<html><body><div style="font-family: Arial; font-size: 12pt; color: #000000"><div>Hi,</div><div><br data-mce-bogus="1"></div><div>We have a standalone keycloak 1.0.4.Final appliance installation that supports SSL. I understand that it uses Wildfly 8.1.0.Final as its core. </div><div><br data-mce-bogus="1"></div><div>We have a Wildfly 8.0.0.Final Domain for testing with a number of cluster nodes all running the same 8.0 Wildfly version with the keycloak 1.0.4.Final adapter installed. The domain is fronted by Apache HTTP that supports SSL. </div><div><br data-mce-bogus="1"></div><div>We are trying to deploy some web applications to the domain to authenticate against keycloak. Things look good at first. Our apps redirect to our Active Directory Realm but upon redirect we get&nbsp;<span style="color: rgb(0, 0, 0); font-family: Times; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; display: inline !important; float: none;" data-mce-style="color: #000000; font-family: Times; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; display: inline !important; float: none;">403 - Forbidden errors. Stack trace is below.&nbsp;</span><br></div><div><span style="color: rgb(0, 0, 0); font-family: Times; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; display: inline !important; float: none;" data-mce-style="color: #000000; font-family: Times; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; display: inline !important; float: none;"><br data-mce-bogus="1"></span></div><div><span style="color: rgb(0, 0, 0); font-family: Times; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; display: inline !important; float: none;" data-mce-style="color: #000000; font-family: Times; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; display: inline !important; float: none;">My question is could the problem be that we have two different versions of undertow core and servlet jars between domain nodes and standalone keycloak? Should we upgrade out testing domain to use 8.1.0.Final? Any thoughts are greatly appreciated! Also what about Wildfly 8.2.0.Final. If I'm going to upgrade my domain I would like to possibly use that. I could rebuild 1.0.4.Final using 8.2.0 artifacts?</span></div><div><span style="color: rgb(0, 0, 0); font-family: Times; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; display: inline !important; float: none;" data-mce-style="color: #000000; font-family: Times; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; display: inline !important; float: none;"><br data-mce-bogus="1"></span></div><div><font face="Times" size="3">Any help is greatly appreciated.</font></div><div><span style="color: rgb(0, 0, 0); font-family: Times; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; display: inline !important; float: none;" data-mce-style="color: #000000; font-family: Times; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; display: inline !important; float: none;">Thanks Patrick<br></span></div><div><span style="color: rgb(0, 0, 0); font-family: Times; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; display: inline !important; float: none;" data-mce-style="color: #000000; font-family: Times; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; display: inline !important; float: none;"><br data-mce-bogus="1"></span></div><div><span style="color: rgb(0, 0, 0); font-family: Times; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; display: inline !important; float: none;" data-mce-style="color: #000000; font-family: Times; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; display: inline !important; float: none;">This is the error we see on our domain controller node:</span></div><div><span style="color: rgb(0, 0, 0); font-family: Times; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; display: inline !important; float: none;" data-mce-style="color: #000000; font-family: Times; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; display: inline !important; float: none;"><br>2014-12-03 07:48:08,718 ERROR [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-13) failed to turn code into token: org.apache.http.conn.HttpHostConnectExceptionentity.testing.tomsawyer.com refused<br> at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:190) [httpclient-4.2.1.jar:4.2.1]<br> at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:151) [httpclient-4.2.1.jar:4.2.1]<br> at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:125) [httpclient-4.2.1.jar:4.2.1]<br> at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:640) [httpclient-4.2.1.jar:4.2.1]<br> at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:479) [httpclient-4.2.1.jar:4.2.1]<br> at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906) [httpclient-4.2.1.jar:4.2.1]<br> at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:805) [httpclient-4.2.1.jar:4.2.1]<br> at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:784) [httpclient-4.2.1.jar:4.2.1]<br> at org.keycloak.adapters.ServerRequest.invokeAccessCodeToToken(ServerRequest.java:116) [keycloak-adapter-core-1.0.4.Final.jar:]<br> at