[keycloak-user] (no subject)
Gareth Healy
gahealy at redhat.com
Thu Jun 2 10:07:23 EDT 2016
Just released i was using the wrong url-pattern. All good.
On Thu, Jun 2, 2016 at 2:28 PM, Gareth Healy <gahealy at redhat.com> wrote:
> I am trying to secure a URL with KeyCloak, backed by Kerberos. I've
> followed the below link, but sadly not not seeing what i would expect.
>
>
> -
> https://github.com/keycloak/keycloak-documentation/blob/master/topics/jboss-adapter.adoc#required-per-war-configuration
>
> The exploded war web.xml contains:
>
> <?xml version="1.0" encoding="UTF-8"?>
> <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="
> http://java.sun.com/xml/ns/javaee"
> xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
> xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
> http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
> version="2.5">
>
> <listener>
>
> <listener-class>io.apiman.gateway.platforms.war.listeners.WarGatewayBootstrapper</listener-class>
> </listener>
>
> <!-- Gateway Servlet -->
> <servlet>
> <servlet-name>GatewayServlet</servlet-name>
>
> <servlet-class>io.apiman.gateway.platforms.war.servlets.WarGatewayServlet</servlet-class>
> </servlet>
> <servlet-mapping>
> <servlet-name>GatewayServlet</servlet-name>
> <url-pattern>/*</url-pattern>
> </servlet-mapping>
>
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>apiman-gateway</web-resource-name>
> <url-pattern>/apiman-gateway/*</url-pattern>
> </web-resource-collection>
> <auth-constraint>
> <role-name>user</role-name>
> </auth-constraint>
> <user-data-constraint>
> <transport-guarantee>CONFIDENTIAL</transport-guarantee>
> </user-data-constraint>
> </security-constraint>
>
>
> <login-config>
> <auth-method>KEYCLOAK</auth-method>
> <realm-name>this is ignored currently</realm-name>
> </login-config>
>
> <security-role>
> <role-name>user</role-name>
> </security-role>
>
> </web-app>
>
>
> And the keycloak.json file in the WEB-INF folder contains:
>
> {
> "realm": "apiman",
> "realm-public-key":
> "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxyG61ohrfJQKNmDA/ePZtqZVpPXjwn3k3T+iWiTvMsxW2+WlnqIEmL5qZ09DMhBH9r50WZRO2gVoCb657Er9x0vfD6GNf/47XU2y33TX8axhP+hSwkv/VViaDlu4jQrfgPWz/FXMjWIZxg1xQS+nOBF2ScCRYWNQ/ZnUNnvrq8dGC2/AlyeYcgDUOdwlJuvgkGlF0QoVPQiRPurR3RwlG+BjL8JB3hbaAZhdJqwqApmGQbcpgLj2tODnlrZnEAp5cPPU/lgqCE1OOp78BAEiE91ZLPl/+D8qDHk+Maz0Io3bkeRZMXPpvtbL3qN+3GlF8Yz264HDSsTNrH+nd19tFQIDAQAB",
> "auth-server-url": "https://reuxgbls359:8443/auth",
> "ssl-required": "none",
> "resource": "apiman-gateway",
> "public-client": true
> }
>
>
> When i hit the URL, i see the below debug:
>
> 2016-06-02 13:20:10,460 DEBUG
> [org.keycloak.adapters.PreAuthActionsHandler] (default task-43)
> adminRequest https://reuxgbls359:8443/apiman-gateway/bp/mapping/1.0?wsdl
> 2016-06-02 13:20:10,461 DEBUG
> [org.keycloak.adapters.undertow.ServletSessionTokenStore] (default task-43)
> session was null, returning null
> 2016-06-02 13:20:10,461 DEBUG
> [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-43) there
> was no code
> 2016-06-02 13:20:10,461 DEBUG
> [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-43)
> redirecting to auth server
> 2016-06-02 13:20:10,462 DEBUG
> [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-43)
> callback uri: https://reuxgbls359:8443/apiman-gateway/bp/mapping/1.0?wsdl
> 2016-06-02 13:20:10,463 DEBUG
> [org.keycloak.adapters.AuthenticatedActionsHandler] (default task-43)
> AuthenticatedActionsValve.invoke
> https://reuxgbls359:8443/apiman-gateway/bp/mapping/1.0?wsdl
>
>
> But i never get redirected to the auth/login page.
>
> Any ideas what i am doing wrong?
>
> --
> Gareth Healy
> UKI Middleware Consultant
> Red Hat UK Ltd
> 200 Fowler Avenue
> Farnborough, Hants
> GU14 7JP, UK
>
> Mobile: +44(0)7818511214
> E-Mail: gahealy at redhat.com
>
> Registered in England and Wales under Company Registration No. 03798903
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
--
Gareth Healy
UKI Middleware Consultant
Red Hat UK Ltd
200 Fowler Avenue
Farnborough, Hants
GU14 7JP, UK
Mobile: +44(0)7818511214
E-Mail: gahealy at redhat.com
Registered in England and Wales under Company Registration No. 03798903
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160602/63b9601b/attachment.html
More information about the keycloak-user
mailing list