[keycloak-user] failed verification of token
Josh
smysnk at gmail.com
Sun May 11 01:29:38 EDT 2014
Hi,
Running KeyCloak alpha 4 on Wildfly 8.1.0.CR1. I'm currently trying to get
the bundled examples working but having a hell of a time doing so.
I have my domain setup, domain roles configured, application scope
configured, keycloak.json in WEB-INF, web.xml set to KEYCLOAK.
When I go to access the "Customer Listings" of customer-portal.war it
redirects me to keycloak login, after I successfully login with valid user
with "user" role. Once the keycloak server redirects back to the
application I am greeted with a "Forbidden" page.
Here are my logs:
[0m[32m23:22:58,030 DEBUG [org.keycloak.adapters.PreAuthActionsHandler]
(default task-7) adminRequest
http://localhost:8080/customer-portal/customers/view.jsp
[0m[32m23:22:58,030 DEBUG [org.keycloak.adapters.PreAuthActionsHandler]
(default task-7) checkCorsPreflight
http://localhost:8080/customer-portal/customers/view.jsp
[0m[0m23:22:58,031 INFO [org.keycloak.adapters.RequestAuthenticator]
(default task-7) --> authenticate()
[0m[0m23:22:58,031 INFO [org.keycloak.adapters.RequestAuthenticator]
(default task-7) try bearer
[0m[0m23:22:58,032 INFO [org.keycloak.adapters.RequestAuthenticator]
(default task-7) try oauth
[0m[0m23:22:58,032 INFO [org.keycloak.adapters.RequestAuthenticator]
(default task-7) session was null, returning null
[0m[0m23:22:58,032 INFO
[org.keycloak.adapters.OAuthRequestAuthenticator] (default task-7) there
was no code
[0m[0m23:22:58,032 INFO
[org.keycloak.adapters.OAuthRequestAuthenticator] (default task-7)
redirecting to auth server
[0m[0m23:22:58,032 INFO
[org.keycloak.adapters.OAuthRequestAuthenticator] (default task-7) sending
redirect uri: http://localhost:8080/customer-portal/customers/view.jsp
[0m[32m23:22:58,125 DEBUG [org.keycloak.adapters.PreAuthActionsHandler]
(default task-8) adminRequest
http://localhost:8080/customer-portal/customers/view.jsp?code=eyJhbGciOiJSUzI1NiJ9.NWRkZjJjZmYtNTJhNi00YzRhLWI2N2QtNzcwYjU4ZjRkYTFmMTM5OTc4NTM2NzYyNg.VZ713boG0lvc9Qq5Su3QLYITgHknYGKBcc0NYyGEoIou__cEWwUEcGGnQB4_HAW8RNko1gwVNtgY08NJfxWCubCzPqhkJBsO5ywDJDqBj1sps19wnSmLNWac3wSHfm9O5c-_YxKi3XmhjHtQXl7AWnBhcn8zgI1-yBAFB4pPD7w0cv3DE36xUt2fRuBWud9iHzwTDl0iEhMkZP9r9VtqJee8WByaLlkCir7HOFLjzN-ZReEwacFR86ra_eD6TJdb1gb_L5-SL2IAl6mpMo-JnJP0fwx90VbXnx8yVdviO_-DeRdneUmrOWZPawU_DPt4FHdoaffAMdZQM-9b2dv79A&state=2%2F058bc8d1-d621-4f4e-9afa-6608f522c7bb
