[keycloak-user] Testing Keycloak DynamicOP using openid.net

Marek Posolda mposolda at redhat.com
Tue Feb 27 10:44:25 EST 2018


Hi,

it won't work on localhost as the openid.net server needs to be able to 
connect to your Keycloak server over the network, which is not possible 
with using localhost.

You need to be able to bind Keycloak on real host and have a possibility 
to access it over the network.

When I was working on Keycloak certification, I was mainly using the 
Keycloak deployed on openshift cartridge. See the instructions here: 
https://github.com/keycloak/keycloak/blob/master/misc/OIDCConformanceTestsuite.md 
. But Keycloak OpenShift cartridge is not supported anymore from latest 
versions, so you would need something different if you want to try 
latest version.

BTV: Keycloak is OpenID Connect certified with all 5 profiles: 
http://openid.net/developers/certified/

Marek

On 23/02/18 00:02, Carrasco, Jonathan J (173F) wrote:
> Hello.
>
> I’m reaching out to ask about the Conformance Testing Suite, available at http://openid.net/certification/testing/.  At this time, we are evaluating Keycloak and some of the available OpenID Connect Libraries and Products, and would like to perform certification testing locally.
>
> So, the question is… do you have a breakdown of Keycloak configuration to allow for Conformance Testing in a local dev environment, i.e. localhost.  I have tried to test and keep getting a connection refused error when I try the Dynamic Discovery and Registration test.
>
> To give some insight…
>              I am using the oidctest repo locally
>              I have keycloak running, no problem
>              I’ve set realm to not require ssl
>              I deleted all anonymous client registration policies
>              But when I run the test, using the issuer ashttp://localhost:8080/auth/realms/master orhttps://localhost:8443/auth/realms/master, I get
>
> Discovery:OP-Response-Missing: status=ERROR, message=HTTPSConnectionPool(host='localhost', port=8443): Max retries exceeded with url: /auth/realms/master/.well-known/openid-configuration (Caused by NewConnectionError(': Failed to establish a new connection: [Errno 111] Connection refused',))
>              I also tried setting up a reverse proxy to handle ssl traffic, to no avail.
>
> I don’t have a problem, working with keycloak since I can curl most of the commands or use python requests, etc…And, really the point of this is to test(out-of-the-box) without having to alter any source code from Github.  Hence, I’m reaching out to the source and I want to ask if you have a setup to allow keycloak to be tested on a local machine.
>
>
> --
> Jonathan Carrasco (173F)
> Jet Propulsion Laboratory – California Institute of Technology
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user




More information about the keycloak-user mailing list