Reputation: 23
Keycloak Token Endpoint Returning 404 Despite Correct Configuration and URL Format
I'm using Keycloak 20.1.0 in a Docker container and am encountering a persistent 404 - Not Found error when trying to access the token endpoint via a curl command. My realm is named "hasura-app".
Here is the curl command I'm using:
curl --request POST \
--url http://192.168.0.112:8085/realms/hasura-app/protocol/openid-connect/token \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data username=test \
--data password=testtest \
--data grant_type=password \
--data client_id=hasura-app
The Keycloak server is running and accessible. I have verified that the realm name and client ID are correct. The user credentials are also correct.
Here is the error I am receiving:
<html><head><title>Error</title></head><body>404 - Not Found</body></html>
I have verified the server address, realm name, client ID, client settings, and user credentials. The Keycloak admin console is running and accessible at http://192.168.0.112:8085/auth/admin/.
I've also tried debugging for potential hostname issues, but haven't found a solution yet.
This is my docker-compose file
version: "3.6"
services:
mysql:
image: mysql:5.7
volumes:
- mysql_data:/var/lib/mysql
environment:
MYSQL_ROOT_PASSWORD: secret
MYSQL_DATABASE: keycloak
MYSQL_USER: keycloak
MYSQL_PASSWORD: secret
keycloak:
image: quay.io/keycloak/keycloak:legacy
environment:
DB_VENDOR: MYSQL
DB_ADDR: mysql
DB_DATABASE: keycloak
DB_USER: keycloak
DB_PASSWORD: secret
KEYCLOAK_USER: blaz
KEYCLOAK_PASSWORD: secret
ports:
- 8085:8080
depends_on:
- mysql
volumes:
mysql_data:
driver: local
Any help or insights on this issue would be greatly appreciated. Thank you.
In an attempt to solve the issue, I have tried the following:
Verified Server Address and Port: I confirmed that my Keycloak server is indeed running at the IP address 192.168.0.112 and port 8085.
Checked Realm Name: I made sure that the realm "hasura-app" exists in my Keycloak setup.
Confirmed Client ID: I have verified that the client with the ID "hasura-app" is present within the "hasura-app" realm.
Checked Client Settings: I confirmed that the client "hasura-app" is configured to allow the Resource Owner Password Credentials grant type.
Verified User Credentials: I ensured that the user "test" with the password "testtest" is a valid user within the "hasura-app" realm.
URL Format Change: Based on suggestions for Keycloak versions 17 and onwards, I tried removing auth from my request URL. The updated URL was: http://192.168.0.112:8085/realms/hasura-app/protocol/openid-connect/token. However, the 404 error persisted.
Hostname Debugging: I attempted to debug potential hostname issues using a utility tool recommended in the Keycloak community. However, this didn't seem to resolve the issue.
Despite trying all of the above, I'm still facing the 404 error when attempting to access the token endpoint. I would greatly appreciate any further insights or suggestions to resolve this issue.
In addition to the aforementioned steps, I also attempted the following:
Uninstalling and Reinstalling Keycloak: I uninstalled Keycloak from my Docker container and then reinstalled it, ensuring that I was using the correct version (20.1). After reinstalling, I set up my realm and client again, but the issue persisted.
Trying Different Configurations: I experimented with different configurations in both the realm and the client settings. This included adjusting the Access Type of the client, enabling and disabling Service Accounts, and modifying the SSL Required setting in the realm. None of these changes resolved the issue.
Recreating the User: I deleted and recreated the user "test" to ensure there was no issue with the user's credentials or settings.
Despite all these efforts, the 404 error when attempting to access the token endpoint continues to occur. Any further help or suggestions would be greatly appreciated.
Upvotes: 2
Views: 3236
Answers (1)
Reputation: 399
http://192.168.0.112:8085/realms/hasura-app/protocol/openid-connect/token
Keycloak removed /auth when they migrated to Quarkus, you have to prefix it with /auth since you use the legacy version.
http://192.168.0.112:8085/auth/realms/hasura-app/protocol/openid-connect/token
Addendum
Since switching from wildfly to quarkus is advisable and was asked about in the comment, here is a link to a non-TLS and TLS setup I already provided for another question.
Upvotes: 1
Related Questions
- Keycloak public key format
- Keycloak session and token timeouts
- Keycloak - Retrieve JWT token via OIDC Endpoint
- What are Keycloak's OAuth2 / OpenID Connect endpoints?
- CORS issue with Keycloak OIDC token endpoint
- Keycloak exception: Cannot invoke "Object.toString()" because the return value of "io.vertx.core.http.HttpServerRequest.authority()" is null
- How to get Keycloak users via REST without admin account
- KeyCloak User validation and getting token
- How to get client secret in keycloak with admin user in different realm using python-keycloak
- How to delete Keycloak realm via REST API