search

Sunbird-RC / community

Repo to enable discussions, issue tracking & documentation for the Sunbird-RC projects
MIT License
12 stars 23 forks source link

SSO Issues regarding compose Installation #37

Open ChakshuGautam opened 3 years ago

ChakshuGautam commented 3 years ago

I was able to install both the OpenSABER using the following steps

  1. Build the jar using mvn clean install
  2. Starting the keycloak using this.
    • Logged in using default username/password.
    • Created a realm called sunbird, client called sunbird, and a user called sunbird with a sample password.
    • Update my /etc/hosts file to alias localhost as keycloak to fix the redirect_url which would be keycloak:8080...
    • Updates the client with redirect URL http://localhost:8081/sso/login
    • Copied the SSO public key and updated the .env file
  3. Starting the registry using this compose file. The .env file was of the following format 
    sunbird_sso_publickey=xxxxxxxblaxxxxx
sunbird_sso_realm=sunbird
sunbird_sso_url=http://keycloak:8080/auth/
authentication_enabled=true
sunbird_sso_username=admin
sunbird_sso_password=admin
sunbird_sso_client_id=sunbird
claims_url=http://keycloak:8080

I am currently facing an issue with keycloak unable to authenticate. The /sso/login route redirects to keycloak, I am able to login and get the auth token, then the auth token fails to get verified. Sharing the logs from keycloak and registry.

keycloak_1  | 15:24:55,607 WARN  [org.keycloak.events] (default task-11) type=CODE_TO_TOKEN_ERROR, realmId=sunbird, clientId=null, userId=null, ipAddress=192.168.144.6, error=invalid_client_credentials, grant_type=authorization_code
keycloak_1  | 15:25:21,844 WARN  [org.keycloak.events] (default task-11) type=LOGIN_ERROR, realmId=sunbird, clientId=sunbird, userId=null, ipAddress=192.168.144.1, error=user_not_found, auth_method=openid-connect, auth_type=code, redirect_uri=http://localhost:8081/sso/login, code_id=09f94562-f6be-4db8-ab4d-2f5edecd53ba, username=admin, authSessionParentId=09f94562-f6be-4db8-ab4d-2f5edecd53ba, authSessionTabId=eNSv1acMKw0
keycloak_1  | 15:41:07,585 WARN  [org.keycloak.events] (default task-14) type=LOGIN_ERROR, realmId=master, clientId=security-admin-console, userId=null, ipAddress=192.168.144.1, error=user_not_found, auth_method=openid-connect, auth_type=code, redirect_uri=http://keycloak:8080/auth/admin/master/console/#/realms/sunbird, code_id=73e803b0-7000-428d-a5e5-0f1de2c9adb8, username=sunbird, authSessionParentId=73e803b0-7000-428d-a5e5-0f1de2c9adb8, authSessionTabId=SZilMPAqM2M
keycloak_1  | 15:41:14,075 WARN  [org.keycloak.events] (default task-14) type=LOGIN_ERROR, realmId=master, clientId=security-admin-console, userId=null, ipAddress=192.168.144.1, error=user_not_found, auth_method=openid-connect, auth_type=code, redirect_uri=http://keycloak:8080/auth/admin/master/console/#/realms/sunbird, code_id=73e803b0-7000-428d-a5e5-0f1de2c9adb8, username=sunbird, authSessionParentId=73e803b0-7000-428d-a5e5-0f1de2c9adb8, authSessionTabId=SZilMPAqM2M
registry_1  | 15:47:02.314 [http-nio-8081-exec-4] DEBUG o.k.a.t.AbstractAuthenticatedActionsValve:57 - AuthenticatedActionsValve.invoke /sso/login
registry_1  | 15:47:02.316 [http-nio-8081-exec-4] DEBUG o.k.a.AuthenticatedActionsHandler:53 - AuthenticatedActionsValve.invoke http://localhost:8081/sso/login?state=c42fdb88-d2d1-4ad6-9d5d-878ab13f8394&session_state=c1eaace6-5835-44d8-97f1-a25830e585a5&code=7eb05e75-8fe4-49ac-87da-cf31813d6201.c1eaace6-5835-44d8-97f1-a25830e585a5.70dc5946-1384-45aa-a776-40e862c5d6df
registry_1  | 15:47:02.317 [http-nio-8081-exec-4] DEBUG o.k.a.AuthenticatedActionsHandler:153 - Policy enforcement is disabled.
registry_1  | 15:47:02.318 [http-nio-8081-exec-4] DEBUG o.k.adapters.PreAuthActionsHandler:74 - adminRequest http://localhost:8081/sso/login?state=c42fdb88-d2d1-4ad6-9d5d-878ab13f8394&session_state=c1eaace6-5835-44d8-97f1-a25830e585a5&code=7eb05e75-8fe4-49ac-87da-cf31813d6201.c1eaace6-5835-44d8-97f1-a25830e585a5.70dc5946-1384-45aa-a776-40e862c5d6df
registry_1  | 15:47:02.320 [http-nio-8081-exec-4] DEBUG o.k.a.s.f.KeycloakAuthenticationProcessingFilter:206 - Request is to process authentication
registry_1  | 15:47:02.321 [http-nio-8081-exec-4] DEBUG o.k.a.s.f.KeycloakAuthenticationProcessingFilter:142 - Attempting Keycloak authentication
registry_1  | 15:47:02.321 [http-nio-8081-exec-4] DEBUG o.k.a.s.t.SpringSecurityTokenStore:64 - Checking if org.keycloak.adapters.springsecurity.authentication.SpringSecurityRequestAuthenticator@234239d0 is cached
registry_1  | 15:47:02.322 [http-nio-8081-exec-4] DEBUG o.k.a.OAuthRequestAuthenticator:279 - there was a code, resolving
registry_1  | 15:47:02.323 [http-nio-8081-exec-4] DEBUG o.k.a.OAuthRequestAuthenticator:325 - checking state cookie for after code
registry_1  | 15:47:02.325 [http-nio-8081-exec-4] DEBUG o.k.a.OAuthRequestAuthenticator:244 - ** reseting application state cookie
registry_1  | 15:47:02.328 [http-nio-8081-exec-4] WARN  o.k.a.a.ClientIdAndSecretCredentialsProvider:60 - Client 'sunbird' doesn't have secret available
registry_1  | 15:47:02.329 [http-nio-8081-exec-4] DEBUG o.a.h.i.c.t.ThreadSafeClientConnManager:240 - Get connection: {}->http://keycloak:8080, timeout = 0
registry_1  | 15:47:02.330 [http-nio-8081-exec-4] DEBUG o.a.h.i.conn.tsccm.ConnPoolByRoute:347 - [{}->http://keycloak:8080] total kept alive: 1, total issued: 0, total allocated: 1 out of 20
