<div dir="ltr">Well in lieu of all the fancy NGINX configuration I found it was simply putting KEYCLOAK to accept NON-SSL connections internally because the connection from NGINX to KEYCLOAK itself is over HTTP. We were able to remove all the special headers instructions in NGINX.<div><br></div><div>Thanks for you help through it, sometimes walking away for lunch is the best idea ;-)</div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr">On Thu, Jan 14, 2016 at 12:28 PM Christopher Wallace &lt;<a href="mailto:cjwallac@gmail.com">cjwallac@gmail.com</a>&gt; wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Again Marko Thanks for the information! <div><br></div><div>We did already configure our standalone server like this. What I did find is that we updated the .JS adapter script and enable CORS <a href="http://serverfault.com/questions/162429/how-do-i-add-access-control-allow-origin-in-nginx" target="_blank">http://serverfault.com/questions/162429/how-do-i-add-access-control-allow-origin-in-nginx</a> Now we are getting to the TOKEN step in the life cycle </div><div><br></div><div><ol style="min-width:0px;min-height:0px;padding:0px 0px 0px 4px;margin:0px;list-style-type:none;overflow-y:auto;color:rgb(48,57,66);line-height:normal"><ol style="font-family:&#39;Lucida Grande&#39;,sans-serif;font-size:12px;min-width:0px;min-height:0px;list-style-type:none;padding-left:12px;padding-bottom:5px"><li style="min-width:0px;min-height:0px;margin-top:1px;text-overflow:ellipsis;white-space:nowrap;overflow:hidden;margin-left:10px"><div style="min-width:0px;min-height:0px;color:rgb(84,84,84);display:inline-block;margin-right:0.5em;font-weight:bold;vertical-align:top;white-space:pre-wrap">Request URL:</div><div style="min-width:0px;min-height:0px;font-family:Menlo,monospace;white-space:pre-wrap;font-size:11px!important;display:inline;margin-right:1em;word-break:break-all;margin-top:1px"><a href="https://sso2.company.com/auth/realms/master/protocol/openid-connect/token" target="_blank">https://sso2.company.com/auth/realms/master/protocol/openid-connect/token</a></div></li></ol></ol></div></div><div dir="ltr"><div><ol style="min-width:0px;min-height:0px;padding:0px 0px 0px 4px;margin:0px;list-style-type:none;overflow-y:auto;color:rgb(48,57,66);line-height:normal"><ol style="font-family:&#39;Lucida Grande&#39;,sans-serif;font-size:12px;min-width:0px;min-height:0px;list-style-type:none;padding-left:12px;padding-bottom:5px"><li style="min-width:0px;min-height:0px;margin-top:1px;text-overflow:ellipsis;white-space:nowrap;overflow:hidden;margin-left:10px"><div style="min-width:0px;min-height:0px;color:rgb(84,84,84);display:inline-block;margin-right:0.5em;font-weight:bold;vertical-align:top;white-space:pre-wrap">Request Method:</div><div style="min-width:0px;min-height:0px;font-family:Menlo,monospace;white-space:pre-wrap;font-size:11px!important;display:inline;margin-right:1em;word-break:break-all;margin-top:1px">POST</div></li><li style="min-width:0px;min-height:0px;margin-top:1px;text-overflow:ellipsis;white-space:nowrap;overflow:hidden;margin-left:10px"><div style="min-width:0px;min-height:0px;color:rgb(84,84,84);display:inline-block;margin-right:0.5em;font-weight:bold;vertical-align:top;white-space:pre-wrap">Status Code:</div><label style="min-width:0px;min-height:0px;margin-right:3px"><div style="min-width:0px;min-height:0px;width:10px;min-height:10px;margin-right:2px;display:inline-block;background-image:url(&quot;&quot;);background-position:-224px -96px"></div></label><div style="min-width:0px;min-height:0px;font-family:Menlo,monospace;white-space:pre-wrap;font-size:11px!important;display:inline;margin-right:1em;word-break:break-all;margin-top:1px">400 Bad Request</div></li><li style="min-width:0px;min-height:0px;margin-top:1px;text-overflow:ellipsis;white-space:nowrap;overflow:hidden;margin-left:10px"><div style="min-width:0px;min-height:0px;color:rgb(84,84,84);display:inline-block;margin-right:0.5em;font-weight:bold;vertical-align:top;white-space:pre-wrap">Remote Address:</div><div style="min-width:0px;min-height:0px;font-family:Menlo,monospace;white-space:pre-wrap;font-size:11px!important;display:inline;margin-right:1em;word-break:break-all;margin-top:1px"><a href="http://99.99.99.99:443" target="_blank">99.99.99.99:443</a></div></li></ol></ol></div></div><div dir="ltr"><div><ol style="min-width:0px;min-height:0px;padding:0px 0px 0px 4px;margin:0px;list-style-type:none;overflow-y:auto;color:rgb(48,57,66);line-height:normal"><ol style="font-family:&#39;Lucida Grande&#39;,sans-serif;font-size:12px;min-width:0px;min-height:0px;list-style-type:none;padding-left:12px;padding-bottom:5px"></ol><li style="font-family:&#39;Lucida Grande&#39;,sans-serif;font-size:12px;min-width:0px;min-height:0px;text-overflow:ellipsis;white-space:nowrap;overflow:hidden;font-weight:bold;color:rgb(97,97,97);min-height:20px;border-top-style:solid;border-top-width:1px;border-top-color:rgb(224,224,224);display:flex">Response Headers<span