[0m[32m23:22:58,125 DEBUG [org.keycloak.adapters.PreAuthActionsHandler]
(default task-8) checkCorsPreflight
http://localhost:8080/customer-portal/customers/view.jsp?code=eyJhbGciOiJSUzI1NiJ9.NWRkZjJjZmYtNTJhNi00YzRhLWI2N2QtNzcwYjU4ZjRkYTFmMTM5OTc4NTM2NzYyNg.VZ713boG0lvc9Qq5Su3QLYITgHknYGKBcc0NYyGEoIou__cEWwUEcGGnQB4_HAW8RNko1gwVNtgY08NJfxWCubCzPqhkJBsO5ywDJDqBj1sps19wnSmLNWac3wSHfm9O5c-_YxKi3XmhjHtQXl7AWnBhcn8zgI1-yBAFB4pPD7w0cv3DE36xUt2fRuBWud9iHzwTDl0iEhMkZP9r9VtqJee8WByaLlkCir7HOFLjzN-ZReEwacFR86ra_eD6TJdb1gb_L5-SL2IAl6mpMo-JnJP0fwx90VbXnx8yVdviO_-DeRdneUmrOWZPawU_DPt4FHdoaffAMdZQM-9b2dv79A&state=2%2F058bc8d1-d621-4f4e-9afa-6608f522c7bb
[0m[0m23:22:58,126 INFO [org.keycloak.adapters.RequestAuthenticator]
(default task-8) --> authenticate()
[0m[0m23:22:58,126 INFO [org.keycloak.adapters.RequestAuthenticator]
(default task-8) try bearer
[0m[0m23:22:58,126 INFO [org.keycloak.adapters.RequestAuthenticator]
(default task-8) try oauth
[0m[0m23:22:58,126 INFO [org.keycloak.adapters.RequestAuthenticator]
(default task-8) session was null, returning null
[0m[0m23:22:58,126 INFO
[org.keycloak.adapters.OAuthRequestAuthenticator] (default task-8) there
was a code, resolving
[0m[0m23:22:58,126 INFO
[org.keycloak.adapters.OAuthRequestAuthenticator] (default task-8)
checking state cookie for after code
[0m[0m23:22:58,126 INFO
[org.keycloak.adapters.OAuthRequestAuthenticator] (default task-8) **
reseting application state cookie
[0m[32m23:22:58,128 DEBUG
[org.apache.http.impl.conn.tsccm.ThreadSafeClientConnManager] (default
task-8) Get connection: {}->http://localhost:8083, timeout = 0
[0m[32m23:22:58,128 DEBUG
[org.apache.http.impl.conn.tsccm.ConnPoolByRoute] (default task-8) [{}->
http://localhost:8083] total kept alive: 1, total issued: 0, total
allocated: 1 out of 20
[0m[32m23:22:58,128 DEBUG
[org.apache.http.impl.conn.tsccm.ConnPoolByRoute] (default task-8) Getting
free connection [{}->http://localhost:8083][null]
[0m[32m23:22:58,128 DEBUG [org.apache.http.impl.client.DefaultHttpClient]
(default task-8) Stale connection check
[0m[32m23:22:58,130 DEBUG
[org.apache.http.client.protocol.RequestAddCookies] (default task-8)
CookieSpec selected: best-match
[0m[32m23:22:58,130 DEBUG
[org.apache.http.client.protocol.RequestAuthCache] (default task-8) Auth
cache not set in the context
[0m[32m23:22:58,130 DEBUG
