keycloak-aplcache
Changes
examples/demo-template/testrealm.json 10(+0 -10)
examples/fuse/fuse-admin/README.md 4(+2 -2)
integration/adapter-core/src/main/java/org/keycloak/adapters/OAuthRequestAuthenticator.java 2(+1 -1)
Details
diff --git a/core/src/main/java/org/keycloak/RSATokenVerifier.java b/core/src/main/java/org/keycloak/RSATokenVerifier.java
index c68da0f..1c324d6 100755
--- a/core/src/main/java/org/keycloak/RSATokenVerifier.java
+++ b/core/src/main/java/org/keycloak/RSATokenVerifier.java
@@ -39,7 +39,7 @@ public class RSATokenVerifier {
throw new VerificationException("Realm URL is null. Make sure to add auth-server-url to the configuration of your adapter!");
}
if (!realmUrl.equals(token.getIssuer())) {
- throw new VerificationException("Token audience doesn't match domain.");
+ throw new VerificationException("Token audience doesn't match domain. Token issuer is " + token.getIssuer() + ", but URL from configuration is " + realmUrl);
}
if (checkActive && !token.isActive()) {
examples/demo-template/testrealm.json 10(+0 -10)
diff --git a/examples/demo-template/testrealm.json b/examples/demo-template/testrealm.json
index 7cf597a..031e20b 100755
--- a/examples/demo-template/testrealm.json
+++ b/examples/demo-template/testrealm.json
@@ -146,16 +146,6 @@
"adminUrl": "/database",
"baseUrl": "/database",
"bearerOnly": true
- },
- {
- "name": "rest-resources",
- "enabled": true,
- "publicClient": true,
- "adminUrl": "/rest-resources",
- "baseUrl": "/rest-resources",
- "redirectUris": [
- "/rest-resources/*"
- ]
}
],
"oauthClients": [
diff --git a/examples/fuse/camel/src/main/java/org/keycloak/example/CamelHelloProcessor.java b/examples/fuse/camel/src/main/java/org/keycloak/example/CamelHelloProcessor.java
index fc67a65..6ef2be2 100644
--- a/examples/fuse/camel/src/main/java/org/keycloak/example/CamelHelloProcessor.java
+++ b/examples/fuse/camel/src/main/java/org/keycloak/example/CamelHelloProcessor.java
@@ -20,7 +20,6 @@ public class CamelHelloProcessor implements Processor {
String username = accessToken.getPreferredUsername();
String fullName = accessToken.getName();
- // send a html response with fullName from LDAP
exchange.getOut().setBody("Hello " + username + "! Your full name is " + fullName + ".");
}
}
examples/fuse/fuse-admin/README.md 4(+2 -2)
diff --git a/examples/fuse/fuse-admin/README.md b/examples/fuse/fuse-admin/README.md
index d22d45d..faa2687 100644
--- a/examples/fuse/fuse-admin/README.md
+++ b/examples/fuse/fuse-admin/README.md
@@ -29,10 +29,10 @@ This file contains configuration of the client application, which is used by JAA
4) Start Fuse and install `keycloak` JAAS realm into Fuse. This could be done easily by installing `keycloak-jaas` feature, which has JAAS realm predefined
(you are able to override it by using your own `keycloak` JAAS realm with higher ranking). As long as you already installed `keycloak-fuse-example` feature as mentioned
-in [examples readme](../README.md), you can skip this step as `keycloak-jaas` is installed already. Otherwise use those commands (replace Keycloak version with current one):
+in [examples readme](../README.md), you can skip this step as `keycloak-jaas` is installed already. Otherwise use those commands (replace Keycloak version in this command with the current version):
```
-features:addurl mvn:org.keycloak/keycloak-osgi-features/1.1.0.Final/xml/features
+features:addurl mvn:org.keycloak/keycloak-osgi-features/1.2.0.Beta1/xml/features
features:install keycloak-jaas
```
diff --git a/integration/adapter-core/src/main/java/org/keycloak/adapters/KeycloakDeployment.java b/integration/adapter-core/src/main/java/org/keycloak/adapters/KeycloakDeployment.java
index f792046..478ead2 100755
--- a/integration/adapter-core/src/main/java/org/keycloak/adapters/KeycloakDeployment.java
+++ b/integration/adapter-core/src/main/java/org/keycloak/adapters/KeycloakDeployment.java
@@ -90,7 +90,8 @@ public class KeycloakDeployment {
public void setAuthServerBaseUrl(AdapterConfig config) {
this.authServerBaseUrl = config.getAuthServerUrl();
- if (authServerBaseUrl == null && config.getAuthServerUrlForBackendRequests() == null) return;
+ String authServerURLForBackendReqs = config.getAuthServerUrlForBackendRequests();
+ if (authServerBaseUrl == null && authServerURLForBackendReqs == null) return;
URI authServerUri = null;
if (authServerBaseUrl != null) {
@@ -98,7 +99,6 @@ public class KeycloakDeployment {
}
