1

I'm using a WildFly application server that hosts a simple Frontend-Backend combination on my local machine. The Frontend is secured through the Keycloak JS adapter and the Backend is supposted to using the Keycloak WildFly adapter.

I have the keycloak.json properly in place (in the WEB-INF folder), and my web.xml looks like this:

<web-app xmlns="http://java.sun.com/xml/ns/javaee"
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
     xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
     version="3.0">

    <module-name>restservice</module-name>
    <display-name>RESTful Service</display-name>

    <security-constraint>
        <web-resource-collection>
            <web-resource-name>Brokerservice</web-resource-name>
            <url-pattern>/*</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <role-name>default</role-name>
        </auth-constraint>
    </security-constraint>

    <security-constraint>
        <web-resource-collection>
            <web-resource-name>AuthInterface</web-resource-name>
            <url-pattern>/*</url-pattern>
        </web-resource-collection>
    </security-constraint>

    <login-config>
        <auth-method>KEYCLOAK</auth-method>
        <realm-name>this is ignored currently</realm-name>
    </login-config>

    <security-role>
        <role-name>default</role-name>
    </security-role>
</web-app>

The deployment goes smoothly and I can access, and log in to, the Frontend hosted in that deployment, but when I try to request something from my Backend, I am returned a 401 Unauthorized. The bearer token is valid and sent to the service as instructed by Keycloak's docs. Meanwhile, the console reads

Error when sending request to retrieve realm keys: org.keycloak.adapters.HttpClientAdapterException: IO error

The full server log is available here. Since this issue only occrus with my local REST service (I can connect and retrieve data from other Keycloak-secured services in my company's network), I suspect that this is an issue with my WildFly configuration. Currently, it is a clean install with only the Keycloak adapter added and enabled via command line.

Any kind of help appreciated.

Resn1963
  • 21
  • 5

1 Answers1

0

My friends, I found the soltuion! I truly was a local configuration issue, but not in WildFly but in my Java Keystore. The corporate SSL certificate has to be added to the cacerts Keystore that is part of the Java distribution associated with the JAVA_HOME variable (in my case, jdk1.8.0_181). Specifically, you can use this command to set it up:

keytool -import -keystore "C:\Program Files\Java\jdk1.8.0_181\jre\lib\security\cacerts" -alias [alias] -storepass [password] -file [path/to/your/certificate]

Note that if "keytool" cannot be found, navigate to the JDK's bin and execute the command from there. Execution origin has no effect here.

Resn1963
  • 21
  • 5