<div dir="ltr">Hi Marek,<div><br></div><div>Thanks for the clarification.</div><div><br></div><div>Cheers.</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, May 25, 2016 at 12:43 PM, Marek Posolda <span dir="ltr"><<a href="mailto:mposolda@redhat.com" target="_blank">mposolda@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div>Hi,<br>
<br>
it seems from the log, that you tried to put Kerberos
(SpnegoAuthenticator) to the directAccessGrant flow, is it
correct? This won't work. The implementation of
SpnegoAuthenticator is supposed to work just for browser based
flow when browser is supposed to send HTTP header with SPNEGO
token like "Authorization: Negotiate your-spnego-kerberos-token"
. <br>
<br>
It seems that to avoid similar confusions, we should have some
filters (or authentication subtypes), which will allow to specify
which authenticator is supposed to be used in which flow. I've
created JIRA for that
<a href="https://issues.jboss.org/browse/KEYCLOAK-3043" target="_blank">https://issues.jboss.org/browse/KEYCLOAK-3043</a> .<br>
<br>
If I understand correctly your usecase, you sent username+password
to direct grant authentication and you want Keycloak to verify the
given username+password against Kerberos right? In this case, you
can just use default directGrant flow without any changes. All you
need to do is to check the flag " Use Kerberos For Password
Authentication" in the configuration of your LDAP federation
provider.<br>
<br>
Marek<div><div class="h5"><br>
<br>
<br>
On 23/05/16 17:51, Gareth Healy wrote:<br>
</div></div></div>
<blockquote type="cite"><div><div class="h5">
<div dir="ltr">
<div>I am trying to hook up APIMan with KeyCloak using Kerberos
and OAuth2. I am trying to get a token from key cloak using
the following URL:</div>
<br clear="all">
<blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px">
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px">curl
-X POST <a href="http://localhost:29080/auth/realms/freeipa/protocol/openid-connect/token" target="_blank">http://localhost:29080/auth/realms/freeipa/protocol/openid-connect/token</a>
-H "Content-Type: application/x-www-form-urlencoded" -d
"username=admin" -d 'password=Secret123' -d
'grant_type=password' -d 'client_id=mapper' -d
'client_secret=027fbd51-135b-47d6-86cd-7ce541b38984'</div>
</div>
</blockquote>
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px"><br>
</div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px">But,
get an exception back:</div>
</div>
<blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px">
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px"><br>
</div>
</div>
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">2016-05-23
14:22:25,676 DEBUG [org.keycloak.services] (default
task-51) AUTHENTICATE CLIENT</div>
</div>
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">2016-05-23
14:22:25,676 TRACE [org.keycloak.services] (default
task-51) Using executions for client authentication:
[de08b32a-a4a5-469c-91cc-0fbca51e1c2f,
de3db156-dcc2-4346-bf3a-e56e8e10ed5f]</div>
</div>
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">2016-05-23
14:22:25,676 DEBUG [org.keycloak.services] (default
task-51) client authenticator: client-secret</div>
</div>
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">2016-05-23
14:22:25,676 DEBUG [org.keycloak.services] (default
task-51) client authenticator SUCCESS: client-secret</div>
</div>
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">2016-05-23
14:22:25,676 DEBUG [org.keycloak.services] (default
task-51) Client mapper authenticated by client-secret</div>
</div>
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">2016-05-23
14:22:25,676 TRACE
[org.keycloak.models.sessions.infinispan.InfinispanUserSessionProvider]
(default task-51) Adding cache operation: ADD on
7ad60b45-4e69-45a4-a995-ee65d9ee47ae</div>
</div>
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">2016-05-23
14:22:25,676 TRACE
[org.keycloak.models.sessions.infinispan.InfinispanUserSessionProvider]
(default task-51) Adding cache operation: REPLACE on
7ad60b45-4e69-45a4-a995-ee65d9ee47ae</div>
</div>
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">2016-05-23
14:22:25,676 TRACE
[org.keycloak.models.sessions.infinispan.InfinispanUserSessionProvider]
(default task-51) Adding cache operation: REPLACE on
7ad60b45-4e69-45a4-a995-ee65d9ee47ae</div>
</div>
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">2016-05-23
14:22:25,676 TRACE
[org.keycloak.models.sessions.infinispan.InfinispanUserSessionProvider]
(default task-51) Adding cache operation: REPLACE on
7ad60b45-4e69-45a4-a995-ee65d9ee47ae</div>
</div>
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">2016-05-23
14:22:25,676 TRACE
[org.keycloak.models.sessions.infinispan.InfinispanUserSessionProvider]
(default task-51) Adding cache operation: REPLACE on
7ad60b45-4e69-45a4-a995-ee65d9ee47ae</div>
</div>
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">2016-05-23
14:22:25,676 TRACE
[org.keycloak.models.sessions.infinispan.InfinispanUserSessionProvider]
(default task-51) Adding cache operation: REPLACE on
7ad60b45-4e69-45a4-a995-ee65d9ee47ae</div>
</div>
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">2016-05-23
14:22:25,676 DEBUG [org.keycloak.services] (default
task-51) AUTHENTICATE ONLY</div>
