<div dir="ltr">Hi Marek,<div><br></div><div>Thanks for the clarification.</div><div><br></div><div>Cheers.</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, May 25, 2016 at 12:43 PM, Marek Posolda <span dir="ltr">&lt;<a href="mailto:mposolda@redhat.com" target="_blank">mposolda@redhat.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
  
    
  
  <div bgcolor="#FFFFFF" text="#000000">
    <div>Hi,<br>
      <br>
      it seems from the log, that you tried to put Kerberos
      (SpnegoAuthenticator) to the directAccessGrant flow, is it
      correct? This won&#39;t work. The implementation of
      SpnegoAuthenticator is supposed to work just for browser based
      flow when browser is supposed to send HTTP header with SPNEGO
      token like &quot;Authorization: Negotiate your-spnego-kerberos-token&quot;
      .  <br>
      <br>
      It seems that to avoid similar confusions, we should have some
      filters (or authentication subtypes), which will allow to specify
      which authenticator is supposed to be used in which flow. I&#39;ve
      created JIRA for that
      <a href="https://issues.jboss.org/browse/KEYCLOAK-3043" target="_blank">https://issues.jboss.org/browse/KEYCLOAK-3043</a> .<br>
      <br>
      If I understand correctly your usecase, you sent username+password
      to direct grant authentication and you want Keycloak to verify the
      given username+password against Kerberos right? In this case, you
      can just use default directGrant flow without any changes. All you
      need to do is to check the flag &quot; Use Kerberos For Password
      Authentication&quot; in the configuration of your LDAP federation
      provider.<br>
      <br>
      Marek<div><div class="h5"><br>
      <br>
      <br>
      On 23/05/16 17:51, Gareth Healy wrote:<br>
    </div></div></div>
    <blockquote type="cite"><div><div class="h5">
      <div dir="ltr">
        <div>I am trying to hook up APIMan with KeyCloak using Kerberos
          and OAuth2. I am trying to get a token from key cloak using
          the following URL:</div>
        <br clear="all">
        <blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px">
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px">curl
              -X POST <a href="http://localhost:29080/auth/realms/freeipa/protocol/openid-connect/token" target="_blank">http://localhost:29080/auth/realms/freeipa/protocol/openid-connect/token</a>
               -H &quot;Content-Type: application/x-www-form-urlencoded&quot; -d
              &quot;username=admin&quot; -d &#39;password=Secret123&#39; -d
              &#39;grant_type=password&#39; -d &#39;client_id=mapper&#39; -d
              &#39;client_secret=027fbd51-135b-47d6-86cd-7ce541b38984&#39;</div>
          </div>
        </blockquote>
        <div>
          <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px"><br>
          </div>
          <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px">But,
            get an exception back:</div>
        </div>
        <blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px">
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:13px"><br>
            </div>
          </div>
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">2016-05-23
              14:22:25,676 DEBUG [org.keycloak.services] (default
              task-51) AUTHENTICATE CLIENT</div>
          </div>
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">2016-05-23
              14:22:25,676 TRACE [org.keycloak.services] (default
              task-51) Using executions for client authentication:
              [de08b32a-a4a5-469c-91cc-0fbca51e1c2f,
              de3db156-dcc2-4346-bf3a-e56e8e10ed5f]</div>
          </div>
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">2016-05-23
              14:22:25,676 DEBUG [org.keycloak.services] (default
              task-51) client authenticator: client-secret</div>
          </div>
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">2016-05-23
              14:22:25,676 DEBUG [org.keycloak.services] (default
              task-51) client authenticator SUCCESS: client-secret</div>
          </div>
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">2016-05-23
              14:22:25,676 DEBUG [org.keycloak.services] (default
              task-51) Client mapper authenticated by client-secret</div>
          </div>
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">2016-05-23
              14:22:25,676 TRACE
              [org.keycloak.models.sessions.infinispan.InfinispanUserSessionProvider]
              (default task-51) Adding cache operation: ADD on
              7ad60b45-4e69-45a4-a995-ee65d9ee47ae</div>
          </div>
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">2016-05-23
              14:22:25,676 TRACE
              [org.keycloak.models.sessions.infinispan.InfinispanUserSessionProvider]
              (default task-51) Adding cache operation: REPLACE on
              7ad60b45-4e69-45a4-a995-ee65d9ee47ae</div>
          </div>
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">2016-05-23
              14:22:25,676 TRACE
              [org.keycloak.models.sessions.infinispan.InfinispanUserSessionProvider]
              (default task-51) Adding cache operation: REPLACE on
              7ad60b45-4e69-45a4-a995-ee65d9ee47ae</div>
          </div>
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">2016-05-23
              14:22:25,676 TRACE
              [org.keycloak.models.sessions.infinispan.InfinispanUserSessionProvider]
              (default task-51) Adding cache operation: REPLACE on
              7ad60b45-4e69-45a4-a995-ee65d9ee47ae</div>
          </div>
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">2016-05-23
              14:22:25,676 TRACE
              [org.keycloak.models.sessions.infinispan.InfinispanUserSessionProvider]
              (default task-51) Adding cache operation: REPLACE on
              7ad60b45-4e69-45a4-a995-ee65d9ee47ae</div>
