[keycloak-dev] Failed to verify token: org.keycloak.common.VerificationException: Realm URL is null.

Corinne Krych corinnekrych at gmail.com
Tue May 3 06:33:22 EDT 2016


Thanks Bruno, Marek,
My issue was a exactly this missing auth-server-url on keycloak.jason. I
was on a non-rebased branch :))
Thanks again,
++
Corinne

On 3 May 2016 at 09:20, Marek Posolda <mposolda at redhat.com> wrote:

> Strange, this error usually happens if you don't have "auth-server-url" in
> the configuration of keycloak.json . But you have it in
> https://github.com/aerogear/aerogear-backend-cookbook/blob/master/Shoot/src/main/webapp/WEB-INF/keycloak.json
> as you pointed in the first mail.
>
> Isn't any chance there is other REST backend, which you are calling and
> which is missing this?
> If not, then can you try to temporarily use absolute URL like:
> "auth-server-url" : "http://localhost:8080/auth"
> <http://localhost:8080/auth>
> and see if it helps?
>
> Marek
>
>
> On 03/05/16 09:04, Corinne Krych wrote:
>
> Hello Bruno
>
> I've tried with Keycloak-demo-1.9.3 and I still hit the issue:
>
> 09:02:27,847 ERROR [org.keycloak.adapters.BearerTokenRequestAuthenticator]
> (default task-74) Failed to verify token:
> org.keycloak.common.VerificationException: Realm URL is null. Make sure to
> add auth-server-url to the configuration of your adapter!
>
> at org.keycloak.RSATokenVerifier.verifyToken(RSATokenVerifier.java:46)
>
> at org.keycloak.RSATokenVerifier.verifyToken(RSATokenVerifier.java:35)
>
> I think the secure endpoint is missing some configuration but not sure
> what i'm missing.
>
> ++
>
> Corinne
>
> On 3 May 2016 at 08:35, Corinne Krych <corinnekrych at gmail.com> wrote:
>
>> Ah let me try with KC1.9.3.Final then.
>>
>> ++
>> Corinne
>>
>> On 3 May 2016 at 00:13, Bruno Oliveira < <bruno at abstractj.org>
>> bruno at abstractj.org> wrote:
>>
>>> Hi Corinne, I tried here with Keycloak 1.9.3.Final and couldn't
>>> reproduce your issue.
>>>
>>> I followed exactly the same steps described at your readme file.
>>>
>>> On 2016-05-02, Corinne Krych wrote:
>>> > Hello Keycloak team,
>>> >
>>> > I'm trying to move my OAuth2 demo app from Keyclaok 1.5 to Keyclaok
>>> 1.9.1.
>>> > I've change the OAuth2 endpoints for the access token. I manage the
>>> Oauth2
>>> > dansc ok but when trying to access a protected resource I hit the
>>> error:
>>> >
>>> > 22:00:13,501 ERROR
>>> [org.keycloak.adapters.BearerTokenRequestAuthenticator]
>>> > (default task-101) Failed to verify token:
>>> > org.keycloak.common.VerificationException: Realm URL is null. Make
>>> sure to
>>> > add auth-server-url to the configuration of your adapter!
>>> > at org.keycloak.RSATokenVerifier.verifyToken(RSATokenVerifier.java:46)
>>> > at org.keycloak.RSATokenVerifier.verifyToken(RSATokenVerifier.java:35)
>>> > at
>>> >
>>> org.keycloak.adapters.BearerTokenRequestAuthenticator.authenticateToken(BearerTokenRequestAuthenticator.java:87)
>>> > at
>>> >
>>> org.keycloak.adapters.BearerTokenRequestAuthenticator.authenticate(BearerTokenRequestAuthenticator.java:82)
>>> > at
>>> >
>>> org.keycloak.adapters.RequestAuthenticator.authenticate(RequestAuthenticator.java:65)
>>> > at
>>> >
>>> org.keycloak.adapters.undertow.AbstractUndertowKeycloakAuthMech.keycloakAuthenticate(AbstractUndertowKeycloakAuthMech.java:110)
>>> > at
>>> >
>>> org.keycloak.adapters.undertow.ServletKeycloakAuthMech.authenticate(ServletKeycloakAuthMech.java:92)
>>> > at
>>> >
>>> io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:233)
>>> > at
>>> >
>>> io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:250)
>>> > at
>>> >
>>> io.undertow.security.impl.SecurityContextImpl$AuthAttempter.access$100(SecurityContextImpl.java:219)
>>> > at
>>> >
>>> io.undertow.security.impl.SecurityContextImpl.attemptAuthentication(SecurityContextImpl.java:121)
>>> > at
>>> >
>>> io.undertow.security.impl.SecurityContextImpl.authTransition(SecurityContextImpl.java:96)
>>> > at
>>> >
>>> io.undertow.security.impl.SecurityContextImpl.authenticate(SecurityContextImpl.java:89)
>>> > at
>>> >
>>> io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:55)
>>> > at
>>> >
>>> io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:33)
>>> > at
>>> >
>>> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>>> > at
>>> >
>>> io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:51)
>>> > at
>>> >
>>> io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
>>> > at
>>> >
>>> io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
>>> > at
>>> >
>>> io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:56)
>>> > at
>>> >
>>> io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
>>> > at
>>> >
>>> io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
>>> > at
>>> >
>>> io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
>>> > at
>>> >
>>> io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
>>> > at
>>> >
>>> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>>> > at
>>> >
>>> org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
>>> > at
>>> >
>>> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>>> > at
>>> >
>>> org.keycloak.adapters.undertow.ServletPreAuthActionsHandler.handleRequest(ServletPreAuthActionsHandler.java:69)
>>> > at
>>> >
>>> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>>> > at
>>> >
>>> io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:284)
>>> > at
>>> >
>>> io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:263)
>>> > at
>>> >
>>> io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
>>> > at
>>> >
>>> io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:174)
>>> > at
>>> io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
>>> > at
>>> io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:793)
>>> > at
>>> >
>>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
>>> > at
>>> >
>>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
>>> > at java.lang.Thread.run(Thread.java:745)
>>> >
>>> > My realm setup is here:
>>> >
>>> https://github.com/aerogear/aerogear-backend-cookbook/blob/master/Shoot/configuration/shoot-realm.json
>>> >
>>> > The keycloak.json used for the protected endpoint is:
>>> >
>>> https://github.com/aerogear/aerogear-backend-cookbook/blob/master/Shoot/src/main/webapp/WEB-INF/keycloak.json
>>> >
>>> > Is there some specific settings I should add to work with Keycloak
>>> 1.9.x?
>>> >
>>> > Your help would be welcome.
>>> >
>>> > ++
>>> > Corinne
>>>
>>> > _______________________________________________
>>> > keycloak-dev mailing list
>>> > keycloak-dev at lists.jboss.org
>>> > https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>>
>>>
>>> --
>>>
>>> abstractj
>>> PGP: 0x84DC9914
>>>
>>
>>
>
>
> _______________________________________________
> keycloak-dev mailing listkeycloak-dev at lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-dev
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20160503/8c959dec/attachment-0001.html 


More information about the keycloak-dev mailing list