[org.apache.http.client.protocol.RequestProxyAuthentication] (default
task-8) Proxy auth state: UNCHALLENGED
[0m[32m23:22:58,130 DEBUG [org.apache.http.impl.client.DefaultHttpClient]
(default task-8) Attempt 1 to execute request
[0m[32m23:22:58,130 DEBUG
[org.apache.http.impl.conn.DefaultClientConnection] (default task-8)
Sending request: POST /auth/rest/realms/demo/tokens/access/codes HTTP/1.1
[0m[32m23:22:58,131 DEBUG [org.apache.http.wire] (default task-8) >>
"POST /auth/rest/realms/demo/tokens/access/codes HTTP/1.1[\r][\n]"
[0m[32m23:22:58,131 DEBUG [org.apache.http.wire] (default task-8) >>
"Authorization: Basic
Y3VzdG9tZXItcG9ydGFsOjQxMmU1NzUzLWZiMTAtNGViMS05NjAzLTQzOWY5ZTdkZjZkOA==[\r][\n]"
[0m[32m23:22:58,131 DEBUG [org.apache.http.wire] (default task-8) >>
"Content-Length: 549[\r][\n]"
[0m[32m23:22:58,131 DEBUG [org.apache.http.wire] (default task-8) >>
"Content-Type: application/x-www-form-urlencoded; charset=UTF-8[\r][\n]"
[0m[32m23:22:58,131 DEBUG [org.apache.http.wire] (default task-8) >>
"Host: localhost:8083[\r][\n]"
[0m[32m23:22:58,131 DEBUG [org.apache.http.wire] (default task-8) >>
"Connection: Keep-Alive[\r][\n]"
[0m[32m23:22:58,131 DEBUG [org.apache.http.wire] (default task-8) >>
"[\r][\n]"
[0m[32m23:22:58,131 DEBUG [org.apache.http.headers] (default task-8) >>
POST /auth/rest/realms/demo/tokens/access/codes HTTP/1.1
[0m[32m23:22:58,131 DEBUG [org.apache.http.headers] (default task-8) >>
Authorization: Basic
Y3VzdG9tZXItcG9ydGFsOjQxMmU1NzUzLWZiMTAtNGViMS05NjAzLTQzOWY5ZTdkZjZkOA==
[0m[32m23:22:58,131 DEBUG [org.apache.http.headers] (default task-8) >>
Content-Length: 549
[0m[32m23:22:58,131 DEBUG [org.apache.http.headers] (default task-8) >>
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
[0m[32m23:22:58,131 DEBUG [org.apache.http.headers] (default task-8) >>
Host: localhost:8083
[0m[32m23:22:58,131 DEBUG [org.apache.http.headers] (default task-8) >>
Connection: Keep-Alive
[0m[32m23:22:58,132 DEBUG [org.apache.http.wire] (default task-8) >>
"grant_type=authorization_code&code=eyJhbGciOiJSUzI1NiJ9.NWRkZjJjZmYtNTJhNi00YzRhLWI2N2QtNzcwYjU4ZjRkYTFmMTM5OTc4NTM2NzYyNg.VZ713boG0lvc9Qq5Su3QLYITgHknYGKBcc0NYyGEoIou__cEWwUEcGGnQB4_HAW8RNko1gwVNtgY08NJfxWCubCzPqhkJBsO5ywDJDqBj1sps19wnSmLNWac3wSHfm9O5c-_YxKi3XmhjHtQXl7AWnBhcn8zgI1-yBAFB4pPD7w0cv3DE36xUt2fRuBWud9iHzwTDl0iEhMkZP9r9VtqJee8WByaLlkCir7HOFLjzN-ZReEwacFR86ra_eD6TJdb1gb_L5-SL2IAl6mpMo-JnJP0fwx90VbXnx8yVdviO_-DeRdneUmrOWZPawU_DPt4FHdoaffAMdZQM-9b2dv79A&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Fcustomer-portal%2Fcustomers%2Fview.jsp"
