I have a web application with a Java REST API (using Javalin and its pac4j implementation) and a ReactJS frontend with a pretty sign in page. Previously I had been using auth0’s lock.js implementation to secure my application but now I want to use my own keycloak server.
I have my keycloak server configured and have followed this guide to get my ADFS relying trust configured.
When the user presses the login button on the React frontend, a basic fetch is made to the JAVA API where a before filter should then consult a KeycloakOIDCConfiguration similar to the OIDCConfiguration shown in the example here
From there I’m completely stumped. I have done code grants before through auth0 but I am completely failing to grasp what to do next here.
So I make the request from the web server to the keycloak server which should then redirect to ADFS. Then the user should sign in and the ADFS server should send a code back. My application is not getting to the redirect portion. Can someone help me troubleshoot?
My ADFS server is the only identity provider configured for my realm. Shouldn’t the keycloak server automatically redirect to it?
Here is the relevant part of my main method on my web app:
Config securityConfig = new ADFSConfigFactory().build();
CallbackHandler callback = new CallbackHandler(securityConfig, null, true);
SecurityHandler adfsHandler = new SecurityHandler(securityConfig, "MyClientID", "");
Here is the relevant part of my config factory:
public class ADFSConfigFactory implements ConfigFactory {
private static GeneralDaoService genSVC = AbstractDaoFactory.getDBDaoFactory().getGeneralDaoService();
public ADFSConfigFactory() {
}
@Override
public Config build(Object... parameters) {
try{
//Pull callback url, clientid, and secret, from database
SysProps sProps = genSVC.getSysProps();
KeycloakOidcConfiguration oidcConfiguration = new KeycloakOidcConfiguration();
oidcConfiguration.setClientId(sProps.getClientID());
oidcConfiguration.setSecret(sProps.getClientSecret());
oidcConfiguration.setDiscoveryURI("https://kc.myinsecuresite.com/auth/realms/MyRealm/.well-known/openid-configuration");
oidcConfiguration.setUseNonce(true);
KeycloakOidcClient oidcClient = new KeycloakOidcClient(oidcConfiguration);
oidcClient.setCallbackUrl(sProps.getServerAddr());
Clients clients = new Clients(sProps.getServerAddr(), oidcClient);
return new Config(clients);
}
catch(Exception e){
e.printStackTrace();
}
return null;
}
}