Hi, Alexander,
We deploy the client application server (wildfly) and auth server (keycloak) in the
same machine. The web app url is :
http://ourhost.com/hello/index.html the
auth server is https://ourhost.com/auth
then the setup in keycloak.json should be :
"auth-server-url": "/auth",
"auth-server-url-for-backend-requests": "https://ourhost/auth"
This can reduce the round trip?
Thanks a lot
On Wednesday, January 20, 2016 3:56 PM, Alexander Schwartz
<alexander.schwartz(a)gmx.net> wrote:
During the last phase of OAuth negotation the client application (here: wildfly) will
contact the oauth server (here: keycloak) to change the code into a token. In order to
work the client application (here: wildfly) must be able to contact the keycloak server
using the auth-server-url given in keycloak.json. If this URL is only accessible browsers
from external / via a load balancer, and client application should use a different
(direct) URL to reach the keycloak server you can specify
auth-server-url-for-backend-requests in your keycloak.json Best regards,Alexander --
Alexander Schwartz (alexander.schwartz(a)gmx.net)
http://www.ahus1.de Gesendet: Mittwoch, 20. Januar 2016 um 05:23 Uhr
Von: "Mai Zi" <ornot2008(a)yahoo.com>
An: Keycloak-user <keycloak-user(a)lists.jboss.org>
Betreff: [keycloak-user] What can bring this error "failed to turn code into
token" over and over again?We get lots of errors like this: 2016-01-20 12:02:37,441
ERROR [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-1) failed to turn
code into token: java.net.SocketException: Connection timed out and which makes the login
slow or failed . We are using keycloak 1.7.0 final and broke a SAML 2.0 IDP (ADFS). The
wildfly app server and keycloak both are standalone.