[keycloak-user] Jetty 503 when secured with confidential client+env vars, works with public

cen imbacen at gmail.com
Wed Jan 4 09:51:16 EST 2017 

It was due to "use-resource-mappings": true not existing (adapter vs 
server version mismatch). But the main problem was jetty logging not 
being configured, hiding the stacktrace.

Thanks.


Stian Thorgersen je 04. 01. 2017 ob 13:31 napisal:
> Did you bump to trace log on Keycloak server and Jetty? Maybe that'll 
> show something interesting. Where's the 503 coming from? Keycloak or 
> Jetty? What about remote debugging it?
>
> On 4 January 2017 at 11:20, cen <imbacen at gmail.com 
> <mailto:imbacen at gmail.com>> wrote:
>
>     I am using embedded Jetty 9.2. If I use a public client with env
>     vars in
>     JSON everything works, if I use env vars for confidential client it
>     breaks with "503 service unavailable".
>
>     Works:
>
>     {
>        "realm": "${env.KC_REALM}",
>        "realm-public-key": "${env.KC_PUBLIC_KEY}",
>        "auth-server-url": "${env.KC_BASE_URL}",
>        "ssl-required": "${env.KC_SSL_REQUIRED}",
>        "resource": "${env.KC_RESOURCE}",
>        "public-client": true
>     }
>
>     Fails:
>
>     {
>        "realm": "${env.KC_REALM}",
>        "realm-public-key": "${env.KC_PUBLIC_KEY}",
>        "auth-server-url": "${env.KC_BASE_URL}",
>        "ssl-required": "${env.KC_SSL_REQUIRED}",
>        "resource": "${env.KC_CLIENT}",
>        "credentials": {
>            "secret": "${env.KC_CLIENT_SECRET}"
>        },
>        "use-resource-mappings": true
>     }
>
>
>     Confidential client works if I copy-paste the JSON from "Installation"
>     tab directly (without env vars).
>
>     I checked at least 10 times that my env vars are correct and that I
>     don't have a typo somewhere.
>
>     Unfortunately there are zero logs from Jetty or Keycloak adapter about
>     the problem. How would I go troubleshooting this?
>
>     _______________________________________________
>     keycloak-user mailing list
>     keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org>
>     https://lists.jboss.org/mailman/listinfo/keycloak-user
>     <https://lists.jboss.org/mailman/listinfo/keycloak-user>
>
>

More information about the keycloak-user mailing list