org.keycloak.adapters.ServerRequest.invokeAccessCodeToToken(ServerRequest.java:93) [keycloak-adapter-core-1.0.4.Final.jar:]<br> at org.keycloak.adapters.OAuthRequestAuthenticator.resolveCode(OAuthRequestAuthenticator.java:256) [keycloak-adapter-core-1.0.4.Final.jar:]<br> at org.keycloak.adapters.OAuthRequestAuthenticator.authenticate(OAuthRequestAuthenticator.java:205) [keycloak-adapter-core-1.0.4.Final.jar:]<br> at org.keycloak.adapters.RequestAuthenticator.authenticate(RequestAuthenticator.java:68) [keycloak-adapter-core-1.0.4.Final.jar:]<br> at org.keycloak.adapters.undertow.UndertowKeycloakAuthMech.keycloakAuthenticate(UndertowKeycloakAuthMech.java:82) [keycloak-undertow-adapter-1.0.4.Final.jar:]<br> at org.keycloak.adapters.undertow.ServletKeycloakAuthMech.authenticate(ServletKeycloakAuthMech.java:61) [keycloak-undertow-adapter-1.0.4.Final.jar:]<br> at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:281) [undertow-core-1.0.0.Final.jar:1.0.0.Final]<br> at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:298) [undertow-core-1.0.0.Final.jar:1.0.0.Final]<br> at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.access$100(SecurityContextImpl.java:268) [undertow-core-1.0.0.Final.jar:1.0.0.Final]<br> at io.undertow.security.impl.SecurityContextImpl.attemptAuthentication(SecurityContextImpl.java:131) [undertow-core-1.0.0.Final.jar:1.0.0.Final]<br> at io.undertow.security.impl.SecurityContextImpl.authTransition(SecurityContextImpl.java:106) [undertow-core-1.0.0.Final.jar:1.0.0.Final]<br> at io.undertow.security.impl.SecurityContextImpl.authenticate(SecurityContextImpl.java:99) [undertow-core-1.0.0.Final.jar:1.0.0.Final]<br> at io.undertow.security.handlers.AuthenticationCallHandler.handleRequest(AuthenticationCallHandler.java:50) [undertow-core-1.0.0.Final.jar:1.0.0.Final]<br> at io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:51) [undertow-core-1.0.0.Final.jar:1.0.0.Final]<br> at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:45) [undertow-core-1.0.0.Final.jar:1.0.0.Final]<br> at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:61) [undertow-servlet-1.0.0<br> at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:56) [undertow-servlet-1.0.0.Final.jar:1.0<br> at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58) [undertow-core-1.0.0.Final.jar:1.0.0.Final]<br> at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:70) [undertow-servlet-1.0.0.Final.jar:1<br> at io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76) [undertow-core-1.0.0.Final.jar:1.0.0.Final]<br> at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) [undertow-core-1.0.0.Final.jar:1.0.0.Final]<br> at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)<br> at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) [undertow-core-1.0.0.Final.jar:1.0.0.Final]<br> at org.keycloak.adapters.undertow.ServletPreAuthActionsHandler.handleRequest(ServletPreAuthActionsHandler.java:69) [keycloak-undertow-adapter-1.0.4.Final.jar:]<br> at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) [undertow-core-1.0.0.Final.jar:1.0.0.Final]<br> at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:240) [undertow-servlet-1.0.0.Final.jar:1.0.0.Final]<br> at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:227) [undertow-servlet-1.0.0.Final.jar:1.0.0.Final]<br> at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:73) [undertow-servlet-1.0.0.Final.jar:1.0.0.Final]<br> at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:146) [undertow-servlet-1.0.0.Final.jar:1.0.0.Final]<br> at io.undertow.server.Connectors.executeRootHandler(Connectors.java:168) [undertow-core-1.0.0.Final.jar:1.0.0.Final]<br> at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:687) [undertow-core-1.0.0.Final.jar:1.0.0.Final]<br> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_51]<br> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_51]<br> at java.lang.Thread.run(Thread.java:744) [rt.jar:1.7.0_51]<br>Caused by: java.net.ConnectException: Connection timed out: connect<br> at java.net.TwoStacksPlainSocketImpl.socketConnect(Native Method) [rt.jar:1.7.0_51]<br> at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:339) [rt.jar:1.7.0_51]<br> at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:200) [rt.jar:1.7.0_51]<br> at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:182) [rt.jar:1.7.0_51]<br> at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:172) [rt.jar:1.7.0_51]<br> at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392) [rt.jar:1.7.0_51]<br> at java.net.Socket.connect(Socket.java:579) [rt.jar:1.7.0_51]<br> at sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:618) [jsse.jar:1.7.0_51]<br> at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:549) [httpclient-4.2.1.jar:4.2.1]<br> at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180) [httpclient-4.2.1.jar:4.2.1]<br> ... 