style="min-width:0px;min-height:0px;display:inline;margin-left:30px;font-weight:normal;color:rgb(115,115,115)">view source</span></li><ol style="font-family:&#39;Lucida Grande&#39;,sans-serif;font-size:12px;min-width:0px;min-height:0px;list-style-type:none;padding-left:12px;padding-bottom:5px"><li style="min-width:0px;min-height:0px;margin-top:1px;text-overflow:ellipsis;white-space:nowrap;overflow:hidden;margin-left:10px"><div style="min-width:0px;min-height:0px;color:rgb(84,84,84);display:inline-block;margin-right:0.5em;font-weight:bold;vertical-align:top;white-space:pre-wrap">Connection:</div><div style="min-width:0px;min-height:0px;font-family:Menlo,monospace;white-space:pre-wrap;font-size:11px!important;display:inline;margin-right:1em;word-break:break-all;margin-top:1px">keep-alive</div></li><li style="min-width:0px;min-height:0px;margin-top:1px;text-overflow:ellipsis;white-space:nowrap;overflow:hidden;margin-left:10px"><div style="min-width:0px;min-height:0px;color:rgb(84,84,84);display:inline-block;margin-right:0.5em;font-weight:bold;vertical-align:top;white-space:pre-wrap">Content-Type:</div><div style="min-width:0px;min-height:0px;font-family:Menlo,monospace;white-space:pre-wrap;font-size:11px!important;display:inline;margin-right:1em;word-break:break-all;margin-top:1px">application/json</div></li><li style="min-width:0px;min-height:0px;margin-top:1px;text-overflow:ellipsis;white-space:nowrap;overflow:hidden;margin-left:10px"><div style="min-width:0px;min-height:0px;color:rgb(84,84,84);display:inline-block;margin-right:0.5em;font-weight:bold;vertical-align:top;white-space:pre-wrap">Date:</div><div style="min-width:0px;min-height:0px;font-family:Menlo,monospace;white-space:pre-wrap;font-size:11px!important;display:inline;margin-right:1em;word-break:break-all;margin-top:1px">Thu, 14 Jan 2016 17:10:45 GMT</div></li></ol></ol></div></div><div dir="ltr"><div><ol style="min-width:0px;min-height:0px;padding:0px 0px 0px 4px;margin:0px;list-style-type:none;overflow-y:auto;color:rgb(48,57,66);line-height:normal"><ol style="font-family:&#39;Lucida Grande&#39;,sans-serif;font-size:12px;min-width:0px;min-height:0px;list-style-type:none;padding-left:12px;padding-bottom:5px"><li style="min-width:0px;min-height:0px;margin-top:1px;text-overflow:ellipsis;white-space:nowrap;overflow:hidden;margin-left:10px"><div style="min-width:0px;min-height:0px;color:rgb(84,84,84);display:inline-block;margin-right:0.5em;font-weight:bold;vertical-align:top;white-space:pre-wrap">Server:</div><div style="min-width:0px;min-height:0px;font-family:Menlo,monospace;white-space:pre-wrap;font-size:11px!important;display:inline;margin-right:1em;word-break:break-all;margin-top:1px">nginx/1.4.6 (Ubuntu)</div></li><li style="min-width:0px;min-height:0px;margin-top:1px;text-overflow:ellipsis;white-space:nowrap;overflow:hidden;margin-left:10px"><div style="min-width:0px;min-height:0px;color:rgb(84,84,84);display:inline-block;margin-right:0.5em;font-weight:bold;vertical-align:top;white-space:pre-wrap">Transfer-Encoding:</div><div style="min-width:0px;min-height:0px;font-family:Menlo,monospace;white-space:pre-wrap;font-size:11px!important;display:inline;margin-right:1em;word-break:break-all;margin-top:1px">chunked</div></li><li style="min-width:0px;min-height:0px;margin-top:1px;text-overflow:ellipsis;white-space:nowrap;overflow:hidden;margin-left:10px"><div style="min-width:0px;min-height:0px;color:rgb(84,84,84);display:inline-block;margin-right:0.5em;font-weight:bold;vertical-align:top;white-space:pre-wrap">X-Powered-By:</div><div style="min-width:0px;min-height:0px;font-family:Menlo,monospace;white-space:pre-wrap;font-size:11px!important;display:inline;margin-right:1em;word-break:break-all;margin-top:1px">Undertow/1</div></li></ol></ol></div></div><div dir="ltr"><div><ol style="min-width:0px;min-height:0px;padding:0px 0px 0px 4px;margin:0px;list-style-type:none;overflow-y:auto;color:rgb(48,57,66);line-height:normal"><ol style="font-family:&#39;Lucida Grande&#39;,sans-serif;font-size:12px;min-width:0px;min-height:0px;list-style-type:none;padding-left:12px;padding-bottom:5px"></ol><li style="font-family:&#39;Lucida Grande&#39;,sans-serif;font-size:12px;min-width:0px;min-height:0px;text-overflow:ellipsis;white-space:nowrap;overflow:hidden;font-weight:bold;color:rgb(97,97,97);min-height:20px;border-top-style:solid;border-top-width:1px;border-top-color:rgb(224,224,224);display:flex">Request Headers<span style="min-width:0px;min-height:0px;display:inline;margin-left:30px;font-weight:normal;color:rgb(115,115,115)">view source</span></li><ol style="font-family:&#39;Lucida Grande&#39;,sans-serif;font-size:12px;min-width:0px;min-height:0px;list-style-type:none;padding-left:12px;padding-bottom:5px"></ol></ol></div></div><div dir="ltr"><div><ol style="min-width:0px;min-height:0px;padding:0px 0px 0px 4px;margin:0px;list-style-type:none;overflow-y:auto;color:rgb(48,57,66);line-height:normal"><ol style="font-family:&#39;Lucida Grande&#39;,sans-serif;font-size:12px;min-width:0px;min-height:0px;list-style-type:none;padding-left:12px;padding-bottom:5px"><li