0

im trying to get integrate keycloak to gravitee and i get connectio refused error when trying to log in with keycloak.

everything is running on docker container

heres my docker config

#
# Copyright (C) 2015 The Gravitee team (http://gravitee.io)
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#         http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
version: "3.5"

networks:
  frontend:
    name: frontend
  storage:
    name: storage

services:
  mongodb:
    image: mongo:${MONGODB_VERSION:-6.0.8}
    container_name: gio_apim_mongodb
    restart: always
    volumes:
      - ./gravitee/mongodb/data:/data/db
    networks:
      - storage

  elasticsearch-apim:
    image: docker.elastic.co/elasticsearch/elasticsearch:${ELASTIC_VERSION:-7.0.0}
    container_name: gio_apim_elasticsearch
    restart: always
    volumes:
      - ./gravitee/elasticsearch/data:/usr/share/elasticsearch/data
    environment:
      - http.host=0.0.0.0
      - transport.host=0.0.0.0
      - xpack.security.enabled=false
      - cluster.name=elasticsearch
      - bootstrap.memory_lock=true
      - discovery.type=single-node
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
    ulimits:
      memlock:
        soft: -1
        hard: -1
      nofile: 65536
    networks:
      - storage

  gateway:
    image: graviteeio/apim-gateway:${APIM_VERSION:-4}
    container_name: gio_apim_gateway
    restart: always
    ports:
      - "8082:8082"
    depends_on:
      - mongodb
      - elasticsearch-apim
    volumes:
      - ./gravitee/apim-gateway/logs:/opt/graviteeio-gateway/logs
      - ./gravitee/apim-gateway/plugins:/opt/graviteeio-gateway/plugins-ext
    environment:
      - gravitee_management_mongodb_uri=mongodb://mongodb:27017/gravitee?serverSelectionTimeoutMS=5000&connectTimeoutMS=5000&socketTimeoutMS=5000
      - gravitee_ratelimit_mongodb_uri=mongodb://mongodb:27017/gravitee?serverSelectionTimeoutMS=5000&connectTimeoutMS=5000&socketTimeoutMS=5000
      - gravitee_reporters_elasticsearch_endpoints_0=http://elasticsearch-apim:9200
      - gravitee_plugins_path_0=/opt/graviteeio-gateway/plugins
      - gravitee_plugins_path_1=/opt/graviteeio-gateway/plugins-ext
    networks:
      - storage
      - frontend

  management_api:
    image: graviteeio/apim-management-api:${APIM_VERSION:-4}
    container_name: gio_apim_management_api
    restart: always
    ports:
      - "8083:8083"
    depends_on:
      - mongodb
      - elasticsearch-apim
    volumes:
      - ./gravitee/apim-management-api/logs:/opt/graviteeio-management-api/logs
      - ./gravitee/apim-management-api/plugins:/opt/graviteeio-management-api/plugins-ext
    environment:
      - gravitee_management_mongodb_uri=mongodb://mongodb:27017/gravitee?serverSelectionTimeoutMS=5000&connectTimeoutMS=5000&socketTimeoutMS=5000
      - gravitee_analytics_elasticsearch_endpoints_0=http://elasticsearch-apim:9200
      - gravitee_plugins_path_0=/opt/graviteeio-management-api/plugins
      - gravitee_plugins_path_1=/opt/graviteeio-management-api/plugins-ext
    networks:
      - storage
      - frontend

  management_ui:
    image: graviteeio/apim-management-ui:${APIM_VERSION:-4}
    container_name: gio_apim_management_ui
    restart: always
    ports:
      - "8084:8080"
    depends_on:
      - management_api
    environment:
      - MGMT_API_URL=http://localhost:8083/management/organizations/DEFAULT/environments/DEFAULT/
    volumes:
      - ./gravitee/apim-management-ui/logs:/var/log/nginx
    networks:
      - frontend

  portal_ui:
    image: graviteeio/apim-portal-ui:${APIM_VERSION:-4}
    container_name: gio_apim_portal_ui
    restart: always
    ports:
      - "8085:8080"
    depends_on:
      - management_api
    environment:
      - PORTAL_API_URL=http://localhost:8083/portal/environments/DEFAULT
    volumes:
      - ./gravitee/apim-portal-ui/logs:/var/log/nginx
    networks:
      - frontend

  keycloak:
    image: quay.io/keycloak/keycloak:${KEYCLOAK_VERSION}
    command: start-dev
    depends_on:
      postgres:
        condition: service_healthy
    container_name: local_keycloak
    environment:
     - KC_DB=${KC_DB}
     - KC_DB_URL_HOST=${KC_DB_URL_HOST}
     - KC_DB_URL_DATABASE=${KC_DB_URL_DATABASE}
     - KC_DB_USERNAME=${KC_DB_USERNAME}
     - KC_DB_PASSWORD=${KC_DB_PASSWORD}
     - KC_DB_SCHEMA=${KC_DB_SCHEMA}
     - KEYCLOAK_ADMIN=${KEYCLOAK_ADMIN}
     - KEYCLOAK_ADMIN_PASSWORD=${KEYCLOAK_ADMIN_PASSWORD}
    ports:
      - "8890:8080"
    restart: unless-stopped
    networks:
      - storage
      - frontend