          </div>
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">2016-05-23
              14:22:25,676 TRACE
              [org.keycloak.models.sessions.infinispan.InfinispanUserSessionProvider]
              (default task-51) Adding cache operation: REPLACE on
              7ad60b45-4e69-45a4-a995-ee65d9ee47ae</div>
          </div>
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">2016-05-23
              14:22:25,676 DEBUG [org.keycloak.services] (default
              task-51) AUTHENTICATE ONLY</div>
          </div>
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">2016-05-23
              14:22:25,676 TRACE
              [org.keycloak.models.sessions.infinispan.InfinispanUserSessionProvider]
              (default task-51) Adding cache operation: REPLACE on
              7ad60b45-4e69-45a4-a995-ee65d9ee47ae</div>
          </div>
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">2016-05-23
              14:22:25,676 DEBUG [org.keycloak.services] (default
              task-51) processFlow</div>
          </div>
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">2016-05-23
              14:22:25,676 DEBUG [org.keycloak.services] (default
              task-51) check execution: direct-grant-validate-username
              requirement: REQUIRED</div>
          </div>
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">2016-05-23
              14:22:25,676 DEBUG [org.keycloak.services] (default
              task-51) authenticator: direct-grant-validate-username</div>
          </div>
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">2016-05-23
              14:22:25,676 DEBUG [org.keycloak.services] (default
              task-51) invoke authenticator.authenticate</div>
          </div>
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">2016-05-23
              14:22:25,676 TRACE
              [org.keycloak.models.sessions.infinispan.InfinispanUserSessionProvider]
              (default task-51) Adding cache operation: REPLACE on
              7ad60b45-4e69-45a4-a995-ee65d9ee47ae</div>
          </div>
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">2016-05-23
              14:22:25,677 TRACE
              [org.keycloak.federation.ldap.idm.store.ldap.LDAPIdentityStore]
              (default task-51) Using filter for LDAP search:
              (&amp;(uid=admin)(objectclass=person)) . Searching in DN:
              cn=users,cn=accounts,dc=example,dc=test</div>
          </div>
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">2016-05-23
              14:22:25,682 TRACE
              [org.keycloak.federation.ldap.idm.store.ldap.LDAPIdentityStore]
              (default task-51) Found ldap object and populated with the
              attributes. LDAP Object: LDAP Object [ dn:
              uid=admin,cn=users,cn=accounts,dc=example,dc=test , uuid:
              afc65b08-1e75-11e6-9645-02420a01010f, attributes:
              {uid=[admin], gecos=[Administrator], sn=[Administrator],
              cn=[Administrator], createTimestamp=[20160520102908Z],
              modifyTimestamp=[20160523142225Z]}, readOnly attribute
              names: [createtimestamp, modifytimestamp] ]</div>
          </div>
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">2016-05-23
              14:22:25,682 TRACE
              [org.keycloak.models.sessions.infinispan.InfinispanUserSessionProvider]
              (default task-51) Adding cache operation: REPLACE on
              7ad60b45-4e69-45a4-a995-ee65d9ee47ae</div>
          </div>
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">2016-05-23
              14:22:25,682 DEBUG [org.keycloak.services] (default
              task-51) authenticator SUCCESS:
              direct-grant-validate-username</div>
          </div>
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">2016-05-23
              14:22:25,682 TRACE
              [org.keycloak.models.sessions.infinispan.InfinispanUserSessionProvider]
              (default task-51) Adding cache operation: REPLACE on
              7ad60b45-4e69-45a4-a995-ee65d9ee47ae</div>
          </div>
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">2016-05-23
              14:22:25,682 DEBUG [org.keycloak.services] (default
              task-51) check execution: direct-grant-validate-password
              requirement: DISABLED</div>
          </div>
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">2016-05-23
              14:22:25,682 DEBUG [org.keycloak.services] (default
              task-51) execution is processed</div>
          </div>
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">2016-05-23
              14:22:25,682 DEBUG [org.keycloak.services] (default
              task-51) check execution: auth-spnego requirement:
              ALTERNATIVE</div>
          </div>
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">2016-05-23
              14:22:25,682 DEBUG [org.keycloak.services] (default
              task-51) authenticator: auth-spnego</div>
          </div>
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">2016-05-23
              14:22:25,682 DEBUG [org.keycloak.services] (default
              task-51) invoke authenticator.authenticate</div>
          </div>
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">2016-05-23
              14:22:25,682 TRACE [org.keycloak.services] (default
              task-51) Sending back WWW-Authenticate: Negotiate</div>
          </div>
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">2016-05-23
              14:22:25,682 TRACE
              [org.keycloak.models.sessions.infinispan.InfinispanUserSessionProvider]
              (default task-51) Adding cache operation: REPLACE on
              7ad60b45-4e69-45a4-a995-ee65d9ee47ae</div>
          </div>
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">2016-05-23
              14:22:25,683 ERROR [io.undertow.request] (default task-51)
              UT005023: Exception handling request to
