[keycloak-dev] 403 Forbidden when invoking application secured with keycloak

Wed Mar 30 03:55:08 EDT 2016

Adding to it,

2016-03-30 01:20:29,823 WARN
[org.keycloak.adapters.OAuthRequestAuthenticator] (default task-1) state
parameter invalid

2016-03-30 01:20:29,823 WARN
[org.keycloak.adapters.OAuthRequestAuthenticator] (default task-1) cookie:
3/d04bf765-63be-4c34-bb42-5f7211bf8051

Is it the reason for the issue?

Thanks,

Jayapriya Atheesan

From: JAYAPRIYA ATHEESAN [mailto:jayapriya.atheesan at gmail.com] 
Sent: Wednesday, March 30, 2016 1:21 PM
To: 'Marek Posolda'; 'keycloak-dev at lists.jboss.org'
Subject: RE: [keycloak-dev] 403 Forbidden when invoking application secured
with keycloak

Hi Marek,

Thanks for your response.

Already I have set a role in keycloak application as giggzouser and I have
set the same in my web.xml file.

After enabling the logs, it shows up this

2016-03-30 03:39:26,843 DEBUG [org.keycloak.adapters.PreAuthActionsHandler]
(default task-7) adminRequest
http://hostname:8080/appname/rest/giggzoLogin/userLogin

2016-03-30 03:39:26,845 DEBUG
[org.keycloak.adapters.undertow.KeycloakUndertowAccount] (default task-7)
session is active

2016-03-30 03:39:26,845 DEBUG
[org.keycloak.adapters.undertow.ServletSessionTokenStore] (default task-7)
Cached account found

2016-03-30 03:39:26,845 DEBUG
[org.keycloak.adapters.wildfly.WildflyRequestAuthenticator] (default task-7)
propagate security context to wildfly

2016-03-30 03:39:26,845 DEBUG [org.keycloak.adapters.RequestAuthenticator]
(default task-7) AUTHENTICATED: was cached

2016-03-30 03:39:26,846 DEBUG
[org.keycloak.adapters.AuthenticatedActionsHandler] (default task-7)
AuthenticatedActionsValve.invoke http ://hostname:8080/appname
/rest/giggzoLogin/userLogin

After which, I get forbidden on screen.

Please find the web.xml file attached to this mail.

Thanks,

Jayapriya Atheesan

From: Marek Posolda [mailto:mposolda at redhat.com] 
Sent: Wednesday, March 30, 2016 12:42 PM
To: JAYAPRIYA ATHEESAN; keycloak-dev at lists.jboss.org
Subject: Re: [keycloak-dev] 403 Forbidden when invoking application secured
with keycloak

It looks that your user either doesn't have roles or your client doesn't
have scope. Take a look at examples for more inspiration. For logging, you
can enable DEBUG logging for category "org.keycloak" in
standalone/configuration/standalone.xml

Marek

On 30/03/16 08:13, JAYAPRIYA ATHEESAN wrote:

Hi,

Greetings of the day !!

I need an urgent help from your team.

I have an application deployed in wildfly server. The same has been secured
with keycloak server(this runs of a different wildfly box).

The wildfly server has been configured with keycloak adapter. 

When I invoke a page from the application deployed in wildfly server, the
application , redirects to keycloak login page. After I click submit
entering user name and password, I get 403 forbidden error.

Is there a way to enable logs for keycloak adapter. I'm not getting any logs
related to this error.

The issue is similar to the one addressed in
http://lists.jboss.org/pipermail/keycloak-user/2015-February/001601.html

http://lists.jboss.org/pipermail/keycloak-user/2014-November/001280.html

Please help me in resolving the same.

Below are the details of the server :

Wildfly 9.0.0CR2

Keycloak 1.6.0 Final

Thanks,

Jayapriya Atheesan

_______________________________________________
keycloak-dev mailing list
keycloak-dev at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20160330/3f4de2e6/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/png
Size: 28433 bytes
Desc: not available
Url : http://lists.jboss.org/pipermail/keycloak-dev/attachments/20160330/3f4de2e6/attachment-0001.png 