[keycloak-user] keycloak configuration
Stian Thorgersen
sthorger at redhat.com
Tue Mar 22 12:29:15 EDT 2016
Could you elaborate on what is missing from the documentation? That would
be helpful.
On 22 Mar 2016 12:05, "Pavlos Kleanthous" <parsectix at gmail.com> wrote:
> Dear all,
>
> I dropped the project at the moment. The lack of documentation is too time
> consuming.
>
> Hope that soon keycloak will have it.
>
>
> On Fri, Mar 18, 2016 at 1:52 PM, Stian Thorgersen <sthorger at redhat.com>
> wrote:
>
>> What adapter? Is the server and client adapter both 1.9.1? We did
>> recently deprecate some OIDC endpoints. I think ../login is gone and it
>> should be ../auth. So if you are using an old adapter that may be the issue.
>> On 18 Mar 2016 2:20 p.m., "Pavlos Kleanthous" <parsectix at gmail.com>
>> wrote:
>>
>>> Yours.
>>>
>>> I configured the realm with the same settings on both versions 1.9.1
>>> and 1.8.1.
>>>
>>>
>>> On Fri, Mar 18, 2016 at 11:58 AM, Stian Thorgersen <sthorger at redhat.com>
>>> wrote:
>>>
>>>> Client ID has nothing to do with this issue as it would show an login
>>>> error page not a not found. So must be either realm name or another part of
>>>> URL is wrong.
>>>>
>>>> Are you using our adapters or another library atm?
>>>>
>>>> I'm answering on my phone on the plane so can't look into it more atm.
>>>> On 17 Mar 2016 10:00, "Pavlos Kleanthous" <parsectix at gmail.com> wrote:
>>>>
>>>>> Hi,
>>>>>
>>>>> In jenkins, I'm pasting the JSON configuration that it can found
>>>>> inside "Installation" tab.
>>>>>
>>>>> Instead of using keycloak client plugins, can I use a generic oauth
>>>>> plugin in my apps? How can I configure my keycloak for this?
>>>>> i.e. Instead of using google's oauth URL use my own pointing to
>>>>> keycloak.
>>>>>
>>>>>
>>>>> On Wed, Mar 16, 2016 at 1:29 PM, Marko Strukelj <mstrukel at redhat.com>
>>>>> wrote:
>>>>>
>>>>>> In your jenkins realm - under Clients do you have a client called
>>>>>> 'ci'? That's the client_id used in your request.
>>>>>>
>>>>>> AFAIK nothing changed in this part of the code since 1.8.1.
>>>>>> On Mar 16, 2016 12:04 PM, "Pavlos Kleanthous" <parsectix at gmail.com>
>>>>>> wrote:
>>>>>>
>>>>>>> yes I can.
>>>>>>>
>>>>>>> Please note that this is a problem of version 1.9.1.
>>>>>>> I have tried now version 1.8.1 and it redirect me to keycloak.
>>>>>>>
>>>>>>> p.s. I'm using the official containers from docker hub.
>>>>>>>
>>>>>>> On Wed, Mar 16, 2016 at 10:56 AM, Marko Strukelj <
>>>>>>> mstrukel at redhat.com> wrote:
>>>>>>>
>>>>>>>> Are you able to login into admin console at:
>>>>>>>> http://192.168.99.100:32786/auth
>>>>>>>>
>>>>>>>> And you see the realm called 'jenkins' there?
>>>>>>>> On Mar 16, 2016 11:32 AM, "Pavlos Kleanthous" <parsectix at gmail.com>
>>>>>>>> wrote:
>>>>>>>>
>>>>>>>>> Hi guys adding to this. Please see the HTTP requests and responses.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> 1. Request URL:
>>>>>>>>>
>>>>>>>>> http://192.168.99.100:32769/securityRealm/commenceLogin?from=%2F
>>>>>>>>> 2. Request Method:
>>>>>>>>> GET
>>>>>>>>> 3. Status Code:
>>>>>>>>> 302 Found
>>>>>>>>> 4. Remote Address:
>>>>>>>>> 192.168.99.100:32769
>>>>>>>>> 1. Response Headersview source
>>>>>>>>> 1. Content-Length:
>>>>>>>>> 0
>>>>>>>>> 2. Location:
>>>>>>>>>
>>>>>>>>> http://192.168.99.100:32786/auth/realms/jenkins/protocol/openid-connect/login?client_id=ci&redirect_uri=http%3A%2F%2F192.168.99.100%3A32769%2FsecurityRealm%2FfinishLogin&state=cb0b57c5-c160-4861-ab36-ed1835e4b184
