Tomcat/7.0.69
logs.
Any ideas what could be wrong? I am pulling my hairs out :-( this is not supposed to be
this hard! I have been trying to get this to work for the last 3 days. At one time, the
login challenge did come up, but after I typed in user name /password, it throws me HTTP
403 error, never redirected me to my web app (https://135.112.180.27/rtna2). Tried
various config changes, I ended up with this situation where login challenge is not posted
at all.
Please help!!
From: Sebastien Blanc <sblanc(a)redhat.com>
To: Bill Burke <bburke(a)redhat.com>; "keycloak-user(a)lists.jboss.org"
<keycloak-user(a)lists.jboss.org>; shimin q <shimin_q(a)yahoo.com>
Sent: Sunday, May 28, 2017 2:22 AM
Subject: Re: [keycloak-user] KeyCloak pose no login challenge
Try again in an inconginito window and empty your cash. BTW, you mentioned you have a
ReactJS app , have also considered using the keycloak JS lib to secure your web app ?
Le dim. 28 mai 2017 à 05:59, shimin q <shimin_q(a)yahoo.com> a écrit :
Another piece of info when the "We're sorry...invalid user name or password"
message was shown (without login challenge ever posted)... keycloak server.log file has
this warning:
2017-05-27 20:33:59,936 WARN [org.keycloak.events] (default task-80) type=LOGIN_ERROR,
realmId=rtna, clientId=rtna2, userId=null, ipAddress=135.224.13.68,
error=invalid_user_credentials, auth_method=openid-connect, auth_type=code,
response_type=code, redirect_uri=https://135.112.180.27/rtna2/,
code_id=689abbad-ccad-469a-86be-1e489b0dba15, response_mode=query
How could this be, there was no login challenge so I couldn't even input user name and
password!
From: shimin q <shimin_q(a)yahoo.com>
To: Bill Burke <bburke(a)redhat.com>; "keycloak-user(a)lists.jboss.org"
<keycloak-user(a)lists.jboss.org>
Sent: Saturday, May 27, 2017 4:28 PM
Subject: Re: [keycloak-user] KeyCloak pose no login challenge
Thanks. a bit of progress, once I changed from "/rtna2/*" to "/*", it
is redirecting my web app URL
https://135.112.180.27/rtna2
to
https://135.112.180.27:8666/auth/realms/rtna/protocol/openid-connect/auth...
Unfortunately, still no login challenges, I got the following error message instead
"We are sorry...invalid user name or password"
I am trying to figure out where I configured realm "rtna" or client
"rtna2" wrong...here is the keycloak.json that I used (generated under the
Installation tab of the client "rtna2":
{ "realm": "rtna", "realm-public-key":
"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhvJlVZqi8KaZDZVPPl29y/nnPBHaPvH+NoG71w6BMDwIImw6vkNlO3CSr+kRAyLnpnP/9248gEZx6YwqEKwE4Oy5R6wuuxwOd2FdpYFM2wDw5zhF7U4oYy0WK1m31/hQdLGnpKtDdGReEwdkMOMtG655Nnqw8WdtmF3S2XcEm2t0gaNoYycd6gl4670nRqx6bRxs6UndERHZmHfkzLcL71RflgO1cyuOqMsjMb7oWIDy5bkE4ddB69TAbrpXVzLvwG1OIaM/XdfXOZIaIAajfacP3Vk8bZFa9eAsh5BVaeGzlqktsdk1JjbV0a14OVXQcCRusnV2wE+zSZhPNxhfFwIDAQAB",
"auth-server-url": "https://135.112.180.27:8666/auth",
"ssl-required": "all", "resource": "rtna2",
"public-client": true, "use-resource-role-mappings": true}
Please, any tips/ideas why I am now getting the "invalid user name or password"
instead of a keycloak login form? Thanks!
From: Bill Burke <bburke(a)redhat.com>
To: keycloak-user(a)lists.jboss.org
Sent: Saturday, May 27, 2017 1:29 PM
Subject: Re: [keycloak-user] KeyCloak pose no login challenge
I think i know what it is. Your security constraint is wrong. It should
be "/*" for the url pattern, not "/rtna2/*". You are not supposed to
specify the root context in web.xml url patterns.
