[keycloak-user] Why doesn't the login module get called on Wildfly with Keycloak?

[Linda Sauder]

We have a Wildfly 10 AS, and we have the Keycloak 4.1 SAML Adapter installed according to the description in §3.1.2 of the Keycloak documentation<https://www.keycloak.org/docs/latest/securing_apps/index.html#jboss-eap-wildfly-adapter-2>



That means, our standalone.xml has
·         loaded the org.keycloak.keycloak-saml-adapter-subsystem extension
·         added the urn:jboss:domain:keycloak-saml:1.1 subsystem to our server's profile
·         defined a security domain (although in our case it's not called keycloak)
·         defined org.keycloak.adapters.jboss.KeycloakLoginModule as a <login-module> on that domain


Furthermore, we have an Application.war, which
·         contains some HTML to deliver
·         has a keycloak-saml.xml
·         has a jboss-web.xml, configuring the deployment's security-domain to the one defined in standalone.xml
·         has a web.xml which sets the auth-method configured to KEYCLOAK-SAML


And yet, the login module never gets called. Why?

Is there any logging we can enable to shed more light? Any places in undertow, picketlink, or picketbox to set breakpoints?

“Amdocs’ email platform is based on a third-party, worldwide, cloud-based system. Any emails sent to Amdocs will be processed and stored using such system and are accessible by third party providers of such system on a limited basis. Your sending of emails to Amdocs evidences your consent to the use of such system and such processing, storing and access”.