</div>
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">2016-05-23
14:22:25,676 TRACE
[org.keycloak.models.sessions.infinispan.InfinispanUserSessionProvider]
(default task-51) Adding cache operation: REPLACE on
7ad60b45-4e69-45a4-a995-ee65d9ee47ae</div>
</div>
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">2016-05-23
14:22:25,676 DEBUG [org.keycloak.services] (default
task-51) processFlow</div>
</div>
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">2016-05-23
14:22:25,676 DEBUG [org.keycloak.services] (default
task-51) check execution: direct-grant-validate-username
requirement: REQUIRED</div>
</div>
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">2016-05-23
14:22:25,676 DEBUG [org.keycloak.services] (default
task-51) authenticator: direct-grant-validate-username</div>
</div>
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">2016-05-23
14:22:25,676 DEBUG [org.keycloak.services] (default
task-51) invoke authenticator.authenticate</div>
</div>
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">2016-05-23
14:22:25,676 TRACE
[org.keycloak.models.sessions.infinispan.InfinispanUserSessionProvider]
(default task-51) Adding cache operation: REPLACE on
7ad60b45-4e69-45a4-a995-ee65d9ee47ae</div>
</div>
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">2016-05-23
14:22:25,677 TRACE
[org.keycloak.federation.ldap.idm.store.ldap.LDAPIdentityStore]
(default task-51) Using filter for LDAP search:
(&(uid=admin)(objectclass=person)) . Searching in DN:
cn=users,cn=accounts,dc=example,dc=test</div>
</div>
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">2016-05-23
14:22:25,682 TRACE
[org.keycloak.federation.ldap.idm.store.ldap.LDAPIdentityStore]
(default task-51) Found ldap object and populated with the
attributes. LDAP Object: LDAP Object [ dn:
uid=admin,cn=users,cn=accounts,dc=example,dc=test , uuid:
afc65b08-1e75-11e6-9645-02420a01010f, attributes:
{uid=[admin], gecos=[Administrator], sn=[Administrator],
cn=[Administrator], createTimestamp=[20160520102908Z],
modifyTimestamp=[20160523142225Z]}, readOnly attribute
names: [createtimestamp, modifytimestamp] ]</div>
</div>
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">2016-05-23
14:22:25,682 TRACE
[org.keycloak.models.sessions.infinispan.InfinispanUserSessionProvider]
(default task-51) Adding cache operation: REPLACE on
7ad60b45-4e69-45a4-a995-ee65d9ee47ae</div>
</div>
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">2016-05-23
14:22:25,682 DEBUG [org.keycloak.services] (default
task-51) authenticator SUCCESS:
direct-grant-validate-username</div>
</div>
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">2016-05-23
14:22:25,682 TRACE
[org.keycloak.models.sessions.infinispan.InfinispanUserSessionProvider]
(default task-51) Adding cache operation: REPLACE on
7ad60b45-4e69-45a4-a995-ee65d9ee47ae</div>
</div>
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">2016-05-23
14:22:25,682 DEBUG [org.keycloak.services] (default
task-51) check execution: direct-grant-validate-password
requirement: DISABLED</div>
</div>
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">2016-05-23
14:22:25,682 DEBUG [org.keycloak.services] (default
task-51) execution is processed</div>
</div>
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">2016-05-23
14:22:25,682 DEBUG [org.keycloak.services] (default
task-51) check execution: auth-spnego requirement:
ALTERNATIVE</div>
</div>
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">2016-05-23
14:22:25,682 DEBUG [org.keycloak.services] (default
task-51) authenticator: auth-spnego</div>
</div>
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">2016-05-23
14:22:25,682 DEBUG [org.keycloak.services] (default
task-51) invoke authenticator.authenticate</div>
</div>
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">2016-05-23
14:22:25,682 TRACE [org.keycloak.services] (default
task-51) Sending back WWW-Authenticate: Negotiate</div>
</div>
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">2016-05-23
14:22:25,682 TRACE
[org.keycloak.models.sessions.infinispan.InfinispanUserSessionProvider]
(default task-51) Adding cache operation: REPLACE on
7ad60b45-4e69-45a4-a995-ee65d9ee47ae</div>
</div>
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">2016-05-23
14:22:25,683 ERROR [io.undertow.request] (default task-51)
UT005023: Exception handling request to
/auth/realms/freeipa/protocol/openid-connect/token:
org.jboss.resteasy.spi.UnhandledException:
java.lang.IllegalArgumentException: RESTEASY003715: path
was null</div>
</div>
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">
at
org.jboss.resteasy.core.ExceptionHandler.handleApplicationException(ExceptionHandler.java:76)</div>
</div>
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">
at
org.jboss.resteasy.core.ExceptionHandler.handleException(ExceptionHandler.java:212)</div>
</div>
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">
at
org.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:168)</div>
</div>
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">
at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:411)</div>
</div>
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">
at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:202)</div>
</div>
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">
at
org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:221)</div>
</div>
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">
at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)</div>
</div>
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">
at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)</div>
</div>
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">
at
javax.servlet.http.HttpServlet.service(HttpServlet.java:790)</div>
</div>
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">
at
io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)</div>
</div>
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">
at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)</div>
</div>
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">
at
org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:78)</div>
</div>
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">
at
io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)</div>
</div>
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">
at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)</div>
</div>
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">
at
io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)</div>
</div>
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">
at
io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)</div>
</div>
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">
at
io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)</div>
</div>
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">
at
org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)</div>
</div>
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)</div>
</div>
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">
at
io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)</div>
</div>
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">
at
io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)</div>
</div>
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)</div>
</div>
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">
at
io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)</div>
</div>
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">
at
io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)</div>
</div>
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">
at
io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)</div>
</div>
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">
at
io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)</div>
</div>
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">
at
io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)</div>
</div>
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">
at
io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)</div>
</div>
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)</div>
</div>
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">
at
org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)</div>
</div>
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)</div>
</div>
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)</div>
</div>
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">
at
io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:284)</div>
</div>
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">
at
io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:263)</div>
</div>
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">
at
io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)</div>
</div>
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">
at
io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:174)</div>
</div>
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">
at
io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)</div>
</div>
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">
at
io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:793)</div>
</div>
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)</div>
</div>
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)</div>
</div>
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">
at java.lang.Thread.run(Thread.java:745)</div>
</div>
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">Caused
by: java.lang.IllegalArgumentException: RESTEASY003715:
path was null</div>
</div>
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">
at
org.jboss.resteasy.specimpl.ResteasyUriBuilder.path(ResteasyUriBuilder.java:357)</div>
</div>
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">
at
org.keycloak.authentication.AuthenticationProcessor$Result.getActionUrl(AuthenticationProcessor.java:478)</div>
</div>
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">
at
org.keycloak.authentication.authenticators.browser.SpnegoAuthenticator.optionalChallengeRedirect(SpnegoAuthenticator.java:137)</div>
</div>
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">
at
org.keycloak.authentication.authenticators.browser.SpnegoAuthenticator.challengeNegotiation(SpnegoAuthenticator.java:121)</div>
</div>
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">
at
org.keycloak.authentication.authenticators.browser.SpnegoAuthenticator.authenticate(SpnegoAuthenticator.java:65)</div>
</div>
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">
at
org.keycloak.authentication.DefaultAuthenticationFlow.processFlow(DefaultAuthenticationFlow.java:183)</div>
</div>
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">
at
org.keycloak.authentication.AuthenticationProcessor.authenticateOnly(AuthenticationProcessor.java:789)</div>
</div>
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">
at
org.keycloak.protocol.oidc.endpoints.TokenEndpoint.buildResourceOwnerPasswordCredentialsGrant(TokenEndpoint.java:379)</div>
</div>
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">
at
org.keycloak.protocol.oidc.endpoints.TokenEndpoint.build(TokenEndpoint.java:125)</div>
</div>
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">
at
sun.reflect.GeneratedMethodAccessor587.invoke(Unknown
Source)</div>
</div>
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)</div>
</div>
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">
at java.lang.reflect.Method.invoke(Method.java:497)</div>
</div>
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">
at
org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:139)</div>
</div>
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">
at
org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:295)</div>
</div>
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">
at
org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:249)</div>
</div>
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:138)</div>
</div>
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:107)</div>
</div>
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:133)</div>
</div>
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:101)</div>
</div>
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">
at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:395)</div>
</div>
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">
... 37 more</div>
</div>
</blockquote>
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt"><br>
</div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">Looking
in the code, i can see i am missing the "flowPath", but not
sure where this should be set.</div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt"><br>
</div>
</div>
<blockquote style="margin:0 0 0 40px;border:none;padding:0px">
<div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt"><a href="https://github.com/keycloak/keycloak/blob/1.9.x/services/src/main/java/org/keycloak/authentication/authenticators/browser/SpnegoAuthenticator.java#L137" target="_blank"></a><a href="https://github.com/keycloak/keycloak/blob/1.9.x/services/src/main/java/org/keycloak/authentication/authenticators/browser/SpnegoAuthenticator.java#L137" target="_blank">https://github.com/keycloak/keycloak/blob/1.9.x/services/src/main/java/org/keycloak/authentication/authenticators/browser/SpnegoAuthenticator.java#L137</a></div>
</div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt"><br>
</div>
<div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt"><a href="https://github.com/keycloak/keycloak/blob/1.9.x/services/src/main/java/org/keycloak/authentication/AuthenticationProcessor.java#L476" target="_blank"></a><a href="https://github.com/keycloak/keycloak/blob/1.9.x/services/src/main/java/org/keycloak/authentication/AuthenticationProcessor.java#L476" target="_blank">https://github.com/keycloak/keycloak/blob/1.9.x/services/src/main/java/org/keycloak/authentication/AuthenticationProcessor.java#L476</a></div>
</blockquote>
<div><br>
</div>
<div>Can anyone point me in the right direction please.</div>
<div><br>
</div>
-- <br>
<div>
<div dir="ltr"><span style="font-size:small">Gareth Healy </span><br>
<span style="font-size:small">UKI Middleware Consultant </span><br>
<span style="font-size:small">Red Hat UK Ltd </span><br>
<span style="font-size:small">200 Fowler Avenue </span><br>
<span style="font-size:small">Farnborough, Hants </span><br>
<span style="font-size:small">GU14 7JP, UK </span><br>
<br>
<span style="font-size:small">Mobile: <a href="tel:%2B44%280%297818511214" value="+447818511214" target="_blank">+44(0)7818511214</a> </span><br>
<span style="font-size:small">E-Mail: <a href="mailto:gahealy@redhat.com" target="_blank"></a><a href="mailto:gahealy@redhat.com" target="_blank">gahealy@redhat.com</a> </span><br>
<br>
<span style="font-size:small">Registered in England and
Wales under Company Registration No. 03798903</span><br>
</div>
</div>
</div>
<br>
<fieldset></fieldset>
<br>
</div></div><pre>_______________________________________________
keycloak-user mailing list
<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>
</blockquote>
<br>
</div>
</blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr"><span style="font-size:small">Gareth Healy </span><br><span style="font-size:small">UKI Middleware Consultant </span><br><span style="font-size:small">Red Hat UK Ltd </span><br><span style="font-size:small">200 Fowler Avenue </span><br><span style="font-size:small">Farnborough, Hants </span><br><span style="font-size:small">GU14 7JP, UK </span><br><br><span style="font-size:small">Mobile: +44(0)7818511214 </span><br><span style="font-size:small">E-Mail: <a href="mailto:gahealy@redhat.com" target="_blank">gahealy@redhat.com</a> </span><br><br><span style="font-size:small">Registered in England and Wales under Company Registration No. 03798903</span><br></div></div>
</div>