[0m[32m23:22:58,161 DEBUG [org.apache.http.wire] (default task-8) <<
"HTTP/1.1 200 OK[\r][\n]"
[0m[32m23:22:58,162 DEBUG [org.apache.http.wire] (default task-8) <<
"Connection: keep-alive[\r][\n]"
[0m[32m23:22:58,162 DEBUG [org.apache.http.wire] (default task-8) <<
"X-Powered-By: Undertow 1[\r][\n]"
[0m[32m23:22:58,162 DEBUG [org.apache.http.wire] (default task-8) <<
"Server: Wildfly 8[\r][\n]"
[0m[32m23:22:58,162 DEBUG [org.apache.http.wire] (default task-8) <<
"Transfer-Encoding: chunked[\r][\n]"
[0m[32m23:22:58,162 DEBUG [org.apache.http.wire] (default task-8) <<
"Content-Type: application/json[\r][\n]"
[0m[32m23:22:58,162 DEBUG [org.apache.http.wire] (default task-8) <<
"Date: Sun, 11 May 2014 05:16:07 GMT[\r][\n]"
[0m[32m23:22:58,162 DEBUG [org.apache.http.wire] (default task-8) <<
"[\r][\n]"
[0m[32m23:22:58,162 DEBUG
[org.apache.http.impl.conn.DefaultClientConnection] (default task-8)
Receiving response: HTTP/1.1 200 OK
[0m[32m23:22:58,162 DEBUG [org.apache.http.headers] (default task-8) <<
HTTP/1.1 200 OK
[0m[32m23:22:58,162 DEBUG [org.apache.http.headers] (default task-8) <<
Connection: keep-alive
[0m[32m23:22:58,162 DEBUG [org.apache.http.headers] (default task-8) <<
X-Powered-By: Undertow 1
[0m[32m23:22:58,162 DEBUG [org.apache.http.headers] (default task-8) <<
Server: Wildfly 8
[0m[32m23:22:58,162 DEBUG [org.apache.http.headers] (default task-8) <<
Transfer-Encoding: chunked
[0m[32m23:22:58,162 DEBUG [org.apache.http.headers] (default task-8) <<
Content-Type: application/json
[0m[32m23:22:58,163 DEBUG [org.apache.http.headers] (default task-8) <<
Date: Sun, 11 May 2014 05:16:07 GMT
[0m[32m23:22:58,163 DEBUG [org.apache.http.impl.client.DefaultHttpClient]
(default task-8) Connection can be kept alive indefinitely
[0m[32m23:22:58,163 DEBUG [org.apache.http.wire] (default task-8) <<
"08bd[\r][\n]"
{"access_token":"eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiJlYTBjZTliNS1kMWY2LTQ4YjUtODc3Ny04ZDIwNGU2ZjU5YjMiLCJleHAiOjEzOTk3ODU2NjcsIm5iZiI6MCwiaWF0IjoxMzk5Nzg1MzY3LCJpc3MiOiJiaWdnZXJiZWFyIiwiYXVkIjoiYmlnZ2VyYmVhciIsInN1YiI6IjQ5M2I5Yzk2LWFhNzMtNGRhZi1iZWYwLTM5Y2FiMDVkY2YxZCIsImF6cCI6ImN1c3RvbWVyLXBvcnRhbCIsInByZWZlcnJlZF91c2VybmFtZSI6InNteXNuayIsImFsbG93ZWQtb3JpZ2lucyI6W10sInