[keycloak-user] keycloak-quickstarts-app-authz-photoz exmaple not working on Keycloak 8.0.1

Philippe ROUVRAY prouvray at janua.fr
Tue Dec 10 09:33:03 EST 2019


Take note that the User-Managed Access (UMA 2.0) sample
app-authz-uma-photoz is working perfectly.
https://github.com/keycloak/keycloak-quickstarts/tree/latest/app-authz-uma-photoz

Le mar. 10 déc. 2019 à 14:29, Philippe ROUVRAY <prouvray at janua.fr> a écrit :

> Yes, I installed the adapter on Wildfly.
> I tried with the source code from Master branch.
> No change : All the calls to  http://localhost:8080/photoz-restful-api/
> APIs fail with code 403 (Forbidden).
>
> Find below the access token sent with
> http://localhost:8080/photoz-restful-api/profile call :
> {
>   "jti": "dd969b95-92f7-47fe-b255-452778ae2a2c",
>   "exp": 1575978333,
>   "nbf": 0,
>   "iat": 1575978033,
>   "iss": "http://localhost:8180/auth/realms/photoz",
>   "aud": [
>     "photoz-restful-api",
>     "account"
>   ],
>   "sub": "2c24edc9-d0c0-422c-beed-e3464309644a",
>   "typ": "Bearer",
>   "azp": "photoz-html5-client",
>   "nonce": "a65527c6-ee99-4583-8abe-b2d4a2f37b43",
>   "auth_time": 1575978032,
>   "session_state": "9be144c7-62f3-4dcd-950a-43ae1780202d",
>   "acr": "1",
>   "allowed-origins": [
>     "*"
>   ],
>   "realm_access": {
>     "roles": [
>       "uma_authorization",
>       "user"
>     ]
>   },
>   "resource_access": {
>     "photoz-restful-api": {
>       "roles": [
>         "manage-albums"
>       ]
>     },
>     "account": {
>       "roles": [
>         "manage-account",
>         "manage-account-links"
>       ]
>     }
>   },
>   "scope": "openid profile email",
>   "email_verified": false,
>   "name": "Alice In Chains",
>   "preferred_username": "alice",
>   "given_name": "Alice",
>   "family_name": "In Chains",
>   "email": "alice at keycloak.org"
> }
>
> Le lun. 9 déc. 2019 à 22:53, Pedro Igor Silva <psilva at redhat.com> a
> écrit :
>
>> That is weird, the same steps here....
>>
>> Did you install the elytron adapters?
>>
>> I'm using quickstarts from upstream/master branch, what about you?
>>
>> I would suspect that something is happening when executing the client
>> side JS ... No errors in browser logs ?
>>
>> On Mon, Dec 9, 2019 at 5:06 PM Philippe ROUVRAY <prouvray at janua.fr>
>> wrote:
>>
>>> Prerequisites
>>>
>>> Keycloak is up and running on port 8180.
>>> WildFly server is up and running on port 8080.
>>> Keycloak OIDC adapter is installed on WildFly.
>>>
>>> 1) import $KEYCLOAK_QUICKSTARTS/app-authz-photoz/photoz-realm.json in
>>> Keycloak
>>>
>>> 2) Build the example :
>>> cd $KEYCLOAK_QUICKSTARTS/app-authz-photoz
>>> mvn clean install
>>>
>>> 3) import
>>> $KEYCLOAK_QUICKSTARTS/app-authz-photoz/photoz-restful-api/target/classes/photoz-restful-api-authz-service.json
>>> in Keycloak
>>>
>>> 4) Deploy photoz-html5-client on WildFly
>>> cd $KEYCLOAK_QUICKSTARTS/app-authz-photoz/photoz-html5-client
>>> mvn clean install wildfly:deploy
>>>
>>> 5) Deploy photoz-restful-api on WildFly
>>> cd $KEYCLOAK_QUICKSTARTS/app-authz-photoz/photoz-restful-api
>>> mvn clean install wildfly:deploy
>>>
>>> 6) Test the application
>>> Go to http://localhost:8080/photoz-html5-client
>>>
>>> Le lun. 9 déc. 2019 à 20:29, Pedro Igor Silva <psilva at redhat.com> a
>>> écrit :
>>>
>>>> I just tested again and it works for me. Not sure what I may be
>>>> missing. Maybe if you describe the steps you are taking from the beginning,
>>>> we can sort it out.
>>>>
>>>> On Mon, Dec 9, 2019 at 4:06 PM Philippe ROUVRAY <prouvray at janua.fr>
>>>> wrote:
>>>>
>>>>> Hi,
>>>>>
>>>>> Keycloak was launched with -Dkeycloak.profile.feature.upload_scripts=enabled.
>>>>> Authorizations have been successfully uploaded.
>>>>> I had a closer look at Firefox web console (following Bruno's advice)
>>>>> and all my calls from photoz-html5-client to photoz-restful-api end up with
>>>>> code 403. For example : http://localhost:8080/photoz-restful-api/album
>>>>> POST & GET or http://localhost:8080/photoz-restful-api/album/shares
>>>>> GET...
>>>>> It explains the message : "You can not access or perform the requested
>>>>> operation on this resource" I get.
>>>>>
>>>>> Rgds,
>>>>>
>>>>> Philippe
>>>>>
>>>>> Le lun. 9 déc. 2019 à 19:18, Pedro Igor Silva <psilva at redhat.com> a
>>>>> écrit :
>>>>>
>>>>>> Hi,,
>>>>>>
>>>>>> Last week someone reported a similar issue. We figured out that the
>>>>>> errors were due to the server not importing the authorization settings file
>>>>>> because the `upload_scripts` feature is now disabled by default.
>>>>>>
>>>>>> Could you check if starting the server with the `-Dkeycloak.profile.feature.upload_scripts=enabled`
>>>>>> solves the issue?
>>>>>>
>>>>>> Regards.
>>>>>> Pedro Igor
>>>>>>
>>>>>> On Mon, Dec 9, 2019 at 11:34 AM Philippe ROUVRAY <prouvray at janua.fr>
>>>>>> wrote:
>>>>>>
>>>>>>> Hi,
>>>>>>>
>>>>>>> On Keycloak 8.0.1, I am not able to get the app-auth-photoz example
>>>>>>> working.
>>>>>>>
>>>>>>> https://github.com/keycloak/keycloak-quickstarts/tree/latest/app-authz-photoz
>>>>>>>
>>>>>>> I have followed the ReadMe instructions. Configurations were
>>>>>>> successful.
>>>>>>>
>>>>>>> When I login to http://localhost:8080/photoz-html5-client as
>>>>>>> alice/alice.
>>>>>>> At the bottom of the page, I got the message : "You can not access or
>>>>>>> perform the requested operation on this resource"
>>>>>>>
>>>>>>> On "My Profile" page, same message at the bottom. "Name" and "Total
>>>>>>> of
>>>>>>> albums" information are not set.
>>>>>>>
>>>>>>> On "Create an Album" page, I enter an album name and click Save. I
>>>>>>> got the
>>>>>>> message : "You can not access or perform the requested operation on
>>>>>>> this
>>>>>>> resource".
>>>>>>>
>>>>>>> Nothing in the logs.
>>>>>>>
>>>>>>> Any help is welcome.
>>>>>>>
>>>>>>> Regards,
>>>>>>>
>>>>>>> Philippe Rouvray
>>>>>>> _______________________________________________
>>>>>>> keycloak-user mailing list
>>>>>>> keycloak-user at lists.jboss.org
>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>>
>>>>>>>


More information about the keycloak-user mailing list