ShinyProxy and Keycloak. Unresponsive

Dear list,

I’ve run into a problem I unfortunately can’t seem to solve. I’m using ShinyProxy, MySql and Keycloak together with docker-compose and I had it working, but without any apparent changes, the keycloak and shinyproxy doesn’t communicate anymore.

I have shinyproxy on port 20481 and keycloak on 20482.

This is what I have tried and been able to verify:

  1. Shiny app can launch with authentication: none.
  2. Keycloak server is running and I am able to login through the admin interface.
  3. I tried different versions of keycloak, all without success.
  4. I tried using different browsers, all without sucess.

Here is the return (using keycloak 10.0.2, but it’s all the same):

Upon clicking the login button in shinyproxy:
shinyproxy_1 | 2020-10-16 11:14:17.789 INFO 1 — [ XNIO-2 task-1] io.undertow.servlet : Initializing Spring FrameworkServlet ‘dispatcherServlet’
shinyproxy_1 | 2020-10-16 11:14:17.789 INFO 1 — [ XNIO-2 task-1] o.s.web.servlet.DispatcherServlet : FrameworkServlet ‘dispatcherServlet’: initialization started
shinyproxy_1 | 2020-10-16 11:14:17.803 INFO 1 — [ XNIO-2 task-1] o.s.web.servlet.DispatcherServlet : FrameworkServlet ‘dispatcherServlet’: initialization completed in 14 ms

After this it redirects to:
http://PUBLICIP:20482/auth/realms/librarian/protocol/openid-connect/auth?response_type=code&client_id=librarian&redirect_uri=http%3A%2F%2FPUBLICIP%3A20481%2Fsso%2Flogin&state=5afa58f6-9307-4e96-89c7-0195273d3c74&login=true&scope=openid