>>>>>>>>> 3. Server:
>>>>>>>>> Jetty(winstone-2.9)
>>>>>>>>> 4. X-Content-Type-Options:
>>>>>>>>> nosniff
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> 1. Request URL:
>>>>>>>>>
>>>>>>>>> http://192.168.99.100:32786/auth/realms/jenkins/protocol/openid-connect/login?client_id=ci&redirect_uri=http%3A%2F%2F192.168.99.100%3A32769%2FsecurityRealm%2FfinishLogin&state=cb0b57c5-c160-4861-ab36-ed1835e4b184
>>>>>>>>> 2. Request Method:
>>>>>>>>> GET
>>>>>>>>> 3. Status Code:
>>>>>>>>> *404 Not Found*
>>>>>>>>> 4. Remote Address:
>>>>>>>>> 192.168.99.100:32786
>>>>>>>>> 1. Response Headersview source
>>>>>>>>> 1. Connection:
>>>>>>>>> keep-alive
>>>>>>>>> 2. Content-Length:
>>>>>>>>> 0
>>>>>>>>> 3. Date:
>>>>>>>>> Wed, 16 Mar 2016 10:30:40 GMT
>>>>>>>>> 4. Server:
>>>>>>>>> WildFly/10
>>>>>>>>> 5. X-Powered-By:
>>>>>>>>> Undertow/1
>>>>>>>>> 2. Request Headersview source
>>>>>>>>> 1. Accept:
>>>>>>>>>
>>>>>>>>> text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
>>>>>>>>> 2. Accept-Encoding:
>>>>>>>>> gzip, deflate, sdch
>>>>>>>>> 3. Accept-Language:
>>>>>>>>> en-US,en;q=0.8,el;q=0.6
>>>>>>>>> 4. Connection:
>>>>>>>>> keep-alive
>>>>>>>>> 5. Cookie:
>>>>>>>>> KEYCLOAK_STATE_CHECKER=VJrM9jv37wPkh_NmI101cofXzDzfVqK-MNEmt9V5Hic;
>>>>>>>>> KC_RESTART=eyJhbGciOiJIUzI1NiJ9.eyJjcyI6IjhlYWY3ZjM2LWZhOGMtNGFiZi04ZDQ0LWVlN2RlODI0ZmE2NyIsImNpZCI6ImFjY291bnQiLCJwdHkiOiJvcGVuaWQtY29ubmVjdCIsInJ1cmkiOiJodHRwOi8vMTkyLjE2OC45OS4xMDA6MzI3ODYvYXV0aC9yZWFsbXMvamVua2lucy9hY2NvdW50L2xvZ2luLXJlZGlyZWN0IiwiYWN0IjoiQVVUSEVOVElDQVRFIiwibm90ZXMiOnsiYWN0aW9uX2tleSI6IjIyMGExNzllLWM1OGQtNDAyOS1hMmIwLTQ5MmI3MTVkMWI3ZiIsImF1dGhfdHlwZSI6ImNvZGUiLCJpc3MiOiJodHRwOi8vMTkyLjE2OC45OS4xMDA6MzI3ODYvYXV0aC9yZWFsbXMvamVua2lucyIsInJlc3BvbnNlX3R5cGUiOiJjb2RlIiwicmVkaXJlY3RfdXJpIjoiaHR0cDovLzE5Mi4xNjguOTkuMTAwOjMyNzg2L2F1dGgvcmVhbG1zL2plbmtpbnMvYWNjb3VudC9sb2dpbi1yZWRpcmVjdCIsInN0YXRlIjoiMC8zMjFhMDk0Zi03ODYwLTRkOTAtOWU4Yy1iMmM5ZmFkYWVjZmIifX0.QAucuHQLj_-5s3dgnFaxDenigQ9FnaP6DEyOvd8v2Yo;
>>>>>>>>> KEYCLOAK_IDENTITY=eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiJmYjc3NDc0NS1jNDA4LTQ5ODctYjE2My03NWFiNTc1YmYzYTMiLCJleHAiOjE0NTgxNTczNDcsIm5iZiI6MCwiaWF0IjoxNDU4MTIxMzQ3LCJpc3MiOiJodHRwOi8vMTkyLjE2OC45OS4xMDA6MzI3ODYvYXV0aC9yZWFsbXMvamVua2lucyIsInN1YiI6ImM1ZWU4OGQ2LTE1Y2MtNDMwOS1hMjdjLTBmYjAwMmI2NDA2YiIsInNlc3Npb25fc3RhdGUiOiJkMDkxYzNkMi04YzQ0LTQyMTEtYWEyNi1lM2Y3ZmRhY2I1YWUiLCJyZXNvdXJjZV9hY2Nlc3MiOnt9fQ.a2A3wZ6-VSAErHebIuV1maEEHYknzB7eiiogT03Ab6t_d95bj8FDNl5YrDrS6hoJqgJXQrGYdp5xurb8zcEQIUCnwxFs1Kh62UtMytYyyaDyJEfQeJf8o2QSZdyAs_OZHDtPeY8qVbVvJkttQ_umsiQMPUmi9ADKeLE-nqq5T9fuo29WMEf9SFiEwJJE4ya3-Ut8NPa5iG-TbxSmDrDRGJXNrCuN2stOuYNHXwWRVd7DckZS0ZOB-ReQQM9NBMw-gDjaEv_0_2oG-whv1dQKpGlrQObNL9sNqvV_PgIEUgRGB6sn2U1zFnwao-bwxYIYXbXqiIaiLC9ObnqYCuYVtg;
>>>>>>>>> KEYCLOAK_SESSION=jenkins/c5ee88d6-15cc-4309-a27c-0fb002b6406b/d091c3d2-8c44-4211-aa26-e3f7fdacb5ae;
>>>>>>>>> JSESSIONID.96a98541=1a8t1iio7w9ol14h8gslmkjvr4; screenResolution=1920x1080
>>>>>>>>> 6. DNT:
>>>>>>>>> 1
>>>>>>>>> 7. Host:
>>>>>>>>> 192.168.99.100:32786
>>>>>>>>> 8. Referer:
>>>>>>>>> http://192.168.99.100:32769/
>>>>>>>>> 9. Save-Data:
>>>>>>>>> on
>>>>>>>>> 10. Upgrade-Insecure-Requests:
>>>>>>>>> 1
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Tue, Mar 15, 2016 at 4:26 PM, Pavlos Kleanthous <
>>>>>>>>> parsectix at gmail.com> wrote:
>>>>>>>>>
>>>>>>>>>> Thanks for pointing this out. I think it does not matter as the
>>>>>>>>>> same name can be found in "Installation" tab where
>>>>>>>>>> I copied the configuration.
