[keycloak-user] failed to turn code into token error

Patrick V. Madden pmadden at tomsawyer.com
Wed Dec 3 11:35:16 EST 2014 

Hi, 

We have a standalone keycloak 1.0.4.Final appliance installation that supports SSL. I understand that it uses Wildfly 8.1.0.Final as its core. 

We have a Wildfly 8.0.0.Final Domain for testing with a number of cluster nodes all running the same 8.0 Wildfly version with the keycloak 1.0.4.Final adapter installed. The domain is fronted by Apache HTTP that supports SSL. 

We are trying to deploy some web applications to the domain to authenticate against keycloak. Things look good at first. Our apps redirect to our Active Directory Realm but upon redirect we get 403 - Forbidden errors. Stack trace is below. 

My question is could the problem be that we have two different versions of undertow core and servlet jars between domain nodes and standalone keycloak? Should we upgrade out testing domain to use 8.1.0.Final? Any thoughts are greatly appreciated! Also what about Wildfly 8.2.0.Final. If I'm going to upgrade my domain I would like to possibly use that. I could rebuild 1.0.4.Final using 8.2.0 artifacts? 

Any help is greatly appreciated. 
Thanks Patrick 

This is the error we see on our domain controller node: 

2014-12-03 07:48:08,718 ERROR [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-13) failed to turn code into token: org.apache.http.conn.HttpHostConnectExceptionentity.testing.tomsawyer.com refused 
at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:190) [httpclient-4.2.1.jar:4.2.1] 
at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:151) [httpclient-4.2.1.jar:4.2.1] 
at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:125) [httpclient-4.2.1.jar:4.2.1] 
at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:640) [httpclient-4.2.1.jar:4.2.1] 
at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:479) [httpclient-4.2.1.jar:4.2.1] 
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906) [httpclient-4.2.1.jar:4.2.1] 
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:805) [httpclient-4.2.1.jar:4.2.1] 
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:784) [httpclient-4.2.1.jar:4.2.1] 
at org.keycloak.adapters.ServerRequest.invokeAccessCodeToToken(ServerRequest.java:116) [keycloak-adapter-core-1.0.4.Final.jar:] 
at org.keycloak.adapters.ServerRequest.invokeAccessCodeToToken(ServerRequest.java:93) [keycloak-adapter-core-1.0.4.Final.jar:] 
at org.keycloak.adapters.OAuthRequestAuthenticator.resolveCode(OAuthRequestAuthenticator.java:256) [keycloak-adapter-core-1.0.4.Final.jar:] 
at org.keycloak.adapters.OAuthRequestAuthenticator.authenticate(OAuthRequestAuthenticator.java:205) [keycloak-adapter-core-1.0.4.Final.jar:] 
at org.keycloak.adapters.RequestAuthenticator.authenticate(RequestAuthenticator.java:68) [keycloak-adapter-core-1.0.4.Final.jar:] 
at org.keycloak.adapters.undertow.UndertowKeycloakAuthMech.keycloakAuthenticate(UndertowKeycloakAuthMech.java:82) [keycloak-undertow-adapter-1.0.4.Final.jar:] 
at org.keycloak.adapters.undertow.ServletKeycloakAuthMech.authenticate(ServletKeycloakAuthMech.java:61) [keycloak-undertow-adapter-1.0.4.Final.jar:] 
at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:281) [undertow-core-1.0.0.Final.jar:1.0.0.Final] 
at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:298) [undertow-core-1.0.0.Final.jar:1.0.0.Final] 
at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.access$100(SecurityContextImpl.java:268) [undertow-core-1.0.0.Final.jar:1.0.0.Final] 
at io.undertow.security.impl.SecurityContextImpl.attemptAuthentication(SecurityContextImpl.java:131) [undertow-core-1.0.0.Final.jar:1.0.0.Final] 
at io.undertow.security.impl.SecurityContextImpl.authTransition(SecurityContextImpl.java:106) [undertow-core-1.0.0.Final.jar:1.0.0.Final] 
at io.undertow.security.impl.SecurityContextImpl.authenticate(SecurityContextImpl.java:99) [undertow-core-1.0.0.Final.jar:1.0.0.Final] 
at io.undertow.security.handlers.AuthenticationCallHandler.handleRequest(AuthenticationCallHandler.java:50) [undertow-core-1.0.0.Final.jar:1.0.0.Final] 
at io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:51) [undertow-core-1.0.0.Final.jar:1.0.0.Final] 
at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:45) [undertow-core-1.0.0.Final.jar:1.0.0.Final] 
at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:61) [undertow-servlet-1.0.0 
at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:56) [undertow-servlet-1.0.0.Final.jar:1.0 
at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58) [undertow-core-1.0.0.Final.jar:1.0.0.Final] 
at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:70) [undertow-servlet-1.0.0.Final.jar:1 
at io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76) [undertow-core-1.0.0.Final.jar:1.0.0.Final] 
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) [undertow-core-1.0.0.Final.jar:1.0.0.Final] 
at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61) 
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) [undertow-core-1.0.0.Final.jar:1.0.0.Final] 
at org.keycloak.adapters.undertow.ServletPreAuthActionsHandler.handleRequest(ServletPreAuthActionsHandler.java:69) [keycloak-undertow-adapter-1.0.4.Final.jar:] 
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) [undertow-core-1.0.0.Final.jar:1.0.0.Final] 
at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:240) [undertow-servlet-1.0.0.Final.jar:1.0.0.Final] 
at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:227) [undertow-servlet-1.0.0.Final.jar:1.0.0.Final] 
at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:73) [undertow-servlet-1.0.0.Final.jar:1.0.0.Final] 
at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:146) [undertow-servlet-1.0.0.Final.jar:1.0.0.Final] 
at io.undertow.server.Connectors.executeRootHandler(Connectors.java:168) [undertow-core-1.0.0.Final.jar:1.0.0.Final] 
at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:687) [undertow-core-1.0.0.Final.jar:1.0.0.Final] 
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_51] 
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_51] 
at java.lang.Thread.run(Thread.java:744) [rt.jar:1.7.0_51] 
Caused by: java.net.ConnectException: Connection timed out: connect 
at java.net.TwoStacksPlainSocketImpl.socketConnect(Native Method) [rt.jar:1.7.0_51] 
at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:339) [rt.jar:1.7.0_51] 
at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:200) [rt.jar:1.7.0_51] 
at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:182) [rt.jar:1.7.0_51] 
at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:172) [rt.jar:1.7.0_51] 
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392) [rt.jar:1.7.0_51] 
at java.net.Socket.connect(Socket.java:579) [rt.jar:1.7.0_51] 
at sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:618) [jsse.jar:1.7.0_51] 
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:549) [httpclient-4.2.1.jar:4.2.1] 
at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180) [httpclient-4.2.1.jar:4.2.1] 
... 42 more 


Patrick Madden 
Principal Design Engineer 
Tom Sawyer Software 
1997 El Dorado Avenue 
Berkeley, CA 94707 

Cell: +1 (845) 416-4629 
E-mail: pmadden@ tomsawyer.com 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20141203/7fcc4546/attachment-0001.html

More information about the keycloak-user mailing list