registry_1  | 15:47:02.332 [http-nio-8081-exec-4] DEBUG o.a.h.i.conn.tsccm.ConnPoolByRoute:496 - Getting free connection [{}->http://keycloak:8080][null]
registry_1  | 15:47:02.332 [http-nio-8081-exec-4] DEBUG o.a.h.impl.client.DefaultHttpClient:431 - Stale connection check
registry_1  | 15:47:02.335 [http-nio-8081-exec-4] DEBUG o.a.h.c.protocol.RequestAddCookies:123 - CookieSpec selected: compatibility
registry_1  | 15:47:02.336 [http-nio-8081-exec-4] DEBUG o.a.h.c.protocol.RequestAuthCache:77 - Auth cache not set in the context
registry_1  | 15:47:02.337 [http-nio-8081-exec-4] DEBUG o.a.h.c.p.RequestTargetAuthentication:80 - Target auth state: UNCHALLENGED
registry_1  | 15:47:02.339 [http-nio-8081-exec-4] DEBUG o.a.h.c.p.RequestProxyAuthentication:89 - Proxy auth state: UNCHALLENGED
registry_1  | 15:47:02.340 [http-nio-8081-exec-4] DEBUG o.a.h.impl.client.DefaultHttpClient:682 - Attempt 1 to execute request
registry_1  | 15:47:02.342 [http-nio-8081-exec-4] DEBUG o.a.h.i.conn.DefaultClientConnection:274 - Sending request: POST /auth/realms/sunbird/protocol/openid-connect/token HTTP/1.1
registry_1  | 15:47:02.344 [http-nio-8081-exec-4] DEBUG org.apache.http.wire:73 -  >> "POST /auth/realms/sunbird/protocol/openid-connect/token HTTP/1.1[\r][\n]"
registry_1  | 15:47:02.347 [http-nio-8081-exec-4] DEBUG org.apache.http.wire:73 -  >> "Content-Length: 289[\r][\n]"
registry_1  | 15:47:02.350 [http-nio-8081-exec-4] DEBUG org.apache.http.wire:73 -  >> "Content-Type: application/x-www-form-urlencoded; charset=UTF-8[\r][\n]"
registry_1  | 15:47:02.352 [http-nio-8081-exec-4] DEBUG org.apache.http.wire:73 -  >> "Host: keycloak:8080[\r][\n]"
registry_1  | 15:47:02.354 [http-nio-8081-exec-4] DEBUG org.apache.http.wire:73 -  >> "Connection: Keep-Alive[\r][\n]"
registry_1  | 15:47:02.356 [http-nio-8081-exec-4] DEBUG org.apache.http.wire:73 -  >> "[\r][\n]"
registry_1  | 15:47:02.357 [http-nio-8081-exec-4] DEBUG org.apache.http.headers:278 - >> POST /auth/realms/sunbird/protocol/openid-connect/token HTTP/1.1
registry_1  | 15:47:02.358 [http-nio-8081-exec-4] DEBUG org.apache.http.headers:281 - >> Content-Length: 289
registry_1  | 15:47:02.360 [http-nio-8081-exec-4] DEBUG org.apache.http.headers:281 - >> Content-Type: application/x-www-form-urlencoded; charset=UTF-8
registry_1  | 15:47:02.361 [http-nio-8081-exec-4] DEBUG org.apache.http.headers:281 - >> Host: keycloak:8080
registry_1  | 15:47:02.363 [http-nio-8081-exec-4] DEBUG org.apache.http.headers:281 - >> Connection: Keep-Alive
registry_1  | 15:47:02.364 [http-nio-8081-exec-4] DEBUG org.apache.http.wire:87 -  >> "grant_type=authorization_code&code=7eb05e75-8fe4-49ac-87da-cf31813d6201.c1eaace6-5835-44d8-97f1-a25830e585a5.70dc5946-1384-45aa-a776-40e862c5d6df&redirect_uri=http%3A%2F%2Flocalhost%3A8081%2Fsso%2Flogin&client_session_state=F62C9DDD2A30987CB4DE0437C0E7E39D&client_session_host=7ff8cd232959"
registry_1  | 15:47:02.370 [http-nio-8081-exec-4] DEBUG org.apache.http.wire:73 -  << "HTTP/1.1 400 Bad Request[\r][\n]"
registry_1  | 15:47:02.372 [http-nio-8081-exec-4] DEBUG org.apache.http.wire:73 -  << "Cache-Control: no-store[\r][\n]"
registry_1  | 15:47:02.373 [http-nio-8081-exec-4] DEBUG org.apache.http.wire:73 -  << "X-XSS-Protection: 1; mode=block[\r][\n]"
registry_1  | 15:47:02.375 [http-nio-8081-exec-4] DEBUG org.apache.http.wire:73 -  << "Pragma: no-cache[\r][\n]"
registry_1  | 15:47:02.376 [http-nio-8081-exec-4] DEBUG org.apache.http.wire:73 -  << "X-Frame-Options: SAMEORIGIN[\r][\n]"
registry_1  | 15:47:02.378 [http-nio-8081-exec-4] DEBUG org.apache.http.wire:73 -  << "Referrer-Policy: no-referrer[\r][\n]"
registry_1  | 15:47:02.379 [http-nio-8081-exec-4] DEBUG org.apache.http.wire:73 -  << "Date: Mon, 28 Jun 2021 15:47:02 GMT[\r][\n]"
registry_1  | 15:47:02.380 [http-nio-8081-exec-4] DEBUG org.apache.http.wire:73 -  << "Connection: keep-alive[\r][\n]"
registry_1  | 15:47:02.383 [http-nio-8081-exec-4] DEBUG org.apache.http.wire:73 -  << "Strict-Transport-Security: max-age=31536000; includeSubDomains[\r][\n]"
