Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-19411

AuthzClient tries to use frontendUrl when it shouldn't

    XMLWordPrintable

Details

    • Bug
    • Status: Triage
    • Minor
    • Resolution: Unresolved
    • 15.0.0
    • None
    • Authorization Services
    • None
    • Hide

      This piece of java code should hopefully reproduce the error:

      Configuration keyCloakConfig =
          new Configuration(
              authServerUrl, //keycloak:8443, or localhost:8443, assuming the frontend url is different than the url with which you reconnect.
              realm, 
              clientId,
              Map.of("secret", clientSecret),
              httpClientBuilder.build());
      authzClient = AuthzClient.create(keyCloakConfig);
      ProtectedResource resourceClient = authzClient.protection().resource();
      resourceClient.findAll();

      As for the docker keycloak, all that is needed is:

      env:
      KEYCLOAK_FRONTEND_URL:

      Show
      This piece of java code should hopefully reproduce the error: Configuration keyCloakConfig = new Configuration( authServerUrl, //keycloak:8443, or localhost:8443, assuming the frontend url is different than the url with which you reconnect. realm, clientId, Map.of( "secret" , clientSecret), httpClientBuilder.build()); authzClient = AuthzClient.create(keyCloakConfig); ProtectedResource resourceClient = authzClient.protection().resource(); resourceClient.findAll(); As for the docker keycloak, all that is needed is: env: KEYCLOAK_FRONTEND_URL:
    • NEW
    • NEW
    • ---
    • ---

    Description

      We are running keycloak in docker.
      We are using keycloak with the KEYCLOAK_FRONTEND_URL.
      Eg. KEYCLOAK_FRONTEND_URL: my-keycloak.com
      While in docker the url is keycloak:8443/auth, to connect from a  confidential client.
      Sometimes when a call is made, it fails. As in sometimes when another container tries to connect it fails with the following message:

      Exception in
       thread "Thread-0" java.lang.RuntimeException: Could not find resource
      at org.keycloak.authorization.client.util.Throwables.handleWrapException(Throwables.java:45)
      at org.keycloak.authorization.client.resource.ProtectedResource.findAll(ProtectedResource.java:248)
      at java.base/java.lang.Thread.run(Thread.java:829)
      Caused by: java.lang.RuntimeException: Could not find resource
      at org.keycloak.authorization.client.util.Throwables.retryAndWrapExceptionIfNecessary(Throwables.java:91)
      at org.keycloak.authorization.client.resource.ProtectedResource.find(ProtectedResource.java:181)
      at org.keycloak.authorization.client.resource.ProtectedResource.findAll(ProtectedResource.java:246)
      ... 2 more
      Caused by: java.lang.RuntimeException: Error executing http method [GET]. Response : null
      at org.keycloak.authorization.client.util.HttpMethod.execute(HttpMethod.java:106)
      at org.keycloak.authorization.client.util.HttpMethodResponse$2.execute(HttpMethodResponse.java:50)
      at org.keycloak.authorization.client.resource.ProtectedResource$4.call(ProtectedResource.java:175)
      at org.keycloak.authorization.client.resource.ProtectedResource$4.call(ProtectedResource.java:172)
      at org.keycloak.authorization.client.resource.ProtectedResource.find(ProtectedResource.java:179)
      ... 3 more
      Caused by: org.apache.http.conn.HttpHostConnectException: Connect to my-keycloak.com [my-keycloak.com/<ip>] failed: Connection timed out (Connection timed out)

      The reason of this is that somehow it tries to connect with the frontend url, but in reality it should not, as it is running in docker, and it will not resolve the url.

      We have temporary hack, as we moved keycloak to 443, and add an extra host option to keycloak, that goes to the ip address of the keycloak container. However this is not stable, and a lot of extra work.

       

       

       

      Attachments

        Activity

          People

            Unassigned Unassigned
            rgoussey Robin Goussey
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated: