I'm trying to use Keycloak as SSO for Camunda and Spring app. I'm using this code: https://github.com/camunda-consulting/code/tree/master/snippets/springboot-keycloak-sso/spring-security-and-springboot-adapter
I've made only two changes to this project:
First: Changed dependency of camunda keycloak plugin to:
<dependency>
<groupId>org.camunda.bpm.extension</groupId>
<artifactId>camunda-bpm-identity-keycloak</artifactId>
<version>2.0.0</version>
</dependency>
Second: Change of application properties (spring app is running 8081, keycloak 8080 for now):
keycloak:
realm: Workflow
auth-server-url: http://localhost:8080/auth
resource: camunda-identity-service
ssl-required: none
credentials.secret : f0fee400-1b19-4f41-a018-cdc5cc351b80
plugin.identity.keycloak:
keycloakIssuerUrl: https://localhost:8080/auth/realms/Workflow
keycloakAdminUrl: https://localhost:8080/auth/admin/realms/Workflow
clientId: camunda-identity-service
clientSecret: f0fee400-1b19-4f41-a018-cdc5cc351b80
useUsernameAsCamundaUserId: true
disableSSLCertificateValidation: true
After trying to get to spring app I'm redirected to login page but I'm getting "This connection has ben lost" in browser. I've enabled keycloak logs:
2021-01-26 11:44:38.686 DEBUG 19200 --- [nio-8081-exec-3] o.k.a.s.management.HttpSessionManager : Session created: EFE6D48E75B809FF544F1E051D8C18CD
2021-01-26 11:44:38.686 DEBUG 19200 --- [nio-8081-exec-3] k.a.s.a.KeycloakAuthenticationEntryPoint : Redirecting to login URI /sso/login
2021-01-26 11:44:38.695 DEBUG 19200 --- [nio-8081-exec-2] o.k.adapters.PreAuthActionsHandler : adminRequest http://localhost:8081/sso/login
2021-01-26 11:44:38.697 DEBUG 19200 --- [nio-8081-exec-2] .k.a.t.AbstractAuthenticatedActionsValve : AuthenticatedActionsValve.invoke /sso/login
2021-01-26 11:44:38.697 DEBUG 19200 --- [nio-8081-exec-2] o.k.a.AuthenticatedActionsHandler : AuthenticatedActionsValve.invoke http://localhost:8081/sso/login
2021-01-26 11:44:38.697 DEBUG 19200 --- [nio-8081-exec-2] o.k.a.AuthenticatedActionsHandler : Policy enforcement is disabled.
2021-01-26 11:44:38.697 DEBUG 19200 --- [nio-8081-exec-2] o.k.adapters.PreAuthActionsHandler : adminRequest http://localhost:8081/sso/login
2021-01-26 11:44:38.697 DEBUG 19200 --- [nio-8081-exec-2] f.KeycloakAuthenticationProcessingFilter : Request is to process authentication
2021-01-26 11:44:38.697 DEBUG 19200 --- [nio-8081-exec-2] f.KeycloakAuthenticationProcessingFilter : Attempting Keycloak authentication
2021-01-26 11:44:38.701 DEBUG 19200 --- [nio-8081-exec-2] o.k.a.s.token.SpringSecurityTokenStore : Checking if org.keycloak.adapters.springsecurity.authentication.SpringSecurityRequestAuthenticator@4bfbad9a is cached
2021-01-26 11:44:38.702 DEBUG 19200 --- [nio-8081-exec-2] o.k.adapters.OAuthRequestAuthenticator : there was no code
2021-01-26 11:44:38.702 DEBUG 19200 --- [nio-8081-exec-2] o.k.adapters.OAuthRequestAuthenticator : redirecting to auth server
2021-01-26 11:44:38.703 DEBUG 19200 --- [nio-8081-exec-2] o.k.adapters.OAuthRequestAuthenticator : callback uri: http://localhost:8081/sso/login
2021-01-26 11:44:38.704 DEBUG 19200 --- [nio-8081-exec-2] f.KeycloakAuthenticationProcessingFilter : Auth outcome: NOT_ATTEMPTED
2021-01-26 11:44:38.704 DEBUG 19200 --- [nio-8081-exec-2] o.k.adapters.OAuthRequestAuthenticator : Sending redirect to login page: http://localhost:8080/auth/realms/Workflow/protocol/openid-connect/auth?response_type=code&client_id=camunda-identity-service&redirect_uri=http%3A%2F%2Flocalhost%3A8081%2Fsso%2Flogin&state=a1e3b3be-422f-48e4-98a4-262817ff4349&login=true&scope=openid
What am I'm doing wrong that I can't see login page?
EDIT 1:
I changed localhost to 127.0.0.1 and now I'm redirected to form but getting this message: Invalid parameter: redirect_uri . To solve this problem I used this thread -> keycloak Invalid parameter: redirect_uri
