Successful login redirects back to localhost:9393/login, not to localhost:9393/dashboard

[shehanab]

Successful login redirects back to localhost:9393/login, not to localhost:9393/dashboard

I followed instructions given in https://github.com/jvalkeal/randomstuff/tree/master/dataflow-keycloak

http://localhost:9393/dashboard takes me to http://localhost:9393/login selection of client name takes me to the following link with my SSO login page...

http://localhost:8567/auth/realms/GetsConnect/protocol/openid-connect/auth?response_type=code&client_id=ABATCH&scope=openid%20dataflow.view%20dataflow.deploy%20dataflow.destroy%20dataflow.manage%20dataflow.modify%20dataflow.schedule%20dataflow.create&state=oGeeBrngd2RI2Wg2XLBlYJKUQtSQycOeN56EtceS_yw%3D&redirect_uri=http://localhost:9393/login/oauth2/code/keycloak&nonce=eVZQyD23xjmnA49e7uN_vjGvsLJQUcX5gUl2GItohQY

Upon login in using SSO login page it requests using the following link...

http://localhost:8567/auth/realms/GetsConnect/login-actions/authenticate?session_code=E6VoTYWMB7k9R5l_W23yY6RixQWfTN8EsaDmPtxOfMk&execution=ca0c2c76-8111-4447-92b3-315cf3222a48&client_id=ABATCH&tab_id=-1rfgFmUOsw

then it attempts to access the following redirect URL specified...

http://localhost:9393/login/oauth2/code/keycloak?state=oGeeBrngd2RI2Wg2XLBlYJKUQtSQycOeN56EtceS_yw%3D&session_state=ff40cd7b-a699-4465-b36a-cea919fa9391&code=2f811454-4855-4def-8732-89b248d4bbba.ff40cd7b-a699-4465-b36a-cea919fa9391.c33a1552-9eda-4069-885e-2bdaed4e5a15

This leads me to http://localhost:9393/login?error page with the following error message

[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response: I/O error on POST request for "http://localhost:8567/auth/realms/GetsConnect/protocol/openid-connect/token": Connection timed out: connect; nested exception is java.net.ConnectException: Connection timed out: connect

From Keycloak server-side login successful but it does not return the token (code_to_token response) and redirects to the login page.

Configs are as follows...

spring:
  cloud:
    dataflow:
      security:
        authorization:
          provider-role-mappings:
            keycloak:
              map-oauth-scopes: true
              role-mappings:
                ROLE_VIEW: dataflow.view
                ROLE_CREATE: dataflow.create
                ROLE_MANAGE: dataflow.manage
                ROLE_DEPLOY: dataflow.create
                ROLE_DESTROY: dataflow.create
                ROLE_MODIFY: dataflow.create
                ROLE_SCHEDULE: dataflow.create
  security:
    oauth2:
      client:
        registration:
          keycloak:
            redirect-uri: '{baseUrl}/login/oauth2/code/{registrationId}'
            authorization-grant-type: authorization_code
            client-id: ABATCH
            client-name: ABATCH
            client-secret: a0f442f5-8c58-4220-9b48-4174476ba57a
            scope:
              - openid
              - dataflow.view
              - dataflow.deploy
              - dataflow.destroy
              - dataflow.manage
              - dataflow.modify
              - dataflow.schedule
              - dataflow.create
        provider:
          keycloak:
            jwk-set-uri: http://localhost:8567/auth/realms/GetsConnect/protocol/openid-connect/certs
            token-uri: http://localhost:8567/auth/realms/GetsConnect/protocol/openid-connect/token
            user-info-uri: http://localhost:8567/auth/realms/GetsConnect/protocol/openid-connect/userinfo
            user-name-attribute: user_name
            authorization-uri: http://localhost:8567/auth/realms/GetsConnect/protocol/openid-connect/auth
      resourceserver:
        opaquetoken:
          introspection-uri: http://localhost:8567/auth/realms/GetsConnect/protocol/openid-connect/token/introspect
          client-id: ABATCH
          client-secret: a0f442f5-8c58-4220-9b48-4174476ba57a
      authorization:
        check-token-access: isAuthenticated()

Appreciate If someone could give some tips... @eskuai @jvalkeal @ChimbuChinnadurai

[eskuai]

hi @shehanab

if you send a curl a post request for the failed url?