style="min-width:0px;min-height:0px;margin-top:1px;text-overflow:ellipsis;white-space:nowrap;overflow:hidden;margin-left:10px"><div style="min-width:0px;min-height:0px;color:rgb(84,84,84);display:inline-block;margin-right:0.5em;font-weight:bold;vertical-align:top;white-space:pre-wrap">Accept:</div><div style="min-width:0px;min-height:0px;font-family:Menlo,monospace;white-space:pre-wrap;font-size:11px!important;display:inline;margin-right:1em;word-break:break-all;margin-top:1px">*/*</div></li><li style="min-width:0px;min-height:0px;margin-top:1px;text-overflow:ellipsis;white-space:nowrap;overflow:hidden;margin-left:10px"><div style="min-width:0px;min-height:0px;color:rgb(84,84,84);display:inline-block;margin-right:0.5em;font-weight:bold;vertical-align:top;white-space:pre-wrap">Accept-Encoding:</div><div style="min-width:0px;min-height:0px;font-family:Menlo,monospace;white-space:pre-wrap;font-size:11px!important;display:inline;margin-right:1em;word-break:break-all;margin-top:1px">gzip, deflate</div></li><li style="min-width:0px;min-height:0px;margin-top:1px;text-overflow:ellipsis;white-space:nowrap;overflow:hidden;margin-left:10px"><div style="min-width:0px;min-height:0px;color:rgb(84,84,84);display:inline-block;margin-right:0.5em;font-weight:bold;vertical-align:top;white-space:pre-wrap">Accept-Language:</div><div style="min-width:0px;min-height:0px;font-family:Menlo,monospace;white-space:pre-wrap;font-size:11px!important;display:inline;margin-right:1em;word-break:break-all;margin-top:1px">en-US,en;q=0.8</div></li><li style="min-width:0px;min-height:0px;margin-top:1px;text-overflow:ellipsis;white-space:nowrap;overflow:hidden;margin-left:10px"><div style="min-width:0px;min-height:0px;color:rgb(84,84,84);display:inline-block;margin-right:0.5em;font-weight:bold;vertical-align:top;white-space:pre-wrap">Authorization:</div><div style="min-width:0px;min-height:0px;font-family:Menlo,monospace;white-space:pre-wrap;font-size:11px!important;display:inline;margin-right:1em;word-break:break-all;margin-top:1px">Basic bXByLXBsYXRmb3JtOmU1MGYxO</div></li></ol></ol></div></div><div dir="ltr"><div><ol style="min-width:0px;min-height:0px;padding:0px 0px 0px 4px;margin:0px;list-style-type:none;overflow-y:auto;color:rgb(48,57,66);line-height:normal"><ol style="font-family:&#39;Lucida Grande&#39;,sans-serif;font-size:12px;min-width:0px;min-height:0px;list-style-type:none;padding-left:12px;padding-bottom:5px"><li style="min-width:0px;min-height:0px;margin-top:1px;text-overflow:ellipsis;white-space:nowrap;overflow:hidden;margin-left:10px"><div style="min-width:0px;min-height:0px;color:rgb(84,84,84);display:inline-block;margin-right:0.5em;font-weight:bold;vertical-align:top;white-space:pre-wrap">Connection:</div><div style="min-width:0px;min-height:0px;font-family:Menlo,monospace;white-space:pre-wrap;font-size:11px!important;display:inline;margin-right:1em;word-break:break-all;margin-top:1px">keep-alive</div></li><li style="min-width:0px;min-height:0px;margin-top:1px;text-overflow:ellipsis;white-space:nowrap;overflow:hidden;margin-left:10px"><div style="min-width:0px;min-height:0px;color:rgb(84,84,84);display:inline-block;margin-right:0.5em;font-weight:bold;vertical-align:top;white-space:pre-wrap">Content-Length:</div><div style="min-width:0px;min-height:0px;font-family:Menlo,monospace;white-space:pre-wrap;font-size:11px!important;display:inline;margin-right:1em;word-break:break-all;margin-top:1px">202</div></li><li style="min-width:0px;min-height:0px;margin-top:1px;text-overflow:ellipsis;white-space:nowrap;overflow:hidden;margin-left:10px"><div style="min-width:0px;min-height:0px;color:rgb(84,84,84);display:inline-block;margin-right:0.5em;font-weight:bold;vertical-align:top;white-space:pre-wrap">Content-type:</div><div style="min-width:0px;min-height:0px;font-family:Menlo,monospace;white-space:pre-wrap;font-size:11px!important;display:inline;margin-right:1em;word-break:break-all;margin-top:1px">application/x-www-form-urlencoded</div></li><li style="min-width:0px;min-height:0px;margin-top:1px;text-overflow:ellipsis;white-space:nowrap;overflow:hidden;margin-left:10px"><div style="min-width:0px;min-height:0px;color:rgb(84,84,84);display:inline-block;margin-right:0.5em;font-weight:bold;vertical-align:top;white-space:pre-wrap">Cookie:</div><div style="min-width:0px;min-height:0px;font-family:Menlo,monospace;white-space:pre-wrap;font-size:11px!important;display:inline;margin-right:1em;word-break:break-all;margin-top:1px">KEYCLOAK_IDENTITY=eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiIzOWIxMzg3OS1mYjY5LTQ2MTAtYTdlZS1mZjA2ZjgyOTI4MzUiLCJleHAiOjE0NTI4Mjc0NDcsIm5iZiI6MCwiaWF0IjoxNDUyNzkxNDQ3LCJpc3MiOiJodHRwczovL3NzbzIubWVkaWNhbHBheXJldmlldy5jb20vYXV0aC9yZWFsbXMvbWFzdGVyIiwiYXVkIjpudWxsLCJzdWIiOiJhNWM2MzJiYy0xNmNlLTQ3NzgtOGNmMy05MWQ4MmMzNTE3NmYiLCJzZXNzaW9uX3N0YXRlIjoiYjkwMTViMGItYTUyNC00ZDVkLWJiYjMtMDI2OTk3NjY0NjM1IiwicmVzb3VyY2VfYWNjZXNzIjp7fX0.nCUDrU2Q9DQM5c2xcxLoW1pqVJNYcc-ZCUWe6HTlBVh1rwwk0V1q15Mbq0HzWcEkDWqatUTTQ0PEysH18hsOzuJdqRaaplBURwzW4S</div></li><li