[keycloak-user] redirection error with Keycloak-proxy

Guy Bowdler guybowdler at dorsetnetworks.com
Tue May 24 07:25:28 EDT 2016 

It might be this, as we have the keycloak instance running behind 
another nginx proxy:

https://issues.jboss.org/browse/KEYCLOAK-2054

If anyone can help confirm this is would be a massive help as the fix 
isn't due out until June 22 and would save unnecessary troubleshooting



On 2016-05-24 10:48, Guy Bowdler wrote:
> Hi:)
> 
> Has anybody seen this error?
> 
> I have  (http://host.name/appname) --> [KeyCloakProxy:80 --> 
> nginx:8080]
>   -->  [Web apps on different boxes] where [] denotes on same box.
> Namespace is hostname/appname where nginx location directives proxy out
> again to different boxes.
> 
> I've previously had this working but when I changed the keystore it all
> broke and haven't found the problem yet.  Troubleshooting steps have
> been to take out the ssl entirely and try different client settings.  
> If
> I remove the contraints in the proxy config, it proxies ok to the
> webpages, and it the constraints are in, I log in ok and then the
> browser goes blank with a URL like this in the address bar:
> 
> http://apps.host.name/python?state=0%2F52043b01-976f-464f-8651-ebe295aac2af&code=-_odSdHkDVnID6JhPeKV2QXh_1oub5DDLP2ZLZ6pA_0.ef2bd934-2fd8-48da-a626-106712b687b1
> 
> The error stack below is from the console of the keycloak proxy.
> Refreshing the page, simply returns a different error of "NO STATE
> COOKIE".
> 
> Thanks in advance for any assistance,
> 
> kind regards
> 
> Guy
> 
> 
> ERROR: failed to turn code into token
> java.net.ConnectException: Connection refused
>          at java.net.PlainSocketImpl.socketConnect(Native Method)
>          at
> java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)
>          at
> java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)
>          at
> java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)
>          at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
>          at java.net.Socket.connect(Socket.java:589)
>          at
> sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:668)
>          at
> org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:532)
>          at
> org.keycloak.adapters.SniSSLSocketFactory.connectSocket(SniSSLSocketFactory.java:109)
>          at
> org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:409)
>          at
> org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:177)
>          at
> org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:144)
>          at
> org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:131)
>          at
> org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:611)
>          at
> org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:446)
>          at
> org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:882)
>          at
> org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
>          at
> org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107)
>          at
> org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55)
>          at
> org.keycloak.adapters.ServerRequest.invokeAccessCodeToToken(ServerRequest.java:107)
>          at
> org.keycloak.adapters.OAuthRequestAuthenticator.resolveCode(OAuthRequestAuthenticator.java:314)
>          at
> org.keycloak.adapters.OAuthRequestAuthenticator.authenticate(OAuthRequestAuthenticator.java:260)
>          at
> org.keycloak.adapters.RequestAuthenticator.authenticate(RequestAuthenticator.java:112)
>          at
> org.keycloak.adapters.undertow.AbstractUndertowKeycloakAuthMech.keycloakAuthenticate(AbstractUndertowKeycloakAuthMech.java:110)
>          at
> org.keycloak.adapters.undertow.UndertowAuthenticationMechanism.authenticate(UndertowAuthenticationMechanism.java:56)
>          at
> io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:233)
>          at
> io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:250)
>          at
> io.undertow.security.impl.SecurityContextImpl$AuthAttempter.access$100(SecurityContextImpl.java:219)
>          at
> io.undertow.security.impl.SecurityContextImpl.attemptAuthentication(SecurityContextImpl.java:121)
>          at
> io.undertow.security.impl.SecurityContextImpl.authTransition(SecurityContextImpl.java:96)
>          at
> io.undertow.security.impl.SecurityContextImpl.authenticate(SecurityContextImpl.java:89)
>          at
> org.keycloak.proxy.ProxyAuthenticationCallHandler.handleRequest(ProxyAuthenticationCallHandler.java:44)
>          at
> org.keycloak.proxy.ConstraintMatcherHandler.handleRequest(ConstraintMatcherHandler.java:89)
>          at
> io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
>          at
> org.keycloak.adapters.undertow.UndertowPreAuthActionsHandler.handleRequest(UndertowPreAuthActionsHandler.java:54)
>          at
> io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
>          at
> io.undertow.server.session.SessionAttachmentHandler.handleRequest(SessionAttachmentHandler.java:68)
>          at
> io.undertow.server.handlers.PathHandler.handleRequest(PathHandler.java:94)
>          at
> io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
>          at
> io.undertow.server.protocol.http.HttpReadListener.handleEventWithNoRunningRequest(HttpReadListener.java:232)
>          at
> io.undertow.server.protocol.http.HttpReadListener.handleEvent(HttpReadListener.java:130)
>          at
> io.undertow.server.protocol.http.HttpReadListener.handleEvent(HttpReadListener.java:56)
>          at
> org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
>          at
> org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66)
>          at
> org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:88)
>          at org.xnio.nio.WorkerThread.run(WorkerThread.java:559)
> 
> May 24, 2016 11:04:30 AM 
> org.keycloak.adapters.OAuthRequestAuthenticator
> checkStateCookie
> WARN: No state cookie
> 
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

More information about the keycloak-user mailing list