On 5/26/17 12:04 PM, shimin q wrote:
I wrote a simple reactJS web app ("/rtna2") deployed under
Tomcat 7. I followed the steps below, but keycloak does not seem to work - no login
challenge was posed, and when I type https://<my server ip>/rtna2, it went straight
to the the web app.
1 - download the tomcat 7 keycloak adaptor zip and unzip in my tomcat lib/2 - rtna2 app
is deployed under tomcat webapps/3 - modify rtna2/META-INF/context.xml:
<?xml version="1.0" encoding="UTF-8"?><Context
path="/rtna2" debug="0" privileged="true" > <Valve
className="org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve"/></Context>4
- add keycloak.json under rtna2/WEB-INF:
{ "realm": "rtna", "realm-public-key":
"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhvJlVZqi8KaZDZVPPl29y/nnPBHaPvH+NoG71w6BMDwIImw6vkNlO3CSr+kRAyLnpnP/9248gEZx6YwqEKwE4Oy5R6wuuxwOd2FdpYFM2wDw5zhF7U4oYy0WK1m31/hQdLGnpKtDdGReEwdkMOMtG655Nnqw8WdtmF3S2XcEm2t0gaNoYycd6gl4670nRqx6bRxs6UndERHZmHfkzLcL71RflgO1cyuOqMsjMb7oWIDy5bkE4ddB69TAbrpXVzLvwG1OIaM/XdfXOZIaIAajfacP3Vk8bZFa9eAsh5BVaeGzlqktsdk1JjbV0a14OVXQcCRusnV2wE+zSZhPNxhfFwIDAQAB",
"auth-server-url": "https://135.112.180.27:8666/auth",
"ssl-required": "external", "resource": "rtna2",
"public-client": true}
5. modify rtna2/WEB-INF/web.xml:
<?xml version="1.0" encoding="UTF-8"?><web-app
version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" >
<!-- Default page to serve
--><module-name>rtna2</module-name><welcome-file-list>
<welcome-file>index.html</welcome-file> </welcome-file-list>
<security-constraint> <web-resource-collection>
<web-resource-name>rtna2</web-resource-name>
<url-pattern>/rtna2/*</url-pattern> </web-resource-collection>
<auth-constraint> <role-name>*</role-name>
</auth-constraint> </security-constraint>
<login-config> <auth-method>BASIC</auth-method>
<realm-name>rtna</realm-name> </login-config>
<security-role> <role-name>admin</role-name>
</security-role> <security-role>
<role-name>user</role-name> </security-role>
<security-role> <role-name>sudo</role-name>
</security-role></web-app>
I have tried "<auth-method>KEYCLOAK</auth-method>" also, does not
work
6. in the keycloak admin console, added a "rtna" realm, and added
"rtna2" client in the realm:
client id: rtna2Access type: public (tried "confidential" also)Authorization
enabled: on ("off" also)Root URL: https://135.112.180.27/rtna2Valid Redirect
URLs: https://135.112.180.27/rtna2/*Base URL: https://135.112.180.27/rtna2Admin URL:
https://135.112.180.27/rtna2Web Origins: https://135.112.180.27/rtna2/*
I found relative paths for these URLs do not work, it gave me Http 404 not found
(https://135.112.180.27/rtna2) error. But once I put the absolute paths, it took me right
to the web app without posing the login challenge!
What could possibly be wrong? Please advise! Thanks!!
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
9:07 a.m.
New subject: Keycloak Tomcat 7 adaptor - Java version requirement?
Hi,
I am trying to use keycloak to secure six web apps deployed in Tomcat 7. Is there a Java
version requirement for the keycloak client adaptor? We are running Tomcat 7 with Java 7.
The keycloak version is 2.1.0. The strange thing is that not every web app under the
tomcat 7 has this error. They are all compiled similarly and running in the same Tomcat
with JRE 7. Any ideas?