style="min-width:0px;min-height:0px;margin-top:1px;text-overflow:ellipsis;white-space:nowrap;overflow:hidden;margin-left:10px"><div style="min-width:0px;min-height:0px;color:rgb(84,84,84);display:inline-block;margin-right:0.5em;font-weight:bold;vertical-align:top;white-space:pre-wrap">DNT:</div><div style="min-width:0px;min-height:0px;font-family:Menlo,monospace;white-space:pre-wrap;font-size:11px!important;display:inline;margin-right:1em;word-break:break-all;margin-top:1px">1</div></li><li style="min-width:0px;min-height:0px;margin-top:1px;text-overflow:ellipsis;white-space:nowrap;overflow:hidden;margin-left:10px"><div style="min-width:0px;min-height:0px;color:rgb(84,84,84);display:inline-block;margin-right:0.5em;font-weight:bold;vertical-align:top;white-space:pre-wrap">Host:</div><div style="min-width:0px;min-height:0px;font-family:Menlo,monospace;white-space:pre-wrap;font-size:11px!important;display:inline;margin-right:1em;word-break:break-all;margin-top:1px"><a href="http://sso2.company.com" target="_blank">sso2.company.com</a></div></li><li style="min-width:0px;min-height:0px;margin-top:1px;text-overflow:ellipsis;white-space:nowrap;overflow:hidden;margin-left:10px"><div style="min-width:0px;min-height:0px;color:rgb(84,84,84);display:inline-block;margin-right:0.5em;font-weight:bold;vertical-align:top;white-space:pre-wrap">Origin: </div><div style="min-width:0px;min-height:0px;font-family:Menlo,monospace;white-space:pre-wrap;font-size:11px!important;display:inline;margin-right:1em;word-break:break-all;margin-top:1px"><a href="http://portal.app.company.local.medicalpayreview.com" target="_blank">http://portal.app.company.local.medicalpayreview.com</a></div></li><li style="min-width:0px;min-height:0px;margin-top:1px;text-overflow:ellipsis;white-space:nowrap;overflow:hidden;margin-left:10px"><div style="min-width:0px;min-height:0px;color:rgb(84,84,84);display:inline-block;margin-right:0.5em;font-weight:bold;vertical-align:top;white-space:pre-wrap">Referer:</div><div style="min-width:0px;min-height:0px;font-family:Menlo,monospace;white-space:pre-wrap;font-size:11px!important;display:inline;margin-right:1em;word-break:break-all;margin-top:1px"><a href="http://portal.app.company.local.medicalpayreview.com/App/" target="_blank">http://portal.app.company.local.medicalpayreview.com/App/</a></div></li></ol></ol></div></div><div dir="ltr"><div><ol style="min-width:0px;min-height:0px;padding:0px 0px 0px 4px;margin:0px;list-style-type:none;overflow-y:auto;color:rgb(48,57,66);line-height:normal"><ol style="font-family:&#39;Lucida Grande&#39;,sans-serif;font-size:12px;min-width:0px;min-height:0px;list-style-type:none;padding-left:12px;padding-bottom:5px"><li style="min-width:0px;min-height:0px;margin-top:1px;text-overflow:ellipsis;white-space:nowrap;overflow:hidden;margin-left:10px"><div style="min-width:0px;min-height:0px;color:rgb(84,84,84);display:inline-block;margin-right:0.5em;font-weight:bold;vertical-align:top;white-space:pre-wrap">User-Agent:</div><div style="min-width:0px;min-height:0px;font-family:Menlo,monospace;white-space:pre-wrap;font-size:11px!important;display:inline;margin-right:1em;word-break:break-all;margin-top:1px">Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.106 Safari/537.36</div></li></ol></ol></div></div><div dir="ltr"><div><ol style="min-width:0px;min-height:0px;padding:0px 0px 0px 4px;margin:0px;list-style-type:none;overflow-y:auto;color:rgb(48,57,66);line-height:normal"><li style="font-family:&#39;Lucida Grande&#39;,sans-serif;font-size:12px;min-width:0px;min-height:0px;text-overflow:ellipsis;white-space:nowrap;overflow:hidden;font-weight:bold;color:rgb(97,97,97);min-height:20px;border-top-style:solid;border-top-width:1px;border-top-color:rgb(224,224,224);display:flex">Form Data<span style="min-width:0px;min-height:0px;display:inline;margin-left:30px;font-weight:normal;color:rgb(115,115,115)">view source</span><span style="min-width:0px;min-height:0px;display:inline;margin-left:30px;font-weight:normal;color:rgb(115,115,115)">view URL encoded</span></li></ol></div></div><div dir="ltr"><div><ol style="min-width:0px;min-height:0px;padding:0px 0px 0px 4px;margin:0px;list-style-type:none;overflow-y:auto;color:rgb(48,57,66);line-height:normal"><ol style="font-family:&#39;Lucida Grande&#39;,sans-serif;font-size:12px;min-width:0px;min-height:0px;list-style-type:none;padding-left:12px;padding-bottom:5px"><li style="min-width:0px;min-height:0px;margin-top:1px;text-overflow:ellipsis;white-space:nowrap;overflow:hidden;margin-left:10px"><div style="min-width:0px;min-height:0px;color:rgb(84,84,84);display:inline-block;margin-right:0.5em;font-weight:bold;vertical-align:top;white-space:pre-wrap">code:</div><div style="min-width:0px;min-height:0px;font-family:Menlo,monospace;white-space:pre-wrap;font-size:11px!important;display:inline;margin-right:1em;word-break:break-all;margin-top:1px">Mk9BGw2vGHNBtO-caT1Z1MEpwixV4Ke5yi5YFEubDes.d82b1938-d6a6-4c3c-99eb-0a0d1c2636be</div></li><li