https://connect.hyland.com/t5/nuxeo-forum/unable-to-call-nuxeo-rest-api-from-rest-client-when-integrated/m-p/316946#M3947 <P>Are you building the 10.10 branch of <CODE>nuxeo-platform-login-keycloak</CODE> (which is needed because you're using Nuxeo 10.10) ?</P> Mon, 17 Jun 2019 12:36:21 GMT Florent_Guillau 2019-06-17T12:36:21Z https://connect.hyland.com/t5/nuxeo-forum/unable-to-call-nuxeo-rest-api-from-rest-client-when-integrated/m-p/316945#M3946 <P>I wanted to integrate keycloak as authentication plugin for nuxeo platform both running on my local machine</P> <P><STRONG>Set up details</STRONG></P> <P>Nuxeo platform version: 10.10 (runs on tomcat 9)<BR /> /&gt; Keycloak version: 6.0.1<BR /> /&gt; keycloak tomcat adapter distribution: keycloak-tomcat8-adapter-dist</P> <P>I followed the steps mentioned in <A href="https://github.com/nuxeo/nuxeo/tree/master/nuxeo-services/login/nuxeo-platform-login-keycloak">link</A></P> <P>Here, I built the nuxeo-platform-login-keycloak plugin for keycloak 6.0.1 version. On keycloak, I set up a auth client under newly created realm 'demo'</P> <P>Client details available in <A href="%5Bhttps://i.stack.imgur.com/ch0yz.jpg%5D(https://i.stack.imgur.com/ch0yz.jpg)">client configuration</A></P> <P>I created role as 'Members' and added admin role to it I created a user 'keycloakuser' and added to 'Members'.</P> <P>When nuxeo ui is hit from browser, the authentication flow works fine. It redirects me to login page of keycloak, on valid credentials, it redirects me to nuxeo ui. The user created along with 'Members' group assigned to it.</P> <P><STRONG>Error Scenario</STRONG></P> <P>To call rest api from postman, I configured Oauth2 for authentication.</P> <P>Auth url: <A href="http://localhost:8080/auth/realms/demo/protocol/openid-connect/auth" target="test_blank">http://localhost:8080/auth/realms/demo/protocol/openid-connect/auth</A></P> <P>Token Url: <A href="http://localhost:8080/auth/realms/demo/protocol/openid-connect/token" target="test_blank">http://localhost:8080/auth/realms/demo/protocol/openid-connect/token</A></P> <P>Client: testclient</P> <P>Client secret: *****</P> <P>Scope: openid</P> <P>I used access_token obtained using Oauth2 flow, to make API call as <A href="http://localhost:8190/nuxeo/api/v1/id/document_id" target="test_blank">http://localhost:8190/nuxeo/api/v1/id/document_id</A>. It is failing with</P> <PRE><CODE class="language-java">java.lang.ClassCastException: class org.apache.catalina.core.ApplicationHttpRequest cannot be cast to class org.apache.catalina.connector.RequestFacade (org.apache.catalina.core.ApplicationHttpRequest and org.apache.catalina.connector.RequestFacade are in unnamed module of loader java.net.URLClassLoader @39aeed2f) at org.nuxeo.ecm.platform.ui.web.keycloak.DeploymentResult.invokeOn(DeploymentResult.java:79) [nuxeo-platform-login-keycloak-10.10.jar:?] at org.nuxeo.ecm.platform.ui.web.keycloak.KeycloakAuthenticatorProvider.provide(KeycloakAuthenticatorProvider.java:56) [nuxeo-platform-login-keycloak-10.10.jar:?] at org.nuxeo.ecm.platform.ui.web.keycloak.KeycloakAuthenticationPlugin.handleRetrieveIdentity(KeycloakAuthenticationPlugin.java:113) [nuxeo-platform-login-keycloak-10.10.jar:?] at org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter.handleRetrieveIdentity(NuxeoAuthenticationFilter.java:1137) [nuxeo-platform-web-common-10.10.jar:?] at org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter.doFilterInternal(NuxeoAuthenticationFilter.java:548) [nuxeo-platform-web-common-10.10.jar:?] </CODE></PRE> <P>Observation:</P> <OL> <LI>The API request call is not hitting the keycloak endpoint</LI> <LI>I tried to print the reqqest type (actually the request wrapper type) in both scenarios. For browser request, it was <CODE>org.apache.catalina.connector.RequestFacade</CODE> and for api request it was <CODE>org.apache.catalina.core.ApplicationHttpRequest</CODE> which is not extending <CODE>org.apache.catalina.connector.RequestFacade</CODE></LI> </OL> <P>Questions:</P> <OL> <LI>Does above behavior (mentioend in point 2) differ in tomcat versions earlier to tomcat 9?</LI> <LI>Is the problem with compatibility issues with tomcat version and keycloak adapters jar version?</LI> </OL> <P>(crossposted on <A href="https://stackoverflow.com/questions/56574241/unable-to-call-nuxeo-rest-api-from-rest-client-when-integrated-with-keycloak-aut">StackOverflow</A>)</P> Fri, 14 Jun 2019 10:36:09 GMT https://connect.hyland.com/t5/nuxeo-forum/unable-to-call-nuxeo-rest-api-from-rest-client-when-integrated/m-p/316945#M3946 Ravindra_Nalavd 2019-06-14T10:36:09Z https://connect.hyland.com/t5/nuxeo-forum/unable-to-call-nuxeo-rest-api-from-rest-client-when-integrated/m-p/316946#M3947 <P>Are you building the 10.10 branch of <CODE>nuxeo-platform-login-keycloak</CODE> (which is needed because you're using Nuxeo 10.10) ?</P> Mon, 17 Jun 2019 12:36:21 GMT https://connect.hyland.com/t5/nuxeo-forum/unable-to-call-nuxeo-rest-api-from-rest-client-when-integrated/m-p/316946#M3947 Florent_Guillau 2019-06-17T12:36:21Z https://connect.hyland.com/t5/nuxeo-forum/unable-to-call-nuxeo-rest-api-from-rest-client-when-integrated/m-p/316947#M3948 <P>[Florent Guillaume](https</P> Tue, 18 Jun 2019 09:05:14 GMT https://connect.hyland.com/t5/nuxeo-forum/unable-to-call-nuxeo-rest-api-from-rest-client-when-integrated/m-p/316947#M3948 Ravindra_Nalavd 2019-06-18T09:05:14Z https://connect.hyland.com/t5/nuxeo-forum/unable-to-call-nuxeo-rest-api-from-rest-client-when-integrated/m-p/316948#M3949 <P>the keycloak-tomcat8-adapter-dist is for tomcat 8. Will this work for tomcat 9 as well? As the distribution files are not available for tomcat 9</P> Tue, 18 Jun 2019 12:29:23 GMT https://connect.hyland.com/t5/nuxeo-forum/unable-to-call-nuxeo-rest-api-from-rest-client-when-integrated/m-p/316948#M3949 Ravindra_Nalavd 2019-06-18T12:29:23Z