<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<br>
<font face="Helvetica, Arial, sans-serif">Hi guys</font>,<br>
<br>
Struggling with an odd problem here - will try my best to explain.
Scenario is as follows (KC 1.1.Beta2 / Wildfly 8.2.0.Final)...<br>
<ul>
<li>KeyCloak running on 'host1', app is running on 'host2' (with
multi-tenancy)<br>
</li>
<li>Created a user with credentials.</li>
<li>Checked that user login/logout/timeout works fine - it does. <br>
</li>
<li>Leave the user logged out.<br>
</li>
<li>From the KeyCloak user interface on host1 I update the user to
'Email verified' = 'Off' and required user action to 'Verify
email'</li>
<li>On next login attempt app landing page redirects to KeyCloak
login page <b>- as expected</b>.<br>
</li>
<li>After I enter username/password I get the 'EMAIL VERIFICATION'
page and receive an email with a verification link<b> </b><b>-
as expected</b>.</li>
<li>Following the email link verifies the KC user account (now
'Email verified' = 'On' and required user actions are empty)<b>
- as expected</b>.</li>
<li>KeyCloak redirects back to the correct app landing page on
'host2' <b>- as expected</b>.</li>
<li>User is now authenticated but no principal or roles have been
propagated to the app (principal is 'anonymous').</li>
<li>An exception (see below) is logged by the KeyCloak adapter on
'host2'</li>
</ul>
<p>Can't find any similar issues in JIRA/mailing lists - any
thoughts ? Or where I should be looking for more detail to clarify
this ?<br>
</p>
<p>best rgds</p>
<p>Steve F.</p>
<p><br>
THIS EXCEPTION IS LOGGED ON THE APP HOST<br>
</p>
2015-01-26 11:00:00,006 ERROR
[org.keycloak.adapters.OAuthRequestAuthenticator] (default task-21)
failed to turn code into token: java.net.SocketException: Connection
reset<br>
at java.net.SocketInputStream.read(SocketInputStream.java:196)
[rt.jar:1.7.0_51]<br>
at java.net.SocketInputStream.read(SocketInputStream.java:122)
[rt.jar:1.7.0_51]<br>
at sun.security.ssl.InputRecord.readFully(InputRecord.java:442)
[jsse.jar:1.7.0_51]<br>
at sun.security.ssl.InputRecord.read(InputRecord.java:480)
[jsse.jar:1.7.0_51]<br>
at
sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:927)
[jsse.jar:1.7.0_51]<br>
at
sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:884)
[jsse.jar:1.7.0_51]<br>
at sun.security.ssl.AppInputStream.read(AppInputStream.java:102)
[jsse.jar:1.7.0_51]<br>
at
org.apache.http.impl.io.AbstractSessionInputBuffer.fillBuffer(AbstractSessionInputBuffer.java:166)<br>
at
org.apache.http.impl.io.SocketInputBuffer.fillBuffer(SocketInputBuffer.java:90)<br>
at
org.apache.http.impl.io.AbstractSessionInputBuffer.readLine(AbstractSessionInputBuffer.java:281)<br>
at
org.apache.http.impl.conn.DefaultHttpResponseParser.parseHead(DefaultHttpResponseParser.java:92)<br>
at
org.apache.http.impl.conn.DefaultHttpResponseParser.parseHead(DefaultHttpResponseParser.java:62)<br>
at
org.apache.http.impl.io.AbstractMessageParser.parse(AbstractMessageParser.java:254)<br>
at
org.apache.http.impl.AbstractHttpClientConnection.receiveResponseHeader(AbstractHttpClientConnection.java:289)<br>
at
org.apache.http.impl.conn.DefaultClientConnection.receiveResponseHeader(DefaultClientConnection.java:252)<br>
at
org.apache.http.impl.conn.AbstractClientConnAdapter.receiveResponseHeader(AbstractClientConnAdapter.java:219)<br>
at
org.apache.http.protocol.HttpRequestExecutor.doReceiveResponse(HttpRequestExecutor.java:300)<br>
at
org.apache.http.protocol.HttpRequestExecutor.execute(HttpRequestExecutor.java:127)<br>
at
org.apache.http.impl.client.DefaultRequestDirector.tryExecute(DefaultRequestDirector.java:712)<br>
at
org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:517)<br>
at
org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906)<br>
at
org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:805)<br>
at
org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:784)<br>
at
org.keycloak.adapters.ServerRequest.invokeAccessCodeToToken(ServerRequest.java:122)
[keycloak-adapter-core-1.1.0.Beta2.jar:1.1.0.Beta2]<br>
at
org.keycloak.adapters.ServerRequest.invokeAccessCodeToToken(ServerRequest.java:95)
[keycloak-adapter-core-1.1.0.Beta2.jar:1.1.0.Beta2]<br>
at
org.keycloak.adapters.OAuthRequestAuthenticator.resolveCode(OAuthRequestAuthenticator.java:261)
[keycloak-adapter-core-1.1.0.Beta2.jar:1.1.0.Beta2]<br>
at
org.keycloak.adapters.OAuthRequestAuthenticator.authenticate(OAuthRequestAuthenticator.java:208)
[keycloak-adapter-core-1.1.0.Beta2.jar:1.1.0.Beta2]<br>
at
org.keycloak.adapters.RequestAuthenticator.authenticate(RequestAuthenticator.java:90)
[keycloak-adapter-core-1.1.0.Beta2.jar:1.1.0.Beta2]<br>
at
org.keycloak.adapters.undertow.AbstractUndertowKeycloakAuthMech.keycloakAuthenticate(AbstractUndertowKeycloakAuthMech.java:93)
