XDebug and RESTful server using PHPStorm or POSTman - rest

How can I get a REST client (such as the one built into PHPStorm or POSTman) to work with XDebug?
In my current set-up of XDebug, using PHPStorm and the Bookmarklet provided I'm able to get it working in both Chrome and Firefox - but as soon as I try with POSTman or any other REST client, I can't figure out how to get it started.
Cheers.

You can use one of these approaches:
Configure your Xdebug (by editing php.ini) to attempt to debug every PHP script. The key option:
Xdebug v2: xdebug.remote_autostart = 1
Xdebug v3: xdebug.start_with_request = yes
Add Xdebug session start parameter to the actual URL (XDEBUG_SESSION_START={{KEY}} -- https://xdebug.org/docs/step_debug#manual-init), for example: ?XDEBUG_SESSION_START=PHPSTORM
Pass Xdebug cookie as part of the request (the one which is set by bookmarklet or browser extension, for example).
For this to work: make sure that "phone handle" icon is activated in advance in PhpStorm (Run | Start Listen for PHP Debug Connection).
P.S. If you are using Postman, Insominia or alike (another REST client) then the best / most transparent way IMO is to use Xdebug cookie. You're most likely already using separate Environments (e.g. "dev", "test", "production") so you can have such a cookie only where it is needed (depends on the tool and version used of course).
This way there is no need to edit the URL (even if you have it as a "conditional parameter" that is present for some environment and absent for another) or configure Xdebug to "debug all requests" at all.
An example of such Xdebug cookie from my Postman (edit it as needed; here it is set for the local some-domain.local.test fake domain):
XDEBUG_SESSION=value; Path=/; Domain=.some-domain.local.test; Expires=Tue, 19 Jan 2038 03:14:07 GMT;
Since the host URL should be a part of your Environment (e.g. the endpoint URL will be like {{host}}/api/v1/welcome) then such cookie will be sent to the dev domain only and not to the production one.

Just add ?XDEBUG_SESSION_START=filter_string at the end of the url, for eg:
https://new-supplier.local/api/login?XDEBUG_SESSION_START=PHPSTORM
PHPSTORM is my default filter string, you can use whatever you want. Your editor should be set up to filter connections by IDE key (filter string), and thats it. You should be able to debug the same way as from Chrome or FF.

Warning!
xdebug >= 3.0 has changed the parameters in php.ini.
After upgrading xdebug, most of the answers here will not be relevant.
Refer to:
https://xdebug.org/docs/upgrade_guide
Basically, you need to add something like this to your php.ini:
xdebug.mode=develop,gcstats,coverage,profile,debug
xdebug.start_with_request=1
xdebug.idekey=PHPSTORM

This was driving me crazy. I just updated to PHP 7.1 and xdebug that was working no longer worked. I updated the xdebug.so file (Linux) and php --version indicated that xdebug was indeed being loaded and working. But when I would use Postman the debugger never kicked on.
Here's the solution. If you are using Apache as your server then you need to enable the PHP 7.1 mods and reboot Apache: sudo service apache2 restart

xdebug.remote_timeout = 60000
Worked for me. As my Mac was very slow, and Remote debugger was timed out after 200 ms (Default value)

What finally got my Postman/PHPStorm Xdebug working was adding a PHP Remote Debug configuration in PHPStorm:
Run -> Edit Configurations -> + -> PHP Remote Debug
I just set the name to localhost and saved it - no IDE Key, etc.

you can set xdebug cookie into postman to use it from postman as well.
their are one link Cookies under the Send button click on it. and add new cookie. XDEBUG_SESSION = PHPSTORM their and save

Configure PHPStorm XDebug to trigger on RESTful API requests
Please, check this answer => https://stackoverflow.com/a/73802240/13321079

