[keycloak-user] KeyCloak pose no login challenge

Sebastien Blanc sblanc at redhat.com
Sun May 28 02:22:24 EDT 2017 

Try again in an inconginito window and empty your cash.
BTW, you mentioned you have a ReactJS app , have also considered using the
keycloak JS lib to secure your web app ?
Le dim. 28 mai 2017 à 05:59, shimin q <shimin_q at yahoo.com> a écrit :

> Another piece of info when the "We're sorry...invalid user name or
> password" message was shown (without login challenge ever posted)...
>   keycloak server.log file has this warning:
>
> 2017-05-27 20:33:59,936 WARN  [org.keycloak.events] (default task-80)
> type=LOGIN_ERROR, realmId=rtna, clientId=rtna2, userId=null,
> ipAddress=135.224.13.68, error=invalid_user_credentials,
> auth_method=openid-connect, auth_type=code, response_type=code,
> redirect_uri=https://135.112.180.27/rtna2/,
> code_id=689abbad-ccad-469a-86be-1e489b0dba15, response_mode=query
> How could this be, there was no login challenge so I couldn't even input
> user name and password!
>
>       From: shimin q <shimin_q at yahoo.com>
>  To: Bill Burke <bburke at redhat.com>; "keycloak-user at lists.jboss.org" <
> keycloak-user at lists.jboss.org>
>  Sent: Saturday, May 27, 2017 4:28 PM
>  Subject: Re: [keycloak-user] KeyCloak pose no login challenge
>
> Thanks.  a bit of progress, once I changed from "/rtna2/*" to "/*", it is
> redirecting my web app URL
> https://135.112.180.27/rtna2
> to
>
> https://135.112.180.27:8666/auth/realms/rtna/protocol/openid-connect/auth?response_type=code&client_id=rtna2&redirect_uri=https%3A%2F%2F135.112.180.27%2Frtna2%2F&state=c55f81fb-72ad-4660-b257-6bfa119adb75&login=true&scope=openid
> Unfortunately, still no login challenges, I got the following error
> message instead
>  "We are sorry...invalid user name or password"
> I am trying to figure out where I configured realm "rtna" or client
> "rtna2" wrong...here is the keycloak.json that I used (generated under the
> Installation tab of the client "rtna2":
> {  "realm": "rtna",  "realm-public-key":
> "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhvJlVZqi8KaZDZVPPl29y/nnPBHaPvH+NoG71w6BMDwIImw6vkNlO3CSr+kRAyLnpnP/9248gEZx6YwqEKwE4Oy5R6wuuxwOd2FdpYFM2wDw5zhF7U4oYy0WK1m31/hQdLGnpKtDdGReEwdkMOMtG655Nnqw8WdtmF3S2XcEm2t0gaNoYycd6gl4670nRqx6bRxs6UndERHZmHfkzLcL71RflgO1cyuOqMsjMb7oWIDy5bkE4ddB69TAbrpXVzLvwG1OIaM/XdfXOZIaIAajfacP3Vk8bZFa9eAsh5BVaeGzlqktsdk1JjbV0a14OVXQcCRusnV2wE+zSZhPNxhfFwIDAQAB",
> "auth-server-url": "https://135.112.180.27:8666/auth",  "ssl-required":
> "all",  "resource": "rtna2",  "public-client": true,
> "use-resource-role-mappings": true}
> Please, any tips/ideas why I am now getting the "invalid user name or
> password" instead of a keycloak login form?  Thanks!
>
>       From: Bill Burke <bburke at redhat.com>
>  To: keycloak-user at lists.jboss.org
>  Sent: Saturday, May 27, 2017 1:29 PM
>  Subject: Re: [keycloak-user] KeyCloak pose no login challenge
>
> I think i know what it is.  Your security constraint is wrong. It should
> be "/*" for the url pattern, not "/rtna2/*".  You are not supposed to
> specify the root context in web.xml url patterns.
>
>
> On 5/26/17 12:04 PM, shimin q wrote:
> > I wrote a simple reactJS web app ("/rtna2") deployed under Tomcat 7.  I
> followed the steps below, but keycloak does not seem to work - no login
> challenge was posed, and when I type https://<my server ip>/rtna2, it
> went straight to the the web app.
> > 1 - download the tomcat 7 keycloak adaptor zip and unzip in my tomcat
> lib/2 - rtna2 app is deployed under tomcat webapps/3 - modify
> rtna2/META-INF/context.xml:
> > <?xml version="1.0" encoding="UTF-8"?><Context path="/rtna2" debug="0"
> privileged="true" >    <Valve
> className="org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve"/></Context>4
> - add keycloak.json under rtna2/WEB-INF:
> >
> > {  "realm": "rtna",  "realm-public-key":
> "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhvJlVZqi8KaZDZVPPl29y/nnPBHaPvH+NoG71w6BMDwIImw6vkNlO3CSr+kRAyLnpnP/9248gEZx6YwqEKwE4Oy5R6wuuxwOd2FdpYFM2wDw5zhF7U4oYy0WK1m31/hQdLGnpKtDdGReEwdkMOMtG655Nnqw8WdtmF3S2XcEm2t0gaNoYycd6gl4670nRqx6bRxs6UndERHZmHfkzLcL71RflgO1cyuOqMsjMb7oWIDy5bkE4ddB69TAbrpXVzLvwG1OIaM/XdfXOZIaIAajfacP3Vk8bZFa9eAsh5BVaeGzlqktsdk1JjbV0a14OVXQcCRusnV2wE+zSZhPNxhfFwIDAQAB",
> "auth-server-url": "https://135.112.180.27:8666/auth",  "ssl-required":
> "external",  "resource": "rtna2",  "public-client": true}
> > 5. modify rtna2/WEB-INF/web.xml:
> > <?xml version="1.0" encoding="UTF-8"?><web-app version="2.5"    xmlns="
> http://java.sun.com/xml/ns/javaee"        xmlns:xsi="
> http://www.w3.org/2001/XMLSchema-instance"        xsi:schemaLocation="
> http://java.sun.com/xml/ns/javaee
> http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"    >
> >
> >    <!-- Default page to serve
> --><module-name>rtna2</module-name><welcome-file-list>
> <welcome-file>index.html</welcome-file>    </welcome-file-list>
> <security-constraint>        <web-resource-collection>
> <web-resource-name>rtna2</web-resource-name>
> <url-pattern>/rtna2/*</url-pattern>        </web-resource-collection>
> <auth-constraint>            <role-name>*</role-name>
> </auth-constraint>    </security-constraint>
> >      <login-config>        <auth-method>BASIC</auth-method>
> <realm-name>rtna</realm-name>    </login-config>
> >      <security-role>        <role-name>admin</role-name>
> </security-role>    <security-role>        <role-name>user</role-name>
> </security-role>    <security-role>        <role-name>sudo</role-name>
> </security-role></web-app>
> > I have tried "<auth-method>KEYCLOAK</auth-method>" also, does not work
> > 6.  in the keycloak admin console, added a "rtna" realm, and added
> "rtna2" client in the realm:
> > client id: rtna2Access type:  public  (tried "confidential"
> also)Authorization enabled: on  ("off" also)Root URL:
> https://135.112.180.27/rtna2Valid Redirect URLs:
> https://135.112.180.27/rtna2/*Base URL: https://135.112.180.27/rtna2Admin
> URL: https://135.112.180.27/rtna2Web Origins:
> https://135.112.180.27/rtna2/*
> > I found relative paths for these URLs do not work, it gave me Http 404
> not found (https://135.112.180.27/rtna2) error.  But once I put the
> absolute paths, it took me right to the web app without posing the login
> challenge!
> > What could possibly be wrong?  Please advise!  Thanks!!
> >
> >
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

More information about the keycloak-user mailing list