registry_1  | 15:47:02.388 [http-nio-8081-exec-4] DEBUG org.apache.http.wire:73 -  << "X-Content-Type-Options: nosniff[\r][\n]"
registry_1  | 15:47:02.389 [http-nio-8081-exec-4] DEBUG org.apache.http.wire:73 -  << "Content-Type: application/json[\r][\n]"
registry_1  | 15:47:02.391 [http-nio-8081-exec-4] DEBUG org.apache.http.wire:73 -  << "Content-Length: 101[\r][\n]"
registry_1  | 15:47:02.391 [http-nio-8081-exec-4] DEBUG org.apache.http.wire:73 -  << "[\r][\n]"
registry_1  | 15:47:02.393 [http-nio-8081-exec-4] DEBUG o.a.h.i.conn.DefaultClientConnection:259 - Receiving response: HTTP/1.1 400 Bad Request
registry_1  | 15:47:02.394 [http-nio-8081-exec-4] DEBUG org.apache.http.headers:262 - << HTTP/1.1 400 Bad Request
registry_1  | 15:47:02.394 [http-nio-8081-exec-4] DEBUG org.apache.http.headers:265 - << Cache-Control: no-store
registry_1  | 15:47:02.396 [http-nio-8081-exec-4] DEBUG org.apache.http.headers:265 - << X-XSS-Protection: 1; mode=block
registry_1  | 15:47:02.397 [http-nio-8081-exec-4] DEBUG org.apache.http.headers:265 - << Pragma: no-cache
registry_1  | 15:47:02.398 [http-nio-8081-exec-4] DEBUG org.apache.http.headers:265 - << X-Frame-Options: SAMEORIGIN
registry_1  | 15:47:02.399 [http-nio-8081-exec-4] DEBUG org.apache.http.headers:265 - << Referrer-Policy: no-referrer
registry_1  | 15:47:02.400 [http-nio-8081-exec-4] DEBUG org.apache.http.headers:265 - << Date: Mon, 28 Jun 2021 15:47:02 GMT
registry_1  | 15:47:02.402 [http-nio-8081-exec-4] DEBUG org.apache.http.headers:265 - << Connection: keep-alive
registry_1  | 15:47:02.403 [http-nio-8081-exec-4] DEBUG org.apache.http.headers:265 - << Strict-Transport-Security: max-age=31536000; includeSubDomains
registry_1  | 15:47:02.405 [http-nio-8081-exec-4] DEBUG org.apache.http.headers:265 - << X-Content-Type-Options: nosniff
registry_1  | 15:47:02.406 [http-nio-8081-exec-4] DEBUG org.apache.http.headers:265 - << Content-Type: application/json
registry_1  | 15:47:02.408 [http-nio-8081-exec-4] DEBUG org.apache.http.headers:265 - << Content-Length: 101
registry_1  | 15:47:02.411 [http-nio-8081-exec-4] DEBUG o.a.h.impl.client.DefaultHttpClient:509 - Connection can be kept alive indefinitely
registry_1  | 15:47:02.414 [http-nio-8081-exec-4] DEBUG org.apache.http.wire:87 -  << "{"error":"unauthorized_client","error_description":"INVALID_CREDENTIALS: Invalid client credentials"}"
registry_1  | 15:47:02.417 [http-nio-8081-exec-4] DEBUG o.a.h.i.c.t.ThreadSafeClientConnManager:286 - Released connection is reusable.
registry_1  | 15:47:02.420 [http-nio-8081-exec-4] DEBUG o.a.h.i.conn.tsccm.ConnPoolByRoute:431 - Releasing connection [{}->http://keycloak:8080][null]
registry_1  | 15:47:02.423 [http-nio-8081-exec-4] DEBUG o.a.h.i.conn.tsccm.ConnPoolByRoute:457 - Pooling connection [{}->http://keycloak:8080][null]; keep alive indefinitely
registry_1  | 15:47:02.424 [http-nio-8081-exec-4] DEBUG o.a.h.i.conn.tsccm.ConnPoolByRoute:678 - Notifying no-one, there are no waiting threads
registry_1  | 15:47:02.425 [http-nio-8081-exec-4] ERROR o.k.a.OAuthRequestAuthenticator:337 - failed to turn code into token
registry_1  | 15:47:02.427 [http-nio-8081-exec-4] ERROR o.k.a.OAuthRequestAuthenticator:338 - status from server: 400
registry_1  | 15:47:02.429 [http-nio-8081-exec-4] ERROR o.k.a.OAuthRequestAuthenticator:340 -    {"error":"unauthorized_client","error_description":"INVALID_CREDENTIALS: Invalid client credentials"}
registry_1  | 15:47:02.435 [http-nio-8081-exec-4] DEBUG o.k.a.s.f.KeycloakAuthenticationProcessingFilter:155 - Auth outcome: FAILED
registry_1  | 15:47:02.437 [http-nio-8081-exec-4] DEBUG o.k.a.s.f.KeycloakAuthenticationProcessingFilter:345 - Authentication request failed: org.keycloak.adapters.springsecurity.KeycloakAuthenticationException: Invalid authorization header, see WWW-Authenticate header for details
registry_1  | org.keycloak.adapters.springsecurity.KeycloakAuthenticationException: Invalid authorization header, see WWW-Authenticate header for details
registry_1  |   at org.keycloak.adapters.springsecurity.filter.KeycloakAuthenticationProcessingFilter.attemptAuthentication(KeycloakAuthenticationProcessingFilter.java:162)