style="min-width:0px;min-height:0px;margin-top:1px;text-overflow:ellipsis;white-space:nowrap;overflow:hidden;margin-left:10px"><div style="min-width:0px;min-height:0px;color:rgb(84,84,84);display:inline-block;margin-right:0.5em;font-weight:bold;vertical-align:top;white-space:pre-wrap">grant_type:</div><div style="min-width:0px;min-height:0px;font-family:Menlo,monospace;white-space:pre-wrap;font-size:11px!important;display:inline;margin-right:1em;word-break:break-all;margin-top:1px">authorization_code</div></li><li style="min-width:0px;min-height:0px;margin-top:1px;text-overflow:ellipsis;white-space:nowrap;overflow:hidden;margin-left:10px"><div style="min-width:0px;min-height:0px;color:rgb(84,84,84);display:inline-block;margin-right:0.5em;font-weight:bold;vertical-align:top;white-space:pre-wrap">redirect_uri:</div><div style="min-width:0px;min-height:0px;font-family:Menlo,monospace;white-space:pre-wrap;font-size:11px!important;display:inline;margin-right:1em;word-break:break-all;margin-top:1px"><a href="http://portal.app.local.medicalpayreview.com/App/" target="_blank">http://portal.app.local.medicalpayreview.com/App/</a></div></li></ol></ol><div><font color="#303942" face="Menlo, monospace"><span style="font-size:11px;line-height:normal;white-space:pre-wrap"><br></span></font></div><div><font color="#303942" face="Menlo, monospace"><span style="font-size:11px;line-height:normal;white-space:pre-wrap">We find the following WARNING in the KEYCLOAK logs</span></font></div></div><div>
<p><span>17:10:48,891 WARN  [org.keycloak.events] (default task-13) type=CODE_TO_TOKEN_ERROR, realmId=master, clientId=platform, userId=null, ipAddress=72.77.99.99, error=invalid_client_credentials, grant_type=authorization_code</span></p><p><span>And and error the browser console:</span></p><p><span>XMLHttpRequest cannot load <a href="https://sso2.medicalpayreview.com/auth/realms/master/protocol/openid-connect/token" target="_blank">https://sso2.medicalpayreview.com/auth/realms/master/protocol/openid-connect/token</a>. No &#39;Access-Control-Allow-Origin&#39; header is present on the requested resource. Origin &#39;http://<span style="color:rgb(48,57,66);font-family:Menlo,monospace;font-size:11px;line-height:normal;white-space:pre-wrap">portal.</span><span style="color:rgb(48,57,66);font-family:Menlo,monospace;font-size:11px;line-height:normal;white-space:pre-wrap">app.company</span>.<a href="http://local.medicalpayreview.com" target="_blank">local.medicalpayreview.com</a>&#39; is therefore not allowed access. The response had HTTP status code 400.<br></span></p><p>We appreciate everyones input on getting over this challenge.</p><p><br></p></div></div><br><div class="gmail_quote"><div dir="ltr">On Thu, Jan 14, 2016 at 10:06 AM Marko Strukelj &lt;<a href="mailto:mstrukel@redhat.com" target="_blank">mstrukel@redhat.com</a>&gt; wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Maybe take a look at advice in this thread:<br>
<a href="http://lists.jboss.org/pipermail/keycloak-user/2016-January/004413.html" rel="noreferrer" target="_blank">http://lists.jboss.org/pipermail/keycloak-user/2016-January/004413.html</a><br>
<br>
On Thu, Jan 14, 2016 at 3:44 PM, Christopher Wallace &lt;<a href="mailto:cjwallac@gmail.com" target="_blank">cjwallac@gmail.com</a>&gt; wrote:<br>
&gt; Marko, Thanks for your feedback!<br>
&gt;<br>
&gt; We have successfully pass that problem and are able to login to KEYCLOAK<br>
&gt; behind NGINX using HTTPS Proxy. Our challenge now is when our applications<br>
&gt; attempt to access we get the following error:<br>
&gt;<br>
&gt; Request URL:<br>
&gt; <a href="https://sso2.company.com/auth/realms/master/tokens/access/codes" rel="noreferrer" target="_blank">https://sso2.company.com/auth/realms/master/tokens/access/codes</a><br>
&gt; Request Method:<br>
&gt; POST<br>
&gt; Status Code:<br>
&gt; 400 Bad Request<br>
&gt; Remote Address:<br>
&gt; <a href="http://99.99.99.99:443" rel="noreferrer" target="_blank">99.99.99.99:443</a><br>
&gt;<br>
&gt; Response Headersview source<br>
&gt;<br>
&gt; Connection:<br>
&gt; keep-alive<br>
&gt; Content-Type:<br>
&gt; application/json<br>
&gt; Date:<br>
&gt; Thu, 14 Jan 2016 14:35:52 GMT<br>
&gt; Server:<br>
&gt; nginx/1.4.6 (Ubuntu)<br>
&gt; Transfer-Encoding:<br>
&gt; chunked<br>
&gt; X-Powered-By:<br>
&gt; Undertow/1<br>
&gt;<br>
&gt; Request Headersview source<br>
&gt;<br>
&gt; Accept:<br>
&gt; */*<br>
&gt; Accept-Encoding:<br>
&gt; gzip, deflate<br>
&gt; Accept-Language:<br>
&gt; en-US,en;q=0.8<br>
&gt; Authorization:<br>
&gt; Basic bXByLXBsYXRmb3JtOmU1MGYxODEyLTYzYTQtNGM0YS05NWQ<br>
&gt; Connection:<br>
&gt; keep-alive<br>
&gt; Content-Length:<br>
&gt; 172<br>
&gt; Content-type:<br>
&gt; application/x-www-form-urlencoded<br>
&gt; Cookie:<br>