if (authServerUri == null || authServerUri.getHost() == null) {
- String authServerURLForBackendReqs = config.getAuthServerUrlForBackendRequests();
if (authServerURLForBackendReqs != null) {
relativeUrls = RelativeUrlsUsed.BROWSER_ONLY;
@@ -116,7 +116,13 @@ public class KeycloakDeployment {
relativeUrls = RelativeUrlsUsed.NEVER;
KeycloakUriBuilder serverBuilder = KeycloakUriBuilder.fromUri(authServerBaseUrl);
resolveBrowserUrls(serverBuilder);
- resolveNonBrowserUrls(serverBuilder);
+
+ if (authServerURLForBackendReqs == null) {
+ resolveNonBrowserUrls(serverBuilder);
+ } else {
+ serverBuilder = KeycloakUriBuilder.fromUri(authServerURLForBackendReqs);
+ resolveNonBrowserUrls(serverBuilder);
+ }
}
}
@@ -132,6 +138,7 @@ public class KeycloakDeployment {
String login = authUrlBuilder.clone().path(ServiceUrlConstants.AUTH_PATH).build(getRealm()).toString();
authUrl = KeycloakUriBuilder.fromUri(login);
+ realmInfoUrl = authUrlBuilder.clone().path(ServiceUrlConstants.REALM_INFO_PATH).build(getRealm()).toString();
}
/**
@@ -145,7 +152,6 @@ public class KeycloakDeployment {
tokenUrl = authUrlBuilder.clone().path(ServiceUrlConstants.TOKEN_PATH).build(getRealm()).toString();
logoutUrl = KeycloakUriBuilder.fromUri(authUrlBuilder.clone().path(ServiceUrlConstants.TOKEN_SERVICE_LOGOUT_PATH).build(getRealm()).toString());
accountUrl = authUrlBuilder.clone().path(ServiceUrlConstants.ACCOUNT_SERVICE_PATH).build(getRealm()).toString();
- realmInfoUrl = authUrlBuilder.clone().path(ServiceUrlConstants.REALM_INFO_PATH).build(getRealm()).toString();
registerNodeUrl = authUrlBuilder.clone().path(ServiceUrlConstants.CLIENTS_MANAGEMENT_REGISTER_NODE_PATH).build(getRealm()).toString();
unregisterNodeUrl = authUrlBuilder.clone().path(ServiceUrlConstants.CLIENTS_MANAGEMENT_UNREGISTER_NODE_PATH).build(getRealm()).toString();
}
diff --git a/integration/adapter-core/src/main/java/org/keycloak/adapters/OAuthRequestAuthenticator.java b/integration/adapter-core/src/main/java/org/keycloak/adapters/OAuthRequestAuthenticator.java
index 68688e6..ea66837 100755
--- a/integration/adapter-core/src/main/java/org/keycloak/adapters/OAuthRequestAuthenticator.java
+++ b/integration/adapter-core/src/main/java/org/keycloak/adapters/OAuthRequestAuthenticator.java
@@ -322,7 +322,7 @@ public class OAuthRequestAuthenticator {
}
log.debug("Token Verification succeeded!");
} catch (VerificationException e) {
- log.error("failed verification of token");
+ log.error("failed verification of token: " + e.getMessage());
return challenge(403);
}
if (tokenResponse.getNotBeforePolicy() > deployment.getNotBefore()) {
diff --git a/integration/adapter-core/src/test/java/org/keycloak/adapters/KeycloakDeploymentBuilderTest.java b/integration/adapter-core/src/test/java/org/keycloak/adapters/KeycloakDeploymentBuilderTest.java
index a40b83e..c326d76 100644
--- a/integration/adapter-core/src/test/java/org/keycloak/adapters/KeycloakDeploymentBuilderTest.java
+++ b/integration/adapter-core/src/test/java/org/keycloak/adapters/KeycloakDeploymentBuilderTest.java
@@ -33,7 +33,7 @@ public class KeycloakDeploymentBuilderTest {
assertTrue(deployment.isExposeToken());
assertEquals("234234-234234-234234", deployment.getResourceCredentials().get("secret"));
assertEquals(20, ((ThreadSafeClientConnManager) deployment.getClient().getConnectionManager()).getMaxTotal());
- assertEquals("https://localhost:8443/auth/realms/demo/protocol/openid-connect/token", deployment.getTokenUrl());
+ assertEquals("https://backend:8443/auth/realms/demo/protocol/openid-connect/token", deployment.getTokenUrl());
assertTrue(deployment.isAlwaysRefreshToken());
assertTrue(deployment.isRegisterNodeAtStartup());
assertEquals(1000, deployment.getRegisterNodePeriod());
diff --git a/testsuite/docker-cluster/shared-files/deploy-examples.sh b/testsuite/docker-cluster/shared-files/deploy-examples.sh
index 2ddee7d..6f29e4a 100644
--- a/testsuite/docker-cluster/shared-files/deploy-examples.sh
+++ b/testsuite/docker-cluster/shared-files/deploy-examples.sh
@@ -33,6 +33,9 @@ for I in *.war/WEB-INF/keycloak.json; do
sed -i -e 's/\"bearer-only\" : true,/&\n \"credentials\" : \{ \"secret\": \"password\" \},/' $I;
done;
+# Configure database.war
+sed -i -e 's/\"auth-server-url\": \"\/auth\",/\"auth-server-url\": \"http:\/\/localhost:8000\/auth\",/' database.war/WEB-INF/keycloak.json;
+
# Enable distributable for customer-portal
sed -i -e 's/<\/module-name>/&\n <distributable \/>/' customer-portal.war/WEB-INF/web.xml