              /auth/realms/freeipa/protocol/openid-connect/token:
              org.jboss.resteasy.spi.UnhandledException:
              java.lang.IllegalArgumentException: RESTEASY003715: path
              was null</div>
          </div>
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt"> 
                    at
org.jboss.resteasy.core.ExceptionHandler.handleApplicationException(ExceptionHandler.java:76)</div>
          </div>
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt"> 
                    at
org.jboss.resteasy.core.ExceptionHandler.handleException(ExceptionHandler.java:212)</div>
          </div>
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt"> 
                    at
org.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:168)</div>
          </div>
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt"> 
                    at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:411)</div>
          </div>
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt"> 
                    at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:202)</div>
          </div>
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt"> 
                    at
org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:221)</div>
          </div>
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt"> 
                    at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)</div>
          </div>
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt"> 
                    at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)</div>
          </div>
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt"> 
                    at
              javax.servlet.http.HttpServlet.service(HttpServlet.java:790)</div>
          </div>
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt"> 
                    at
io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)</div>
          </div>
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt"> 
                    at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)</div>
          </div>
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt"> 
                    at
org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:78)</div>
          </div>
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt"> 
                    at
              io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)</div>
          </div>
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt"> 
                    at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)</div>
          </div>
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt"> 
                    at
io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)</div>
          </div>
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt"> 
                    at
io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)</div>
          </div>
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt"> 
                    at
io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)</div>
          </div>
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt"> 
                    at
org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)</div>
          </div>
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt"> 
                    at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)</div>
          </div>
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt"> 
                    at
io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)</div>
          </div>
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt"> 
                    at
io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)</div>
          </div>
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt"> 
                    at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)</div>
          </div>
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt"> 
                    at
io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)</div>
          </div>
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt"> 
                    at
io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)</div>
          </div>
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt"> 
                    at
io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)</div>
          </div>
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt"> 
                    at
io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)</div>
          </div>
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt"> 
                    at
io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)</div>
          </div>
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt"> 
                    at
io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)</div>
          </div>
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt"> 
                    at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)</div>
          </div>
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt"> 
                    at
org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)</div>
          </div>
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt"> 
                    at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)</div>
          </div>
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt"> 
                    at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)</div>
          </div>
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt"> 
                    at
io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:284)</div>
          </div>
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt"> 
                    at
io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:263)</div>
          </div>
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt"> 
                    at
io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)</div>
