Getting 403 forbidden during login

[manishbansal8843]

Application was working fine yesterday. Today, I updated some java code and fired the build.sh. Now, during login, i am getting 403 forbidden error in developer's console during get request to below url:

http://ip.address:8889/idprest/userService/jobid1/getUserRolesPermissions
Further, i inspected the logs of oauth application, below are the logs.

2018-12-21 12:16:09.949  INFO 48 --- [nio-8181-exec-8] o.i.i.c.a.LoginBL                        : Auth Status : 0
2018-12-21 12:16:09.949  INFO 48 --- [nio-8181-exec-8] o.i.i.c.a.LoginBL                        : authenticated!!!!

Keycloak logs are as follows:

11:28:42,309 WARN  [org.hibernate.engine.jdbc.spi.SqlExceptionHelper] (default task-4) SQL Error: 0, SQLState: 23505
11:28:42,310 ERROR [org.hibernate.engine.jdbc.spi.SqlExceptionHelper] (default task-4) ERROR: duplicate key value violates unique constraint "uk_b71cjlbenv945rb6gcon438at"
  Detail: Key (realm_id, client_id)=(master, idp) already exists.
11:28:42,310 INFO  [org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl] (default task-4) HHH000010: On release of batch it still contained JDBC statements
11:43:17,382 WARN  [org.keycloak.events] (default task-10) type=LOGIN_ERROR, realmId=master, clientId=account, userId=null, ipAddress=myipaddress, error=invalid_redirect_uri, redirect_uri=http://ip.address:8989/auth/realms/master/account/login-redirect?path=password
11:43:18,258 WARN  [org.keycloak.events] (default task-13) type=LOGIN_ERROR, realmId=master, clientId=account, userId=null, ipAddress=myipaddress, error=invalid_redirect_uri, redirect_uri=http://ip.address:8989/auth/realms/master/account/login-redirect?path=password

One other observations:

During full build, the posgres server data was not re-initialised. I feel like, this is the main reason behind keycloak exceptions.

Any idea how can i resolve this issue.

[jaskirat8]

@manishbansal8843 Build script is not allowed to delete your existing database and will only update your provisioning scripts for database.
These scripts kick in automatically if there is no data in database.
Since there is no way to identify if data need to be updated or merged or replaced by your simple sql. Hence that logic is decoupled and if needed you can go ahead and delete data in postgresdata folder and fire this command on docker master
docker service update IDP_postgres --force

[jaskirat8]

@manishbansal8843 i assume your "ip.address" is actual public-ally accessible ip address and is accessible by container. Also since i can see there is timestamp difference in logs hence events are not linked.

On a general view a 403 from UI means your login session is either corrupted or oauth ticket was not logged in first place.

You can start by checking "token" api response and see if token came in reply and further check if you are able to login to keycloak from jenkins or dashboard or directly.

[manishbansal8843]

@jaskirat8 Yes. Deleting postgresdata folder worked. Now, db is getting initialised properly. Regarding 403 forbidden, its due to corporate network firewall. I tried connecting my url via open network, it is working fine. Thank you for quick response,