2

Noob question. System: Mac, Keycloak 3.4.3, Wildfly 11

I installed Keycloak Identity Manager for OpenID Connect service. I followed the Getting Started Guide and have successfully linked and deployed Wildfly & Vanilla project. That's all good.

My problem is that I want to test Keycloak against the openid.net certification testing. I get the endpoints from from the admin console, shown below:

[1] {"issuer":"http://localhost:8180/auth/realms/demo","authorization_endpoint":"http://localhost:8180/auth/realms/demo/protocol/openid-connect/auth","token_endpoint":"http://localhost:8180/auth/realms/demo/protocol/openid-connect/token","token_introspection_endpoint":"http://localhost:8180/auth/realms/demo/protocol/openid-connect/token/introspect","userinfo_endpoint":"http://localhost:8180/auth/realms/demo/protocol/openid-connect/userinfo","end_session_endpoint":"http://localhost:8180/auth/realms/demo/protocol/openid-connect/logout","jwks_uri":"http://localhost:8180/auth/realms/demo/protocol/openid-connect/certs","check_session_iframe":"http://localhost:8180/auth/realms/demo/protocol/openid-connect/login-status-iframe.html","grant_types_supported":["authorization_code","implicit","refresh_token","password","client_credentials"],"response_types_supported":["code","none","id_token","token","id_token token","code id_token","code token","code id_token token"],"subject_types_supported":["public","pairwise"],"id_token_signing_alg_values_supported":["RS256"],"userinfo_signing_alg_values_supported":["RS256"],"request_object_signing_alg_values_supported":["none","RS256"],"response_modes_supported":["query","fragment","form_post"],"registration_endpoint":"http://localhost:8180/auth/realms/demo/clients-registrations/openid-connect","token_endpoint_auth_methods_supported":["private_key_jwt","client_secret_basic","client_secret_post"],"token_endpoint_auth_signing_alg_values_supported":["RS256"],"claims_supported":["sub","iss","auth_time","name","given_name","family_name","preferred_username","email"],"claim_types_supported":["normal"],"claims_parameter_supported":false,"scopes_supported":["openid","offline_access"],"request_parameter_supported":true,"request_uri_parameter_supported":true}

And when I test for Dynamic Registration or Discovery or anything else, I keep getting:

[2] Discovery:OP-Response-Missing: status=ERROR, message=HTTPConnectionPool(host='localhost', port=8180): Max retries exceeded with url: /auth/realms/demo/.well-known/openid-configuration (Caused by NewConnectionError(': Failed to establish a new connection: [Errno 111] Connection refused',))

I understand that it is not connecting, but can someone share some insight on why because when I manually enter http://localhost:8180/auth/realms/demo/.well-known/openid-configuration into the address bar, I get the correct output, as seen in[1].

Why is keycloak refusing to connect when running the openid certification test?

Thanks.

coffeesnob
  • 21
  • 1
  • 4
  • Have you enabled remote connection to KC? https://stackoverflow.com/questions/34410707/enabling-remote-access-to-keycloak – Aritz Feb 13 '18 at 07:48
  • @XtremeBiker Thanks for your comment. FYI, this is a dev environment... just mentioning since I know the following is not best practices. I have disabled the SSL requirement for the realm and booted server with `./standalone.sh -b=0.0.0.0` and I still get the connection refused error. – coffeesnob Feb 13 '18 at 16:59
  • I have worked on the issue some more and see that communication between openid's test suite and my local instance is working. There's a keycloak configuration error because checking respons_type passes test, but clientAuth basic test is passing data back and forth, but fails at end with "connection refused error". – coffeesnob Feb 13 '18 at 19:24

0 Answers0