[keycloak-user] keycloak-quickstarts-app-authz-photoz exmaple not working on Keycloak 8.0.1

Philippe ROUVRAY prouvray at janua.fr
Tue Dec 10 08:29:51 EST 2019 

Yes, I installed the adapter on Wildfly.
I tried with the source code from Master branch.
No change : All the calls to  http://localhost:8080/photoz-restful-api/
APIs fail with code 403 (Forbidden).

Find below the access token sent with
http://localhost:8080/photoz-restful-api/profile call :
{
  "jti": "dd969b95-92f7-47fe-b255-452778ae2a2c",
  "exp": 1575978333,
  "nbf": 0,
  "iat": 1575978033,
  "iss": "http://localhost:8180/auth/realms/photoz",
  "aud": [
    "photoz-restful-api",
    "account"
  ],
  "sub": "2c24edc9-d0c0-422c-beed-e3464309644a",
  "typ": "Bearer",
  "azp": "photoz-html5-client",
  "nonce": "a65527c6-ee99-4583-8abe-b2d4a2f37b43",
  "auth_time": 1575978032,
  "session_state": "9be144c7-62f3-4dcd-950a-43ae1780202d",
  "acr": "1",
  "allowed-origins": [
    "*"
  ],
  "realm_access": {
    "roles": [
      "uma_authorization",
      "user"
    ]
  },
  "resource_access": {
    "photoz-restful-api": {
      "roles": [
        "manage-albums"
      ]
    },
    "account": {
      "roles": [
        "manage-account",
        "manage-account-links"
      ]
    }
  },
  "scope": "openid profile email",
  "email_verified": false,
  "name": "Alice In Chains",
  "preferred_username": "alice",
  "given_name": "Alice",
  "family_name": "In Chains",
  "email": "alice at keycloak.org"
}

Le lun. 9 déc. 2019 à 22:53, Pedro Igor Silva <psilva at redhat.com> a écrit :

> That is weird, the same steps here....
>
> Did you install the elytron adapters?
>
> I'm using quickstarts from upstream/master branch, what about you?
>
> I would suspect that something is happening when executing the client side
> JS ... No errors in browser logs ?
>
> On Mon, Dec 9, 2019 at 5:06 PM Philippe ROUVRAY <prouvray at janua.fr> wrote:
>
>> Prerequisites
>>
>> Keycloak is up and running on port 8180.
>> WildFly server is up and running on port 8080.
>> Keycloak OIDC adapter is installed on WildFly.
>>
>> 1) import $KEYCLOAK_QUICKSTARTS/app-authz-photoz/photoz-realm.json in
>> Keycloak
>>
>> 2) Build the example :
>> cd $KEYCLOAK_QUICKSTARTS/app-authz-photoz
>> mvn clean install
>>
>> 3) import
>> $KEYCLOAK_QUICKSTARTS/app-authz-photoz/photoz-restful-api/target/classes/photoz-restful-api-authz-service.json
>> in Keycloak
>>
>> 4) Deploy photoz-html5-client on WildFly
>> cd $KEYCLOAK_QUICKSTARTS/app-authz-photoz/photoz-html5-client
>> mvn clean install wildfly:deploy
>>
>> 5) Deploy photoz-restful-api on WildFly
>> cd $KEYCLOAK_QUICKSTARTS/app-authz-photoz/photoz-restful-api
>> mvn clean install wildfly:deploy
>>
>> 6) Test the application
>> Go to http://localhost:8080/photoz-html5-client
>>
>> Le lun. 9 déc. 2019 à 20:29, Pedro Igor Silva <psilva at redhat.com> a
>> écrit :
>>
>>> I just tested again and it works for me. Not sure what I may be missing.
>>> Maybe if you describe the steps you are taking from the beginning, we can
>>> sort it out.
>>>
>>> On Mon, Dec 9, 2019 at 4:06 PM Philippe ROUVRAY <prouvray at janua.fr>
>>> wrote:
>>>
>>>> Hi,
>>>>
>>>> Keycloak was launched with -Dkeycloak.profile.feature.upload_scripts=enabled.
>>>> Authorizations have been successfully uploaded.
>>>> I had a closer look at Firefox web console (following Bruno's advice)
>>>> and all my calls from photoz-html5-client to photoz-restful-api end up with
>>>> code 403. For example : http://localhost:8080/photoz-restful-api/album
>>>> POST & GET or http://localhost:8080/photoz-restful-api/album/shares
>>>> GET...
>>>> It explains the message : "You can not access or perform the requested
>>>> operation on this resource" I get.
>>>>
>>>> Rgds,
>>>>
>>>> Philippe
>>>>
>>>> Le lun. 9 déc. 2019 à 19:18, Pedro Igor Silva <psilva at redhat.com> a
>>>> écrit :
>>>>
>>>>> Hi,,
>>>>>
>>>>> Last week someone reported a similar issue. We figured out that the
>>>>> errors were due to the server not importing the authorization settings file
>>>>> because the `upload_scripts` feature is now disabled by default.
>>>>>
>>>>> Could you check if starting the server with the `-Dkeycloak.profile.feature.upload_scripts=enabled`
>>>>> solves the issue?
>>>>>
>>>>> Regards.
>>>>> Pedro Igor
>>>>>
>>>>> On Mon, Dec 9, 2019 at 11:34 AM Philippe ROUVRAY <prouvray at janua.fr>
>>>>> wrote:
>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> On Keycloak 8.0.1, I am not able to get the app-auth-photoz example
>>>>>> working.
>>>>>>
>>>>>> https://github.com/keycloak/keycloak-quickstarts/tree/latest/app-authz-photoz
>>>>>>
>>>>>> I have followed the ReadMe instructions. Configurations were
>>>>>> successful.
>>>>>>
>>>>>> When I login to http://localhost:8080/photoz-html5-client as
>>>>>> alice/alice.
>>>>>> At the bottom of the page, I got the message : "You can not access or
>>>>>> perform the requested operation on this resource"
>>>>>>
>>>>>> On "My Profile" page, same message at the bottom. "Name" and "Total of
>>>>>> albums" information are not set.
>>>>>>
>>>>>> On "Create an Album" page, I enter an album name and click Save. I
>>>>>> got the
>>>>>> message : "You can not access or perform the requested operation on
>>>>>> this
>>>>>> resource".
>>>>>>
>>>>>> Nothing in the logs.
>>>>>>
>>>>>> Any help is welcome.
>>>>>>
>>>>>> Regards,
>>>>>>
>>>>>> Philippe Rouvray
>>>>>> _______________________________________________
>>>>>> keycloak-user mailing list
>>>>>> keycloak-user at lists.jboss.org
>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>
>>>>>>

More information about the keycloak-user mailing list