Related

install4j application uses wrong proxy setting

I'm using these settings in install4j.vmoptions (install4j 7.0.4):
# Clear out cached proxy information
-Dinstall4j.clearProxyCache=true
# and hopefully prevent install4j from reloading it from the default browser
-Dinstall4j.noProxyAutoDetect=true
# Unconditionally shows proxy config dialog
-Dinstall4j.showProxyConfig=true
# Log issues to %TEMP%\install4j_error.log
-Dinstall4j.showConnectError=true
I do not get a proxy dialog; the output in the error log is this:
java.io.IOException: Proxy password required. Please set the parameter -DproxyAuthPassword=[password].
at com.install4j.runtime.installer.helper.content.HttpRequestHandler.askForProxyPassword(HttpRequestHandler.java:335)
at com.install4j.runtime.installer.helper.content.HttpRequestHandler.getURLConnection(HttpRequestHandler.java:233)
at com.install4j.runtime.installer.helper.content.HttpRequestHandler.connect(HttpRequestHandler.java:124)
at com.install4j.runtime.installer.helper.content.Downloader.connect(Downloader.java:151)
at com.install4j.runtime.installer.helper.content.Downloader.connect(Downloader.java:24)
at com.install4j.runtime.installer.helper.content.HttpRequestHandler.connect(HttpRequestHandler.java:117)
at com.install4j.runtime.installer.helper.content.Downloader.connect(Downloader.java:146)
at com.install4j.gui.c.h.c(ejt:72)
at com.install4j.gui.c.h.run(ejt:38)
This runs contrary to the following two assumptions:
1) install4j should record the proxy settings.
2) install4j should show a proxy dialog with these settings.
What did I miss?
UPDATE: -DproxyAuth=false would change the error message, it would now complain about certificate problems.
This concerns the JRE downloads in the install4j IDE and will be fixed in 7.0.7.
Please write to support#ej-technologies.com to get a build that contains the fix.
Alternatively, you can download JRE bundles manually from
https://download.ej-technologies.com/bundles/list