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJ1c2VyIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnt9fQ.b959FHRFh5coZeJw5su_SS4fjZ5R9cB5m_Tg93Xtu_Cw38ghqkL1bQaY0CwN-3ZBUNw9uuTMxWsIwHMzqU2rGcCCnj1Bx85L6QPQQuexvYA02Kc_8A6qmVwpOCu5mXy6FtRAvIB2LA260v7IS7zIQqqEopMo6TI45tpDUJaJDnzxKrtfPiGpQE_Y3hvs8k_KYDN9jqH9lSXPi7ZY4-kYeMQbXm6viOIDZ3QQirjpsOHwOYJs2tp5ct1W7TYc_JFLRKOhWiptGnv0dcLivASNCgREiHzPD_8MC8TarqXJ2mZ7oBx7gBXXXyUVdFjR7j9OTMNqHZfEsjU97lh0zuoImQ","expires_in":300,"refresh_token":"eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiIzYjVhNDFiZi00Y2FlLTQwYTMtOTJlYS1hYWY3OGJlOWMxZmYiLCJleHAiOjEzOTk4MjEzNjcsIm5iZiI6MCwiaWF0IjoxMzk5Nzg1MzY3LCJpc3MiOiJiaWdnZXJiZWFyIiwic3ViIjoiNDkzYjljOTYtYWE3My00ZGFmLWJlZjAtMzljYWIwNWRjZjFkIiwidHlwIjoiUkVGUkVTSCIsImF6cCI6ImN1c3RvbWVyLXBvcnRhbCIsInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJ1c2VyIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnt9fQ.FPueXowyHa7vcREfxMEsWh7JKfTkDgtbEaS_0AYPJFEsv1rF8JvWAaiW6FDkU1a8fDKYbTrr7TbxmQS7PJQBZcDAoSkYM2LE5W0O_yk9jF41jwMkS-Go4VwwNm28stlwVDH_LRG1yRyozQdK8b5Q3FzaES7yLklDGi5PARFt8WBTW2Jb_phjUk0HRDqEakxnHj0x-zUkQASfqNFyE_yQo1g6xwiLSkxGnRDuzfUb6iiJ6ZzYyNYcyiiSGGUF9duzHuGOW8ahWUqQZr9YaL1RQR-uOB_EfrJ2L-5lLLMF8ZsDE7VRLfr66vWaER1hx3C_95wOzZg16rhz3UmZOEfsQg","token_type":"bearer","id_token":"eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiI5ODEzYmEyNy01MmUwLTRhZjMtOWY5Ny0yNDNjOTVmNmQxMWYiLCJleHAiOjEzOTk3ODU2NjcsIm5iZiI6MCwiaWF0IjoxMzk5Nzg1MzY3LCJpc3MiOiJiaWdnZXJiZWFyIiwiYXVkIjoiYmlnZ2VyYmVhciIsInN1YiI6IjQ5M2I5Yzk2LWFhNzMtNGRhZi1iZWYwLTM5Y2FiMDVkY2YxZCIsImF6cCI6ImN1c3RvbWVyLXBvcnRhbCIsInByZWZlcnJlZF91c2VybmFtZSI6InNteXNuayJ9.AghauR6v63SLqna4jBERvRL-Lzl0j0PaHqprr1qZSt7qQ6jLtXHQVfuUAoU1nAWBb3MWcNmA13_BIvT7nsqTZEadfgJJxvYrOI-omvEhy0OGfmYP2r1rtK6ijc2anxzf4G3J15p87Zekf498ccGaKzFIpyP70XwCWeA5zzZkrYgnbJrpOdENIkYIE__OOooX_bwZxIQZgEoucD12QQFprcuUDnRzSbg0yS-2kVTqJUdigqAP1ANGACLrXC-SNDyNhrgasspGanabBmdFvOeCgMMbIrm4BjSQa948dRwHkUC3zcjX5URi4hjQfmoe-QH0Phl9jKlCEtjr8gir0TvIPQ","not-before-policy":0}[0m[32m23:22:58,315
DEBUG [org.apache.http.wire] (default task-8) << "[\r][\n]"
[0m[32m23:22:58,315 DEBUG [org.apache.http.wire] (default task-8) <<
"0[\r][\n]"
[0m[32m23:22:58,315 DEBUG [org.apache.http.wire] (default task-8) <<
"[\r][\n]"
[0m[32m23:22:58,315 DEBUG
[org.apache.http.impl.conn.tsccm.ThreadSafeClientConnManager] (default
task-8) Released connection is reusable.