A few minutes later, shinyproxy returns this:
shinyproxy_1 | 2020-10-16 11:16:33.609 ERROR 1 — [ XNIO-2 task-3] o.k.adapters.OAuthRequestAuthenticator : failed to turn code into token
shinyproxy_1 |
shinyproxy_1 | java.net.ConnectException: Connection timed out (Connection timed out)
shinyproxy_1 | at java.net.PlainSocketImpl.socketConnect(Native Method) ~[na:1.8.0_265]
shinyproxy_1 | at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350) ~[na:1.8.0_265]
shinyproxy_1 | at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206) ~[na:1.8.0_265]
shinyproxy_1 | at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188) ~[na:1.8.0_265]
shinyproxy_1 | at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392) ~[na:1.8.0_265]
shinyproxy_1 | at java.net.Socket.connect(Socket.java:607) ~[na:1.8.0_265]
shinyproxy_1 | at org.apache.http.conn.scheme.PlainSocketFactory.connectSocket(PlainSocketFactory.java:121) ~[httpclient-4.5.5.jar!/:4.5.5]
shinyproxy_1 | at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180) ~[httpclient-4.5.5.jar!/:4.5.5]
shinyproxy_1 | at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:144) ~[httpclient-4.5.5.jar!/:4.5.5]
shinyproxy_1 | at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:134) ~[httpclient-4.5.5.jar!/:4.5.5]
shinyproxy_1 | at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:610) ~[httpclient-4.5.5.jar!/:4.5.5]
shinyproxy_1 | at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:445) ~[httpclient-4.5.5.jar!/:4.5.5]
shinyproxy_1 | at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:835) ~[httpclient-4.5.5.jar!/:4.5.5]
shinyproxy_1 | at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83) ~[httpclient-4.5.5.jar!/:4.5.5]
shinyproxy_1 | at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108) ~[httpclient-4.5.5.jar!/:4.5.5]
shinyproxy_1 | at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56) ~[httpclient-4.5.5.jar!/:4.5.5]
shinyproxy_1 | at org.keycloak.adapters.ServerRequest.invokeAccessCodeToToken(ServerRequest.java:111) ~[keycloak-adapter-core-4.7.0.Final.jar!/:4.7.0.Final]
shinyproxy_1 | at org.keycloak.adapters.OAuthRequestAuthenticator.resolveCode(OAuthRequestAuthenticator.java:335) [keycloak-adapter-core-4.7.0.Final.jar!/:4.7.0.Final]
shinyproxy_1 | at org.keycloak.adapters.OAuthRequestAuthenticator.authenticate(OAuthRequestAuthenticator.java:280) [keycloak-adapter-core-4.7.0.Final.jar!/:4.7.0.Final]
shinyproxy_1 | at org.keycloak.adapters.RequestAuthenticator.authenticate(RequestAuthenticator.java:139) [keycloak-adapter-core-4.7.0.Final.jar!/:4.7.0.Final]
shinyproxy_1 | at org.keycloak.adapters.springsecurity.filter.KeycloakAuthenticationProcessingFilter.attemptAuthentication(KeycloakAuthenticationProcessingFilter.java:149) [keycloak-spring-security-adapter-4.7.0.Final.jar!/:4.7.0.Final]
shinyproxy_1 | at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212) [spring-security-web-5.0.3.RELEASE.jar!/:5.0.3.RELEASE]
shinyproxy_1 | at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.0.3.RELEASE.jar!/:5.0.3.RELEASE]
shinyproxy_1 | at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116) [spring-security-web-5.0.3.RELEASE.jar!/:5.0.3.RELEASE]
shinyproxy_1 | at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.0.3.RELEASE.jar!/:5.0.3.RELEASE]
shinyproxy_1 | at org.keycloak.adapters.springsecurity.filter.KeycloakPreAuthActionsFilter.doFilter(KeycloakPreAuthActionsFilter.java:86) [keycloak-spring-security-adapter-4.7.0.Final.jar!/:4.7.0.Final]
shinyproxy_1 | at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.0.3.RELEASE.jar!/:5.0.3.RELEASE]
shinyproxy_1 | at org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:100) [spring-security-web-5.0.3.RELEASE.jar!/:5.0.3.RELEASE]
shinyproxy_1 | at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-5.0.4.RELEASE.jar!/:5.0.4.RELEASE]
shinyproxy_1 | at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.0.3.RELEASE.jar!/:5.0.3.RELEASE]
shinyproxy_1 | at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:66) [spring-security-web-5.0.3.RELEASE.jar!/:5.0.3.RELEASE]
shinyproxy_1 | at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-5.0.4.RELEASE.jar!/:5.0.4.RELEASE]
shinyproxy_1 | at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.0.3.RELEASE.jar!/:5.0.3.RELEASE]
shinyproxy_1 | at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105) [spring-security-web-5.0.3.RELEASE.jar!/:5.0.3.RELEASE]
shinyproxy_1 | at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.0.3.RELEASE.jar!/:5.0.3.RELEASE]
shinyproxy_1 | at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56) [spring-security-web-5.0.3.RELEASE.jar!/:5.0.3.RELEASE]
shinyproxy_1 | at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-5.0.4.RELEASE.jar!/:5.0.4.RELEASE]
shinyproxy_1 | at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.0.3.RELEASE.jar!/:5.0.3.RELEASE]
shinyproxy_1 | at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215) [spring-security-web-5.0.3.RELEASE.jar!/:5.0.3.RELEASE]
shinyproxy_1 | at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178) [spring-security-web-5.0.3.RELEASE.jar!/:5.0.3.RELEASE]
shinyproxy_1 | at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:357) [spring-web-5.0.4.RELEASE.jar!/:5.0.4.RELEASE]
shinyproxy_1 | at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:270) [spring-web-5.0.4.RELEASE.jar!/:5.0.4.RELEASE]
