[keycloak-user] Keycloak generic adapter on Openshift Online

Augusto dos Santos Pereira guto at gym2gym.com.br
Thu May 30 10:19:47 EDT 2019


Hello,



I'm new to Openshift and Keycloak and I am currently trying to protect a PHP REST service using the keycloak generic adapter.




This repository (https://github.com/stianst/keycloak-demo) was used, and this video (https://www.youtube.com/watch?v=mdZauKsMDiI) was followed.



I was able to secure the NodeJS app(demo-app) as expected using keycloak, so my Keycloak pod is working.




After the NodeJS app, I added an app called "demo-service-php" with the "Import YAML / JSON" option, using the demo-service-php/demo-service-php.json file in the repo. The pod fails to spin up and shows a link to the logs. The following error shows up:



[error] invalid options, flag provided but not defined: -skip-client-id



I tried editing the line - '--skip-client-id' from the YAML and it worked. The pod spined up.



I looked at the json file and the arg "--client-id=demo-service" is in there. I checked in the demo realm and there is no client called "demo-service", so I added it with bearer-only Access Type. Still with the same error.



I edited the SERVICE_URL environment variable of the demo-app to match the demo-service-php url.



Responses:

INVOKE PUBLIC -> Message: public

INVOKE SECURED -> Request failed

INVOKE ADMIN -> Request failed



The service pod says "The logs are no longer available or could not be loaded.".




Looking at the browser console, the logs are:



demo-service-php-keycloak.7e14.starter-us-west-2.openshiftapps.com/admin:1 GET https://demo-service-php-keycloak.7e14.starter-us-west-2.openshiftapps.com/admin 401 (Unauthorized)



(index):1 Access to XMLHttpRequest at 'https://demo-service-php-keycloak.7e14.starter-us-west-2.openshiftapps.com/admin' from origin 'https://demo-app-keycloak.7e14.starter-us-west-2.openshiftapps.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.



I noticed that there is an arg "--client-secret=secret", I figured it should be one of the 2 secrets created early in the process(keycloak-server-tls and keycloak-client-tls) but i didn't know which, so I tried setting it to both while editing the YAML. No luck, still getting the same results.

What would you guys suggest? is there another repository I can try?



thanks in advance!



Guto Pereira.
This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Rio de Janeiro, Brazil, www.gym2gym.com.br


More information about the keycloak-user mailing list