Hi Alessio, Thanks for the reply.
You understood correctly. I followed the documentation fully but couldn't get the desired result, and after some tweaking & research I managed to achieve the full proper login. I will make a PR with the updates. Cheers, Nikola ________________________________ From: Alessio Fabiani <alessio.fabi...@geo-solutions.it> Sent: 18 October 2019 14:51 To: Nikola Jankovic <nikola.janko...@eodc.eu> Cc: geoserver-users@lists.sourceforge.net <geoserver-users@lists.sourceforge.net> Subject: Re: [Geoserver-users] Keycloak with geoserver 403 error Hello Nikola, sorry for the late reply and thanks for having dug into this issue. So, as far as I understand, it is more matter of configuration right? And it looks like the documentation is incomplete or not clear enough, am I right? Any chance for you to make a Pull Request on GeoServer with the updates to the docs so that we can review them? If you confirm this, I will open a JIRA Issues which can be linked to the PR later on. Please let me know, Alessio. Il giorno ven 18 ott 2019 alle ore 13:40 Nikola Jankovic <nikola.janko...@eodc.eu<mailto:nikola.janko...@eodc.eu>> ha scritto: Hey all, I have discovered what is the issue. Apparently the module doesn't recognize some of the token decryption algorithms, and I solved the issue by forcing RS256 on the client and including the realm-public-key for RS256 in the adapter config which is located in keycloak realm settings. This isn't mentioned in the documentation though. Any way to proceed with this? Cheers, Nikola ________________________________ From: Nikola Jankovic <nikola.janko...@eodc.eu<mailto:nikola.janko...@eodc.eu>> Sent: 16 October 2019 13:54 To: geoserver-users@lists.sourceforge.net<mailto:geoserver-users@lists.sourceforge.net> <geoserver-users@lists.sourceforge.net<mailto:geoserver-users@lists.sourceforge.net>> Subject: [Geoserver-users] Keycloak with geoserver 403 error Hello all, I am trying to run keycloak & geoserver locally, but no matter what I try (also tried a bunch of other things besides using the guide here https://docs.geoserver.org/latest/en/user/community/keycloak/index.html) I always get 403 after logging in to geoserver from keycloak. A successful session & login are logged in keycloak, but I don't get access to the GUI which, at first, I am trying to protect. I know it is a community module and experimental, but has anyone had any success setting it up? Any help would be greatly appreciated. Not sure also whether this might be a bug. Specs: Geoserver 2.15.0 running in a docker Container openjdk version "1.8.0_212" OpenJDK Runtime Environment (build 1.8.0_212-8u212-b01-1~deb9u1-b01) OpenJDK 64-Bit Server VM (build 25.212-b01, mixed mode) I tried changing roles, mapping roles, disabling ssl fully, changing flows within keycloak & tried to replicate the user in geoserver but always 403. Thanks in advance. Cheers, Nikola _______________________________________________ Geoserver-users mailing list Please make sure you read the following two resources before posting to this list: - Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/ - The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html If you want to request a feature or an improvement, also see this: https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer Geoserver-users@lists.sourceforge.net<mailto:Geoserver-users@lists.sourceforge.net> https://lists.sourceforge.net/lists/listinfo/geoserver-users -- == GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information. == Ing. Alessio Fabiani @alfa7691 Founder/Technical Lead GeoSolutions S.A.S. Via di Montramito 3/A - 55054 Massarosa (LU) - Italy phone: +39 0584 962313 fax: +39 0584 1660272 mob: +39 331 6233686 http://www.geo-solutions.it http://twitter.com/geosolutions_it ------------------------------------------------------- Con riferimento alla normativa sul trattamento dei dati personali (Reg. UE 2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si precisa che ogni circostanza inerente alla presente email (il suo contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra operazione è illecita. Le sarei comunque grato se potesse darmene notizia. This email is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential or otherwise protected from disclosure. We remind that - as provided by European Regulation 2016/679 “GDPR” - copying, dissemination or use of this e-mail or the information herein by anyone other than the intended recipient is prohibited. If you have received this email by mistake, please notify us immediately by telephone or e-mail.
_______________________________________________ Geoserver-users mailing list Please make sure you read the following two resources before posting to this list: - Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/ - The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html If you want to request a feature or an improvement, also see this: https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer Geoserver-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-users
