10:13 a.m.
As per the mailing list:
http://lists.jboss.org/pipermail/keycloak-user/2016-December/008876.html
There wasn't any support for proxy in case of policy enforcement. Since the
thread is quite old, can someone from Keycloak team kindly confirm whether
proxy support has been added yet or not?
10:27 a.m.
I think I may have got my previous post slightly wrong. Problem I am facing
is that my keycloak server is running behind a proxy.
My keycloak server is running on *pc-bruce:8100*, but I am accessing it
through *pc-bruce:7100*.
And I am able to run Jetty adapter as well as Keycloak Installed adapter
with *pc-bruce:7100 *like this:
{
"realm": "myRealm",
"auth-server-url": "http://pc-bruce:7100/auth",
"ssl-required": "external",
"resource": "myClient",
"credentials": {
"secret": "***********"
},
"confidential-port": 0
}
But as soon as I put *"policy-enforcer": {} *line in json to enable
authorization, I get *Could not obtain configuration from server. This
error does not come if either policy enforcer line is removed or if policy
enforcer line is kept and port is changed to 8100 (original keycloak port )*
Exception trace:
java.lang.RuntimeException: Could not obtain configuration from server [
http://pc-bruce:7100/auth/realms/ myRealm /.well-known/uma2-configuration].
at
org.keycloak.authorization.client.AuthzClient.<init>(AuthzClient.java:242)
at org.keycloak.authorization.client.AuthzClient.create(AuthzClient.java:85)
at
org.keycloak.adapters.authorization.PolicyEnforcer.<init>(PolicyEnforcer.java:66)
at
org.keycloak.adapters.KeycloakDeploymentBuilder.internalBuild(KeycloakDeploymentBuilder.java:144)
at
org.keycloak.adapters.KeycloakDeploymentBuilder.build(KeycloakDeploymentBuilder.java:170)
at
org.keycloak.adapters.jetty.core.AbstractKeycloakJettyAuthenticator.initializeKeycloak(AbstractKeycloakJettyAuthenticator.java:248)
at
org.keycloak.adapters.jetty.core.AbstractKeycloakJettyAuthenticator.setConfiguration(AbstractKeycloakJettyAuthenticator.java:174)
at
org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:384)
at
org.eclipse.jetty.security.ConstraintSecurityHandler.doStart(ConstraintSecurityHandler.java:449)
at
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
at
org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:132)
at
org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:114)
at
org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:61)
at
org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120)
at
org.eclipse.jetty.server.session.SessionHandler.doStart(SessionHandler.java:116)
at
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
at
org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:132)
at
org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:114)
at
org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:61)
at
org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120)
at
org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:784)
at
org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:294)
at
org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:741)
at
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
at
org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:132)
at
org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:114)
at
org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:61)
at
org.eclipse.jetty.server.handler.ContextHandlerCollection.doStart(ContextHandlerCollection.java:163)
at
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
at
org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:132)
at
org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:114)
at
org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:61)
at
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
at
org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:132)
at org.eclipse.jetty.server.Server.start(Server.java:387)
at
org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:114)
at
org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:61)
at org.eclipse.jetty.server.Server.doStart(Server.java:354)
at
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
Caused by: java.lang.RuntimeException: Error executing http method
[org.apache.http.client.methods.RequestBuilder@72ec16f8]. Response : null
at
org.keycloak.authorization.client.util.HttpMethod.execute(HttpMethod.java:106)
at
org.keycloak.authorization.client.util.HttpMethodResponse$2.execute(HttpMethodResponse.java:50)
at
org.keycloak.authorization.client.AuthzClient.<init>(AuthzClient.java:240)
... 43 more
Caused by: java.net.ConnectException: Connection refused: connect
at java.net.DualStackPlainSocketImpl.connect0(Native Method)
at
java.net.DualStackPlainSocketImpl.socketConnect(DualStackPlainSocketImpl.java:79)
at
java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)
at
java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)
at
java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)
at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:172)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
at java.net.Socket.connect(Socket.java:589)
at
org.apache.http.conn.scheme.PlainSocketFactory.connectSocket(PlainSocketFactory.java:117)
at
org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:177)
at
org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:144)
at
org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:131)
at
org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:611)
at
org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:446)
at
org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:882)
at
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
at
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107)
at
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55)
at
org.keycloak.authorization.client.util.HttpMethod.execute(HttpMethod.java:84)
On Tue, Nov 6, 2018 at 2:43 PM Bruce Wings <testoauth55(a)gmail.com> wrote:
As per the mailing list:
http://lists.jboss.org/pipermail/keycloak-user/2016-December/008876.html
There wasn't any support for proxy in case of policy enforcement. Since
the thread is quite old, can someone from Keycloak team kindly confirm
whether proxy support has been added yet or not?
2006
days inactive
2006
days old
1 comments
1 participants
participants (1)
-
Bruce Wings