[keycloak-user] failed to turn code into token error
Stian Thorgersen
stian at redhat.com
Thu Dec 4 02:52:54 EST 2014
Hi,
We use the latest version of WildFly for our distribution and will soon upgrade to 8.2.0.Final. I believe Keycloak should run fine on it. That being said there's no reason your applications can't run on 8.0.0.Final with Keycloak itself on 8.1.0.Final.
>From the stacktrace below it looks like there's a timeout from the adapter trying to contact the server, so looks more like a networking issue to me.
----- Original Message -----
> From: "Patrick V. Madden" <pmadden at tomsawyer.com>
> To: keycloak-user at lists.jboss.org
> Sent: Wednesday, 3 December, 2014 5:35:16 PM
> Subject: [keycloak-user] failed to turn code into token error
>
> Hi,
>
> We have a standalone keycloak 1.0.4.Final appliance installation that
> supports SSL. I understand that it uses Wildfly 8.1.0.Final as its core.
>
> We have a Wildfly 8.0.0.Final Domain for testing with a number of cluster
> nodes all running the same 8.0 Wildfly version with the keycloak 1.0.4.Final
> adapter installed. The domain is fronted by Apache HTTP that supports SSL.
>
> We are trying to deploy some web applications to the domain to authenticate
> against keycloak. Things look good at first. Our apps redirect to our Active
> Directory Realm but upon redirect we get 403 - Forbidden errors. Stack trace
> is below.
>
> My question is could the problem be that we have two different versions of
> undertow core and servlet jars between domain nodes and standalone keycloak?
> Should we upgrade out testing domain to use 8.1.0.Final? Any thoughts are
> greatly appreciated! Also what about Wildfly 8.2.0.Final. If I'm going to
> upgrade my domain I would like to possibly use that. I could rebuild
> 1.0.4.Final using 8.2.0 artifacts?
>
> Any help is greatly appreciated.
> Thanks Patrick
>
> This is the error we see on our domain controller node:
>
> 2014-12-03 07:48:08,718 ERROR
> [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-13) failed
> to turn code into token:
> org.apache.http.conn.HttpHostConnectExceptionentity.testing.tomsawyer.com
> refused
> at
> org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:190)
> [httpclient-4.2.1.jar:4.2.1]
> at
> org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:151)
> [httpclient-4.2.1.jar:4.2.1]
> at
> org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:125)
> [httpclient-4.2.1.jar:4.2.1]
> at
> org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:640)
> [httpclient-4.2.1.jar:4.2.1]
> at
> org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:479)
> [httpclient-4.2.1.jar:4.2.1]
> at
> org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906)
> [httpclient-4.2.1.jar:4.2.1]
> at
> org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:805)
> [httpclient-4.2.1.jar:4.2.1]
> at
> org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:784)
> [httpclient-4.2.1.jar:4.2.1]
> at
> org.keycloak.adapters.ServerRequest.invokeAccessCodeToToken(ServerRequest.java:116)
> [keycloak-adapter-core-1.0.4.Final.jar:]
> at
> org.keycloak.adapters.ServerRequest.invokeAccessCodeToToken(ServerRequest.java:93)
> [keycloak-adapter-core-1.0.4.Final.jar:]
> at
> org.keycloak.adapters.OAuthRequestAuthenticator.resolveCode(OAuthRequestAuthenticator.java:256)
> [keycloak-adapter-core-1.0.4.Final.jar:]
> at
> org.keycloak.adapters.OAuthRequestAuthenticator.authenticate(OAuthRequestAuthenticator.java:205)
> [keycloak-adapter-core-1.0.4.Final.jar:]
> at
> org.keycloak.adapters.RequestAuthenticator.authenticate(RequestAuthenticator.java:68)
> [keycloak-adapter-core-1.0.4.Final.jar:]
> at
> org.keycloak.adapters.undertow.UndertowKeycloakAuthMech.keycloakAuthenticate(UndertowKeycloakAuthMech.java:82)
> [keycloak-undertow-adapter-1.0.4.Final.jar:]
> at
> org.keycloak.adapters.undertow.ServletKeycloakAuthMech.authenticate(ServletKeycloakAuthMech.java:61)
> [keycloak-undertow-adapter-1.0.4.Final.jar:]
> at
> io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:281)
> [undertow-core-1.0.0.Final.jar:1.0.0.Final]
> at
> io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:298)
> [undertow-core-1.0.0.Final.jar:1.0.0.Final]
