[keycloak-user] KC 1.9.4 Error during

Marek Posolda mposolda at redhat.com
Wed Jun 1 03:02:09 EDT 2016


Yes, that's possible. According to http://www.ietf.org/rfc/rfc952.txt 
the underscore is not valid character in hostname. Maybe it causes 
issues with Apache HTTP client. If you have possibility to remove 
underscore, it worth a try though.

Marek

On 31/05/16 16:21, Gregory Orciuch wrote:
> Hi,
> I dont get it. How the truststore/keystore properties are related to 
> not having hostname in the returned URL ?
>
> truststore is usually taken by java low level SSL stack (unless 
> KeyCloak using own ssl stack) and even if wrong it does produce PKIX 
> exception which is not in Emil's stack trace.
>
> I suspect the underscore "_" in the  "auth-server-url" or, the name is 
> not resolved by DNS from KeyCloak server perspective.
>
> BR,
> Gregory
>
>
> 2016-05-31 15:05 GMT+02:00 Marek Posolda <mposolda at redhat.com 
> <mailto:mposolda at redhat.com>>:
>
>     Does your keycloak server have certificate signed by known CA
>     authority or are you using some self-signed? If you have
>     self-signed, you also need to configure truststore. See
>     http://keycloak.github.io/docs/userguide/keycloak-server/html/ch08.html#adapter-config
>     and especially properties related to truststore.
>
>     Marek
>
>     On 31/05/16 15:00, Emil Posmyk wrote:
>>     sorry, i forgot to finish title
>>
>>     {
>>       "realm": "Brandpath",
>>       "realm-public-key": "key.....",
>>       "auth-server-url": "https://sabdev_oms.brandpath.net/auth",
>>       "ssl-required": "external",
>>       "resource": "oms-web",
>>       "credentials": {
>>         "secret": "secret"
>>       },
>>       "use-resource-role-mappings": true
>>     }
>>
>>
>>
>>     regards
>>     /--/
>>     /Emil Posmyk
>>
>>     /
>>
>>     2016-05-31 14:26 GMT+02:00 Marek Posolda <mposolda at redhat.com
>>     <mailto:mposolda at redhat.com>>:
>>
>>         How is "auth-server-url" in your keycloak.json configured? If
>>         you're using relative URI, then you can maybe try to use
>>         absolute URI and see if it help?
>>
>>         Marek
>>
>>
>>         On 31/05/16 14:19, Emil Posmyk wrote:
>>>         Hello
>>>
>>>         I'm reciving error when I try login to our application:
>>>         ClientProtocolException: URI does not specify a valid host
>>>         name: https:/auth/realms/Brandpath/protocol/openid-connect/token
>>>         Http protocol is working fine, no errors, but using https I
>>>         recive each time uri without host name.
>>>         Auth page is working fine.
>>>
>>>         What can cause that error ?
>>>
>>>
>>>         14:59:22,937 ERROR
>>>         [org.keycloak.adapters.OAuthRequestAuthenticator] (default
>>>         task-2) failed to turn code into token:
>>>         org.apache.http.client.ClientProtocolException: URI does not
>>>         specify a valid host name:
>>>         https:/auth/realms/Brandpath/protocol/openid-connect/token
>>>         [Server:ms-server1]     at
>>>         org.apache.http.impl.client.CloseableHttpClient.determineTarget(CloseableHttpClient.java:94)
>>>         [Server:ms-server1]     at
>>>         org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
>>>         [Server:ms-server1]     at
>>>         org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107)
>>>         [Server:ms-server1]     at
>>>         org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55)
>>>         [Server:ms-server1]     at
>>>         org.keycloak.adapters.ServerRequest.invokeAccessCodeToToken(ServerRequest.java:107)
>>>         [Server:ms-server1]     at
>>>         org.keycloak.adapters.OAuthRequestAuthenticator.resolveCode(OAuthRequestAuthenticator.java:314)
>>>         [Server:ms-server1]     at
>>>         org.keycloak.adapters.OAuthRequestAuthenticator.authenticate(OAuthRequestAuthenticator.java:260)
>>>         [Server:ms-server1]     at
>>>         org.keycloak.adapters.RequestAuthenticator.authenticate(RequestAuthenticator.java:112)
>>>         [Server:ms-server1]     at
>>>         org.keycloak.adapters.undertow.AbstractUndertowKeycloakAuthMech.keycloakAuthenticate(AbstractUndertowKeycloakAuthMech.java:110)
>>>         [Server:ms-server1]     at
>>>         org.keycloak.adapters.undertow.ServletKeycloakAuthMech.authenticate(ServletKeycloakAuthMech.java:92)