>>>>>>>>>>
>>>>>>>>>> On Tue, Mar 15, 2016 at 4:21 PM, Marko Strukelj <
>>>>>>>>>> mstrukel at redhat.com> wrote:
>>>>>>>>>>
>>>>>>>>>>> Looks like you mistyped your client id: 'jenknis'.
>>>>>>>>>>> On Mar 15, 2016 5:19 PM, "Pavlos Kleanthous" <
>>>>>>>>>>> parsectix at gmail.com> wrote:
>>>>>>>>>>>
>>>>>>>>>>>> Hello,
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> I'm trying to configure keycloak for first time. My setup has 2
>>>>>>>>>>>> containers keycloak and jenkins.
>>>>>>>>>>>> Following the example how to integrate those two, I created a
>>>>>>>>>>>> realm and a client called "jenkins".
>>>>>>>>>>>>
>>>>>>>>>>>> It seams that the realm configuration it's not correct as I get
>>>>>>>>>>>> the following debug error.
>>>>>>>>>>>> "15:47:55,791 ERROR [org.jboss.resteasy.resteasy_jaxrs.i18n]
>>>>>>>>>>>> (default task-12) RESTEASY002010: Failed to execute:
>>>>>>>>>>>> javax.ws.rs.NotFoundException: RESTEASY003210: Could not find resource for
>>>>>>>>>>>> full path:
>>>>>>>>>>>> http://192.168.99.100:32786/auth/realms/ci/protocol/openid-connect/login?client_id=jenknis&redirect_uri=http%3A%2F%2F192.168.99.100%3A32769%2FsecurityRealm%2FfinishLogin&state=fb8e0ecd-7a59-4c5e-9fcd-0c90c25a4261
>>>>>>>>>>>> "
>>>>>>>>>>>>
>>>>>>>>>>>> I noticed that "
>>>>>>>>>>>> http://192.168.99.100:32786/auth/realms/ci/protocol/openid-connect"
>>>>>>>>>>>> does not work generally. The URL ending with "/auth/realms/ci/account" it
>>>>>>>>>>>> works.
>>>>>>>>>>>>
>>>>>>>>>>>> if I access the URL: http://192.168.99.100:32786/auth/realms/ci
>>>>>>>>>>>>
>>>>>>>>>>>> {"realm":"ci","public_key":"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj0IQoyEf8wt4ZkD0Jf6t8ppM4MVtiR+QJkaWctQvYRPeg9HGBHLDcsnQnpQ+zZ6Rl5sn5CArqcEygpALpglUiiGdSuH8X0VwfATpWB/0KBwylPJ7CJObDiKoBD7ZMjR67IRa9e8ySdbbCb/Ehapk9SkDfAU7dgHscEkVMuHWUilSpGrqUPPMX9dl6rpIZGX/87DxuHGi4e3d9RYrvKS6wliZF+Pvar5A48OmmklTIpPoPr4NXyQx7a1gsk3VjHLtK2NBLcbMVY+juJTCxa2reukl0eMGVITYFyQgQrXtCyDh18M3TTyFQsS3H2+dLcUdob8r1f973HHXaOUDiD7TrwIDAQAB","token-service":"http://192.168.99.100:32786/auth/realms/ci/protocol/openid-connect","account-service":"http://192.168.99.100:32786/auth/realms/ci/account","admin-api":"http://192.168.99.100:32786/auth/admin","tokens-not-before":0}
>>>>>>>>>>>>
>>>>>>>>>>>> Can you help how to find the problem ?
>>>>>>>>>>>>
>>>>>>>>>>>> p.s. is there any other way to find help on those matters?
>>>>>>>>>>>> Tried IRC but nobody is replying there...
>>>>>>>>>>>>
>>>>>>>>>>>> Thank you
>>>>>>>>>>>>
>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>> keycloak-user mailing list
>>>>>>>>>>>> keycloak-user at lists.jboss.org
>>>>>>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> keycloak-user mailing list
>>>>> keycloak-user at lists.jboss.org
>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>
>>>>
>>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160322/162af128/attachment-0001.html
More information about the keycloak-user
mailing list