[keycloak-user] keycloak proxy server
Chen Keong Yap
chenkeong.yap at izeno.com
Mon Feb 23 23:47:36 EST 2015
i managed to resolve the issue by setting.
"disable-trust-manager": true
now there are 2 more issues.
1) proxy is redirecting to actual app but is not consistent. sometimes can
redirect but sometimes prompted a download file.
2) noticed
KEYCLOAK_USERNAME is not set in the cookie
On Tue, Feb 24, 2015 at 12:25 PM, Chen Keong Yap <chenkeong.yap at izeno.com>
wrote:
>
> i've already added ssl cert to java cacerts. do you have any ideas what
> went wrong?
>
>
>
> INFO: XNIO NIO Implementation Version 3.3.0.Final
> Feb 24, 2015 12:23:54 PM org.keycloak.adapters.OAuthRequestAuthenticator
> resolve
> Code
> ERROR: failed to turn code into token
> javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
> at
> sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.ja
> va:397)
> at
> org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.jav
> a:128)
> at
> org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFact
> ory.java:572)
> at
> org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnect
> ion(DefaultClientConnectionOperator.java:180)
> at
> org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.ja
> va:151)
> at
> org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPool
> edConnAdapter.java:125)
> at
> org.apache.http.impl.client.DefaultRequestDirector.tryConnect(Default
> RequestDirector.java:640)
> at
> org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultReq
> uestDirector.java:479)
> at
> org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpCl
> ient.java:906)
> at
> org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpCl
> ient.java:805)
> at
> org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpCl
> ient.java:784)
> at
> org.keycloak.adapters.ServerRequest.invokeAccessCodeToToken(ServerReq
> uest.java:122)
> at
> org.keycloak.adapters.ServerRequest.invokeAccessCodeToToken(ServerReq
> uest.java:95)
> at
> org.keycloak.adapters.OAuthRequestAuthenticator.resolveCode(OAuthRequ
> estAuthenticator.java:261)
> at
> org.keycloak.adapters.OAuthRequestAuthenticator.authenticate(OAuthReq
> uestAuthenticator.java:208)
> at
> org.keycloak.adapters.RequestAuthenticator.authenticate(RequestAuthen
> ticator.java:90)
>
> On Mon, Feb 23, 2015 at 6:31 PM, Chen Keong Yap <chenkeong.yap at izeno.com>
> wrote:
>
>> Just wondering is there any issues with the keycloak proxy. Step 4 and 5
>> not happening
>> On Feb 20, 2015 10:21 PM, "Schneider, John DODGE CONSULTING SERVICES,
>> LLC" <John.Schneider at carrier.utc.com> wrote:
>>
>>> Hi,
>>>
>>>
>>>
>>> I’m also experimenting with the proxy server. Its working perfectly for
>>> some target URL’s, but I’m getting 404 errors for other known-valid URL’s.
>>> No idea if this is the root cause or not, but I think there’s a correlation
>>> between target servers that serve virtual hosts and require either absolute
>>> paths in the HTTP GET, or the Host header as defined in HTTP 1.1. The
>>> proxy seems to be fine whenever I can telnet to a server and receive a
>>> successful GET response without specifying the host.
>>>
>>>
>>>
>>> Is there any way to trigger proxy logging or more verbose output? This
>>> would be very useful for troubleshooting this and other foreseeable issues.
>>>
>>>
>>>
>>> Thanks,
>>>
>>> John
>>>
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20150224/c8c8e349/attachment-0001.html
More information about the keycloak-user
mailing list