[keycloak-user] Error on application log in
Stian Thorgersen
stian at redhat.com
Thu Nov 20 03:25:31 EST 2014
Are there no errors or warning in the server log? Try enabling debug for org.keycloak and see if there's anything interesting.
First thing try the exact same setup (two servers), but without ssl.
If that works disable enable ssl, but disable the trust manager in the adapter (disable-trust-manager option on adapter, see http://docs.jboss.org/keycloak/docs/1.1.0.Beta1/userguide/html/ch07.html#adapter-config).
If it still works create a truststore and import your certificate. Then set truststore and truststore-password on the adapter.
----- Original Message -----
> From: "Fabián Silva" <afsg77 at gmail.com>
> To: "Stan Silvert" <ssilvert at redhat.com>
> Cc: keycloak-user at lists.jboss.org
> Sent: Wednesday, 19 November, 2014 6:35:15 PM
> Subject: Re: [keycloak-user] Error on application log in
>
> I tried deploying it onto a local wildfly in domain without the SSL enabled
> and it worked. What I can't figure it out is why the SSL is causing conflict
> and how to solve this, I can't simply disable the SSL.
>
> Regards
>
> On Wed, Nov 19, 2014 at 11:28 AM, Stan Silvert < ssilvert at redhat.com > wrote:
>
>
>
> Have you tried it using the two servers but without SSL?
>
> You can set ssl-required to "none" on the adapter (application) side. Also on
> the Keycloak server side, try setting Access Type to "public". Do one of
> those at a time and see if either causes it to work. That might narrow it
> down a bit.
>
>
> On 11/19/2014 11:29 AM, Fabián Silva wrote:
>
>
>
> Hi,
> I'm running out of ideas in here. In simple terms I got a Wildfly running on
> domain on a server and a keycloak on another server. I set the adapters on
> my wildfly and deploy, to this wildfly, a web app that uses keycloak. When I
> try to access the web app it displays the keycloak login, it validates the
> users ok, but when you access with a correct user and password it shows the
> "403 - Forbidden". At first I thought it was some issue with the roles, but
> that didn't fix it.
>
> Regards
>
> On Fri, Nov 14, 2014 at 10:20 AM, Fabián Silva < afsg77 at gmail.com > wrote:
>
>
>
> Hi,
> It is already set to use the absolute path. And the keycloak is working when
> I deploy the application to my local wildfly domain. The issue is when I try
> to deploy to another wildfly in domain mode on a separate server. The
> application is the same and the only difference I can tell from the two
> wildflys is that the local don't have the SSL/HTTPS enabled. I have the
> keycloak adapter set in both domains.
>
> I'm trying to trace those errors on the keycloak code to try to understand
> what is happening, but I haven't been so lucky with this.
>
> Regards
> Alejandro Fabián Silva Grifé
>
> On Fri, Nov 14, 2014 at 2:27 AM, Marek Posolda < mposolda at redhat.com > wrote:
>
>
>
> Hi,
>
> it failed on the adapter (application) side and error 404 means "Not found".
> So adapter can't find the keycloak server to turn code into token. Make sure
> to configure "auth-server-url" in keycloak.json for your application
> properly. If relative uri doesn't work for some reason, you can rather try
> to use absolute uri for auth-server-url like "https://localhost:8443/auth" .
>
> Marek
>
>
> On 14.11.2014 01:31, Fabián Silva wrote:
>
>
>
> I have a keycloak installed on wildfly standalone. I'm trying to deploy an
> application, that use this keycloak, on a separate server with wilflly
> running on domain mode. I tried first to deploy on a domain out of the box
> on my local machine, setting the keycloak-wildfly-adapter-dist-1.0.4.Final.
> It deploys fine and does the authentication without any issues. When I try
> to migrate it to the server running my wilfly (also in domain mode and the
> keycloak adapter set), it deploys fine and shows the keycloak login once you
> enter the application. But the problem is that when you login it displays a
> "403 - Forbidden" and on the log I'm seeing
> ERROR [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-6)
> failed to turn code into token
> ERROR [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-6)
> status from server: 404
> The only difference between those two wildfly domain mode is that in the
> local I don't have the the SSL/HTTPS enabled.
>
> Have anyone seen this error? or have an idea of what this could be?
>
> Regards
>
>
> _______________________________________________
> keycloak-user mailing list keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
>
>
> _______________________________________________
> keycloak-user mailing list keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list