[keycloak-undertow-adapter-1.1.0.Beta2.jar:1.1.0.Beta2]<br>
at
org.keycloak.adapters.undertow.ServletKeycloakAuthMech.authenticate(ServletKeycloakAuthMech.java:60)
[keycloak-undertow-adapter-1.1.0.Beta2.jar:1.1.0.Beta2]<br>
at
io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:281)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]<br>
at
io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:298)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]<br>
at
io.undertow.security.impl.SecurityContextImpl$AuthAttempter.access$100(SecurityContextImpl.java:268)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]<br>
at
io.undertow.security.impl.SecurityContextImpl.attemptAuthentication(SecurityContextImpl.java:131)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]<br>
at
io.undertow.security.impl.SecurityContextImpl.authTransition(SecurityContextImpl.java:106)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]<br>
at
io.undertow.security.impl.SecurityContextImpl.authenticate(SecurityContextImpl.java:99)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]<br>
at
io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:54)
[undertow-servlet-1.1.0.Final.jar:1.1.0.Final]<br>
at
io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:33)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]<br>
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]<br>
at
io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:51)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]<br>
at
io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:45)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]<br>
at
io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:63)
[undertow-servlet-1.1.0.Final.jar:1.1.0.Final]<br>
at
io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:56)
[undertow-servlet-1.1.0.Final.jar:1.1.0.Final]<br>
at
io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]<br>
at
io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:70)
[undertow-servlet-1.1.0.Final.jar:1.1.0.Final]<br>
at
io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]<br>
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]<br>
at
org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)<br>
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]<br>
at
org.keycloak.adapters.undertow.ServletPreAuthActionsHandler.handleRequest(ServletPreAuthActionsHandler.java:69)
[keycloak-undertow-adapter-1.1.0.Beta2.jar:1.1.0.Beta2]<br>
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]<br>
at
io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:261)
[undertow-servlet-1.1.0.Final.jar:1.1.0.Final]<br>
at
io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:247)
[undertow-servlet-1.1.0.Final.jar:1.1.0.Final]<br>
at
io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:76)
[undertow-servlet-1.1.0.Final.jar:1.1.0.Final]<br>
at
io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:166)
[undertow-servlet-1.1.0.Final.jar:1.1.0.Final]<br>
at
io.undertow.server.Connectors.executeRootHandler(Connectors.java:197)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]<br>
at
io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:759)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]<br>
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
[rt.jar:1.7.0_51]<br>
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
[rt.jar:1.7.0_51]<br>
at java.lang.Thread.run(Thread.java:744) [rt.jar:1.7.0_51]<br>
<div class="moz-signature">-- <br>
===================================================
<p><b>Stephen Flynn</b></p>
<p><b>Director, JF Technology (UK) Ltd</b></p>
<div>
<table style="font-size:smaller; font-family:monospace;">
<tbody>
<tr>
<td style="font-style:italic;text-align:right;">Cell (UK)
: </td>
<td>+44 7768 003 882</td>
</tr>
<tr>
<td style="font-style:italic;text-align:right;">Phone : </td>
<td>+44 20 7833 8346</td>
</tr>
<tr>
<td style="font-style:italic;text-align:right;">IM : </td>
<td><a class="moz-txt-link-abbreviated" href="mailto:xmpp:stephen.flynn@jftechnology.com">xmpp:stephen.flynn@jftechnology.com</a></td>
</tr>
<tr>
<td style="font-style:italic;text-align:right;">IM : </td>
<td><a class="moz-txt-link-abbreviated" href="mailto:aim:stephen.flynn@jftechnology.com">aim:stephen.flynn@jftechnology.com</a></td>
</tr>
<tr>
<td style="font-style:italic;text-align:right;">Website :
</td>
<td><a href="http://www.jftechnology.com">http://www.jftechnology.com</a></td>
</tr>
<tr>
<td style="font-style:italic;text-align:right;">Tech
support : </td>
<td><a href="mailto:support@jftechnology.com">support@jftechnology.com</a></td>
</tr>
</tbody>
</table>
===================================================
<table>
</table>
</div>
</div>
</body>
</html>