hawtio-auth-keycloak doesn't show any error when trying to log in in insecure context with keycloak

[mmuzikar]

When hawtio is running in an http mode (not localhost) and user logs in via keycloak they get redirected to "normal" Hawtio login page. Which causes some confusion leaving the user thinking that they must've not configured the application correctly, however in the console there's an error message:

[hawtio-auth-keycloak] Failed to initialise Keycloak: Error: Web Crypto API is not available.
    m http://172.17.0.1:8080/hawtio/static/js/4240.1d53be00.chunk.js:2
    createLoginUrl http://172.17.0.1:8080/hawtio/static/js/4240.1d53be00.chunk.js:2
    login http://172.17.0.1:8080/hawtio/static/js/4240.1d53be00.chunk.js:2
    login http://172.17.0.1:8080/hawtio/static/js/4240.1d53be00.chunk.js:2
    t http://172.17.0.1:8080/hawtio/static/js/4240.1d53be00.chunk.js:2
    d http://172.17.0.1:8080/hawtio/static/js/4240.1d53be00.chunk.js:2
    m http://172.17.0.1:8080/hawtio/static/js/4240.1d53be00.chunk.js:2
4240.1d53be00.chunk.js:2:4215134

If possible there should be some toast notification saying that keycloak login doesn't work in insecure contexts.

[grgrzybek]

I checked this scenario.
Keycloak and OIDC external authentication methods are quite similar from the point of view of Hawtio React application - these plugins register login/logout hooks and if these don't succeed, Hawtio defaults to standard login screen even if there's nothing configured at server side to accept credentials from such login screen.

Unfortunately if we want to fix it, we'd have the same issues as with hawtio/hawtio#2941 - because we'd have to rewrite:

• how Hawtio React interacts with server side to get configuration of login behavior
• how plugins affect login process...

Currently there's no easy place to add verification of security context used...

I'll keep this issue assigned to me, but I can't promise any quick solution now...