[keycloak-user] Jetty 503 when secured with confidential client+env vars, works with public
Stian Thorgersen
sthorger at redhat.com
Wed Jan 4 07:31:47 EST 2017
Did you bump to trace log on Keycloak server and Jetty? Maybe that'll show
something interesting. Where's the 503 coming from? Keycloak or Jetty? What
about remote debugging it?
On 4 January 2017 at 11:20, cen <imbacen at gmail.com> wrote:
> I am using embedded Jetty 9.2. If I use a public client with env vars in
> JSON everything works, if I use env vars for confidential client it
> breaks with "503 service unavailable".
>
> Works:
>
> {
> "realm": "${env.KC_REALM}",
> "realm-public-key": "${env.KC_PUBLIC_KEY}",
> "auth-server-url": "${env.KC_BASE_URL}",
> "ssl-required": "${env.KC_SSL_REQUIRED}",
> "resource": "${env.KC_RESOURCE}",
> "public-client": true
> }
>
> Fails:
>
> {
> "realm": "${env.KC_REALM}",
> "realm-public-key": "${env.KC_PUBLIC_KEY}",
> "auth-server-url": "${env.KC_BASE_URL}",
> "ssl-required": "${env.KC_SSL_REQUIRED}",
> "resource": "${env.KC_CLIENT}",
> "credentials": {
> "secret": "${env.KC_CLIENT_SECRET}"
> },
> "use-resource-mappings": true
> }
>
>
> Confidential client works if I copy-paste the JSON from "Installation"
> tab directly (without env vars).
>
> I checked at least 10 times that my env vars are correct and that I
> don't have a typo somewhere.
>
> Unfortunately there are zero logs from Jetty or Keycloak adapter about
> the problem. How would I go troubleshooting this?
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
More information about the keycloak-user
mailing list