1 Reply Latest reply on Jun 25, 2018 9:55 AM by claudio4j

    Protecting Wildfly Adminstration Console With Keycloak does not work

    gunterze

      Following Protecting Wildfly Adminstration Console With Keycloak , with Wildfly 13.0.0.Final and Keycloak (Wildfly Adapter) 4.0.0.Final a request to access the Wildfly Administration Console is not be redirected to a login page in Keycloak, but fails with

      In the server.log I see:

       

      2018-06-24 11:05:30,693 DEBUG [org.keycloak.adapters.elytron.KeycloakHttpServerAuthenticationMechanismFactory] (management task-1) Evaluating request for path [http://localhost:9990/management]

      2018-06-24 11:05:30,694 DEBUG [org.keycloak.adapters.PreAuthActionsHandler] (management task-1) adminRequest http://localhost:9990/management

      2018-06-24 11:05:30,695 DEBUG [org.keycloak.adapters.RequestAuthenticator] (management task-1) NOT_ATTEMPTED: bearer only

      2018-06-24 11:05:30,720 DEBUG [org.keycloak.adapters.elytron.KeycloakHttpServerAuthenticationMechanismFactory] (management task-1) Evaluating request for path [http://localhost:9990/management]

      2018-06-24 11:05:30,720 DEBUG [org.keycloak.adapters.PreAuthActionsHandler] (management task-1) adminRequest http://localhost:9990/management

      2018-06-24 11:05:30,721 DEBUG [org.keycloak.adapters.RequestAuthenticator] (management task-1) NOT_ATTEMPTED: bearer only

       

      So it seems that the <secure-server> configuration in

      <subsystem xmlns="urn:jboss:domain:keycloak:1.1">
        <realm name="wildfly-infra">
        <realm-public-key>MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApgzNwpbqAo6moqngkGZ48/aT/m9o15WwWxA8wP7g/rLxAxH5KaEL+mUjiIjE4YlD0aH4ka50nnoo5fveEmnt2/uDqs+Uoi/1WN1ZrIPD5Dg+xpO1/7Bzk9BJnE/m9eBdUvoY34EysVDdkKG/9JLsa6FJfMPjdliqb0L65GSrcH9hPHZzcUsU4RUuGZdy3O82xQqapJUjWdVA8OWiPGJZOhqbyNFiMPy0OC3ceext9ajC9jfC9vX0g0SDTXHFLcslvBiseidk3kNuTvCjD5j/SeGS7ppsk/+rXDIo74/GN5rsgc1uruyoUD36gZtEp2K0ObFo1Hi35eP4S1IJbkjuGwIDAQAB</realm-public-key>
        <auth-server-url>http://localhost:8180/auth</auth-server-url>
        </realm>
        <secure-deployment name="wildfly-management">
        <realm>wildfly-infra</realm>
        <resource>wildfly-management</resource>
        <bearer-only>true</bearer-only>
        <ssl-required>EXTERNAL</ssl-required>
        <principal-attribute>preferred_username</principal-attribute>
        </secure-deployment>
        <secure-server name="wildfly-console">
        <realm>wildfly-infra</realm>
        <resource>wildfly-console</resource>
        <public-client>true</public-client>
        </secure-server>
      </subsystem>

       

      does not get applied.