I am trying to use Keycloak in front of icCube and encounter some issues. May be someone could help.
Done so far:
changed icCube.xml in accordance with https://www.iccube.com/support/documentation/user_guide/configuring_iccube/authentication_keycloak.php
installed keycloak on the same server
with regard to keycloak:
the json file is:
{
"realm": "icCube",
"auth-server-url": "http://192.168.178.32:8080/auth",
"ssl-required": "external",
"resource": "iccube",
"verify-token-audience": true,
"credentials": {
"secret": ".... secret ...."
},
"confidential-port": 0,
"policy-enforcer": {}
}
Now when I restart icCube after the icCube.xml change and try to logon I get the error in the log:
[ qtp689602108-25] [DEBUG] (12-07-19 15:14:35.560 CEST) [auth] Keycloak auth. started
[ qtp689602108-25] [ERROR] (12-07-19 15:14:35.581 CEST) [auth] missing Keycloak context token
How to solve this error? I guess it has something to do with the set-up in Keycloak, but I can not figure out what exactly?
additional info from the log It is a bit too much to put the complete log here, but these might be interesting lines:
[ main] [ INFO] (12-07-19 15:14:02.891 CEST) filter mapping : Keycloak OIDc
[ main] [ INFO] (12-07-19 15:14:02.891 CEST) : crazydev.iccube.ux.processor.servlet.UxRestApiServlet-348ad293
[ main] [ INFO] (12-07-19 15:14:02.891 CEST) filter mapping : Passthrough
[ main] [ INFO] (12-07-19 15:14:02.891 CEST) : crazydev.iccube.ux.processor.servlet.UxRestApiServlet-348ad293
[ main] [ INFO] (12-07-19 15:14:02.891 CEST) filter mapping : HTTP Basic Authentication
[ main] [ INFO] (12-07-19 15:14:02.892 CEST) : crazydev.iccube.server.xmla.IcCubeXmlaOverHttpHandler-30f74e79
[ main] [ INFO] (12-07-19 15:14:02.892 CEST) filter mapping : Keycloak OIDc
[ main] [ INFO] (12-07-19 15:14:02.892 CEST) : crazydev.iccube.gwt.server.reporting.component.OlapReportingServlet-2c88a3e8
[ main] [ INFO] (12-07-19 15:14:02.892 CEST) filter mapping : Passthrough
[ main] [ INFO] (12-07-19 15:14:02.892 CEST) : crazydev.iccube.gwt.server.reporting.component.OlapReportingServlet-2c88a3e8
[ main] [ INFO] (12-07-19 15:14:02.892 CEST) filter mapping : Keycloak OIDc
[ main] [ INFO] (12-07-19 15:14:02.892 CEST) : crazydev.iccube.server.gvi.GviServlet-68ac9ec5
[ main] [ INFO] (12-07-19 15:14:02.892 CEST) filter mapping : Passthrough
[ main] [ INFO] (12-07-19 15:14:02.892 CEST) : crazydev.iccube.server.gvi.GviServlet-68ac9ec5
[ main] [ INFO] (12-07-19 15:14:02.892 CEST) filter mapping : GVI Authentication (logout)
[ main] [ INFO] (12-07-19 15:14:02.892 CEST) : crazydev.iccube.server.gvi.GviServlet-68ac9ec5
[ main] [ INFO] (12-07-19 15:14:02.892 CEST) filter mapping : Print Authentication
[ main] [ INFO] (12-07-19 15:14:02.892 CEST) : crazydev.iccube.server.print.IcCubePrintServlet-a50d709
[ main] [DEBUG] (12-07-19 15:14:03.521 CEST) Use authServerUrl: http://192.168.178.32:8080/auth, tokenUrl: http://192.168.178.32:8080/auth/realms/icCube/protocol/openid-connect/token, relativeUrls: NEVER
[ main] [ INFO] (12-07-19 15:14:03.543 CEST) [keycloak] Keycloak is using a per-deployment configuration.
[ main] [DEBUG] (12-07-19 15:14:03.545 CEST) [auth] passthrough : configured
missing Keycloak context token
means the Keycloak authentication has not been performed.
It is more likely that something went wrong with the Keycloak actual authentication.
Hint: ensure you did pass the step where you get redirected to the Keycloak server authentication page when attempting to log into the icCube server.