[keycloak-user] Fwd: Error when session expired and ajax request execute in Keycloak?

Fri Jan 13 03:53:51 EST 2017

I created JIRA bug, and add simple example.
https://issues.jboss.org/browse/KEYCLOAK-4214

пт, 13 янв. 2017 г. в 9:34, Stian Thorgersen <sthorger at redhat.com>:

> Might be that it's expecting a token in the ajax request rather than
> checking for a session, not 100% sure though. RichFaces won't work unless
> we can support securing the requests from the session.
>
> Can you create a JIRA bug for this please? If you can attach a simple
> example we can build and deploy to reproduce the issue that would be
> extremely helpful and we would be able to look at it sooner.
>
> On 12 January 2017 at 07:16, Adam Daduev <daduev.ad at gmail.com> wrote:
>
> After login, i get in my app, and for all my ajax request from page to
> backing bean, i receive response 401 even if the session is still alive.
> If removed autodetect-bearer-only option, all work fine, but going back to
> the old error.
>
> XMLHttpRequest cannot load http://dc09-apps-06:8090/auth/
> realms/azovstal/protocol/openid-connect/auth?…ml&state=
> 60%2F01fc2e79-6fc0-46b8-9f83-39b7421fedf9&login=true&scope=openid. No
> 'Access-Control-Allow-Origin' header is present on the requested resource.
> Origin 'http://localhost:8080' is therefore not allowed access.
>
> ---------- Forwarded message ---------
> From: Adam Daduev <daduev.ad at gmail.com>
> Date: вт, 10 янв. 2017 г. в 14:08
> Subject: Re: [keycloak-user] Error when session expired and ajax request
> execute in Keycloak?
> To: <stian at redhat.com>
>
>
> I tried, but does not work.
> Firstly, i add autodetect-bearer-only option via adapter subsystem, wildfly
> not started, he not know autodetect-bearer-only option, then, i added via
> json, wildfly started and app was deployed.
> Secondly, on my ajax request to backing bean, i receive response 401 and
> does not happend.
> This is my keycloak.json
> {
> "realm": "azovstal",
> "auth-server-url": "http://dc09-apps-06:8090/auth",
> "ssl-required": "none",
> "resource": "web-test",
> "public-client": true,
> "use-resource-role-mappings": true,
> "autodetect-bearer-only": true
> }
>
> вт, 10 янв. 2017 г. в 10:19, <daduev.ad at gmail.com>:
>
> Ok, I try, thanks.
>
> 10 янв. 2017 г., в 07:07, Stian Thorgersen <sthorger at redhat.com>
> написал(а):
>
> In that case take a look at the new autodetect-bearer-only option. You'll
> need 2.5.0.Final for that.
>
> On 9 January 2017 at 19:18, <daduev.ad at gmail.com> wrote:
>
> No, I have jsf 2 app with richfaces framework, which deploy on wildfly
> 10.1.
>
> 9 янв. 2017 г., в 14:51, Stian Thorgersen <sthorger at redhat.com>
> написал(а):
>
> [Adding list back]
>
> A web app redirects the user to a login page if not authenticated, while a
> service should return a 401.
>
> It sounds like what you have is a JS application with a service backend. In
> Keycloak you should have two separate types of clients for that. The JS
> application should be a public client, while the services a bearer-only
> client.
>
> On 9 January 2017 at 13:39, Adam Daduev <daduev.ad at gmail.com> wrote:
>
> Thanks for the answer.
> Yes i have confidential client, i have web application, that asks
> Keycloak server
> to authenticate a user for them. As I understand, bearer-only is for web
> services clients.
> I probably something do not understand?
>
> 2017-01-09 11:44 GMT+02:00 Stian Thorgersen <sthorger at redhat.com>:
>
> Looks like your services are configured as confidential clients rather than
> bearer-only and hence is sending a login request back rather than a 401.
> You should either swap your service war to be a bearer-only client or use
> the new autodetect-bearer-only option in adapters if you have both web
> pages and services in the same war.
>
> On 8 January 2017 at 23:29, Adam Daduev <daduev.ad at gmail.com> wrote:
>
> Hi, can you help me!
> When session expired and ajax request execute in Keycloak, i have error in
> browser console:
>
> XMLHttpRequest cannot load http://dc09-apps-06:8090/auth/
> realms/azovstal/protocol/openid-connect/auth?…ml&state=
> 60%2F01fc2e79-6fc0-46b8-9f83-39b7421fedf9&login=true&scope=openid. No
> 'Access-Control-Allow-Origin' header is present on the requested resource.
> Origin 'http://localhost:8080' is therefore not allowed access.
>
> I add in Keycloak admin console, in the client setting, Web Origins=
> http://localhost:8080 (or *), and enabled cors in app, but still has error
> in console. I used Keycloak 2.5.0
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>