&gt; KEYCLOAK_IDENTITY=eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiIzNGY0ZDI1OS02NzJjLTQzYjUtOGFmOC1hNzkwMWRiMDUxMmYiLCJleHAiOjE0NTI4MTgxNTMsIm5iZiI6MCwiaWF0IjoxNDUyNzgyMTUzLCJpc3MiOiJodHRwczovL3NzbzIubWVkaWNhbHBheXJldmlldy5jb20vYXV0aC9yZWFsbXMvbWFzdGVyIiwiYXVkIjpudWxsLCJzdWIiOiJhNWM2MzJiYy0xNmNlLTQ3NzgtOGNmMy05MWQ4MmMzNTE3NmYiLCJzZXNzaW9uX3N0YXRlIjoiOWRiNjdhNGQtOWIwMS00NjgxLTlmYmMtZDQ3N2Y1NTgyMGYyIiwicmVzb3VyY2VfYWNjZXNzIjp7fX0.JyQIOJk5214-n4y0RkpEuLJWY4u6Z4Fu_086Z9nwM9BU8TarV-oH6cxZEBYakyL8pvmwf0CWHMmN3XNF-Zv4b1UPutcLP7IChM1EEr4F1tPxwmddYS1M90NdY7Bzn2R36mnASZqczMMAisd-OE2TU8oDgMyg0Rb0iZNIi_jJU_Rd-na4qhfuBojF_u8BSFjSJsd3agjF5ZZ9ok9mo2McCMDaV21vozVryIkR1vfAKPWf6WI8fEQBpDAFsh37M_k<br>
&gt; DNT:<br>
&gt; 1<br>
&gt; Host:<br>
&gt; <a href="http://sso2.company.com" rel="noreferrer" target="_blank">sso2.company.com</a><br>
&gt; Origin:<br>
&gt; <a href="http://app.local.company.com" rel="noreferrer" target="_blank">http://app.local.company.com</a><br>
&gt; Referer:<br>
&gt; <a href="http://app.local.company.com/App/" rel="noreferrer" target="_blank">http://app.local.company.com/App/</a><br>
&gt; User-Agent:<br>
&gt; Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_0) AppleWebKit/537.36 (KHTML,<br>
&gt; like Gecko) Chrome/47.0.2526.106 Safari/537.36<br>
&gt;<br>
&gt; Form Dataview sourceview URL encoded<br>
&gt;<br>
&gt; code:<br>
&gt; Vyzj7f-Aq2anYTJy7AoK4e6h0s2Ypp0vQ6okx7lWlRo.d2acab15-f708-4838-bd4b-2562fd46f8e2<br>
&gt; redirect_uri:<br>
&gt; <a href="http://app.local.company.com/App/" rel="noreferrer" target="_blank">http://app.local.company.com/App/</a><br>
&gt;<br>
&gt; Please do note that this same application is able KEYCLOAK using basically<br>
&gt; the same configuration without NGINX in the MIX. Have any thoughts was to<br>
&gt; what we should look to configure differently with NGIX in the mix?<br>
&gt;<br>
&gt; On Mon, Jan 4, 2016 at 7:16 AM Marko Strukelj &lt;<a href="mailto:mstrukel@redhat.com" target="_blank">mstrukel@redhat.com</a>&gt; wrote:<br>
&gt;&gt;<br>
&gt;&gt; The error &#39;org.apache.http.conn.HttpHostConnectException: Connection to<br>
&gt;&gt; <a href="https://sso2.domain.com" rel="noreferrer" target="_blank">https://sso2.domain.com</a> refused&#39; means that either there is a server side<br>
&gt;&gt; problem - your Nginx isn&#39;t started and listening on port 443, a firewall<br>
&gt;&gt; preventing incoming connections - or there is a client side problem - a DNS<br>
&gt;&gt; issue improperly resolving <a href="http://sso2.domain.com" rel="noreferrer" target="_blank">sso2.domain.com</a> into IP on the host where Tomcat<br>
&gt;&gt; is running.<br>
&gt;&gt;<br>
&gt;&gt; At this point no SSL handshaking was attempted yet.<br>
&gt;&gt;<br>
&gt;&gt; If you try &#39;curl <a href="https://sso2.domain.com" rel="noreferrer" target="_blank">https://sso2.domain.com</a>&#39; or &#39;telnet <a href="http://sso2.domain.com" rel="noreferrer" target="_blank">sso2.domain.com</a> 443&#39;<br>
&gt;&gt; from the server running your Tomcat you&#39;ll see the same issue. Once that<br>
&gt;&gt; starts to work, only then will any SSL / proxying related configuration<br>
&gt;&gt; issues start to manifest themselves.<br>
&gt;&gt;<br>
&gt;&gt; On Wed, Dec 30, 2015 at 11:34 PM, Christopher Wallace &lt;<a href="mailto:cjwallac@gmail.com" target="_blank">cjwallac@gmail.com</a>&gt;<br>
&gt;&gt; wrote:<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; Community, I have spent a decent amount of time attempting to get<br>
&gt;&gt;&gt; KEYCLOAK behind an NGINX Reverse Proxy to protect a TOMCAT Application. It<br>
&gt;&gt;&gt; does work without the proxy, but I need the proxy to handle certificates. I<br>
&gt;&gt;&gt; think I am pretty close to having it working, but somethings seems to be<br>
&gt;&gt;&gt; missing... I have done the following. I appreciate any insight you may have<br>
&gt;&gt;&gt; as I think I have exhausted other resources.<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; 1. Configure a server in NGINX<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; server {<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; listen   443;<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; ssl    on;<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; ssl_certificate    /etc/ssl/certs/dcf30de94f28f16f.crt;<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; ssl_certificate_key    /etc/ssl/certs/*.domain.key;<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; server_name sso2. <a href="http://domain.com" rel="noreferrer" target="_blank">domain.com</a>;<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; access_log /var/log/nginx/nginx.sso.access.log;<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; error_log /var/log/nginx/nginx.sso.error.log;<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt;   location / {<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt;         proxy_set_header Host $host;<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt;         proxy_set_header X-Real-IP $remote_addr;<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt;         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt;         proxy_set_header X-Forwarded-Proto $scheme;<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt;         proxy_set_header X-Forwarded-Port 443;<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt;         proxy_pass <a href="http://internalip:8080" rel="noreferrer" target="_blank">http://internalip:8080</a>;<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt;     }<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; }<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; 2. Enable SSL on a Reverse Proxy<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; First add proxy-address-forwarding and redirect-socket to the<br>