  postgres:
    image: postgres:${POSTGRESQL_VERSION}
    volumes:
      - ./keycloak/postgres-data:/var/lib/postgresql/data
    environment:
      POSTGRES_DB: ${POSTGRESQL_DB}
      POSTGRES_USER: ${POSTGRESQL_USER}
      POSTGRES_PASSWORD: ${POSTGRESQL_PASS}
    healthcheck:
      test: "exit 0"
    ports:
      - "5456:5433"
    networks:
      - storage

and my env file:

MONGODB_VERSION=6.0.8
APIM_VERSION=3.5

KEYCLOAK_VERSION=22.0
KC_DB=postgres
KC_DB_URL_HOST=postgres
KC_DB_URL_DATABASE=keycloakdb
KC_DB_USERNAME=keycloak
KC_DB_PASSWORD=password
KC_DB_SCHEMA=public
KEYCLOAK_ADMIN=admin
KEYCLOAK_ADMIN_PASSWORD=admin

POSTGRESQL_VERSION=15.4
POSTGRESQL_DB=keycloakdb
POSTGRESQL_USER=keycloak
POSTGRESQL_PASS=password

this is what it calls after i fill in my login details to window that opens enter image description here

heres request payload: enter image description here

after checked logs gravitee management api spit error:

gio_apim_management_api | 05:45:34.694 [gravitee-listener-50] ERROR i.g.r.a.m.r.provider.ThrowableMapper - Internal error
gio_apim_management_api | javax.ws.rs.ProcessingException: java.net.ConnectException: Connection refused (Connection refused)
gio_apim_management_api |       at org.glassfish.jersey.client.internal.HttpUrlConnector.apply(HttpUrlConnector.java:261)
gio_apim_management_api |       at org.glassfish.jersey.client.ClientRuntime.invoke(ClientRuntime.java:296)
gio_apim_management_api |       at org.glassfish.jersey.client.JerseyInvocation.lambda$invoke$0(JerseyInvocation.java:609)
gio_apim_management_api |       at org.glassfish.jersey.internal.Errors.process(Errors.java:292)
gio_apim_management_api |       at org.glassfish.jersey.internal.Errors.process(Errors.java:274)
gio_apim_management_api |       at org.glassfish.jersey.internal.Errors.process(Errors.java:205)
gio_apim_management_api |       at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:390)
gio_apim_management_api |       at org.glassfish.jersey.client.JerseyInvocation.invoke(JerseyInvocation.java:608)
gio_apim_management_api |       at org.glassfish.jersey.client.JerseyInvocation$Builder.method(JerseyInvocation.java:421)
gio_apim_management_api |       at org.glassfish.jersey.client.JerseyInvocation$Builder.post(JerseyInvocation.java:327)
gio_apim_management_api |       at io.gravitee.rest.api.management.rest.resource.auth.OAuth2AuthenticationResource.exchangeAuthorizationCode(OAuth2AuthenticationResource.java:222)
gio_apim_management_api |       at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
gio_apim_management_api |       at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
gio_apim_management_api |       at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
gio_apim_management_api |       at java.base/java.lang.reflect.Method.invoke(Unknown Source)

Heres my gravitee identity provider settings: enter image description here

this setting i also see in gravitee identity provider settings, but this address is impossible to change enter image description here

let me know if you need more info. like client settings or realm settings

thanks -Toni

T-Hanninen
  • 11
  • 3

1 Answers1

0

Your client is a private Client, you should provide "Client Secret", which I cannot see in your env file or anywhere else.

drino
  • 46
  • 4
  • Client id and secret comes from keycloak – T-Hanninen Aug 29 '23 at 09:04
  • Yes, but you should incorporate these into your gravitee management api for connection to Keycloak, where do you configure this ? – drino Aug 29 '23 at 09:35
  • ok i see. I think i found right spot for that. when i try to register new client in gravitee, it gives me errror: Client Registration provider is invalid or can not be reach, making impossible to create an oauth-based application. im using this address as discovery endpoint: http://localhost:8890/realms/master/clients-registrations/openid-connect i also tried to configure keycloak clients registeration settings. but i think you pushed me to right track – T-Hanninen Aug 29 '23 at 09:44
  • ok i configured client registeration discovery endpoint as follows: http://172.21.0.1:8890/realms/master/.well-known/openid-configuration now its working when using docker ip and got right address :) still cannot login getting connection refused error still – T-Hanninen Aug 29 '23 at 10:25
  • The login page is served ? Give me more detail of your new error and process to obtain it please :) – drino Aug 31 '23 at 13:56