[keycloak-user] org.apache.catalina.authenticator.FormAuthenticator.forwardToLoginPage No login page was defined for FORM authentication in context

Kevin Cuijpers Kevin.Cuijpers at mips.be
Wed Jul 26 07:51:08 EDT 2017 

I have tried to use the same setup with Tomcat 7.0.65 with the SAML 2.0 Client Adapter for Tomcat 7 and there the example works. I am able to log in and see my account settings as expected so it is indeed related to Tomcat 8.

When I look at the source of the SAML 2.0 Client Adapter for Tomcat 8 I see:
public class KeycloakAuthenticatorValve extends AbstractKeycloakAuthenticatorValve {

    /**
     * Method called by Tomcat < 8.5.5
     */
    public boolean authenticate(Request request, HttpServletResponse response) throws IOException {
       return authenticateInternal(request, response, request.getContext().getLoginConfig());
    }

    /**
     * Method called by Tomcat >= 8.5.5
     */
    protected boolean doAuthenticate(Request request, HttpServletResponse response) throws IOException {
       return this.authenticate(request, response);
    }

So the fix mentioned in https://issues.jboss.org/browse/KEYCLOAK-3669?attachmentViewMode=list
Is in it, but is not solving the problem.
Can anyone please help?

Kevin

From: Kevin Cuijpers
Sent: Monday, July 24, 2017 4:19 PM
To: 'keycloak-user at lists.jboss.org' <keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>>
Subject: org.apache.catalina.authenticator.FormAuthenticator.forwardToLoginPage No login page was defined for FORM authentication in context

Hello,

I am trying to use the SAML 2.0 Client Adapter for Tomcat 8.5.8. I downloaded keycloak-saml-tomcat8-adapter-dist-3.2.1.Final and installed it in the lib folder of Tomcat.

I followed the instructions from app-profile-saml-jee-jsp quickstart to set up the Client.

I added following context.xml:
<Context path="app">
    <WatchedResource>WEB-INF/web.xml</WatchedResource>
    <WatchedResource>${catalina.base}/conf/web.xml</WatchedResource>

    <!-- Required for KeyCloak -->
    <Valve className="org.keycloak.adapters.saml.tomcat.SamlAuthenticatorValve"/>
</Context>

I copied the files from app-profile-saml-jee-jsp quickstart into a separate project (see attached demo.zip) to make the war.

Tomcat starts up correctly and I see the Please login page when I go to http://localhost:8080/app/

When I click on LOGIN I get a 500 error page and following error:
org.apache.catalina.authenticator.FormAuthenticator.forwardToLoginPage No login page was defined for FORM authentication in context [/app]

I found an old mailing with similar problem:
http://lists.jboss.org/pipermail/keycloak-user/2016-November/008380.html

pointing to an issue that should have been solved:
https://issues.jboss.org/browse/KEYCLOAK-3669?attachmentViewMode=list

It is unclear what I need to do to make this simple example work or what needs to be changed to the adapter.

Please help.

Kevin Cuijpers

More information about the keycloak-user mailing list