>>>         [Server:ms-server1]     at
>>>         io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:233)
>>>         [Server:ms-server1]     at
>>>         io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:250)
>>>         [Server:ms-server1]     at
>>>         io.undertow.security.impl.SecurityContextImpl$AuthAttempter.access$100(SecurityContextImpl.java:219)
>>>         [Server:ms-server1]     at
>>>         io.undertow.security.impl.SecurityContextImpl.attemptAuthentication(SecurityContextImpl.java:121)
>>>         [Server:ms-server1]     at
>>>         io.undertow.security.impl.SecurityContextImpl.authTransition(SecurityContextImpl.java:96)
>>>         [Server:ms-server1]     at
>>>         io.undertow.security.impl.SecurityContextImpl.authenticate(SecurityContextImpl.java:89)
>>>         [Server:ms-server1]     at
>>>         io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:55)
>>>         [Server:ms-server1]     at
>>>         io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:33)
>>>         [Server:ms-server1]     at
>>>         io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>>>         [Server:ms-server1]     at
>>>         io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:51)
>>>         [Server:ms-server1]     at
>>>         io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
>>>         [Server:ms-server1]     at
>>>         io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
>>>         [Server:ms-server1]     at
>>>         io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:56)
>>>         [Server:ms-server1]     at
>>>         io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
>>>         [Server:ms-server1]     at
>>>         io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
>>>         [Server:ms-server1]     at
>>>         io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
>>>         [Server:ms-server1]     at
>>>         io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
>>>         [Server:ms-server1]     at
>>>         io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>>>         [Server:ms-server1]     at
>>>         org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
>>>         [Server:ms-server1]     at
>>>         io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>>>         [Server:ms-server1]     at
>>>         org.wildfly.mod_cluster.undertow.metric.RunningRequestsHttpHandler.handleRequest(RunningRequestsHttpHandler.java:69)
>>>         [Server:ms-server1]     at
>>>         org.keycloak.adapters.undertow.ServletPreAuthActionsHandler.handleRequest(ServletPreAuthActionsHandler.java:69)
>>>         [Server:ms-server1]     at
>>>         io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>>>         [Server:ms-server1]     at
>>>         io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:284)
>>>         [Server:ms-server1]     at
>>>         io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:263)
>>>         [Server:ms-server1]     at
>>>         io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
>>>         [Server:ms-server1]     at
>>>         io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:174)
>>>         [Server:ms-server1]     at
>>>         io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
>>>         [Server:ms-server1]     at
>>>         io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:793)
>>>         [Server:ms-server1]     at
>>>         java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
>>>         [Server:ms-server1]     at
>>>         java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
>>>         [Server:ms-server1]     at java.lang.Thread.run(Thread.java:745)
>>>
>>>         /
>>>         regards/
>>>         /--/
>>>         /Emil Posmyk
>>>         /
>>>
>>>
>>>         _______________________________________________
>>>         keycloak-user mailing list
>>>         keycloak-user at lists.jboss.org
>>>         <mailto:keycloak-user at lists.jboss.org>
>>>         https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>>
>
>
>     _______________________________________________
>     keycloak-user mailing list
>     keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org>
>     https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160601/ffe2fee1/attachment.html 


More information about the keycloak-user mailing list