[0m[32m23:22:58,315 DEBUG
[org.apache.http.impl.conn.tsccm.ConnPoolByRoute] (default task-8)
Releasing connection [{}->http://localhost:8083][null]
[0m[32m23:22:58,315 DEBUG
[org.apache.http.impl.conn.tsccm.ConnPoolByRoute] (default task-8) Pooling
connection [{}->http://localhost:8083][null]; keep alive indefinitely
[0m[32m23:22:58,315 DEBUG
[org.apache.http.impl.conn.tsccm.ConnPoolByRoute] (default task-8)
Notifying no-one, there are no waiting threads
[0m[31m23:22:58,318 ERROR
[org.keycloak.adapters.OAuthRequestAuthenticator] (default task-8) failed
verification of token
[0m[32m23:23:00,262 DEBUG [org.jboss.ejb.client.txn] (Periodic Recovery)
Send recover request for transaction origin node identifier 1 to EJB
receiver with node name joshuas-macbook-pro
[0m[32m23:23:05,995 DEBUG [org.keycloak.adapters.PreAuthActionsHandler]
(default task-9) adminRequest
http://localhost:8080/customer-portal/customers/view.jsp?code=eyJhbGciOiJSUzI1NiJ9.NWRkZjJjZmYtNTJhNi00YzRhLWI2N2QtNzcwYjU4ZjRkYTFmMTM5OTc4NTM2NzYyNg.VZ713boG0lvc9Qq5Su3QLYITgHknYGKBcc0NYyGEoIou__cEWwUEcGGnQB4_HAW8RNko1gwVNtgY08NJfxWCubCzPqhkJBsO5ywDJDqBj1sps19wnSmLNWac3wSHfm9O5c-_YxKi3XmhjHtQXl7AWnBhcn8zgI1-yBAFB4pPD7w0cv3DE36xUt2fRuBWud9iHzwTDl0iEhMkZP9r9VtqJee8WByaLlkCir7HOFLjzN-ZReEwacFR86ra_eD6TJdb1gb_L5-SL2IAl6mpMo-JnJP0fwx90VbXnx8yVdviO_-DeRdneUmrOWZPawU_DPt4FHdoaffAMdZQM-9b2dv79A&state=2%2F058bc8d1-d621-4f4e-9afa-6608f522c7bb
[0m[32m23:23:05,996 DEBUG [org.keycloak.adapters.PreAuthActionsHandler]
(default task-9) checkCorsPreflight
http://localhost:8080/customer-portal/customers/view.jsp?code=eyJhbGciOiJSUzI1NiJ9.NWRkZjJjZmYtNTJhNi00YzRhLWI2N2QtNzcwYjU4ZjRkYTFmMTM5OTc4NTM2NzYyNg.VZ713boG0lvc9Qq5Su3QLYITgHknYGKBcc0NYyGEoIou__cEWwUEcGGnQB4_HAW8RNko1gwVNtgY08NJfxWCubCzPqhkJBsO5ywDJDqBj1sps19wnSmLNWac3wSHfm9O5c-_YxKi3XmhjHtQXl7AWnBhcn8zgI1-yBAFB4pPD7w0cv3DE36xUt2fRuBWud9iHzwTDl0iEhMkZP9r9VtqJee8WByaLlkCir7HOFLjzN-ZReEwacFR86ra_eD6TJdb1gb_L5-SL2IAl6mpMo-JnJP0fwx90VbXnx8yVdviO_-DeRdneUmrOWZPawU_DPt4FHdoaffAMdZQM-9b2dv79A&state=2%2F058bc8d1-d621-4f4e-9afa-6608f522c7bb
[0m[0m23:23:05,996 INFO [org.keycloak.adapters.RequestAuthenticator]
(default task-9) --> authenticate()
[0m[0m23:23:05,996 INFO [org.keycloak.adapters.RequestAuthenticator]
(default task-9) try bearer
[0m[0m23:23:05,996 INFO [org.keycloak.adapters.RequestAuthenticator]
(default task-9) try oauth
[0m[0m23:23:05,997 INFO [org.keycloak.adapters.RequestAuthenticator]
(default task-9) session was null, returning null
[0m[0m23:23:05,997 INFO
[org.keycloak.adapters.OAuthRequestAuthenticator] (default task-9) there
was a code, resolving
[0m[0m23:23:05,997 INFO
[org.keycloak.adapters.OAuthRequestAuthenticator] (default task-9)
checking state cookie for after code
[0m[33m23:23:05,997 WARN
[org.keycloak.adapters.OAuthRequestAuthenticator] (default task-9) No
state cookie
[
Any help would be appreciated, thank you!
- Josh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20140510/2882d830/attachment-0001.html
More information about the keycloak-user
mailing list