Hi,
Sorry, I´m a newbie with Keycloak.
I´m using pac4j as a lib in my JAVA EE project.
I guess my config is fine, but I don´t know currently what should be the issue.
And in my shiro.ini
oidcConfig = org.pac4j.oidc.config.OidcConfiguration
oidcConfig.discoveryURI = h ttp://localhost:9009/auth/realms/gixx/.well-known/openid-configuration
oidcConfig.clientId = gixxjobsharing-frontend
oidcConfig.secret = YOSsZ7nR8iMmNPb0VWXU6Sb5fdPS9Ssh
oidcConfig.clientAuthenticationMethodAsString = client_secret_basic
oidcConfig.scope = openid
oidcConfig.responseType = code
oidcConfig.withState = false
oidcConfig.logoutUrl = h ttp://localhost:9009/auth/realms/gixx/protocol/openid-connect/logout
callbackFilter = org.pac4j.jee.filter.CallbackFilter
callbackFilter.defaultUrl = h ttp://localhost:8080/gixxjobsharing
callbackFilter.config = $config
[urls]
/common/redirectLogin.jsf = callbackFilter
If I use this url for login:
h ttp://localhost:9009/auth/realms/gixx/protocol/openid-connect/auth?client_id=gixxjobsharing-frontend&redirect_uri=h ttp://localhost:8080/gixxjobsharing/common/redirectLogin.jsf&response_type=code
The login screen appears and I can login in.
In my logs I´m getting:
11:22:31,646 DEBUG [org.pac4j.core.engine.DefaultCallbackLogic] (default task-1) === CALLBACK ===
11:22:31,648 DEBUG [org.pac4j.core.client.finder.DefaultCallbackClientFinder] (default task-1) result:
11:22:31,649 DEBUG [org.pac4j.core.client.finder.DefaultCallbackClientFinder] (default task-1) Defaulting to the only client: #OidcClient# | name: OidcClient | callbackUrl: h ttp://localhost:8080/gixxjobsharing/common/redirectLogin.jsf | callbackUrlResolver: org.pac4j.core.h ttp.callback.QueryParameterCallbackUrlResolver@2829c31d | ajaxRequestResolver: org.pac4j.core.h ttp.ajax.DefaultAjaxRequestResolver@3cab77b | redirectionActionBuilder: org.pac4j.oidc.redirect.OidcRedirectionActionBuilder@71700085 | credentialsExtractor: org.pac4j.oidc.credentials.extractor.OidcExtractor@59c25125 | authenticator: org.pac4j.oidc.credentials.authenticator.OidcAuthenticator@3f95402b | profileCreator: org.pac4j.oidc.profile.creator.OidcProfileCreator@693259cd | logoutActionBuilder: org.pac4j.oidc.logout.OidcLogoutActionBuilder@18371846 | authorizationGenerators: | configuration: #OidcConfiguration# | clientId: gixxjobsharing-frontend | secret: [protected] | discoveryURI: h ttp://localhost:9009/auth/realms/gixx/.well-known/openid-configuration | scope: null | customParams: {} | clientAuthenticationMethod: client_secret_basic | useNonce: false | preferredJwsAlgorithm: null | maxAge: null | maxClockSkew: 30 | connectTimeout: 500 | readTimeout: 5000 | resourceRetriever: com.nimbusds.jose.util.DefaultResourceRetriever@5337391c | responseType: code | responseMode: null | logoutUrl: h ttp://localhost:9009/auth/realms/gixx/protocol/openid-connect/logout | withState: false | stateGenerator: org.pac4j.core.util.generator.RandomValueGenerator@6ad285c4 | logoutHandler: #DefaultLogoutHandler# | store: #GuavaStore# | size: 10000 | timeout: 30 | timeUnit: MINUTES | | destroySession: false | | tokenValidator: null | mappedClaims: {} | allowUnsignedIdTokens: false | SSLFactory: null | privateKeyJWTClientAuthnMethodConfig: null | callUserInfoEndpoint: true | |
11:22:31,650 DEBUG [org.pac4j.core.engine.DefaultCallbackLogic] (default task-1) foundClient: #OidcClient# | name: OidcClient | callbackUrl: h ttp://localhost:8080/gixxjobsharing/common/redirectLogin.jsf | callbackUrlResolver: org.pac4j.core.h ttp.callback.QueryParameterCallbackUrlResolver@2829c31d | ajaxRequestResolver: org.pac4j.core.h ttp.ajax.DefaultAjaxRequestResolver@3cab77b | redirectionActionBuilder: org.pac4j.oidc.redirect.OidcRedirectionActionBuilder@71700085 | credentialsExtractor: org.pac4j.oidc.credentials.extractor.OidcExtractor@59c25125 | authenticator: org.pac4j.oidc.credentials.authenticator.OidcAuthenticator@3f95402b | profileCreator: org.pac4j.oidc.profile.creator.OidcProfileCreator@693259cd | logoutActionBuilder: org.pac4j.oidc.logout.OidcLogoutActionBuilder@18371846 | authorizationGenerators: | configuration: #OidcConfiguration# | clientId: gixxjobsharing-frontend | secret: [protected] | discoveryURI: h ttp://localhost:9009/auth/realms/gixx/.well-known/openid-configuration | scope: null | customParams: {} | clientAuthenticationMethod: client_secret_basic | useNonce: false | preferredJwsAlgorithm: null | maxAge: null | maxClockSkew: 30 | connectTimeout: 500 | readTimeout: 5000 | resourceRetriever: com.nimbusds.jose.util.DefaultResourceRetriever@5337391c | responseType: code | responseMode: null | logoutUrl: h ttp://localhost:9009/auth/realms/gixx/protocol/openid-connect/logout | withState: false | stateGenerator: org.pac4j.core.util.generator.RandomValueGenerator@6ad285c4 | logoutHandler: #DefaultLogoutHandler# | store: #GuavaStore# | size: 10000 | timeout: 30 | timeUnit: MINUTES | | destroySession: false | | tokenValidator: null | mappedClaims: {} | allowUnsignedIdTokens: false | SSLFactory: null | privateKeyJWTClientAuthnMethodConfig: null | callUserInfoEndpoint: true | |
11:22:31,652 DEBUG [org.pac4j.oidc.credentials.extractor.OidcExtractor] (default task-1) Authentication response successful
11:22:31,656 DEBUG [org.pac4j.jee.context.session.JEESessionStore] (default task-1) createSession: false, retrieved session: null
11:22:31,657 DEBUG [org.pac4j.jee.context.session.JEESessionStore] (default task-1) Can’t get value for key: OidcClient$codeVerifierSessionParameter, no session available
11:22:31,669 DEBUG [org.pac4j.oidc.credentials.authenticator.OidcAuthenticator] (default task-1) Token response: status=400, content={“error”:“invalid_grant”,“error_description”:“Incorrect redirect_uri”}
Any ideas?