&gt;&gt;&gt; http-listener element:<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; &lt;subsystem xmlns=&quot;urn:jboss:domain:undertow:1.1&quot;&gt;<br>
&gt;&gt;&gt;     ...<br>
&gt;&gt;&gt;     &lt;http-listener name=&quot;default&quot; socket-binding=&quot;http&quot;<br>
&gt;&gt;&gt; proxy-address-forwarding=&quot;true&quot; redirect-socket=&quot;proxy-https&quot;/&gt;<br>
&gt;&gt;&gt;     ...<br>
&gt;&gt;&gt; &lt;/subsystem&gt;<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; Then add a new socket-binding element to the socket-binding-group<br>
&gt;&gt;&gt; element:<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; &lt;socket-binding-group name=&quot;standard-sockets&quot; default-interface=&quot;public&quot;<br>
&gt;&gt;&gt; port-offset=&quot;${jboss.socket.binding.port-offset:0}&quot;&gt;<br>
&gt;&gt;&gt;     ...<br>
&gt;&gt;&gt;     &lt;socket-binding name=&quot;proxy-https&quot; port=&quot;443&quot;/&gt;<br>
&gt;&gt;&gt;     ...<br>
&gt;&gt;&gt; &lt;/socket-binding-group&gt;<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; RECIVE THE FOLLOWING ERROR in TOMCAT:<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; 1807906 [http-nio-8080-exec-9] ERROR o.k.a.OAuthRequestAuthenticator -<br>
&gt;&gt;&gt; failed to turn code into token<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; org.apache.http.conn.HttpHostConnectException: Connection to<br>
&gt;&gt;&gt; <a href="https://sso2.domain.com" rel="noreferrer" target="_blank">https://sso2.domain.com</a> refused<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; at<br>
&gt;&gt;&gt; org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:190)<br>
&gt;&gt;&gt; ~[httpclient-4.2.1.jar:4.2.1]<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; at<br>
&gt;&gt;&gt; org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:151)<br>
&gt;&gt;&gt; ~[httpclient-4.2.1.jar:4.2.1]<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; at<br>
&gt;&gt;&gt; org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:125)<br>
&gt;&gt;&gt; ~[httpclient-4.2.1.jar:4.2.1]<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; at<br>
&gt;&gt;&gt; org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:640)<br>
&gt;&gt;&gt; ~[httpclient-4.2.1.jar:4.2.1]<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; at<br>
&gt;&gt;&gt; org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:479)<br>
&gt;&gt;&gt; ~[httpclient-4.2.1.jar:4.2.1]<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; at<br>
&gt;&gt;&gt; org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906)<br>
&gt;&gt;&gt; ~[httpclient-4.2.1.jar:4.2.1]<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; at<br>
&gt;&gt;&gt; org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:805)<br>
&gt;&gt;&gt; ~[httpclient-4.2.1.jar:4.2.1]<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; at<br>
&gt;&gt;&gt; org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:784)<br>
&gt;&gt;&gt; ~[httpclient-4.2.1.jar:4.2.1]<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; at<br>
&gt;&gt;&gt; org.keycloak.adapters.ServerRequest.invokeAccessCodeToToken(ServerRequest.java:90)<br>
&gt;&gt;&gt; ~[keycloak-adapter-core-1.7.0.Final.jar:1.7.0.Final]<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; at<br>
&gt;&gt;&gt; org.keycloak.adapters.OAuthRequestAuthenticator.resolveCode(OAuthRequestAuthenticator.java:297)<br>
&gt;&gt;&gt; [keycloak-adapter-core-1.7.0.Final.jar:1.7.0.Final]<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; at<br>
&gt;&gt;&gt; org.keycloak.adapters.OAuthRequestAuthenticator.authenticate(OAuthRequestAuthenticator.java:243)<br>
&gt;&gt;&gt; [keycloak-adapter-core-1.7.0.Final.jar:1.7.0.Final]<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; at<br>
&gt;&gt;&gt; org.keycloak.adapters.RequestAuthenticator.authenticate(RequestAuthenticator.java:95)<br>
&gt;&gt;&gt; [keycloak-adapter-core-1.7.0.Final.jar:1.7.0.Final]<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; at<br>
&gt;&gt;&gt; org.keycloak.adapters.tomcat.AbstractKeycloakAuthenticatorValve.authenticateInternal(AbstractKeycloakAuthenticatorValve.java:189)<br>
&gt;&gt;&gt; [keycloak-tomcat-core-adapter-1.7.0.Final.jar:1.7.0.Final]<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; at<br>
&gt;&gt;&gt; org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve.authenticate(KeycloakAuthenticatorValve.java:28)<br>
&gt;&gt;&gt; [keycloak-tomcat8-adapter-1.7.0.Final.jar:1.7.0.Final]<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; at<br>
&gt;&gt;&gt; org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:470)<br>
&gt;&gt;&gt; [lib/:na]<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; at<br>
&gt;&gt;&gt; org.keycloak.adapters.tomcat.AbstractKeycloakAuthenticatorValve.invoke(AbstractKeycloakAuthenticatorValve.java:170)<br>
&gt;&gt;&gt; [keycloak-tomcat-core-adapter-1.7.0.Final.jar:1.7.0.Final]<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; at<br>
&gt;&gt;&gt; org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:142)<br>
&gt;&gt;&gt; [lib/:na]<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; at<br>
&gt;&gt;&gt; org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)<br>
&gt;&gt;&gt; [lib/:na]<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; at<br>
&gt;&gt;&gt; org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:610)<br>
&gt;&gt;&gt; [lib/:na]<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; at<br>
&gt;&gt;&gt; org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88)<br>
&gt;&gt;&gt; [lib/:na]<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; at<br>
&gt;&gt;&gt; org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:516)<br>
&gt;&gt;&gt; [lib/:na]<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; at<br>
&gt;&gt;&gt; org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1086)<br>
&gt;&gt;&gt; [tomcat-coyote.jar:8.0.18]<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; at<br>
&gt;&gt;&gt; org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:659)<br>
&gt;&gt;&gt; [tomcat-coyote.jar:8.0.18]<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; at<br>
&gt;&gt;&gt; org.apache.coyote.http11.Http11NioProtocol$Http11ConnectionHandler.process(Http11NioProtocol.java:223)<br>
&gt;&gt;&gt; [tomcat-coyote.jar:8.0.18]<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; at<br>
&gt;&gt;&gt; <a href="http://org.apache.tomcat.util.net" target="_blank">org.apache.tomcat.util.net</a>.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1558)<br>
&gt;&gt;&gt; [tomcat-coyote.jar:8.0.18]<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; at<br>
&gt;&gt;&gt; <a href="http://org.apache.tomcat.util.net" target="_blank">org.apache.tomcat.util.net</a>.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1515)<br>
&gt;&gt;&gt; [tomcat-coyote.jar:8.0.18]<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; at<br>
&gt;&gt;&gt; java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)<br>
&gt;&gt;&gt; [na:1.8.0_25]<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; at<br>
&gt;&gt;&gt; java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)<br>
&gt;&gt;&gt; [na:1.8.0_25]<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; at<br>
&gt;&gt;&gt; org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)<br>
&gt;&gt;&gt; [tomcat-util.jar:8.0.18]<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; at java.lang.Thread.run(Thread.java:745) [na:1.8.0_25]<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; Caused by: java.net.ConnectException: Connection timed out<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; at java.net.PlainSocketImpl.socketConnect(Native Method) ~[na:1.8.0_25]<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; at<br>
&gt;&gt;&gt; <a href="http://java.net" target="_blank">java.net</a>.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:345)<br>
&gt;&gt;&gt; ~[na:1.8.0_25]<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; at<br>
&gt;&gt;&gt; <a href="http://java.net" target="_blank">java.net</a>.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)<br>
&gt;&gt;&gt; ~[na:1.8.0_25]<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; at<br>
&gt;&gt;&gt; <a href="http://java.net" target="_blank">java.net</a>.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)<br>
&gt;&gt;&gt; ~[na:1.8.0_25]<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)<br>
&gt;&gt;&gt; ~[na:1.8.0_25]<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; at java.net.Socket.connect(Socket.java:589) ~[na:1.8.0_25]<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; at sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:649)<br>
&gt;&gt;&gt; ~[na:1.8.0_25]<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; at<br>
&gt;&gt;&gt; org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:549)<br>
&gt;&gt;&gt; ~[httpclient-4.2.1.jar:4.2.1]<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; at<br>
&gt;&gt;&gt; org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180)<br>
&gt;&gt;&gt; ~[httpclient-4.2.1.jar:4.2.1]<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; ... 29 common frames omitted<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; _______________________________________________<br>
&gt;&gt;&gt; keycloak-user mailing list<br>
&gt;&gt;&gt; <a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>
&gt;&gt;&gt; <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
&gt;&gt;<br>
&gt;&gt;<br>
&gt;<br>
</blockquote></div></blockquote></div>