-
-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OIDC proxy error on port 9000 or 4200, when using infinispan caching, yet it works when not proxying on port 8080 #26358
Comments
That's strange, especially since the proxy should just be sending traffic from 9000 to 8080, not to your external Keycloak instance. Spring Security handles that part and it shouldn't have anything to do with Do you have detailed steps on how to reproduce the problem? I'm looking for something like:
|
Oh, I'm sorry -- I did indeed neglect to put actual step to reproduce the error :(
I have updated the overview -- The detailed steps would be:
|
@mraible , Sorry I did not put the critical step above, I have added it. The problem does not occur when starting the app, it starts just fine. The issue is when someone tries to log in to the app -- that is when it fails and returns the error in the browser.
The
|
Oh, you also have to comment out offline_access from the scope or you will get a different weird error (even from port 8080) when attempting to sign in If offline_access is in scope, after signing in with keycloak, it will be redirected to http://localhost:8080/?error= instead of being logged in :( |
I tried to reproduce this issue with the generated oauth2 sample app:
https://github.com/jhipster/jhipster-sample-app-oauth2
I cloned it locally and started everything. Then, I confirmed `npm run e2e` works, as well as `npm start` and port 9000.
I had to patch the MySQL Docker Compose file with this fix to get it to start. #26359
Then, I cloned it on gitpod.io and started Keycloak. I changed the issuer in application-dev.yml to use it:
https://9443-jhipster-jhipstersample-7uuy7dzyae4.ws-us114.gitpod.io/realms/jhipster
And restarted JHipster. That’s when I got an error and was unable to figure out HTTP/HTTPS on Gitpod.
However, it made me wonder: is your Keycloak instance on the other server a JHipster-populated instance? Or is it a Keycloak instance that doesn’t have the jhipster realm configured?
|
@mraible , no it is not a jhipster-populated instance nor is it in a docker container. We setup a standalone keycloak server and the server doesn't have a jhipster realm, we use the name of the application instead, total-facts, for the realm. |
Again, the problem is only when proxying through BrowserStack on port 9000, not when going directly to the application on port 8080 with the version of the application updated to jhipster 8.x The old version of the application still using jhipster v7.x has no issues. |
I assume you mean Browsersync, not BrowserStack? If so, does using the version of Browsersync from your 7.x project fix the problem? If not, I'm not sure what's causing the problem. |
Yeah, Browsersync. The odd thing now is that it works with the generated oauth2 sample app from github yet it doesn't work with the app I generated. I initially ran into this issue with my project that was migrated from jhipster 7.x to 8.x so I generated an app with Jhipster 8.3.0 (which was the current version at the time) and it didn't work. I have since generated it again with 8.5.0 and that does not work either. I am using some different settings including, Oracle prod & dev DB, Infinispan caching, openapi, Gatling. I am looking into generating with different options to see what works and what doesn't
|
@mraible, I have found that if I generate a new project with the default ehcahe caching, then it works. |
Overview of the issue
When using an external OIDC provider (keycloak) running a newly generated jhipster app, after setting the issuer-uri to the keycloak server, the application works if you go directly to the app on port 8080 but if you use the proxy on port 9000, or 4200, it errors out with "Error occurred while trying to proxy: localhost:9000/oauth2/authorization/oidc"
I have this issue with my existing project, which is where I encountered it after upgrading to jhipster 8.x, but it also happens with a newly generated project. This worked before when using jhipster 7.x
Motivation for or Use Case
To be able to use the BrowserStack proxy/HMR. I am able to work around the issue by going directly to port 8080 and not running npm start, but that is not how one is supposed to develop a jhipster app :(
Reproduce the error
.yo-rc.json
in this issue or generate a new application by answering the jhipster questions, specifying oauth2/oidc authentication.Related issues
Suggest a Fix
JHipster Version(s)
8.3.0 & 8.5.0
JHipster configuration
.yo-rc.json file
Environment and Tools
openjdk version "17.0.6" 2023-01-17 LTS
OpenJDK Runtime Environment Microsoft-7209853 (build 17.0.6+10-LTS)
OpenJDK 64-Bit Server VM Microsoft-7209853 (build 17.0.6+10-LTS, mixed mode, sharing)
git version 2.40.1.windows.1
node: v18.20.1
npm: 10.5.0
'docker' command could not be found
JDL for the Entity configuration(s)
entityName.json
files generated in the.jhipster
directoryJDL entity definitions
Entity configuration(s)
entityName.json
files generated in the.jhipster
directoryBrowsers and Operating System
Windows 11, MS Edge
The text was updated successfully, but these errors were encountered: