[keycloak-user] keycloak-quickstarts-app-authz-photoz exmaple not working on Keycloak 8.0.1
Philippe ROUVRAY
prouvray at janua.fr
Tue Dec 10 08:29:51 EST 2019
Yes, I installed the adapter on Wildfly.
I tried with the source code from Master branch.
No change : All the calls to http://localhost:8080/photoz-restful-api/
APIs fail with code 403 (Forbidden).
Find below the access token sent with
http://localhost:8080/photoz-restful-api/profile call :
{
"jti": "dd969b95-92f7-47fe-b255-452778ae2a2c",
"exp": 1575978333,
"nbf": 0,
"iat": 1575978033,
"iss": "http://localhost:8180/auth/realms/photoz",
"aud": [
"photoz-restful-api",
"account"
],
"sub": "2c24edc9-d0c0-422c-beed-e3464309644a",
"typ": "Bearer",
"azp": "photoz-html5-client",
"nonce": "a65527c6-ee99-4583-8abe-b2d4a2f37b43",
"auth_time": 1575978032,
"session_state": "9be144c7-62f3-4dcd-950a-43ae1780202d",
"acr": "1",
"allowed-origins": [
"*"
],
"realm_access": {
"roles": [
"uma_authorization",
"user"
]
},
"resource_access": {
"photoz-restful-api": {
"roles": [
"manage-albums"
]
},
"account": {
"roles": [
"manage-account",
"manage-account-links"
]
}
},
"scope": "openid profile email",
"email_verified": false,
"name": "Alice In Chains",
"preferred_username": "alice",
"given_name": "Alice",
"family_name": "In Chains",
"email": "alice at keycloak.org"
}
Le lun. 9 déc. 2019 à 22:53, Pedro Igor Silva <psilva at redhat.com> a écrit :
> That is weird, the same steps here....
>
> Did you install the elytron adapters?
>
> I'm using quickstarts from upstream/master branch, what about you?
>
> I would suspect that something is happening when executing the client side
> JS ... No errors in browser logs ?
>
> On Mon, Dec 9, 2019 at 5:06 PM Philippe ROUVRAY <prouvray at janua.fr> wrote:
>
>> Prerequisites
>>
>> Keycloak is up and running on port 8180.
>> WildFly server is up and running on port 8080.
>> Keycloak OIDC adapter is installed on WildFly.
>>
>> 1) import $KEYCLOAK_QUICKSTARTS/app-authz-photoz/photoz-realm.json in
>> Keycloak
>>
>> 2) Build the example :
>> cd $KEYCLOAK_QUICKSTARTS/app-authz-photoz
>> mvn clean install
>>
>> 3) import
>> $KEYCLOAK_QUICKSTARTS/app-authz-photoz/photoz-restful-api/target/classes/photoz-restful-api-authz-service.json
>> in Keycloak
>>
>> 4) Deploy photoz-html5-client on WildFly
>> cd $KEYCLOAK_QUICKSTARTS/app-authz-photoz/photoz-html5-client
>> mvn clean install wildfly:deploy
>>
>> 5) Deploy photoz-restful-api on WildFly
>> cd $KEYCLOAK_QUICKSTARTS/app-authz-photoz/photoz-restful-api
>> mvn clean install wildfly:deploy
>>
>> 6) Test the application
>> Go to http://localhost:8080/photoz-html5-client
>>
>> Le lun. 9 déc. 2019 à 20:29, Pedro Igor Silva <psilva at redhat.com> a
>> écrit :
>>
>>> I just tested again and it works for me. Not sure what I may be missing.
>>> Maybe if you describe the steps you are taking from the beginning, we can
>>> sort it out.
>>>
>>> On Mon, Dec 9, 2019 at 4:06 PM Philippe ROUVRAY <prouvray at janua.fr>
>>> wrote:
>>>
>>>> Hi,
>>>>
>>>> Keycloak was launched with -Dkeycloak.profile.feature.upload_scripts=enabled.
>>>> Authorizations have been successfully uploaded.
>>>> I had a closer look at Firefox web console (following Bruno's advice)
>>>> and all my calls from photoz-html5-client to photoz-restful-api end up with
>>>> code 403. For example : http://localhost:8080/photoz-restful-api/album
>>>> POST & GET or http://localhost:8080/photoz-restful-api/album/shares
>>>> GET...
>>>> It explains the message : "You can not access or perform the requested
>>>> operation on this resource" I get.
>>>>
>>>> Rgds,
>>>>
>>>> Philippe
>>>>
>>>> Le lun. 9 déc. 2019 à 19:18, Pedro Igor Silva <psilva at redhat.com> a
>>>> écrit :
>>>>
>>>>> Hi,,
>>>>>
>>>>> Last week someone reported a similar issue. We figured out that the
>>>>> errors were due to the server not importing the authorization settings file
>>>>> because the `upload_scripts` feature is now disabled by default.
>>>>>
>>>>> Could you check if starting the server with the `-Dkeycloak.profile.feature.upload_scripts=enabled`
>>>>> solves the issue?
>>>>>
>>>>> Regards.
>>>>> Pedro Igor
>>>>>
>>>>> On Mon, Dec 9, 2019 at 11:34 AM Philippe ROUVRAY <prouvray at janua.fr>
>>>>> wrote:
>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> On Keycloak 8.0.1, I am not able to get the app-auth-photoz example
>>>>>> working.
>>>>>>
>>>>>> https://github.com/keycloak/keycloak-quickstarts/tree/latest/app-authz-photoz
>>>>>>
>>>>>> I have followed the ReadMe instructions. Configurations were
>>>>>> successful.
>>>>>>
>>>>>> When I login to http://localhost:8080/photoz-html5-client as
>>>>>> alice/alice.
>>>>>> At the bottom of the page, I got the message : "You can not access or
>>>>>> perform the requested operation on this resource"
>>>>>>
>>>>>> On "My Profile" page, same message at the bottom. "Name" and "Total of
>>>>>> albums" information are not set.
>>>>>>
>>>>>> On "Create an Album" page, I enter an album name and click Save. I
>>>>>> got the
>>>>>> message : "You can not access or perform the requested operation on
>>>>>> this
>>>>>> resource".
>>>>>>
>>>>>> Nothing in the logs.
>>>>>>
>>>>>> Any help is welcome.
>>>>>>
>>>>>> Regards,
>>>>>>
>>>>>> Philippe Rouvray
>>>>>> _______________________________________________
>>>>>> keycloak-user mailing list
>>>>>> keycloak-user at lists.jboss.org
>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>
>>>>>>
More information about the keycloak-user
mailing list