keycloak Invalid parameter: redirect_uri

When I am trying to hit from my api to authenticate user from keycloak, but its giving me error Invalid parameter: redirect_uri on keycloak page. I have created my own realm apart from master. keycloak is running on http. Please help me.
What worked for me was adding wildchar '*'. Although for production builds, I am going to be more specific with the value of this field. But for dev purposes you can do this.
Setting available under, keycloak admin console -> Realm_Name -> Cients -> Client_Name.
EDIT: DO NOT DO THIS IN PRODUCTION. Doing so creates a large security flaw.
If you are a .Net Devloper Please Check below Configurations
keycloakAuthentication options class set
CallbackPath = RedirectUri,//this Property needs to be set other wise it will show invalid redirecturi error
I faced the same error. In my case, the issue was with Valid Redirect URIs was not correct. So these are the steps I followed.
First login to keycloack as an admin user.
Then Select your realm(maybe you will auto-direct to the realm). Then you will see below screen
Select Clients from left panel.
Then select relevant client which you configured for your app.
By default, you will be Setting tab, if not select it.
My app was running on port 3000, so my correct setting is like below.
let say you have an app runs on localhost:3000, so your setting should be like this
If you're getting this error because of a new realm you created
You can directly change the URL in the URL bar to get past this error. In the URL that you are redirected to (you may have to look in Chrome dev tools for this URL), change the realm from master to the one you just created, and if you are not using https, then make sure the redirect_uri is also using http.
If you're getting this error because you're trying to setup Keycloak on a public facing domain (not localhost)
Step 1)
Follow this documentation to setup a MySql database (link's broken. If you find some good alternative documentation that works for you, feel free to update this link and remove this message). You may also need to refer to this documentation.
Step 2)
Run the command update REALM set ssl_required = 'NONE' where id = 'master';
Note:
At this point, you should technically be able to login, but version 4.0 of Keycloak is using https for the redirect uri even though we just turned off https support. Until Keycloak fixes this, we can get around this with a reverse proxy. A reverse proxy is something we will want to use anyhow to easily create SSL/TLS certificates without having to worry about Java keystores.
Note 2: After writing these instructions, Keycloak come out with their own proxy. They then stopped supporting it and recommended using oauth2 proxy instead. It is lacking some features the Keycloak proxy had, and an unoffical version of that proxy is still being maintained here. I haven't tried using either of these proxies, but at this point, you might want to stop following my directions and use one of those instead.
Step 3) Install Apache. We will use Apache as a reverse proxy (I tried NGINX, but NGINX had some limitations that got in the way). See yum installing Apache (CentOs 7), and apt-get install Apache (Ubuntu 16), or find instructions for your specific distro.
Step 4) Run Apache
Use sudo systemctl start httpd (CentOs) or sudo systemctl start apache2 (Ubuntu)
Use sudo systemctl status httpd (CentOs) or sudo systemctl status apache2
(Ubuntu) to check if Apache is running. If you see in green text the words active (running) or if the last entry reads Started The Apache HTTP Server. then you're good.
Step 5) We will establish a SSL connection with the reverse proxy, and then the reverse proxy will communicate to keyCloak over http. Because this http communication is happening on the same machine, you're still secure. We can use Certbot to setup auto-renewing certificates.
If this type of encryption is not good enough, and your security policy requires end-to-end encryption, you will have to figure out how to setup SSL through WildFly, instead of using a reverse proxy.
Note:
I was never actually able to get https to work properly with the admin portal. Perhaps this may have just been a bug in the beta version of Keycloak 4.0 that I'm using. You're suppose to be able to set the SSL level to only require it for external requests, but this did not seem to work, which is why we set https to none in step #2. From here on we will continue to use http over an SSH tunnel to manage the admin settings.
Step 6)
Whenever you try to visit the site via https, you will trigger an HSTS policy which will auto-force http requests to redirect to https. Follow these instructions to clear the HSTS rule from Chrome, and then for the time being, do not visit the https version of the site again.
Step 7)
Configure Apache. Add the virtual host config in the code block below. If you've never done this, then the first thing you'll need to do is figure out where to add this config file.
On RHEL and some other distros
you'll need to find where your httpd.conf or apache2.conf file is located. That config file should be loading virtual host config files from another folder such as conf.d.
If you are using Ubuntu or Debian,