Jun 08, 2017 1:03:17 AM org.apache.catalina.startup.HostConfig deployDirectory 560 SEVERE:
Error deploying web application directory /var/lib/tomcat/webapps/nara 561
java.lang.UnsupportedClassVersionError: org/keycloak/authorization/client/Configuration :
Unsupported major.minor version 52.0 562 at java.lang.ClassLoader.defineClass1(Native
Method) 563 at java.lang.ClassLoader.defineClass(Unknown Source) 564 at
java.security.SecureClassLoader.defineClass(Unknown Source) 565 at
java.net.URLClassLoader.defineClass(Unknown Source) 566 at
java.net.URLClassLoader.access$100(Unknown Source) 567 at
java.net.URLClassLoader$1.run(Unknown Source) 568 at
java.net.URLClassLoader$1.run(Unknown Source) 569 at
java.security.AccessController.doPrivileged(Native Method) 570 at
java.net.URLClassLoader.findClass(Unknown Source) 571 at
java.lang.ClassLoader.loadClass(Unknown Source) 572 at
java.lang.ClassLoader.loadClass(Unknown Source) 573 at
org.keycloak.adapters.authorization.PolicyEnforcer.<init>(PolicyEnforcer.java:55) 574
at
org.keycloak.adapters.KeycloakDeploymentBuilder.internalBuild(KeycloakDeploymentBuilder.java
:118) 575 at
org.keycloak.adapters.KeycloakDeploymentBuilder.build(KeycloakDeploymentBuilder.java:127) 576
at
org.keycloak.adapters.tomcat.AbstractKeycloakAuthenticatorValve.keycloakInit(AbstractKeycloa
kAuthenticatorValve.java:133) 577 at
org.keycloak.adapters.tomcat.AbstractKeycloakAuthenticatorValve.lifecycleEvent(AbstractKeycl
oakAuthenticatorValve.java:75) 578 at
org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117) 579
at
org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:90) 580
at org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:394) 581
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:165) 582 at
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:899) 583 at
org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:875) 584 at
org.apache.catalina.core.StandardHost.addChild(StandardHost.java:652) 585 at
org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1260) 586 at
org.apache.catalina.startup.HostConfig$DeployDirectory.run(HostConfig.java:2002) 587
at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source) 588 at
java.util.concurrent.FutureTask.run(Unknown Source) 589 at
java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) 590 at
java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) 591 at
java.lang.Thread.run(Unknown Source)
9:38 a.m.
New subject: Keycloak client adaptor - Java 8 requirement
Hi,
I am trying to use keycloak to secure six web apps deployed in Tomcat 7. Is there a Java
version requirement for the keycloak client adaptor? We are running Tomcat 7 with Java 7.
The keycloak version is 2.1.0. The strange thing is that not every web app under the
tomcat 7 has this error ("org/keycloak/authorization/client/Configuration :
Unsupported major.minor version 52.0"). They are all compiled similarly and running
in the same Tomcat with JRE 7. Any ideas?
