[keycloak-user] Fwd: Help troubleshooting config

Stian Thorgersen stian at redhat.com
Wed Apr 1 02:58:39 EDT 2015



----- Original Message -----
> From: "Sebastian Lorenz" <sebastian.p.lorenz at gmail.com>
> To: keycloak-user at lists.jboss.org
> Sent: Wednesday, 1 April, 2015 8:52:25 AM
> Subject: [keycloak-user] Fwd:  Help troubleshooting config
> 
> Hi Tom,
> 
> I'm also quite new to Keycloak and had some trouble setting it up in the
> beginning.
> That's why I wrote a small tutorial http://sebplorenz.blogspot.de/
> Maybe it is of help for you.
> 
> Since you are not redirected to Keycloak at all, I would assume that either:
> 
> 1. Your web resource is not listed in the <security-constraint> element in
> web.xml or

I'd say this is the problem - as 2 and 3 would result in errors not leaving the resource unsecured

> 2. Your <auth-method> is not set to Keycloak in web.xml or
> 3. Keycloak is not configured correctly in your standalone.xml server
> configuration and therefore does not interrupt the access to the resource.
> 
> Good Luck. Sebastian
> 
> 
> 
> ---------- Weitergeleitete Nachricht ----------
> From: Thomas LaPorte < Thomas.LaPorte at dreamworks.com >
> To: keycloak-user at lists.jboss.org
> Cc:
> Date: Tue, 31 Mar 2015 15:05:32 -0700
> Subject: Re: [keycloak-user] Help troubleshooting config
> Thanks to a list member for some debug setup help, I'm getting much more
> information.
> 
> Now I can see (and confirm my suspicion), that something is not right and my
> resource is unprotected.
> 
> For the example customer-portal app, I see that after the "callback-uri: ..."
> message, I get a "Sending redirect to login page:..." message.
> 
> For my app, it goes directly to "AuthenticatedActionsValve.invoke"
> 
> -- Tom
> 
> On Tue, Mar 31, 2015 at 2:49 PM, Guy Davis < guydavis.ca at gmail.com > wrote:
> 
> 
> 
> Hi Thomas,
> 
> To dial up logging, try adding this to your standalone.xml file in the
> logging subsystem and re-starting your Wildfly instance:
> 
> <logger category="org.keycloak">
> <level name="DEBUG"/>
> </logger>
> 
> Then, be sure you have the right configuration in your web.xml of your test
> WAR file. See the docs here for details.
> 
> Hope this helps,
> Guy
> 
> 
> On Tue, Mar 31, 2015 at 3:30 PM, Thomas LaPorte <
> Thomas.LaPorte at dreamworks.com > wrote:
> 
> 
> 
> Apologies for cutting off by hitting send prematurely.
> 
> 
> 
> On Tue, Mar 31, 2015 at 2:26 PM, Thomas LaPorte <
> Thomas.LaPorte at dreamworks.com > wrote:
> 
> 
> 
> Greetings. I'm a first-time user of Keycloak, trying to set up a simple
> demonstration after the examples, however, I'm having 0% success in getting
> my configuration correct enough such that my web resource is protected.
> 
> I have reduced my setup all the way down to a basic "HelloWorld.jsp" in a WAR
> file that is deployed into the standalone Wildfly server that is also
> hosting the Keycloak server.
> 
> I am convinced that it is a configuration step being missed somewhere, as I
> can always access my URL without intervention from the Keycloak server.
> 
> My WAR file consists of the following:
> 
> 0 Tue Mar 31 14:20:20 PDT 2015 META-INF/
> 68 Tue Mar 31 14:20:20 PDT 2015 META-INF/MANIFEST.MF
> 0 Tue Mar 31 14:08:34 PDT 2015 WEB-INF/
> 1584 Tue Mar 31 09:47:52 PDT 2015 WEB-INF/web.xml
> 491 Tue Mar 31 14:08:34 PDT 2015 WEB-INF/keycloak.json
> 308 Tue Mar 31 14:20:18 PDT 2015 index.jsp
> 
> I have added my application to the demo realm by copying the customer-portal
> application stanza, and replacing the "customer-portal" with my app name:
> 
> {
> "name": "goalkeepers",
> "enabled": true,
> "adminUrl": "/goalkeepers",
> "baseUrl": "/goalkeepers",
> "redirectUris": [
> "/goalkeepers/*"
> ],
> "secret": "password"
> }
> At this stage I am just looking for suggestions on how best to troubleshoot
> my configuration? What logging properties can I set to enable more
> debugging? Or where else can I look for some clues as to the errors in my
> configuration?
> 
> I fear I am missing something extremely fundamental, but I can't for the life
> of me see what it is.
> 
> - Tom
> 
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
> 
> 
> 
> 
> 
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user


More information about the keycloak-user mailing list