shinyproxy_1 | at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) [undertow-servlet-1.4.22.Final.jar!/:1.4.22.Final]
shinyproxy_1 | at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) [undertow-servlet-1.4.22.Final.jar!/:1.4.22.Final]
shinyproxy_1 | at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99) [spring-web-5.0.4.RELEASE.jar!/:5.0.4.RELEASE]
shinyproxy_1 | at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-5.0.4.RELEASE.jar!/:5.0.4.RELEASE]
shinyproxy_1 | at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) [undertow-servlet-1.4.22.Final.jar!/:1.4.22.Final]
shinyproxy_1 | at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) [undertow-servlet-1.4.22.Final.jar!/:1.4.22.Final]
shinyproxy_1 | at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:200) [spring-web-5.0.4.RELEASE.jar!/:5.0.4.RELEASE]
shinyproxy_1 | at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-5.0.4.RELEASE.jar!/:5.0.4.RELEASE]
shinyproxy_1 | at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) [undertow-servlet-1.4.22.Final.jar!/:1.4.22.Final]
shinyproxy_1 | at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) [undertow-servlet-1.4.22.Final.jar!/:1.4.22.Final]
shinyproxy_1 | at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84) [undertow-servlet-1.4.22.Final.jar!/:1.4.22.Final]
shinyproxy_1 | at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) [undertow-servlet-1.4.22.Final.jar!/:1.4.22.Final]
shinyproxy_1 | at io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:64) [undertow-servlet-1.4.22.Final.jar!/:1.4.22.Final]
shinyproxy_1 | at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) [undertow-servlet-1.4.22.Final.jar!/:1.4.22.Final]
shinyproxy_1 | at io.undertow.server.handlers.PathHandler.handleRequest(PathHandler.java:94) [undertow-core-1.4.22.Final.jar!/:1.4.22.Final]
shinyproxy_1 | at eu.openanalytics.containerproxy.util.ProxyMappingManager$ProxyPathHandler.handleRequest(ProxyMappingManager.java:159) [containerproxy-0.8.4.jar!/:0.8.4]
shinyproxy_1 | at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131) [undertow-servlet-1.4.22.Final.jar!/:1.4.22.Final]
shinyproxy_1 | at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57) [undertow-servlet-1.4.22.Final.jar!/:1.4.22.Final]
shinyproxy_1 | at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.4.22.Final.jar!/:1.4.22.Final]
shinyproxy_1 | at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46) [undertow-core-1.4.22.Final.jar!/:1.4.22.Final]
shinyproxy_1 | at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64) [undertow-servlet-1.4.22.Final.jar!/:1.4.22.Final]
shinyproxy_1 | at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60) [undertow-core-1.4.22.Final.jar!/:1.4.22.Final]
shinyproxy_1 | at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77) [undertow-servlet-1.4.22.Final.jar!/:1.4.22.Final]
shinyproxy_1 | at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43) [undertow-core-1.4.22.Final.jar!/:1.4.22.Final]
shinyproxy_1 | at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.4.22.Final.jar!/:1.4.22.Final]
shinyproxy_1 | at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.4.22.Final.jar!/:1.4.22.Final]
shinyproxy_1 | at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292) [undertow-servlet-1.4.22.Final.jar!/:1.4.22.Final]
shinyproxy_1 | at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81) [undertow-servlet-1.4.22.Final.jar!/:1.4.22.Final]
shinyproxy_1 | at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138) [undertow-servlet-1.4.22.Final.jar!/:1.4.22.Final]
shinyproxy_1 | at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135) [undertow-servlet-1.4.22.Final.jar!/:1.4.22.Final]
shinyproxy_1 | at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48) [undertow-servlet-1.4.22.Final.jar!/:1.4.22.Final]
shinyproxy_1 | at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43) [undertow-servlet-1.4.22.Final.jar!/:1.4.22.Final]
shinyproxy_1 | at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272) [undertow-servlet-1.4.22.Final.jar!/:1.4.22.Final]
shinyproxy_1 | at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81) [undertow-servlet-1.4.22.Final.jar!/:1.4.22.Final]
shinyproxy_1 | at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104) [undertow-servlet-1.4.22.Final.jar!/:1.4.22.Final]
shinyproxy_1 | at io.undertow.server.Connectors.executeRootHandler(Connectors.java:336) [undertow-core-1.4.22.Final.jar!/:1.4.22.Final]
shinyproxy_1 | at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:830) [undertow-core-1.4.22.Final.jar!/:1.4.22.Final]
shinyproxy_1 | at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [na:1.8.0_265]
shinyproxy_1 | at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [na:1.8.0_265]
shinyproxy_1 | at java.lang.Thread.run(Thread.java:748) [na:1.8.0_265]

To me, it seems that ShinyProxy fails to reach keycloak, although I can manually reach keycloak on the redirect address.

Can anyone give any feedback on what I can try?

Cheers!

Hi

This error indeed indicates that ShinyProxy cannot connect to the keycloak server.
I would try to exec into the ShinyProxy container and check if you can reach the keycloak server from there.

Try

server:
forward-headers-strategy: framework