Protecting Wildfly Adminstration Console With Keycloak does not work
gunterze Jun 24, 2018 5:40 AMFollowing Protecting Wildfly Adminstration Console With Keycloak , with Wildfly 13.0.0.Final and Keycloak (Wildfly Adapter) 4.0.0.Final a request to access the Wildfly Administration Console is not be redirected to a login page in Keycloak, but fails with
In the server.log I see:
2018-06-24 11:05:30,693 DEBUG [org.keycloak.adapters.elytron.KeycloakHttpServerAuthenticationMechanismFactory] (management task-1) Evaluating request for path [http://localhost:9990/management]
2018-06-24 11:05:30,694 DEBUG [org.keycloak.adapters.PreAuthActionsHandler] (management task-1) adminRequest http://localhost:9990/management
2018-06-24 11:05:30,695 DEBUG [org.keycloak.adapters.RequestAuthenticator] (management task-1) NOT_ATTEMPTED: bearer only
2018-06-24 11:05:30,720 DEBUG [org.keycloak.adapters.elytron.KeycloakHttpServerAuthenticationMechanismFactory] (management task-1) Evaluating request for path [http://localhost:9990/management]
2018-06-24 11:05:30,720 DEBUG [org.keycloak.adapters.PreAuthActionsHandler] (management task-1) adminRequest http://localhost:9990/management
2018-06-24 11:05:30,721 DEBUG [org.keycloak.adapters.RequestAuthenticator] (management task-1) NOT_ATTEMPTED: bearer only
So it seems that the <secure-server> configuration in
<subsystem xmlns="urn:jboss:domain:keycloak:1.1">
<realm name="wildfly-infra">
<realm-public-key>MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApgzNwpbqAo6moqngkGZ48/aT/m9o15WwWxA8wP7g/rLxAxH5KaEL+mUjiIjE4YlD0aH4ka50nnoo5fveEmnt2/uDqs+Uoi/1WN1ZrIPD5Dg+xpO1/7Bzk9BJnE/m9eBdUvoY34EysVDdkKG/9JLsa6FJfMPjdliqb0L65GSrcH9hPHZzcUsU4RUuGZdy3O82xQqapJUjWdVA8OWiPGJZOhqbyNFiMPy0OC3ceext9ajC9jfC9vX0g0SDTXHFLcslvBiseidk3kNuTvCjD5j/SeGS7ppsk/+rXDIo74/GN5rsgc1uruyoUD36gZtEp2K0ObFo1Hi35eP4S1IJbkjuGwIDAQAB</realm-public-key>
<auth-server-url>http://localhost:8180/auth</auth-server-url>
</realm>
<secure-deployment name="wildfly-management">
<realm>wildfly-infra</realm>
<resource>wildfly-management</resource>
<bearer-only>true</bearer-only>
<ssl-required>EXTERNAL</ssl-required>
<principal-attribute>preferred_username</principal-attribute>
</secure-deployment>
<secure-server name="wildfly-console">
<realm>wildfly-infra</realm>
<resource>wildfly-console</resource>
<public-client>true</public-client>
</secure-server>
</subsystem>
does not get applied.