[keycloak-user] 403 on /sso/login with Spring Boot and Keycloak Adapter
Marc Logemann
marc.logemann at gmail.com
Tue Mar 27 08:53:02 EDT 2018
Hi,
it was slightly more annoying. In my spring-boot application i defined
sslRequired = EXTERNAL. Unfortunately, my tests on the other machine
were not "local" anymore, thus the keycloak adapter went into SSL mode
and tried to construct the redirect URL. But then i didnt specify an
SSL port so it was a -1 per default. All this resulted in a standard
403. Logging could be way better for such a scenario because i
debugged aprox. 2 hours to get the idea.
Anyway... now it works.
Marc
2018-03-27 10:49 GMT+02:00 Simon Payne <simonpayne58 at gmail.com>:
> it appears that your remote app is still connecting to keycloak on
> localhost. looking at the redirect url you can see that it is then
> attempting to redirect back to your app on localhost.
>
> Simon.
>
>
>
> On Mon, Mar 26, 2018 at 5:10 PM, Marc Logemann <marc.logemann at gmail.com>
> wrote:
>>
>> Hi,
>>
>> i have a little Spring Boot Application and it runs pretty nice
>> together with the keycloak setup on my dev machine. Now when deploying
>> the same application to another server i get something strange:
>>
>> When trying to access a protected resource, my browser gets a 302 to
>> /sso/login which is ok but this URL should also produce a 302 to the
>> final Keycloak Login Page. Instead i get a 403 on the sso/login
>> request. The crazy thing is, on my local dev machine the /sso/login
>> doesnt get a 403 but a 302 with the resulting valid and perfect URL
>>
>> (http://localhost:16177/auth/realms/XXXX/protocol/openid-connect/auth?response_type=code&client_id=swaggerUI&redirect_uri=http%3A%2F%2Flocalhost%3A8091%2Fsso%2Flogin&state=d919e1d0-3804-4e47-9cfe-d8647eb6fd5f&login=true&scope=openid)
>>
>> What i want to say is.... i dont have a clue why i get a 403 on a
>> resource /sso/login, which as i assume, is provided by spring keycloak
>> adapter. And even crazier... its the same application.
>>
>> thanks for any hints.
>>
>> marc
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
More information about the keycloak-user
mailing list