[keycloak-user] Problems when using Javascript Adapter

LEONARDO NUNES leo.nunes at gjccorp.com.br
Tue Feb 16 12:19:15 EST 2016 

Renann, thanks you for your replay.
Now that i'm using just Javascript Adapter i'm not having the CORS issue anymore.
My doubt now is the last email I sent.


--
Leonardo Nunes


From: Renann Prado <prado.renann at gmail.com<mailto:prado.renann at gmail.com>>
Date: terça-feira, 16 de fevereiro de 2016 15:00
To: Leonardo Nunes <leo.nunes at gjccorp.com.br<mailto:leo.nunes at gjccorp.com.br>>
Cc: "stian at redhat.com<mailto:stian at redhat.com>" <stian at redhat.com<mailto:stian at redhat.com>>, "keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>" <keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>>
Subject: Re: [keycloak-user] Problems when using Javascript Adapter


If you are not running on the CORS issue, have you tried to set your web origins properly?
Remember that http://localhost:8080 != localhost:8080

On Feb 16, 2016 14:55, "LEONARDO NUNES" <leo.nunes at gjccorp.com.br<mailto:leo.nunes at gjccorp.com.br>> wrote:
Stian, so how do I restrict URLs?
Do I need to place the keycloakAuth.init({ onLoad: 'login-required' }) at all pages I what to restrict and keycloakAuth.init({ onLoad: 'check-sso' }) at pages not restricted?

Does keycloakAuth.init({ onLoad: 'login-required' }) really login the user every time it's called?
Because my listener that implements EventListenerProvider enters the onEvent with EventType LOGIN every time init method is called.


--
Leonardo Nunes

From: Stian Thorgersen <sthorger at redhat.com<mailto:sthorger at redhat.com>>
Reply-To: "stian at redhat.com<mailto:stian at redhat.com>" <stian at redhat.com<mailto:stian at redhat.com>>
Date: terça-feira, 16 de fevereiro de 2016 14:27
To: Leonardo Nunes <leo.nunes at gjccorp.com.br<mailto:leo.nunes at gjccorp.com.br>>
Cc: Bruno Oliveira <bruno at abstractj.org<mailto:bruno at abstractj.org>>, "keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>" <keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>>
Subject: Re: [keycloak-user] Problems when using Javascript Adapter

Your HTML5 application should use the JavaScript adapter, not both as you are doing now. That is why you are getting a endless redirect loop as both adapters just keep trying to login.

On 16 February 2016 at 13:23, LEONARDO NUNES <leo.nunes at gjccorp.com.br<mailto:leo.nunes at gjccorp.com.br>> wrote:
Bruno thanks for the replay.
I have tried the cors example application and it works fine.
When I configure my application to login the way cors example application does, it works also.

The problem I see is that it calls the init method with the login-required, and this causes every page load to login again.
I have an event listener adapter that sends a request to our statistics server after every login, when I use the onLoad: 'login-required' then on every page load the listener for login is called.
keycloakAuth.init({ onLoad: 'login-required' })

One thing got confused is, when I use the Javascript Adapter, then I don't have to configure keycloak at the web.xml?
Or can I still configure at the web.xml, define the restricted urls and also use the Javascript Adapter?

I might be using the Javascript Adapter not the way it was designed to be used.


--
Leonardo Nunes


From: Bruno Oliveira <bruno at abstractj.org<mailto:bruno at abstractj.org>>
Date: terça-feira, 16 de fevereiro de 2016 09:49
To: Leonardo Nunes <leo.nunes at gjccorp.com.br<mailto:leo.nunes at gjccorp.com.br>>, "keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>" <keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>>
Subject: Re: [keycloak-user] Problems when using Javascript Adapter

I believe that your issue is related to CORS, take a look at the examples https://github.com/keycloak/keycloak/tree/master/examples/cors and the documentation as well http://keycloak.github.io/docs/userguide/keycloak-server/html/cors.html.


On Tue, Feb 16, 2016 at 9:44 AM LEONARDO NUNES <leo.nunes at gjccorp.com.br<mailto:leo.nunes at gjccorp.com.br>> wrote:
Hi, I'm having a problem when using the Javascript Adapter with an application deployed on Tomcat 7 at localhost:8088 and using Keycloak 1.8.0.CR3 on localhost:8080.

I get the following error at the browser console when trying to call the keycloak.loadUserProfile() method.
XMLHttpRequest cannot load http://localhost:8080/auth/realms/demo/account. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:8088' is therefore not allowed access. The response had HTTP status code 403.

And this when I try to call keycloak.loadUserProfile() method.
XMLHttpRequest cannot load http://localhost:8080/auth/realms/demo/protocol/openid-connect/userinfo. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:8088' is therefore not allowed access. The response had HTTP status code 403.

Details:

- If I don't login using keycloak.login() and just navigate to a restricted page configured at the web.xml and login, after i'm redirected to the restricted page if I try to call keycloak.loadUserProfile() I get the same error.
- If I login using keycloak.login() and then call keycloak.loadUserProfile() or keycloak.loadUserProfile() it works.
- If I navigate to another page and try to call keycloak.loadUserProfile() or keycloak.loadUserProfile() I get the same error.
- It only works right after I login, if I navigate to another page it won't work anymore.

This is my keycloak.json file
{
  "realm": "demo",
  "realm-public-key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
  "auth-server-url": "http://localhost:8080/auth",
  "ssl-required": "external",
  "resource": "accounts-teste",
  "public-client": true,
  "enable-cors": true
}


--
Leonardo Nunes
________________________________
Esta mensagem pode conter informação confidencial e/ou privilegiada. Se você não for o destinatário ou a pessoa autorizada a receber esta mensagem, não poderá usar, copiar ou divulgar as informações nela contidas ou tomar qualquer ação baseada nessas informações. Se você recebeu esta mensagem por engano, por favor avise imediatamente o remetente, respondendo o e-mail e em seguida apague-o. Agradecemos sua cooperação.

This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation
_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user

_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user


_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160216/cb36d084/attachment.html

More information about the keycloak-user mailing list