[keycloak-dev] Failed to verify token: org.keycloak.common.VerificationException: Realm URL is null.

Marek Posolda mposolda at redhat.com
Tue May 3 03:20:06 EDT 2016


Strange, this error usually happens if you don't have "auth-server-url" 
in the configuration of keycloak.json . But you have it in 
https://github.com/aerogear/aerogear-backend-cookbook/blob/master/Shoot/src/main/webapp/WEB-INF/keycloak.json 
as you pointed in the first mail.

Isn't any chance there is other REST backend, which you are calling and 
which is missing this?
If not, then can you try to temporarily use absolute URL like:
"auth-server-url" : "http://localhost:8080/auth"
and see if it helps?

Marek

On 03/05/16 09:04, Corinne Krych wrote:
> Hello Bruno
>
> I've tried with Keycloak-demo-1.9.3 and I still hit the issue:
>
> 09:02:27,847 ERROR 
> [org.keycloak.adapters.BearerTokenRequestAuthenticator] (default 
> task-74) Failed to verify token: 
> org.keycloak.common.VerificationException: Realm URL is null. Make 
> sure to add auth-server-url to the configuration of your adapter!
>
> at org.keycloak.RSATokenVerifier.verifyToken(RSATokenVerifier.java:46)
>
> at org.keycloak.RSATokenVerifier.verifyToken(RSATokenVerifier.java:35)
>
> I think the secure endpoint is missing some configuration but not sure 
> what i'm missing.
>
> ++
>
> Corinne
>
>
> On 3 May 2016 at 08:35, Corinne Krych <corinnekrych at gmail.com 
> <mailto:corinnekrych at gmail.com>> wrote:
>
>     Ah let me try with KC1.9.3.Final then.
>
>     ++
>     Corinne
>
>     On 3 May 2016 at 00:13, Bruno Oliveira <bruno at abstractj.org
>     <mailto:bruno at abstractj.org>> wrote:
>
>         Hi Corinne, I tried here with Keycloak 1.9.3.Final and couldn't
>         reproduce your issue.
>
>         I followed exactly the same steps described at your readme file.
>
>         On 2016-05-02, Corinne Krych wrote:
>         > Hello Keycloak team,
>         >
>         > I'm trying to move my OAuth2 demo app from Keyclaok 1.5 to
>         Keyclaok 1.9.1.
>         > I've change the OAuth2 endpoints for the access token. I
>         manage the Oauth2
>         > dansc ok but when trying to access a protected resource I
>         hit the error:
>         >
>         > 22:00:13,501 ERROR
>         [org.keycloak.adapters.BearerTokenRequestAuthenticator]
>         > (default task-101) Failed to verify token:
>         > org.keycloak.common.VerificationException: Realm URL is
>         null. Make sure to
>         > add auth-server-url to the configuration of your adapter!
>         > at
>         org.keycloak.RSATokenVerifier.verifyToken(RSATokenVerifier.java:46)
>         > at
>         org.keycloak.RSATokenVerifier.verifyToken(RSATokenVerifier.java:35)
>         > at
>         >
>         org.keycloak.adapters.BearerTokenRequestAuthenticator.authenticateToken(BearerTokenRequestAuthenticator.java:87)
>         > at
>         >
>         org.keycloak.adapters.BearerTokenRequestAuthenticator.authenticate(BearerTokenRequestAuthenticator.java:82)
>         > at
>         >
>         org.keycloak.adapters.RequestAuthenticator.authenticate(RequestAuthenticator.java:65)
>         > at
>         >
>         org.keycloak.adapters.undertow.AbstractUndertowKeycloakAuthMech.keycloakAuthenticate(AbstractUndertowKeycloakAuthMech.java:110)
>         > at
>         >
>         org.keycloak.adapters.undertow.ServletKeycloakAuthMech.authenticate(ServletKeycloakAuthMech.java:92)
>         > at
>         >
>         io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:233)
>         > at
>         >
>         io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:250)
>         > at
>         >
>         io.undertow.security.impl.SecurityContextImpl$AuthAttempter.access$100(SecurityContextImpl.java:219)
>         > at
>         >
>         io.undertow.security.impl.SecurityContextImpl.attemptAuthentication(SecurityContextImpl.java:121)
>         > at
>         >
>         io.undertow.security.impl.SecurityContextImpl.authTransition(SecurityContextImpl.java:96)
>         > at
>         >
>         io.undertow.security.impl.SecurityContextImpl.authenticate(SecurityContextImpl.java:89)
>         > at
>         >
>         io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:55)
>         > at
>         >
>         io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:33)
>         > at
>         >
>         io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>         > at
>         >
>         io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:51)
>         > at
>         >
>         io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
>         > at
>         >
>         io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
>         > at
>         >
>         io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:56)
>         > at
>         >
>         io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
>         > at
>         >
>         io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
>         > at
>         >
>         io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
>         > at
>         >
>         io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
>         > at
>         >
>         io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>         > at
>         >
>         org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
>         > at
>         >
>         io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>         > at
>         >
>         org.keycloak.adapters.undertow.ServletPreAuthActionsHandler.handleRequest(ServletPreAuthActionsHandler.java:69)
>         > at
>         >
>         io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>         > at
>         >
>         io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:284)
>         > at
>         >
>         io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:263)
>         > at
>         >
>         io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
>         > at
>         >
>         io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:174)
>         > at
>         io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
>         > at
>         io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:793)
>         > at
>         >
>         java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
>         > at
>         >
>         java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
>         > at java.lang.Thread.run(Thread.java:745)
>         >
>         > My realm setup is here:
>         >
>         https://github.com/aerogear/aerogear-backend-cookbook/blob/master/Shoot/configuration/shoot-realm.json
>         >
>         > The keycloak.json used for the protected endpoint is:
>         >
>         https://github.com/aerogear/aerogear-backend-cookbook/blob/master/Shoot/src/main/webapp/WEB-INF/keycloak.json
>         >
>         > Is there some specific settings I should add to work with
>         Keycloak 1.9.x?
>         >
>         > Your help would be welcome.
>         >
>         > ++
>         > Corinne
>
>         > _______________________________________________
>         > keycloak-dev mailing list
>         > keycloak-dev at lists.jboss.org
>         <mailto:keycloak-dev at lists.jboss.org>
>         > https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
>
>         --
>
>         abstractj
>         PGP: 0x84DC9914
>
>
>
>
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20160503/3744f6e4/attachment.html 


More information about the keycloak-dev mailing list