4

After login to the Keycloak Jaeger(realm) client, the keycloak server doesn't navigate to the Jaeger UI path -> localhost:16686.

Request URL: http://localhost:8080/auth/realms/jaeger/protocol/openid-connect/auth?response_type=code&client_id=proxy-jaeger&redirect_uri=http%3A%2F%2Flocalhost%3A8180%2F&state=79c00178-ca7c-4dfd-9c22-5007690486de&login=true&scope=openid
Request Method: GET
Status Code: 302 Found

It seems keycloak verifies the user (see below code)

HTTP/1.1 302 Found
Connection: keep-alive
Cache-Control: no-store, must-revalidate, max-age=0
Set-Cookie: AUTH_SESSION_ID=139b5028-8d19-4ab4-b657-b08ff810a8eb.f3faed1bab38; Version=1; Path=/auth/realms/jaeger/; HttpOnly
Set-Cookie: KC_RESTART=eyJhbGciOiJIUzI1NiIsImtpZCIgOiAiNDEzYjIyMzEtZmVlMi00ZWJiLWI3YjktNzU2YTcxNzNiZTc5In0.eyJjaWQiOiJwcm94eS1qYWVnZXIiLCJwdHkiOiJvcGVuaWQtY29ubmVjdCIsInJ1cmkiOiJodHRwOi8vbG9jYWxob3N0OjgxODAvIiwiYWN0IjoiQVVUSEVOVElDQVRFIiwibm90ZXMiOnsic2NvcGUiOiJvcGVuaWQiLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvYXV0aC9yZWFsbXMvamFlZ2VyIiwicmVzcG9uc2VfdHlwZSI6ImNvZGUiLCJjb2RlX2NoYWxsZW5nZV9tZXRob2QiOiJwbGFpbiIsInJlZGlyZWN0X3VyaSI6Imh0dHA6Ly9sb2NhbGhvc3Q6ODE4MC8iLCJzdGF0ZSI6Ijc5YzAwMTc4LWNhN2MtNGRmZC05YzIyLTUwMDc2OTA0ODZkZSIsImNsaWVudF9yZXF1ZXN0X3BhcmFtX2xvZ2luIjoidHJ1ZSJ9fQ.mdWPMhPcEVFVTwoYDpTC_hHspdSOZrek-CLU05Whx74; Version=1; Path=/auth/realms/jaeger/; HttpOnly
Set-Cookie: KC_RESTART=; Version=1; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Max-Age=0; Path=/auth/realms/jaeger/; HttpOnly
Set-Cookie: KEYCLOAK_IDENTITY=eyJhbGciOiJIUzI1NiIsImtpZCIgOiAiNDEzYjIyMzEtZmVlMi00ZWJiLWI3YjktNzU2YTcxNzNiZTc5In0.eyJqdGkiOiI3NGIyMzQxMi03MmRmLTRjNzMtYjlkNS0yNDM4NTQxNjcwZjkiLCJleHAiOjE1MzQyNzU4MzksIm5iZiI6MCwiaWF0IjoxNTM0MjM5ODM5LCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvYXV0aC9yZWFsbXMvamFlZ2VyIiwic3ViIjoiZDJjN2IxODQtODRiZi00MmUyLTg0Y2YtODNkYTg4OThhYjhjIiwiYXV0aF90aW1lIjowLCJzZXNzaW9uX3N0YXRlIjoiMTM5YjUwMjgtOGQxOS00YWI0LWI2NTctYjA4ZmY4MTBhOGViIiwicmVzb3VyY2VfYWNjZXNzIjp7fSwic3RhdGVfY2hlY2tlciI6ImhNSkJQRm1UVVNUY1FqVmE3N2lWSk40U1hJcTI4UUwtbEZoWXZyR1NsWGMifQ.hNT-J7z3wV7DRobLgpDdQuNQXKDK0TvpF3deVf5evPo; Version=1; Path=/auth/realms/jaeger/; HttpOnly
Set-Cookie: KEYCLOAK_SESSION=jaeger/d2c7b184-84bf-42e2-84cf-83da8898ab8c/139b5028-8d19-4ab4-b657-b08ff810a8eb; Version=1; Expires=Tue, 14-Aug-2018 19:43:59 GMT; Max-Age=36000; Path=/auth/realms/jaeger/
Set-Cookie: KEYCLOAK_REMEMBER_ME=; Version=1; Comment=Expiring cookie; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Max-Age=0; Path=/auth/realms/jaeger/; HttpOnly
P3P: CP="This is not a P3P policy!"
Location: http://localhost:8180/?state=79c00178-ca7c-4dfd-9c22-5007690486de&session_state=139b5028-8d19-4ab4-b657-b08ff810a8eb&code=eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0..mHMPVn10n8vOWRnxu1SmtQ.vznK3zyDudPN9mXkfIHAUsG0TR_3YWSxif-uaMIMErjIPeqDEPVXbwC5GS30DENYkY6kDtY3aFChZ_4FJ3vquXQ_CiL_QcxEgn13UMYuqyGrnoEiq3l_F4jATUxNZ3XzrBThuWIKvzcpA3TyKCKwHhcvL1dJ2Z5OJscisIyrl426ug7JfK8YuCT90sJVrqBExQs5Mjx3Ws0EsE42rruHhQhi7nyOdu3khEWdMrEedGW2ZHIsEvBcYBrlK-CohJA-.psSj4X4yaqsGxcenlBSyHw
Content-Length: 0
Date: Tue, 14 Aug 2018 09:43:59 GMT

proxy.json

{
          "target-url": "http://localhost:16686",
          "bind-address": "0.0.0.0",
          "http-port": "8080",
          "applications": [
              {
                  "base-path": "/",
                  "adapter-config": {
                    "realm": "jaeger",
                    "auth-server-url": "http://localhost:8080/auth",
            "public-client": true,
                    "resource": "proxy-jaeger",
            "ssl-required": "external",
                "confidential-port": 0                 
                  },
                  "constraints": [
                      {
                          "pattern": "/*",
                          "roles-allowed": [
                              "application"
                          ]
                      }
                  ]
              }
          ]
      }

keycloak.json

{
  "realm": "jaeger",
  "auth-server-url": "http://localhost:8080/auth",
  "ssl-required": "external",
  "resource": "proxy-jaeger",
  "public-client": true,
  "confidential-port": 0
}
Ashen Jayasinghe
  • 472
  • 1
  • 3
  • 14

1 Answers1

0
  1. Check if your valid redirect URIs within Keycloak are correct. Add * if you want to make sure, that's not the problem; for security reasons it should be as exact as possible in production.
  2. Your proxy.json constrains access to the role "application". Check if that role has been added within Keycloak to the Role Mapping.

Also, do you get an Error Message? If so, please post it.

GenKa
  • 156
  • 1
  • 9