your config files will be located in /etc/apache2/sites-available/ and you'll have an extra step of needing to enable them by running the command sudo a2ensite name-of-your-conf-file.conf. That'll create a symlink in /etc/apache2/sites-enabled/ which is where Apache looks for config files on Ubuntu/Debian (and remember the config file was placed in sites-available, slightly different).
All distros
Once you've found the config files, change out, or add, the following virtual host entries in your config files. Make sure you don't override the already present SSL options that where generated by certbot. When done, your config file should look something like this.
<VirtualHost *:80>
RewriteEngine on
#change https redirect_uri parameters to http
RewriteCond %{request_uri}\?%{query_string} ^(.*)redirect_uri=https(.*)$
RewriteRule . %1redirect_uri=http%2 [NE,R=302]
#uncomment to force https
#does not currently work
#RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI}
#forward the requests on to keycloak
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:8080/
ProxyPassReverse / http://127.0.0.1:8080/
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
RewriteEngine on
#Disable HSTS
Header set Strict-Transport-Security "max-age=0; includeSubDomains;" env=HTTPS
#change https redirect_uri parameters to http
RewriteCond %{request_uri}\?%{query_string} ^(.*)redirect_uri=https(.*)$
RewriteRule . %1redirect_uri=http%2 [NE,R=302]
#forward the requests on to keycloak
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:8080/
ProxyPassReverse / http://127.0.0.1:8080/
#Leave the items added by certbot alone
#There should be a ServerName option
#And a bunch of options to configure the location of the SSL cert files
#Along with an option to include an additional config file
</VirtualHost>
</IfModule>
Step 8) Restart Apache. Use sudo systemctl restart httpd (CentOs) or sudo systemctl restart apache2 (Ubuntu).
Step 9)
Before you have a chance to try to login to the server, since we told Keycloak to use http, we need to setup another method of connecting securely. This can be done by either installing a VPN service on the keycloak server, or by using SOCKS. I used a SOCKS proxy. In order to do this, you'll first need to setup dynamic port forwarding.
ssh -N -D 9905 user#example.com
Or set it up via Putty.
All traffic sent to port 9905 will now be securely routed through an SSH tunnel to your server. Make sure you whitelist port 9905 on your server's firewall.
Once you have dynamic port forwarding setup, you will need to setup your browser to use a SOCKS proxy on port 9905. Instructions here.
Step 10) You should now be able to login to the Keycloak admin portal. To connect to the website go to http://127.0.0.1, and the SOCKS proxy will take you to the admin console. Make sure you turn off the SOCKS proxy when you're done as it does utilize your server's resources, and will result in a slower internet speed for you if kept on.
Step 11) Don't ask me how long it took me to figure all of this out.
IMPORTANT UPDATE IN KEYCLOAK 18
In the newest keycloak 18, they have deprecated the redirect_uri variable for the openid connect logout -> https://www.keycloak.org/docs/latest/upgrading/index.html#openid-connect-logout
Go to keycloak admin console > SpringBootKeycloak> Cients>login-app page.
Here in valid-redirect uris section add
http://localhost:8080/sso/login
This will help resolve indirect-uri problem
For me, I had a missing trailing slash / in the value for Valid Redirect URIs
[For Keycloak version 18 or Higher]
None of the mentioned solutions should be working if you are using Keycloak 18 or a higher version.
According to the version 18 release note. Keycloak does not support logout with redirect_uri anymore. you need to include post_logout_redirect_uri and id_token_hint as parameters.
Please check the answer of this question for more information.
keycloak: using react user can login but when I try logout I get a message "Invalid parameter: redirect_uri"
Log in the Keycloak admin console website, select the realm and its client, then make sure all URIs of the client are prefixed with the protocol, that is, with http:// for example. An example would be http://localhost:8082/*
Another way to solve the issue, is to view the Keycloak server console output, locate the line stating the request was refused, copy from it the redirect_uri displayed value and paste it in the * Valid Redirect URIs field of the client in the Keycloak admin console website. The requested URI is then one of the acceptables.
If you're seeing this problem after you've made a modification to the Keycloak context path, you'll need to make an additional change to a redirect url setting:
Change <web-context>yourchange/auth</web-context> back to
<web-context>auth</web-context> in standalone.xml
Restart Keycloak and navigate to the login page (/auth/admin)
Log in and select the "Master" realm
Select "Clients" from the side menu
Select the "security-admin-console" client from the list that appears
Change the "Valid Redirect URIs" from /auth/admin/master/console/* to
/yourchange/auth/admin/master/console/*
Save and sign out. You'll again see the "Invalid redirect url" message after signing out.
Now, put in your original change
<web-context>yourchange/auth</web-context> in standalone.xml
Restart Keycloak and navigate to the login page (which is now