42 more<br><br></span></div><div><br></div><div data-marker="__SIG_PRE__"><div><span data-mce-style="font-family: Arial; font-size: small;" style="font-family: Arial; font-size: small;" size="2"><span data-mce-style="font-family: Arial; font-size: small;" style="font-family: Arial; font-size: small;" size="2"><span style="font-family: tahoma, 'new york', times, serif; " data-mce-style="font-family: tahoma, 'new york', times, serif;"><strong style="background-color: #fdfdfd;" data-mce-style="background-color: #fdfdfd;">Patrick Madden</strong><span style="background-color: #fdfdfd;" data-mce-style="background-color: #fdfdfd;">&nbsp;</span><br style="background-color: #fdfdfd;" data-mce-style="background-color: #fdfdfd;"><span style="background-color: #fdfdfd;" data-mce-style="background-color: #fdfdfd;">Principal Design Engineer</span><span style="background-color: #fdfdfd;" data-mce-style="background-color: #fdfdfd;">&nbsp;</span><br style="background-color: #fdfdfd;" data-mce-style="background-color: #fdfdfd;"><strong style="background-color: #fdfdfd;" data-mce-style="background-color: #fdfdfd;"><span class="Object" id="OBJ_PREFIX_DWT1942_com_zimbra_url" style="color: #336699; cursor: pointer;" data-mce-style="color: #336699; cursor: pointer;"><span class="Object" id="OBJ_PREFIX_DWT1946_com_zimbra_url" style="cursor: pointer;" data-mce-style="cursor: pointer;"><span class="Object" id="OBJ_PREFIX_DWT2020_com_zimbra_url" style="cursor: pointer;" data-mce-style="cursor: pointer;"><span class="Object" id="OBJ_PREFIX_DWT2031_com_zimbra_url" style="cursor: pointer;" data-mce-style="cursor: pointer;"><span class="Object" id="OBJ_PREFIX_DWT65_com_zimbra_url" style="cursor: pointer;" data-mce-style="cursor: pointer;"><a href="http://www.tomsawyer.com/" target="_blank" style="color: #336699; text-decoration: none; cursor: pointer;" data-mce-href="http://www.tomsawyer.com/" data-mce-style="color: #336699; text-decoration: none; cursor: pointer;">Tom Sawyer Software</a></span></span></span></span></span></strong><br style="background-color: #fdfdfd;" data-mce-style="background-color: #fdfdfd;"></span></span></span></div><div style="background-color: #fdfdfd;" data-mce-style="background-color: #fdfdfd;"><span style="font-family: tahoma, 'new york', times, serif;" data-mce-style="font-family: tahoma, 'new york', times, serif;">1997 El Dorado Avenue</span></div><div><span style="font-family: tahoma, 'new york', times, serif; font-size: small;" size="2" data-mce-style="font-family: tahoma, 'new york', times, serif; font-size: small;"><span style="font-size: small;" size="2" data-mce-style="font-size: small;"></span></span></div><div style="background-color: #fdfdfd;" data-mce-style="background-color: #fdfdfd;"><span style="font-family: tahoma, 'new york', times, serif;" data-mce-style="font-family: tahoma, 'new york', times, serif;">Berkeley, CA 94707</span></div><div><span data-mce-style="font-family: Arial; font-size: small;" style="font-family: Arial; font-size: small;" size="2"><span data-mce-style="font-family: Arial; font-size: small;" style="font-family: Arial; font-size: small;" size="2"><span style="font-family: tahoma, 'new york', times, serif; " data-mce-style="font-family: tahoma, 'new york', times, serif;"></span></span></span></div><div style="background-color: #fdfdfd;" data-mce-style="background-color: #fdfdfd;"><br></div><div style="background-color: #fdfdfd;" data-mce-style="background-color: #fdfdfd;"><span class="Object" id="OBJ_PREFIX_DWT1943_com_zimbra_phone" style="color: #336699; cursor: pointer;" data-mce-style="color: #336699; cursor: pointer;"></span></div><div style="background-color: #fdfdfd;" data-mce-style="background-color: #fdfdfd;">Cell: <span style="font-family: arial, helvetica, sans-serif; color: rgb(51, 102, 153);" data-mce-style="font-family: arial, helvetica, sans-serif; color: #336699;"><a data-mce-href="callto:+1%20(845)%20416-4629" href="callto:+1%20(845)%20416-4629" target="_blank"><span style="color: rgb(51, 102, 153);" data-mce-style="color: #336699;">+1 (845) 416-4629</span></a></span><br>E-mail: <span style="color: rgb(51, 102, 153);" data-mce-style="color: #336699;"><a data-mce-href="mailto:pmadden@tomsawyer.com" href="mailto:pmadden@tomsawyer.com" target="_blank"><span style="color: rgb(51, 102, 153);" data-mce-style="color: #336699;">pmadden@<span class="Object" id="OBJ_PREFIX_DWT1945_com_zimbra_email" style="color: #336699; cursor: pointer;" data-mce-style="color: #336699; cursor: pointer;"><span class="Object" id="OBJ_PREFIX_DWT1947_com_zimbra_email" style="cursor: pointer;" data-mce-style="cursor: pointer;"><span class="Object" id="OBJ_PREFIX_DWT2021_com_zimbra_email" style="cursor: pointer;" data-mce-style="cursor: pointer;"><span class="Object" id="OBJ_PREFIX_DWT2032_com_zimbra_email" style="cursor: pointer;" data-mce-style="cursor: pointer;"><span class="Object" id="OBJ_PREFIX_DWT66_com_zimbra_email" style="cursor: pointer;" data-mce-style="cursor: pointer;">tomsawyer.com</span></span></span></span></span></span></a></span>&nbsp;</div><div style="background-color: #fdfdfd;" data-mce-style="background-color: #fdfdfd;"><br></div><div><span data-mce-style="font-family: Arial; font-size: small;" style="font-family: Arial; font-size: small;" size="2"><span style="font-family: tahoma, 'new york', times, serif; " data-mce-style="font-family: tahoma, 'new york', times, serif;"><br></span></span></div></div></div></body></html>