Jun 08, 2017 1:03:17 AM org.apache.catalina.startup.HostConfig deployDirectory 560 SEVERE:
Error deploying web application directory /var/lib/tomcat/webapps/nara 561
java.lang.UnsupportedClassVersionError: org/keycloak/authorization/client/Configuration :
Unsupported major.minor version 52.0 562 at java.lang.ClassLoader.defineClass1(Native
Method) 563 at java.lang.ClassLoader.defineClass(Unknown Source) 564 at
java.security.SecureClassLoader.defineClass(Unknown Source) 565 at
java.net.URLClassLoader.defineClass(Unknown Source) 566 at
java.net.URLClassLoader.access$100(Unknown Source) 567 at
java.net.URLClassLoader$1.run(Unknown Source) 568 at
java.net.URLClassLoader$1.run(Unknown Source) 569 at
java.security.AccessController.doPrivileged(Native Method) 570 at
java.net.URLClassLoader.findClass(Unknown Source) 571 at
java.lang.ClassLoader.loadClass(Unknown Source) 572 at
java.lang.ClassLoader.loadClass(Unknown Source) 573 at
org.keycloak.adapters.authorization.PolicyEnforcer.<init>(PolicyEnforcer.java:55) 574
at
org.keycloak.adapters.KeycloakDeploymentBuilder.internalBuild(KeycloakDeploymentBuilder.java
:118) 575 at
org.keycloak.adapters.KeycloakDeploymentBuilder.build(KeycloakDeploymentBuilder.java:127) 576
at
org.keycloak.adapters.tomcat.AbstractKeycloakAuthenticatorValve.keycloakInit(AbstractKeycloa
kAuthenticatorValve.java:133) 577 at
org.keycloak.adapters.tomcat.AbstractKeycloakAuthenticatorValve.lifecycleEvent(AbstractKeycl
oakAuthenticatorValve.java:75) 578 at
org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117) 579
at
org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:90) 580
at org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:394) 581
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:165) 582 at
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:899) 583 at
org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:875) 584 at
org.apache.catalina.core.StandardHost.addChild(StandardHost.java:652) 585 at
org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1260) 586 at
org.apache.catalina.startup.HostConfig$DeployDirectory.run(HostConfig.java:2002) 587
at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source) 588 at
java.util.concurrent.FutureTask.run(Unknown Source) 589 at
java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) 590 at
java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) 591 at
java.lang.Thread.run(Unknown Source)
1:26 p.m.
New subject: Keycloak and kong
Hi,
We have multiplecontainers each of which contain web servers with multiple web apps
deployed but we go through a front endproxy like kong cluster. We are looking to
integrate Keycloak as the sso solution in this architecture. Does Keycloak support this
setup? And if so, how would it work and will we have SSO across multiple back end
webservers?
Thanks!!
9:23 a.m.
New subject: keycloak with embedded servlet containers
Are all the keycloak client adaptors meant to be deployed/installed in external servlet
containers (not the embedded containers)? We have some web apps that use embedded jetty.
The Jetty client adaptors that Keycloak supports are for external jetty containers,
correct? If we were to integrate keycloak with embedded jetty, how do we go about it?
Please advise. Thank you!
1:08 a.m.
New subject: keycloak with embedded servlet containers
It's not officially supported, but I think it should work. You somehow
need to programatically inject the securityHandler with the
KeycloakJettyAuthenticator to Jetty handler chain for your webapps.
We're doing something similar in our Fuse adapters btv.
Marek
On 22/06/17 16:23, shimin q wrote:
Are all the keycloak client adaptors meant to be deployed/installed
in
external servlet containers (not the embedded containers)? We have
some web apps that use embedded jetty. The Jetty client adaptors that
Keycloak supports are for external jetty containers, correct? If we
were to integrate keycloak with embedded jetty, how do we go about it?
Please advise. Thank you!
2:36 a.m.
New subject: keycloak with embedded servlet containers
You can get some inspiration but looking at the Spring Boot Adapter that
leverage the embedded containers :
https://github.com/keycloak/keycloak/blob/master/adapters/oidc/spring-boo...
On Fri, Jun 23, 2017 at 8:08 AM, Marek Posolda <mposolda(a)redhat.com> wrote:
It's not officially supported, but I think it should work. You
somehow
need to programatically inject the securityHandler with the
KeycloakJettyAuthenticator to Jetty handler chain for your webapps. We're
doing something similar in our Fuse adapters btv.
Marek
On 22/06/17 16:23, shimin q wrote:
Are all the keycloak client adaptors meant to be deployed/installed in
external servlet containers (not the embedded containers)? We have some
web apps that use embedded jetty. The Jetty client adaptors that Keycloak
supports are for external jetty containers, correct? If we were to
integrate keycloak with embedded jetty, how do we go about it?
Please advise. Thank you!
2757
days inactive
2785
days old
12 comments
4 participants
participants (4)
-
Bill Burke -
Marek Posolda -
Sebastien Blanc -
shimin q