I upgraded from keycloak 18 to 20.0.3.
But now I'm having trouble retrieving roles.
The Error: javax.ws.rs.NotFoundException: HTTP 404 Not Found
This is what i'm trying to do...
RealmResource realmResource = KeycloakHelper.getRealmResource(connectionParameters);
in connectionParameters is the keycloakServerUrl, keycloakServerRealm, user and password
representation = realmResource.roles().get("roleName").toRepresentation();
but the realmResource.roles().get("roleName").toRepresentation() throws a javax.ws.rs.NotFoundException: HTTP 404 Not Found error
I found the problem. You may no longer use /auth in version 20.0.3
Related
This is regarding the post: BASIC authentication from JAVA to Sharepoint 2013 REST API
I am facing the same problem.
I tried the solutions provided over here but it did not work out for me.
I am trying my luck to get the SharePoint Rest API working with Java but to no avail. It is showing the below error response:
Oct 03, 2017 8:23:49 PM org.apache.http.impl.auth.HttpAuthenticator generateAuthResponse
WARNING: NEGOTIATE authentication error:
No valid credentials provided
(Mechanism level: No valid credentials provided
(Mechanism level: Failed to find any Kerberos tgt))
----------------------------------------
HTTP/1.1 401 Processed
If you have enabled NTLM authentication , then you can try NTLM auth from java. This example might help you , because following the same worked for me .
http://www.muneebahmad.com/index.php/archives/127
If you have Digest type of auth then you can refer this ,
http://www.whypad.com/posts/authenticate-sharepoint-rest-call-in-a-rest-client/1169/
While calling endpoint API, sometimes we are getting 500 Unknown error from server, but most of the time API works fine. And also in case of 500 Unknown error, we are unable to see any logs in google console logs.
API response takes 2 sec approx. We are using App engine Java deployment.
Can anyone help me find the root cause of this problem?
Following is the chrome console error
/conge-portal/#!/dashboard/myage:1 XMLHttpRequest cannot load https://a-master-server.appspot.com/_ah/api/ageEndPoint/v1/aghie…5648/674390454714943921958166322392772?showTarget=true&month=May&year=2017. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost' is therefore not allowed access. The response had HTTP status code 500.
From the error message, it looks like browser rejected a preflight CORS OPTIONS request because "http://localhost" is not listed as the the allowed origins.
Are you using App Engine standard or App Engine Flex environment? CORS handling are different on these two platforms.
Issue stopped after migrating to endpoint framework 2.0
I am implementing Facebook OAuth on my localhost where I made following configuration :
1) Setting(Basic) :
Domain : localhost
Site URL : http://localhost:9090/Facebook_Login/fbhome
Where I have changed the tomcat port to 9090 & "fbhome" is servlet which displays some information like name, gender, email after successful implementation
2) In Facebook Login section :
Valid OAuth redirect url :http://localhost:8080/Facebook_Login/fbhome
But I encountered 2 errors as mentioned below :
The requested URL /Facebook_Login/fbhome was not found on this server.
URL Blocked: This redirect failed because the redirect URI is not
whitelisted in the app’s Client OAuth Settings. Make sure Client and Web OAuth Login are on and add all your app domains as Valid OAuth Redirect URIs.
Please can anyone correct me if I have done any mistake in my configuration. It would be nice if I got proper solution. Because I googled a lot but couldn't find exact solution for it.
first you need to register to your application with call back URL, then you will get the appId and SecretId.Use those Id's and call FB OAuth url with you callbackURL
Sorry, this problem has many variables so I might not be isolating the problem correctly.
Our website/application is using HTTPS under the Play 2.1.2 framework behind Okta. Okta uses SAML to authenticate. Our Java files for all of our pages (in the Java code) has #RequiresAuthentication(clientName = Saml2Client) so the user is forced to log in with their Active Directory login on Okta to access our site.
We used SAMLTracer on Firefox to determine that the webpage seems to be authenticating with Okta through SAML correctly. The problem we're running into is when using HTTPS, we're getting a 404 error for the main page. The log says:
[ERROR] - from application in play-akka.actor.default- dispatcher-9 oops! page not found: uri = /
As an experiment, we used HTTP instead of HTTPS and we don't get that error and our page loads up fine. The routes file is the same so it doesn't make sense that HTTPS doesn't work but HTTP does with the same routes file. The OKTA config are identical for both HTTP and HTTPS, sans the url (for HTTPS we used https:// and port 8443 instead of http:// and port 8080). What else might be causing this problem?
My current setup is the following:
Windows Server running an Active Directory.
Keycloak server runningon a WildFly.
Java test application with restricted access deployed on the WildFly.
The authorization flow is that a user from the AD requests access to the application, the user is granted a Kerberos ticket, and trying the get access to the same application with that specific ticket.
All the configuration with Kerberos, Keycloak and AD is done, and the agreements between the server and the client are running smoothly, but the last "GET" request, where the user has been granted access, it means making a request for the Keycloak redirect URL containing the OpenID-Connect parameters (state= and code=), returns a "bad request".
I am fairly new to the concept of using Keycloak as a SSO provider, so this could be something very trivial I missed.
[EDIT]
If I fire a request for the restriced page in Fiddler, it gives me a "No State Cookie", BUT when I use any kind of browser, it says "Forbidden", and my log says that ERROR [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-9) failed verification of token: Invalid token issuer. Expected http://KEYCLOAK:9090/auth/realms/kerberos-realms/" but expected "http://keycloak:8080/auth/realms/kerberos-realm"
I actually did find a solution for it:
I tried to change the Fiddler client with a browser, and I got the problem where it told me that the issuer of the token wasn't as the expected one, and I found that in my standalone.xml, the authentication endpoint was spelled with upper case, and it expected one in lower. As for the "No state cookie", I guess that the browser handles a request of that kind, a bit different than Fiddler does.