/yourchange/auth/admin)
Log in and enjoy
I faced the same issue. I rectified it by going to the particular client under the realm respectively therein redirect URL add * after your complete URL.
I had the same problem with "localhost" in the redirect URL. Change to 127.0.0.1 in the "Valid Redirect URIs" field of clients config (KeyCloak web admin console). It works for me.
It seems that this problem can occur if you put whitespace in your Realm name. I had name set to Debugging Realm and I got this error. When I changed to DebuggingRealm it worked.
You can still have whitespace in the display name. Odd that keycloak doesn't check for this on admin input.
even I faced the same issue. I rectified it by going to the particular client under the realm respectively therein redirect URL add * after your complete URL.
THE PROBLEM WILL BE SOLVED
Example:
redirect URI: http:localhost:3000/myapp/generator/*
Looking at the exact rewrite was key for me. the wellKnownUrl lookup was returning "http://127.0.01:7070/" and I had specified "http://localhost:7070" ;-)
I faced the Invalid parameter: redirect_uri problem problem while following spring boot and keycloak example available at http://www.baeldung.com/spring-boot-keycloak. when adding the client from the keycloak server we have to provide the redirect URI for that client so that keycloak server can perform the redirection.
When I faced the same error multiple times, I followed copying correct URL from keycloak server console and provided in the valid Redirect URIs space and it worked fine!
This error is also thrown when your User does not have the expected Role delegated in User definition(Set role for the Realm in drop down).
Your redirect URI in your code(keycloak.init) should be the same as the redirect URI set on Keycloak server (client -> Valid Uri)
Ran into this problem too. After two days of pulling my hair out I discovered that the URLs in Keycloak are case sensitive. However the browser coverts the URL to lowercase, which means that uppercase URLs in Keycloak will never work.
e.g. my server name is MYSERVER (hostname returns MYSERVER)
Keycloak URLs are https://MYSERVER:8080/*
Browse to https://myserver:8080 -> fails invalid_url
Browse to https://MYSERVER:8080 -> fails invalid_url
Change Keycloak URLs to https://myserver:8080/*
Browse to https://myserver:8080 -> works
Browse to https://MYSERVER:8080 -> works
We also saw this, but only on certain URLs. After seeing this clue, I realized that the Java URI constructor has to be able to decode it,
like so URI uri = URI.create(redirectUri);
We had a { and } in our URLs which normally worked fine, but when going through two layers of URL decode/encode, Java decided the { and } were invalid.
We'll be changing our curly braces to something else to get around the double encode/decode issue.
I know other people provided the same answer, but my reputation was not high enough to upvote them. In the redirect menu, Mine had a redirect of " 0.0.0.0:8080/* ". I added
(actualIP) followed by :8080/* and it worked.
In your client, set the origin of your request. In my case, localhost:3000 (javaScript client)
If you are using the Authorization Code Flow then the response_type query param must be equal to code. See https://www.keycloak.org/docs/3.3/server_admin/topics/sso-protocols/oidc.html
You need to check the keycloak admin console for fronted configuration. It must be wrongly configured for redirect url and web origins.
If you're trying to redirect to the keycloak login page after logout (as I was), that is not allowed by default but also needs to be configured in the "Valid Redirect URIs" setting in the admin console of your client.
Check that the value of the redirect_uri parameter is whitelisted for the client that you are using. You can manage the configuration of the client via the admin console.
The redirect uri should match exactly with one of the whitelisted redirect uri's, or you can use a wildcard at the end of the uri you want to whitelist. See: https://www.keycloak.org/docs/latest/server_admin/#_clients
Note that using wildcards to whitelist redirect uri's is allowed by Keycloak, but is actually a violation of the OpenId Connect specification. See the discussion on this at https://lists.jboss.org/pipermail/keycloak-dev/2018-December/011440.html
My issue was caused by the wrong client_id (OPENID_CLIENT_ID) I had defined in the deployment.yaml. Make sure this field is assigned with the one in Keycloak client id.
The problem seems related to an invalid value in Valid Redirect URIs field. You can try with one of these tips:
set the same value of Client ID (if it's a URL) making it end with /* , or
tryingToLearn 's reponse [https://stackoverflow.com/a/51420355/97799] (but beware of security issues).
I into this due to a malformed redirect url in the keycloak client:
https://http://192.168.1.10/hub/oauth_callback
As soon as I took out https:// the error
I'm using version 20.0.2 and, for me, the solution was to simply add a '+' in the "Valid post logout redirect URIs" field:
As stated in the help balloon, "A value of '+' will use the list of valid redirect uris".
I faced a similar issue because I create a realm with two words and had a space on it. eg Test Realm, this gave me this error. I put an underscore and was good to go eg, Test_Realm.

