[keycloak-dev] Wildfly integration
Stian Thorgersen
stian at redhat.com
Fri Jul 25 05:05:54 EDT 2014
----- Original Message -----
> From: "Bill Burke" <bburke at redhat.com>
> To: keycloak-dev at lists.jboss.org
> Sent: Thursday, 24 July, 2014 5:49:22 PM
> Subject: Re: [keycloak-dev] Wildfly integration
>
> What version of Wildfly? The Undertow auth should not be called for non
> secured URLs.
I used 8.1.0.Final
>
> On 7/24/2014 12:30 PM, Stian Thorgersen wrote:
> > The problem was down to the fact that the unified-push application wasn't
> > set to bearer-only and Undertow seems to invoke the authentication
> > mechanism even though it's a non-secured resource.
> >
> > What happens in details are:
> >
> > 1. /index.html is loaded
> > 2. keycloak.js redirects to login page
> > 3. Keycloak returns ?code=...
> > 4. Undertow invokes authentication mechanism (even though /index.html is
> > not secured), sees the code, checks for a state cookie, doesn't find one,
> > returns 400
> >
> > One AS7 it works because AS7 doesn't invoke the authentication mechanism at
> > all for /index.html (which seems the correct way to me, as the resource is
> > not part of a secured-constraint).
> >
> > Setting unified-push to bearerOnly (which it should be in any case as it's
> > used for jax-rs endpoints) works around the issue as our Undertow adapter
> > will only look for bearer token and not do anything else.
> >
> > Question: is this a bug in Undertow? is it something we have to add a
> > solution to our Undertow adapter?
> >
> > ----- Original Message -----
> >> From: "Stian Thorgersen" <stian at redhat.com>
> >> To: "Bruno Oliveira" <bruno at abstractj.org>
> >> Cc: "keycloak dev" <keycloak-dev at lists.jboss.org>
> >> Sent: Thursday, 24 July, 2014 3:52:48 PM
> >> Subject: Re: [keycloak-dev] Wildfly integration
> >>
> >> Got the same issue here, looking into it now
> >>
> >> ----- Original Message -----
> >>> From: "Bruno Oliveira" <bruno at abstractj.org>
> >>> To: "keycloak dev" <keycloak-dev at lists.jboss.org>
> >>> Sent: Thursday, 24 July, 2014 1:57:38 PM
> >>> Subject: [keycloak-dev] Wildfly integration
> >>>
> >>> Good morning guys, I'm banging my head against the wall with this issue:
> >>> https://gist.github.com/abstractj/b5b79bf3a5eb77e7989a, basically what
> >>> I'm
> >>> trying to
> >>> do is integrate the latest changes on master with UPS on AeroGear.
> >>>
> >>> On AS7 the application runs with no errors, but when I try to deploy on
> >>> Wildfly I get HTTP 400 after login.
> >>>
> >>> Probably is some misconfiguration on my end, but I already double checked
> >>> project-integrations, checked the examples, tried to debug on IntelliJ
> >>> and
> >>> Chrome.
> >>>
> >>> Here are the steps to reproduce:
> >>>
> >>> git clone git at github.com:keycloak/keycloak.git && cd keycloak && mvn
> >>> clean install -DskipTests=true -Dcheckstyle.skip=true
> >>> cd ..
> >>> git clone git at github.com:aerogear/aerogear-parent.git && cd
> >>> aerogear-parent && git checkout KeycloakBeta4 && mvn clean install
> >>> cd ..
> >>> git clone git at github.com:aerogear/aerogear-unifiedpush-server.git && cd
> >>> aerogear-unifiedpush-server && git checkout KeycloakBeta4 && mvn clean
> >>> install -Pwildfly -DskipTests=true -Dcheckstyle.skip=true
> >>>
> >>> cp databases/unifiedpush-h2-ds.xml $JBOSS_HOME/standalone/deployments
> >>> cp auth-server/target/auth-server.war
> >>> $JBOSS_HOME/standalone/deployments/
> >>> cp server/target/ag-push.war $JBOSS_HOME/standalone/deployments
> >>>
> >>> $JBOSS_HOME/bin/standalone.sh
> >>>
> >>> If you have an idea, let me know.
> >>>
> >>> --
> >>>
> >>> abstractj
> >>> PGP: 0x84DC9914
> >>> _______________________________________________
> >>> keycloak-dev mailing list
> >>> keycloak-dev at lists.jboss.org
> >>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
> >>>
> >> _______________________________________________
> >> keycloak-dev mailing list
> >> keycloak-dev at lists.jboss.org
> >> https://lists.jboss.org/mailman/listinfo/keycloak-dev
> >>
> > _______________________________________________
> > keycloak-dev mailing list
> > keycloak-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-dev
> >
>
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
More information about the keycloak-dev
mailing list