[keycloak-user] Fwd: Error when session expired and ajax request execute in Keycloak?

Stian Thorgersen sthorger at redhat.com
Fri Jan 13 02:34:36 EST 2017 

Might be that it's expecting a token in the ajax request rather than
checking for a session, not 100% sure though. RichFaces won't work unless
we can support securing the requests from the session.

Can you create a JIRA bug for this please? If you can attach a simple
example we can build and deploy to reproduce the issue that would be
extremely helpful and we would be able to look at it sooner.

On 12 January 2017 at 07:16, Adam Daduev <daduev.ad at gmail.com> wrote:

> After login, i get in my app, and for all my ajax request from page to
> backing bean, i receive response 401 even if the session is still alive.
> If removed autodetect-bearer-only option, all work fine, but going back to
> the old error.
>
> XMLHttpRequest cannot load http://dc09-apps-06:8090/auth/
> realms/azovstal/protocol/openid-connect/auth?…ml&state=
> 60%2F01fc2e79-6fc0-46b8-9f83-39b7421fedf9&login=true&scope=openid. No
> 'Access-Control-Allow-Origin' header is present on the requested resource.
> Origin 'http://localhost:8080' is therefore not allowed access.
>
> ---------- Forwarded message ---------
> From: Adam Daduev <daduev.ad at gmail.com>
> Date: вт, 10 янв. 2017 г. в 14:08
> Subject: Re: [keycloak-user] Error when session expired and ajax request
> execute in Keycloak?
> To: <stian at redhat.com>
>
>
> I tried, but does not work.
> Firstly, i add autodetect-bearer-only option via adapter subsystem, wildfly
> not started, he not know autodetect-bearer-only option, then, i added via
> json, wildfly started and app was deployed.
> Secondly, on my ajax request to backing bean, i receive response 401 and
> does not happend.
> This is my keycloak.json
> {
> "realm": "azovstal",
> "auth-server-url": "http://dc09-apps-06:8090/auth",
> "ssl-required": "none",
> "resource": "web-test",
> "public-client": true,
> "use-resource-role-mappings": true,
> "autodetect-bearer-only": true
> }
>
> вт, 10 янв. 2017 г. в 10:19, <daduev.ad at gmail.com>:
>
> Ok, I try, thanks.
>
> 10 янв. 2017 г., в 07:07, Stian Thorgersen <sthorger at redhat.com>
> написал(а):
>
> In that case take a look at the new autodetect-bearer-only option. You'll
> need 2.5.0.Final for that.
>
> On 9 January 2017 at 19:18, <daduev.ad at gmail.com> wrote:
>
> No, I have jsf 2 app with richfaces framework, which deploy on wildfly
> 10.1.
>
> 9 янв. 2017 г., в 14:51, Stian Thorgersen <sthorger at redhat.com>
> написал(а):
>
> [Adding list back]
>
> A web app redirects the user to a login page if not authenticated, while a
> service should return a 401.
>
> It sounds like what you have is a JS application with a service backend. In
> Keycloak you should have two separate types of clients for that. The JS
> application should be a public client, while the services a bearer-only
> client.
>
> On 9 January 2017 at 13:39, Adam Daduev <daduev.ad at gmail.com> wrote:
>
> Thanks for the answer.
> Yes i have confidential client, i have web application, that asks
> Keycloak server
> to authenticate a user for them. As I understand, bearer-only is for web
> services clients.
> I probably something do not understand?
>
> 2017-01-09 11:44 GMT+02:00 Stian Thorgersen <sthorger at redhat.com>:
>
> Looks like your services are configured as confidential clients rather than
> bearer-only and hence is sending a login request back rather than a 401.
> You should either swap your service war to be a bearer-only client or use
> the new autodetect-bearer-only option in adapters if you have both web
> pages and services in the same war.
>
> On 8 January 2017 at 23:29, Adam Daduev <daduev.ad at gmail.com> wrote:
>
> Hi, can you help me!
> When session expired and ajax request execute in Keycloak, i have error in
> browser console:
>
> XMLHttpRequest cannot load http://dc09-apps-06:8090/auth/
> realms/azovstal/protocol/openid-connect/auth?…ml&state=
> 60%2F01fc2e79-6fc0-46b8-9f83-39b7421fedf9&login=true&scope=openid. No
> 'Access-Control-Allow-Origin' header is present on the requested resource.
> Origin 'http://localhost:8080' is therefore not allowed access.
>
> I add in Keycloak admin console, in the client setting, Web Origins=
> http://localhost:8080 (or *), and enabled cors in app, but still has error
> in console. I used Keycloak 2.5.0
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>

More information about the keycloak-user mailing list