registry_1  |   at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212)
registry_1  |   at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
registry_1  |   at org.keycloak.adapters.springsecurity.filter.KeycloakPreAuthActionsFilter.doFilter(KeycloakPreAuthActionsFilter.java:96)
registry_1  |   at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
registry_1  |   at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:66)
registry_1  |   at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
registry_1  |   at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
registry_1  |   at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
registry_1  |   at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
registry_1  |   at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)
registry_1  |   at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
registry_1  |   at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
registry_1  |   at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215)
registry_1  |   at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178)
registry_1  |   at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:357)
registry_1  |   at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:270)
registry_1  |   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
registry_1  |   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
registry_1  |   at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99)
registry_1  |   at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
registry_1  |   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
registry_1  |   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
registry_1  |   at org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:109)
registry_1  |   at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
registry_1  |   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
registry_1  |   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
registry_1  |   at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:81)
registry_1  |   at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
registry_1  |   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
registry_1  |   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
registry_1  |   at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:200)
registry_1  |   at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
registry_1  |   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
registry_1  |   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
registry_1  |   at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
registry_1  |   at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
registry_1  |   at org.keycloak.adapters.tomcat.AbstractAuthenticatedActionsValve.invoke(AbstractAuthenticatedActionsValve.java:67)
registry_1  |   at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:496)
registry_1  |   at org.keycloak.adapters.tomcat.AbstractKeycloakAuthenticatorValve.invoke(AbstractKeycloakAuthenticatorValve.java:181)
registry_1  |   at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
registry_1  |   at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
registry_1  |   at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
registry_1  |   at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
registry_1  |   at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:803)
registry_1  |   at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
registry_1  |   at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:790)
registry_1  |   at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1459)
registry_1  |   at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
registry_1  |   at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
registry_1  |   at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
registry_1  |   at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
registry_1  |   at java.lang.Thread.run(Thread.java:748)