> at
> io.undertow.security.impl.SecurityContextImpl$AuthAttempter.access$100(SecurityContextImpl.java:268)
> [undertow-core-1.0.0.Final.jar:1.0.0.Final]
> at
> io.undertow.security.impl.SecurityContextImpl.attemptAuthentication(SecurityContextImpl.java:131)
> [undertow-core-1.0.0.Final.jar:1.0.0.Final]
> at
> io.undertow.security.impl.SecurityContextImpl.authTransition(SecurityContextImpl.java:106)
> [undertow-core-1.0.0.Final.jar:1.0.0.Final]
> at
> io.undertow.security.impl.SecurityContextImpl.authenticate(SecurityContextImpl.java:99)
> [undertow-core-1.0.0.Final.jar:1.0.0.Final]
> at
> io.undertow.security.handlers.AuthenticationCallHandler.handleRequest(AuthenticationCallHandler.java:50)
> [undertow-core-1.0.0.Final.jar:1.0.0.Final]
> at
> io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:51)
> [undertow-core-1.0.0.Final.jar:1.0.0.Final]
> at
> io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:45)
> [undertow-core-1.0.0.Final.jar:1.0.0.Final]
> at
> io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:61)
> [undertow-servlet-1.0.0
> at
> io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:56)
> [undertow-servlet-1.0.0.Final.jar:1.0
> at
> io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58)
> [undertow-core-1.0.0.Final.jar:1.0.0.Final]
> at
> io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:70)
> [undertow-servlet-1.0.0.Final.jar:1
> at
> io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76)
> [undertow-core-1.0.0.Final.jar:1.0.0.Final]
> at
> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25)
> [undertow-core-1.0.0.Final.jar:1.0.0.Final]
> at
> org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
> at
> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25)
> [undertow-core-1.0.0.Final.jar:1.0.0.Final]
> at
> org.keycloak.adapters.undertow.ServletPreAuthActionsHandler.handleRequest(ServletPreAuthActionsHandler.java:69)
> [keycloak-undertow-adapter-1.0.4.Final.jar:]
> at
> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25)
> [undertow-core-1.0.0.Final.jar:1.0.0.Final]
> at
> io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:240)
> [undertow-servlet-1.0.0.Final.jar:1.0.0.Final]
> at
> io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:227)
> [undertow-servlet-1.0.0.Final.jar:1.0.0.Final]
> at
> io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:73)
> [undertow-servlet-1.0.0.Final.jar:1.0.0.Final]
> at
> io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:146)
> [undertow-servlet-1.0.0.Final.jar:1.0.0.Final]
> at io.undertow.server.Connectors.executeRootHandler(Connectors.java:168)
> [undertow-core-1.0.0.Final.jar:1.0.0.Final]
> at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:687)
> [undertow-core-1.0.0.Final.jar:1.0.0.Final]
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
> [rt.jar:1.7.0_51]
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
> [rt.jar:1.7.0_51]
> at java.lang.Thread.run(Thread.java:744) [rt.jar:1.7.0_51]
> Caused by: java.net.ConnectException: Connection timed out: connect
> at java.net.TwoStacksPlainSocketImpl.socketConnect(Native Method)
> [rt.jar:1.7.0_51]
> at
> java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:339)
> [rt.jar:1.7.0_51]
> at
> java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:200)
> [rt.jar:1.7.0_51]
> at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:182)
> [rt.jar:1.7.0_51]
> at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:172)
> [rt.jar:1.7.0_51]
> at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
> [rt.jar:1.7.0_51]
> at java.net.Socket.connect(Socket.java:579) [rt.jar:1.7.0_51]
> at sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:618)
> [jsse.jar:1.7.0_51]
> at
> org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:549)
> [httpclient-4.2.1.jar:4.2.1]
> at
> org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180)
> [httpclient-4.2.1.jar:4.2.1]
> ... 42 more
>
>
> Patrick Madden
> Principal Design Engineer
> Tom Sawyer Software
> 1997 El Dorado Avenue
> Berkeley, CA 94707
>
> Cell: +1 (845) 416-4629
> E-mail: pmadden@ tomsawyer.com
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list