Debug rest in PhpStorm

A new functional in new PhpStorm 11 is debug rest api within build-in rest api tool. I setup debugger and all works from browser - application stops on breakpoints.
But when i run debug from rest api tool, my breakpoints be ignored.
What i missed? On jetbrains blog said:
"To use the debugger, just make sure Xdebug is configured and enabled. Now you can use the new “Submit request in debug mode” button to easily send the request and initiate the debugger."
If you want to trigger and xdebug session from PHPStorm’s REST client
you can set the debug cookie manually. Add the following to a new Request header:
Name: Cookie
Value: XDEBUG_SESSION=PHPSTORM
I had same problem as you.
Try to change Xdebug port. I changed it to 9001 and it works.
php.ini
[xdebug]
xdebug.remote_enable=on
xdebug.default_enable=on
xdebug.remote_autostart=on
xdebug.remote_port=9001
xdebug.remote_host=localhost
xdebug.profiler_enable_trigger=1
xdebug.profiler_output_name=xdebug-profile-cachegrind.out-%H-%R
xdebug.var_display_max_children = 128
xdebug.var_display_max_data = 2048
xdebug.var_display_max_depth = 128
Storm

Stop framework from using HTTP Proxy

After nearly drowning in tears of frustration I have to ask you a question.
My play (2.0.3, scala) application is consuming a wsdl, which works perfectly fine, if I run the dev version of my webservice on localhost, which makes the wsdl-url something like http://localhost:8080/Service/Service?wsdl.
When I try to consume the WSDl from the remote test system server, with an Url like http://testserver.company.net:8084/Service/Service?wsdl, I get:
[WebServiceException: Failed to access the WSDL at: http://testserver.company.net:8084/Service/Service?wsdl. It failed with: Got Server returned HTTP response code: 502 for URL: http://testserver.company.net:8084/Service/Service?wsdl while opening stream from http://testserver.company.net:8084/Service/Service?wsdl.]
My company uses a http proxy for internet use, which is the reason for the 502 error. So I want play to stop using the proxy.
So far I have tried (all together):
deleted proxy from Intenet Explorer
set _JAVA_OPTIONS=-Dhttp.noProxyHosts="testserver.company.net"
set JAVA_OPTIONS=-Dhttp.noProxyHosts="testserver.company.net"
play run -Dhttp.noProxyHosts="testserver.company.net"
None of this worked. Any ideas? How can I stop play from using the HttpProxy?
EDIT:
I found it has someting to do with java Webservices-api / jaxws libraries.
Any ideas?
EDIT 2012-10-17:
It seams to depend on system proxy settings. I still don't know why it didn't work that day although I deleted the whole proxy from IE and restarted everything. Is there any way to make my play app independend from system settings?
Try:
play -Dhttp.noProxyHosts="testserver.company.net" run
I noticed a typo in your property, the correct property is http.nonProxyHosts so add and extra n after no.

Restricted access page not visible in IE( 8 and 7) problem with cookieDomain variable in typo3

FE Restricted access page works fine with Firefox, but in IE and chrome it not. Cookie domain is not set properly on IE. I come across with some patch , it not seems to be work.
My current localconf.php configuration is:
$TYPO3_CONF_VARS['SYS']['cookieDomain'] = 'www.domain.com';
i tried domain.com also.
i come across many bugs reported regarding this issue. http://bugs.typo3.org/view.php?id=11858
In google chrome also i am facing the same problem.
Non of the solution works for me.
What should be the configuration for cookie domain.
Typo3 Version: 4.4.9 PHP Version 5.2.6-1+lenny13
Your cookieDomain config is correct. A more stable and versatile version would look like this:
$TYPO3_CONF_VARS['SYS']['cookieDomain'] = $_SERVER['SERVER_NAME'];
This one also works in multi-website / multi-domain setups.
If you still experience problems, you should check the Set-Cookie header that is sent in the server response: Use FF with Add-on "Live HTTP headers" (LHh). First delete any existing cookies for your domain (Firefox: Tools –> Options –> Privacy –> remove individual cookies –> select all entries matching your domain –> hit "remove cookies"), now open the LHh window (tools menu, last entry), keep it open and open your website in FF. Then inspect the response that comes back from the server after the first GET request. It should start with
HTTP/1.1 302 Found
and should contain a line like this
Set-Cookie: fe_typo_user=abcdefghabcdefghabcdefghabcdefgh; path=/; domain=www.domain.com
Check whether the domain is the one that you are calling the website by and the path is root ("/").
If this is all correct, your login problem is probably not connected to the cookieDomain setting.