[keycloak-user] KC 1.9.4 Error during

Gregory Orciuch g.orciuch at gmail.com
Tue May 31 10:21:08 EDT 2016


Hi,
I dont get it. How the truststore/keystore properties are related to not
having hostname in the returned URL ?

truststore is usually taken by java low level SSL stack (unless KeyCloak
using own ssl stack) and even if wrong it does produce PKIX exception which
is not in Emil's stack trace.

I suspect the underscore "_" in the  "auth-server-url" or, the name is not
resolved by DNS from KeyCloak server perspective.

BR,
Gregory


2016-05-31 15:05 GMT+02:00 Marek Posolda <mposolda at redhat.com>:

> Does your keycloak server have certificate signed by known CA authority or
> are you using some self-signed? If you have self-signed, you also need to
> configure truststore. See
> http://keycloak.github.io/docs/userguide/keycloak-server/html/ch08.html#adapter-config
> and especially properties related to truststore.
>
> Marek
>
> On 31/05/16 15:00, Emil Posmyk wrote:
>
> sorry, i forgot to finish title
>
> {
>   "realm": "Brandpath",
>   "realm-public-key": "key.....",
>   "auth-server-url": "https://sabdev_oms.brandpath.net/auth",
>   "ssl-required": "external",
>   "resource": "oms-web",
>   "credentials": {
>     "secret": "secret"
>   },
>   "use-resource-role-mappings": true
> }
>
>
>
> regards
> *--*
>
>
> *Emil Posmyk *
>
> 2016-05-31 14:26 GMT+02:00 Marek Posolda <mposolda at redhat.com>:
>
>> How is "auth-server-url" in your keycloak.json configured? If you're
>> using relative URI, then you can maybe try to use absolute URI and see if
>> it help?
>>
>> Marek
>>
>>
>> On 31/05/16 14:19, Emil Posmyk wrote:
>>
>> Hello
>>
>> I'm reciving error when I try login to our application:
>> ClientProtocolException: URI does not specify a valid host name:
>> <https:/auth/realms/Brandpath/protocol/openid-connect/token>
>> https:/auth/realms/Brandpath/protocol/openid-connect/token
>> Http protocol is working fine, no errors, but using https I recive each
>> time uri without host name.
>> Auth page is working fine.
>>
>> What can cause that error ?
>>
>>
>> 14:59:22,937 ERROR [org.keycloak.adapters.OAuthRequestAuthenticator]
>> (default task-2) failed to turn code into token:
>> org.apache.http.client.ClientProtocolException: URI does not specify a
>> valid host name:
>> <https:/auth/realms/Brandpath/protocol/openid-connect/token>
>> https:/auth/realms/Brandpath/protocol/openid-connect/token
>> [Server:ms-server1]     at
>> org.apache.http.impl.client.CloseableHttpClient.determineTarget(CloseableHttpClient.java:94)
>> [Server:ms-server1]     at
>> org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
>> [Server:ms-server1]     at
>> org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107)
>> [Server:ms-server1]     at
>> org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55)
>> [Server:ms-server1]     at
>> org.keycloak.adapters.ServerRequest.invokeAccessCodeToToken(ServerRequest.java:107)
>> [Server:ms-server1]     at
>> org.keycloak.adapters.OAuthRequestAuthenticator.resolveCode(OAuthRequestAuthenticator.java:314)
>> [Server:ms-server1]     at
>> org.keycloak.adapters.OAuthRequestAuthenticator.authenticate(OAuthRequestAuthenticator.java:260)
>> [Server:ms-server1]     at
>> org.keycloak.adapters.RequestAuthenticator.authenticate(RequestAuthenticator.java:112)
>> [Server:ms-server1]     at
>> org.keycloak.adapters.undertow.AbstractUndertowKeycloakAuthMech.keycloakAuthenticate(AbstractUndertowKeycloakAuthMech.java:110)
>> [Server:ms-server1]     at
>> org.keycloak.adapters.undertow.ServletKeycloakAuthMech.authenticate(ServletKeycloakAuthMech.java:92)
>> [Server:ms-server1]     at
>> io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:233)
>> [Server:ms-server1]     at
>> io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:250)
>> [Server:ms-server1]     at
>> io.undertow.security.impl.SecurityContextImpl$AuthAttempter.access$100(SecurityContextImpl.java:219)
>> [Server:ms-server1]     at
>> io.undertow.security.impl.SecurityContextImpl.attemptAuthentication(SecurityContextImpl.java:121)
>> [Server:ms-server1]     at
>> io.undertow.security.impl.SecurityContextImpl.authTransition(SecurityContextImpl.java:96)
>> [Server:ms-server1]     at
>> io.undertow.security.impl.SecurityContextImpl.authenticate(SecurityContextImpl.java:89)
>> [Server:ms-server1]     at
>> io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:55)
>> [Server:ms-server1]     at
>> io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:33)
>> [Server:ms-server1]     at
>> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>> [Server:ms-server1]     at
>> io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:51)
>> [Server:ms-server1]     at
>> io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
>> [Server:ms-server1]     at
>> io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
>> [Server:ms-server1]     at
>> io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:56)
>> [Server:ms-server1]     at
>> io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
>> [Server:ms-server1]     at
>> io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
>> [Server:ms-server1]     at
>> io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
>> [Server:ms-server1]     at
>> io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
>> [Server:ms-server1]     at
>> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>> [Server:ms-server1]     at
>> org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
>> [Server:ms-server1]     at
>> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>> [Server:ms-server1]     at
>> org.wildfly.mod_cluster.undertow.metric.RunningRequestsHttpHandler.handleRequest(RunningRequestsHttpHandler.java:69)
>> [Server:ms-server1]     at
>> org.keycloak.adapters.undertow.ServletPreAuthActionsHandler.handleRequest(ServletPreAuthActionsHandler.java:69)
>> [Server:ms-server1]     at
>> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>> [Server:ms-server1]     at
>> io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:284)
>> [Server:ms-server1]     at
>> io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:263)
>> [Server:ms-server1]     at
>> io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
>> [Server:ms-server1]     at
>> io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:174)
>> [Server:ms-server1]     at
>> io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
>> [Server:ms-server1]     at
>> io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:793)
>> [Server:ms-server1]     at
>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
>> [Server:ms-server1]     at
>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
>> [Server:ms-server1]     at java.lang.Thread.run(Thread.java:745)
>>
>>
>> * regards*
>> *--*
>>
>> *Emil Posmyk *
>>
>>
>> _______________________________________________
>> keycloak-user mailing listkeycloak-user at lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>>
>>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160531/c533d7f5/attachment-0001.html 


More information about the keycloak-user mailing list