Comments (7)
I'm fairly new to Keycloak myself :)
I'll have another look at it tomorrow.
from frost-server.
Hello Hylke, thank you :)
I think I just found out why: I was missing the attribute "public-client": true
in my keycloak.json
, and now keycloak seems to accept the client :). It's documented here: https://keycloak.gitbooks.io/documentation/securing_apps/topics/oidc/java/java-adapter-config.html but since I only looked at the example which uses almost every attribute except that one, I missed it.
I'm getting a 404 error trying to access any routes past /v1.0 and /DatabaseStatus, however. Though this is likely a problem on my side which I'll check ASAP.
from frost-server.
Did you generate the json config yourself, or did you let Keycloak generate it for you? I think I used the Keycloak generated one, but mine did also have a credentials section with a secret in it.
I also used "use-resource-role-mappings": true
so I could set the access rights for read/create/update/delete/admin from Keycloak:
{
"realm": "sensorThings",
"auth-server-url": "http://localhost:8180/auth",
"ssl-required": "external",
"resource": "SensorThingsDevelop",
"credentials": {
"secret": "xxxxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
},
"use-resource-role-mappings": true
}
from frost-server.
I did write the json myself based on the link I posted before. Generating through Keycloak gives me a json similar to yours, which works just fine too! Though I needed to change the Access Type
to confidential
on the client's configuration page.
I'm not sure if I understand use-resource-role-mappings
too well yet. It seems to gather the roles based on either the realm of the application, right? I defined the roles realm-wise at the moment.
Thanks for your help so far :)
from frost-server.
Forgive my double post. I wasn't sure where to ask this or if I should open a new issue.
Have you ever configured your Access Type in keycloak as Bearer-Only (only allow access to the API if the Authorization header is present and the client is the bearer of a valid access-token)? I did this because apparently keeping the Access Type with either public-client or confidential, doesn't allow applications to make AJAX calls. This seems to happen because it redirects any AJAX call to the sign-in page (even if a valid token is present on the header).
Sadly I'm having some trouble with it. I'm trying to reach the API through an AJAX client but I keep getting the error: XMLHttpRequest cannot load http://localhost:8080/sensorthings/v1.0. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost' is therefore not allowed access. The response had HTTP status code 403.
.
In the WEB-INF/web.xml of the SensorThingsServer i tried adding the following to the CorsFilter:
<init-param>
<param-name>cors.allowed.headers</param-name>
<param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers</param-value>
</init-param>
<init-param>
<param-name>cors.exposed.headers</param-name>
<param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
</init-param>
But it didn't help. I also tried adding "enable-cors": true
to SensorThingsServer's keycloak.json but sadly, to no avail.
EDIT: My frontend client is very simple, just this, using keycloak's adapter. It fails on the AJAX call:
<script type="text/javascript" src="https://code.jquery.com/jquery-3.2.1.min.js"></script>
<script type="text/javascript" src="http://localhost:8081/auth/js/keycloak.js"></script>
<script type="text/javascript">
var keycloak = Keycloak('keycloak.json');
keycloak.init({ onLoad: 'login-required' }).success(function(authenticated) {
if (authenticated) {
$.ajax({
method: "GET",
url: "http://localhost:8080/sensorthings/v1.0/Things",
headers: {
'Authorization': 'Bearer ' + keycloak.token
}
}).done(function(msg) {
console.log(msg);
});
}
});
</script>
Have you ever had an issue with this or do you have any idea what I could be doing wrong?
Thank you again for your time :)
from frost-server.
I've had to add the cors filter settings to the tomcat global web.xml. If they where in the application web.xml they would not work for me.
I also noticed that the security constraints needed some improvements, so I've updated those in the keycloak branch.
After that it worked.
from frost-server.
Indeed applying CORS settings in the global web.xml worked perfectly.
Thank you for the update as well 👍
from frost-server.
Related Issues (20)
- [Issue]SensorThings API with Tomcat 10 HOT 3
- GEOM column in Locations is sometimes created as NULL causing issues on the REST-API
- InternalMessageBus errors on fraunhoferiosb/frost-server-http HOT 5
- [Docker Image] Failed to initialize PostgreSQL DB HOT 10
- [Question]Can STA check duplicate data? HOT 1
- Disapperaing properties with empty string as value HOT 2
- Change Datastream/observationType to enum and check its values
- FROST Server very slow on large requests HOT 5
- Database is not using PhenomenonTime-Index HOT 5
- Issue With Authentication with FROST Server HOT 1
- Inconsistency in current Location of a Thing when Historical Locations are deleted or updated HOT 1
- Issue querying FROST-Server with umlauts in name HOT 5
- Query performance issues on Observations with plugins_coreModel_idType LONG HOT 3
- Using batch createObservations failed HOT 9
- Inconsistency in CSV Result Documentation HOT 1
- filtering with any problem HOT 2
- Using Frost-Server without Semantic Sensor Network Ontology HOT 3
- Deployment of FROST-Server.MQTTP-x.y.z.war not working HOT 3
- Mixed content error HOT 5
- USERS and USER_ROLES tables are not created with BasicAuthProvider authentication turned on HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from frost-server.