[keycloak-user] What can bring this error "failed to turn code into token" over and over again?
Mai Zi
ornot2008 at yahoo.com
Wed Jan 20 03:57:39 EST 2016
Hi, Alexander,
We deploy the client application server (wildfly) and auth server (keycloak) in the same machine. The web app url is : http://ourhost.com/hello/index.html the auth server is https://ourhost.com/auth
then the setup in keycloak.json should be :
"auth-server-url": "/auth",
"auth-server-url-for-backend-requests": "https://ourhost/auth"
This can reduce the round trip?
Thanks a lot
On Wednesday, January 20, 2016 3:56 PM, Alexander Schwartz <alexander.schwartz at gmx.net> wrote:
During the last phase of OAuth negotation the client application (here: wildfly) will contact the oauth server (here: keycloak) to change the code into a token. In order to work the client application (here: wildfly) must be able to contact the keycloak server using the auth-server-url given in keycloak.json. If this URL is only accessible browsers from external / via a load balancer, and client application should use a different (direct) URL to reach the keycloak server you can specify auth-server-url-for-backend-requests in your keycloak.json Best regards,Alexander --
Alexander Schwartz (alexander.schwartz at gmx.net)
http://www.ahus1.de Gesendet: Mittwoch, 20. Januar 2016 um 05:23 Uhr
Von: "Mai Zi" <ornot2008 at yahoo.com>
An: Keycloak-user <keycloak-user at lists.jboss.org>
Betreff: [keycloak-user] What can bring this error "failed to turn code into token" over and over again?We get lots of errors like this: 2016-01-20 12:02:37,441 ERROR [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-1) failed to turn code into token: java.net.SocketException: Connection timed out and which makes the login slow or failed . We are using keycloak 1.7.0 final and broke a SAML 2.0 IDP (ADFS). The wildfly app server and keycloak both are standalone.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160120/063aa334/attachment.html
More information about the keycloak-user
mailing list