sebastienblanc

2019-03-08 18:29:38,549 DEBUG [io.sma.jwt.aut.pri.KeyLocationResolver] (XNIO-1 task-1) Failed to read location as JWK(S): javax.json.stream.JsonParsingException: JsonParser#getObject() or JsonParser#getObjectStream() is valid only for START_OBJECT parser state. But current parser state is VALUE_NUMBER
	at org.glassfish.json.JsonReaderImpl.readObject(JsonReaderImpl.java:114)
	at io.smallrye.jwt.auth.principal.KeyLocationResolver.tryAsJWKx(KeyLocationResolver.java:98)
	at io.smallrye.jwt.auth.principal.KeyLocationResolver.resolveKey(KeyLocationResolver.java:68)
	at org.jose4j.jwt.consumer.JwtConsumer.processContext(JwtConsumer.java:205)
	at org.jose4j.jwt.consumer.JwtConsumer.process(JwtConsumer.java:416)
	at io.quarkus.smallrye.jwt.runtime.auth.MpJwtValidator.validate(MpJwtValidator.java:84)
	at io.quarkus.smallrye.jwt.runtime.auth.MpJwtValidator_ClientProxy.validate(Unknown Source)
	at org.wildfly.security.auth.realm.token.TokenSecurityRealm$TokenRealmIdentity.validateToken(TokenSecurityRealm.java:207)
	at or

sebastienblanc

 curl --cacert server-cert.pem --cert client-keystore.p12 -v --data "client_id=x509client&username=seb&password=seb&grant_type=password" https://localhost:8443/auth/realms/master/protocol/openid-connect/token | jq
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0*   Trying ::1...
* TCP_NODELAY set
* connect to ::1 port 8443 failed: Connection refused
*   Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 8443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb

sebastienblanc

# is the url for retrieve the openid configuration - normally the <server>/auth/realm/<realm_name>
discovery-url: http://localhost:8180/auth/realms/summit
# the client id for the 'client' application
client-id: product-app
client-secret: 6dcb4195-c172-4da8-9ddf-e8fce0f1c0df
# the interface definition you wish the proxy to listen, all interfaces is specified as ':<port>'
listen: localhost:5000
redirection-url: http://localhost:5000
# log all incoming requests

sebastienblanc

# is the url for retrieve the openid configuration - normally the <server>/auth/realm/<realm_name>
discovery-url: http://localhost:8180/auth/realms/summit
# the client id for the 'client' application
client-id: product-app
client-secret: 6dcb4195-c172-4da8-9ddf-e8fce0f1c0df
# the interface definition you wish the proxy to listen, all interfaces is specified as ':<port>'
listen: localhost:5000
redirection-url: http://localhost:5000
# log all incoming requests

sebastienblanc

# is the url for retrieve the openid configuration - normally the <server>/auth/realm/<realm_name>
discovery-url: http://localhost:8180/auth/realms/summit
# the client id for the 'client' application
client-id: go-rest
# the interface definition you wish the proxy to listen, all interfaces is specified as ':<port>'
listen: 127.0.0.1:4000
# log all incoming requests
enable-logging: true
# log in json format

sebastienblanc

---
class: middle, light

# Installation et déploiement de  Keycloak

* "Surcouche" de WildFly
* Installation à partir des sources
* Installation à partir des distributions
* Images Docker
* Persistence

sebastienblanc

package fr.devoxx.beerbootapp;

import com.fasterxml.jackson.core.type.TypeReference;
import com.fasterxml.jackson.databind.ObjectMapper;
import org.keycloak.adapters.AdapterDeploymentContext;
import org.keycloak.adapters.KeycloakConfigResolver;
import org.keycloak.adapters.KeycloakDeployment;
import org.keycloak.adapters.spi.HttpFacade;
import org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver;
import org.keycloak.adapters.springsecurity.KeycloakConfiguration;

sebastienblanc

# is the url for retrieve the openid configuration - normally the <server>/auth/realm/<realm_name>
discovery-url: http://localhost:8180/auth/realms/summit
# the client id for the 'client' application
client-id: go-rest

# the interface definition you wish the proxy to listen, all interfaces is specified as ':<port>'
listen: 127.0.0.1:4000
# log all incoming requests
enable-logging: true
# log in json format

sebastienblanc

curl -vvv $(minishift openshift service cars-api)/cars/list
* Rebuilt URL to: |-----------|----------|----------|------------------------------------------------|--------|/
* Could not resolve host: |-----------|----------|----------|------------------------------------------------|--------|
* Closing connection 0
curl: (6) Could not resolve host: |-----------|----------|----------|------------------------------------------------|--------|
* Rebuilt URL to: |/
* Could not resolve host: |
* Closing connection 1
curl: (6) Could not resolve host: |
* Rebuilt URL to: NAMESPACE/

sebastienblanc

minishift addon apply istio --addon-env ISTIO_HOME=$ISTIO_HOME
-- Applying addon 'istio':.....unable to recognize "/home/sblanc/minishift/istio-0.4.0/install/kubernetes/istio.yaml": no matches for config.istio.io/, Kind=attributemanifest
unable to recognize "/home/sblanc/minishift/istio-0.4.0/install/kubernetes/istio.yaml": no matches for config.istio.io/, Kind=attributemanifest
unable to recognize "/home/sblanc/minishift/istio-0.4.0/install/kubernetes/istio.yaml": no matches for config.istio.io/, Kind=stdio
unable to recognize "/home/sblanc/minishift/istio-0.4.0/install/kubernetes/istio.yaml": no matches for config.istio.io/, Kind=logentry
unable to recognize "/home/sblanc/minishift/istio-0.4.0/install/kubernetes/istio.yaml": no matches for config.istio.io/, Kind=rule
unable to recognize "/home/sblanc/minishift/istio-0.4.0/install/kubernetes/istio.yaml": no matches for config.istio.io/, Kind=metric
unable to recognize "/home/sblanc/minishift/istio-0.4.0/install/kubernetes/istio.yaml": no matches for config.i