registry_1  | 15:47:02.439 [http-nio-8081-exec-4] DEBUG o.k.a.s.f.KeycloakAuthenticationProcessingFilter:346 - Updated SecurityContextHolder to contain null Authentication
registry_1  | 15:47:02.441 [http-nio-8081-exec-4] DEBUG o.k.a.s.f.KeycloakAuthenticationProcessingFilter:347 - Delegating to authentication failure handler org.keycloak.adapters.springsecurity.authentication.KeycloakAuthenticationFailureHandler@770c3905
registry_1  | 15:47:02.446 [http-nio-8081-exec-4] DEBUG o.k.adapters.PreAuthActionsHandler:74 - adminRequest http://localhost:8081/error?state=c42fdb88-d2d1-4ad6-9d5d-878ab13f8394&session_state=c1eaace6-5835-44d8-97f1-a25830e585a5&code=7eb05e75-8fe4-49ac-87da-cf31813d6201.c1eaace6-5835-44d8-97f1-a25830e585a5.70dc5946-1384-45aa-a776-40e862c5d6df
registry_1  | 15:47:02.555 [http-nio-8081-exec-5] DEBUG o.k.adapters.PreAuthActionsHandler:74 - adminRequest http://localhost:8081/favicon.ico
registry_1  | 15:47:02.557 [http-nio-8081-exec-5] DEBUG o.k.a.t.AbstractAuthenticatedActionsValve:57 - AuthenticatedActionsValve.invoke /favicon.ico
registry_1  | 15:47:02.559 [http-nio-8081-exec-5] DEBUG o.k.a.AuthenticatedActionsHandler:53 - AuthenticatedActionsValve.invoke http://localhost:8081/favicon.ico
registry_1  | 15:47:02.561 [http-nio-8081-exec-5] DEBUG o.k.a.AuthenticatedActionsHandler:153 - Policy enforcement is disabled.
registry_1  | 15:47:02.563 [http-nio-8081-exec-5] DEBUG o.k.adapters.PreAuthActionsHandler:74 - adminRequest http://localhost:8081/favicon.ico
registry_1  | 15:47:02.566 [http-nio-8081-exec-5] DEBUG o.k.a.s.a.KeycloakAuthenticationEntryPoint:109 - Redirecting to login URI /sso/login
registry_1  | 15:47:02.576 [http-nio-8081-exec-6] DEBUG o.k.adapters.PreAuthActionsHandler:74 - adminRequest http://localhost:8081/sso/login
registry_1  | 15:47:02.581 [http-nio-8081-exec-6] DEBUG o.k.a.t.AbstractAuthenticatedActionsValve:57 - AuthenticatedActionsValve.invoke /sso/login
registry_1  | 15:47:02.583 [http-nio-8081-exec-6] DEBUG o.k.a.AuthenticatedActionsHandler:53 - AuthenticatedActionsValve.invoke http://localhost:8081/sso/login
registry_1  | 15:47:02.586 [http-nio-8081-exec-6] DEBUG o.k.a.AuthenticatedActionsHandler:153 - Policy enforcement is disabled.
registry_1  | 15:47:02.590 [http-nio-8081-exec-6] DEBUG o.k.adapters.PreAuthActionsHandler:74 - adminRequest http://localhost:8081/sso/login
registry_1  | 15:47:02.593 [http-nio-8081-exec-6] DEBUG o.k.a.s.f.KeycloakAuthenticationProcessingFilter:206 - Request is to process authentication
registry_1  | 15:47:02.594 [http-nio-8081-exec-6] DEBUG o.k.a.s.f.KeycloakAuthenticationProcessingFilter:142 - Attempting Keycloak authentication
registry_1  | 15:47:02.596 [http-nio-8081-exec-6] DEBUG o.k.a.s.t.SpringSecurityTokenStore:64 - Checking if org.keycloak.adapters.springsecurity.authentication.SpringSecurityRequestAuthenticator@42f9fc1f is cached
registry_1  | 15:47:02.599 [http-nio-8081-exec-6] DEBUG o.k.a.OAuthRequestAuthenticator:266 - there was no code
registry_1  | 15:47:02.600 [http-nio-8081-exec-6] DEBUG o.k.a.OAuthRequestAuthenticator:274 - redirecting to auth server
registry_1  | 15:47:02.601 [http-nio-8081-exec-6] DEBUG o.k.a.OAuthRequestAuthenticator:144 - callback uri: http://localhost:8081/sso/login
registry_1  | 15:47:02.603 [http-nio-8081-exec-6] DEBUG o.k.a.s.f.KeycloakAuthenticationProcessingFilter:155 - Auth outcome: NOT_ATTEMPTED
registry_1  | 15:47:02.604 [http-nio-8081-exec-6] DEBUG o.k.a.OAuthRequestAuthenticator:227 - Sending redirect to login page: http://keycloak:8080/auth/realms/sunbird/protocol/openid-connect/auth?response_type=code&client_id=sunbird&redirect_uri=http%3A%2F%2Flocalhost%3A8081%2Fsso%2Flogin&state=4331e706-26c5-462b-8d42-115fd9007402&login=true&scope=openid
dileepbapat commented 3 years ago

I see registry_1 | 15:47:02.370 [http-nio-8081-exec-4] DEBUG org.apache.http.wire:73 - << "HTTP/1.1 400 Bad Request[\r][\n]" for the token request, please check the realm configuration, redirect URL, origin etc.

API uses jwt in header as Authorization bearer, and that is working (verified).