[keycloak-user] Keycloak gatekeeper issue

Ronald Demneri ronald.demneri at amdtia.com
Thu Mar 7 03:38:43 EST 2019


Well, I am not sure in fact, need to check, but both vm's are running on Azure, so probably not. I'll post back as soon as possible.


Thanks,
Ronald

-----Original Message-----
From: Sebastien Blanc <sblanc at redhat.com> 
Sent: 07.Mar.2019 9:37 AM
To: Ronald Demneri <ronald.demneri at amdtia.com>
Cc: keycloak-user at lists.jboss.org
Subject: Re: [keycloak-user] Keycloak gatekeeper issue

Ok,
Sorry for asking maybe a stupid question but could it be that your KC server and the gatekeeper have a time difference ?

On Thu, Mar 7, 2019 at 9:10 AM Ronald Demneri <ronald.demneri at amdtia.com> wrote:
>
> Hi Sebastien,
>
> I try to login to the app, I get redirected to Keycloak where I am authenticated and then I receive the error in the Gatekeeper console. Of course, the redirection back to the app is not working. And the fact that the token is already expired is making me scratch my head and the reason why I posted to the userlist.
>
>
> If you need some more information to help me troubleshoot and hopefully resolve it, please let me know.
>
>
> Thanks in advance,
> Ronald
>
> -----Original Message-----
> From: Sebastien Blanc <sblanc at redhat.com>
> Sent: 07.Mar.2019 7:48 AM
> To: Ronald Demneri <ronald.demneri at amdtia.com>
> Cc: keycloak-user at lists.jboss.org
> Subject: Re: [keycloak-user] Keycloak gatekeeper issue
>
> Hi,
>
> How do you generate your initial token ?
> From the logs looks like it's already expired when you send it to the Gatekeeper.
>
> On Mon, Feb 18, 2019 at 7:48 PM Ronald Demneri <ronald.demneri at amdtia.com> wrote:
> >
> > Hello everyone! Any feedback on the matter? Does anyone use Gatekeeper at the moment?
> >
> >
> > Regards,
> > Ronald
> >
> > -----Original Message-----
> > From: Ronald Demneri <ronald.demneri at amdtia.com>
> > Sent: 15.Feb.2019 1:59 PM
> > To: Ronald Demneri <ronald.demneri at amdtia.com>; 
> > keycloak-user at lists.jboss.org
> > Subject: RE: Keycloak gatekeeper issue
> >
> > I forgot to mention that I am using Keycloak version 4.5 in my test environment, so if it is a compatibility issue, please let me know so that I upgrade Keycloak.
> >
> >
> > Thanks in advance,
> > Ronald
> >
> > -----Original Message-----
> > From: keycloak-user-bounces at lists.jboss.org
> > <keycloak-user-bounces at lists.jboss.org> On Behalf Of Ronald Demneri
> > Sent: 15.Feb.2019 1:41 PM
> > To: keycloak-user at lists.jboss.org
> > Subject: [keycloak-user] Keycloak gatekeeper issue
> >
> > Hi all,
> >
> > I am trying to create an idea on Gatekeeper and have a very simple setup consisting of an upstream server with Apache and PHP. I run the keycloak-gatekeeper as follows:
> >
> > ./keycloak-gatekeeper --config keycloak-gatekeeper.json --verbose=true --resources="uri=/*|white-listed=true"
> >
> > The config file is as follows:
> >
> > discovery-url: https://keycloak/auth/realms/master
> > client-id: gatekeeper
> > client-secret: 94779832-40d7-4342-90d6-12ab52eab831
> > listen: 10.253.6.41:80
> > enable-refresh-tokens: true
> > enable-logging: true
> > enable-json-logging: true
> > enable-login-handler: true
> > enable-token-header: true
> > enable-metrics: true
> > enable-default-deny: false
> > redirection-url: http://gatekeeper:80
> > //redirection-url: http://10.253.6.41:3000
> > encryption-key: AgXa7xRcoClDEU0ZDSH4X0XhL5Qy2Z2j
> > secure-cookie: false
> > upstream-url: http://127.0.0.1:80
> > resources:
> > - uri: /user/test.php
> > - uri: /admin/*.php
> >   roles:
> >   - admin
> >
> > In the logs I receive the following upon a successful login:
> >
> > {"level":"error","ts":1550234109.9775908,"caller":"keycloak-gatekeep
> > er /middleware.go:108","msg":"no session found in request, 
> > redirecting for authorization","error":"authentication session not 
> > found"} 
> > {"level":"info","ts":1550234109.9777544,"caller":"keycloak-gatekeepe
> > r/
> > middleware.go:90","msg":"client
> > request","latency":0.0002176,"status":307,"bytes":95,"client_ip":"10
> > .2 53.6.24:60575","method":"GET","path":"/user/test.php"}
> > {"level":"debug","ts":1550234110.0099785,"caller":"keycloak-gatekeep
> > er /handlers.go:88","msg":"incoming authorization request from 
> > client 
> > address","access_type":"","auth_url":"https://keycloak/auth/realms/m
> > as 
> > ter/protocol/openid-connect/auth?client_id=gatekeeper&redirect_uri=h
> > tt 
> > p%3A%2F%2Fgatekeeper%3A80%2Foauth%2Fcallback&response_type=code&scop
> > e=
> > openid+email+profile&state=0b8a5bf8-e75c-452e-a650-d644c70e7fea","cl
> > openid+email+ie
> > nt_ip":"10.253.6.24:60575"}
> > {"level":"info","ts":1550234110.010026,"caller":"keycloak-gatekeeper
> > /m
> > iddleware.go:90","msg":"client
> > request","latency":0.0000993,"status":307,"bytes":331,"client_ip":"10.
> > 253.6.24:60575","method":"GET","path":"/oauth/authorize"}
> > {"level":"error","ts":1550234127.0692794,"caller":"keycloak-gatekeep
> > er /handlers.go:152","msg":"unable to verify the id 
> > token","error":"the access token has expired"} 
> > {"level":"info","ts":1550234127.069323,"caller":"keycloak-gatekeeper
> > /m
> > iddleware.go:90","msg":"client
> > request","latency":0.1995038,"status":403,"bytes":0,"client_ip":"10.
> > 25 3.6.24:60575","method":"GET","path":"/oauth/callback"}
> >
> > And of course, I am not redirected back to the requested URL.
> >
> > I have configured the gatekeeper as a confidential client in 
> > Keycloak, and have added the redirect_uri 
> > http://gatekeeper:80/oauth/callback
> >
> > Any hints?
> >
> > Thanks in advance,
> > Ronald
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user



More information about the keycloak-user mailing list