          </div>
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt"> 
                    at
io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:174)</div>
          </div>
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt"> 
                    at
              io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)</div>
          </div>
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt"> 
                    at
              io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:793)</div>
          </div>
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt"> 
                    at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)</div>
          </div>
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt"> 
                    at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)</div>
          </div>
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt"> 
                    at java.lang.Thread.run(Thread.java:745)</div>
          </div>
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">Caused
              by: java.lang.IllegalArgumentException: RESTEASY003715:
              path was null</div>
          </div>
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt"> 
                    at
org.jboss.resteasy.specimpl.ResteasyUriBuilder.path(ResteasyUriBuilder.java:357)</div>
          </div>
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt"> 
                    at
org.keycloak.authentication.AuthenticationProcessor$Result.getActionUrl(AuthenticationProcessor.java:478)</div>
          </div>
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt"> 
                    at
org.keycloak.authentication.authenticators.browser.SpnegoAuthenticator.optionalChallengeRedirect(SpnegoAuthenticator.java:137)</div>
          </div>
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt"> 
                    at
org.keycloak.authentication.authenticators.browser.SpnegoAuthenticator.challengeNegotiation(SpnegoAuthenticator.java:121)</div>
          </div>
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt"> 
                    at
org.keycloak.authentication.authenticators.browser.SpnegoAuthenticator.authenticate(SpnegoAuthenticator.java:65)</div>
          </div>
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt"> 
                    at
org.keycloak.authentication.DefaultAuthenticationFlow.processFlow(DefaultAuthenticationFlow.java:183)</div>
          </div>
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt"> 
                    at
org.keycloak.authentication.AuthenticationProcessor.authenticateOnly(AuthenticationProcessor.java:789)</div>
          </div>
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt"> 
                    at
org.keycloak.protocol.oidc.endpoints.TokenEndpoint.buildResourceOwnerPasswordCredentialsGrant(TokenEndpoint.java:379)</div>
          </div>
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt"> 
                    at
org.keycloak.protocol.oidc.endpoints.TokenEndpoint.build(TokenEndpoint.java:125)</div>
          </div>
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt"> 
                    at
              sun.reflect.GeneratedMethodAccessor587.invoke(Unknown
              Source)</div>
          </div>
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt"> 
                    at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)</div>
          </div>
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt"> 
                    at java.lang.reflect.Method.invoke(Method.java:497)</div>
          </div>
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt"> 
                    at
org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:139)</div>
          </div>
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt"> 
                    at
org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:295)</div>
          </div>
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt"> 
                    at
org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:249)</div>
          </div>
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt"> 
                    at
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:138)</div>
          </div>
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt"> 
                    at
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:107)</div>
          </div>
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt"> 
                    at
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:133)</div>
          </div>
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt"> 
                    at
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:101)</div>
          </div>
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt"> 
                    at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:395)</div>
          </div>
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt"> 
                    ... 37 more</div>
          </div>
        </blockquote>
        <div>
          <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt"><br>
          </div>
          <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt">Looking
            in the code, i can see i am missing the &quot;flowPath&quot;, but not
            sure where this should be set.</div>
          <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt"><br>
          </div>
        </div>
        <blockquote style="margin:0 0 0 40px;border:none;padding:0px">
          <div>
            <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt"><a href="https://github.com/keycloak/keycloak/blob/1.9.x/services/src/main/java/org/keycloak/authentication/authenticators/browser/SpnegoAuthenticator.java#L137" target="_blank"></a><a href="https://github.com/keycloak/keycloak/blob/1.9.x/services/src/main/java/org/keycloak/authentication/authenticators/browser/SpnegoAuthenticator.java#L137" target="_blank">https://github.com/keycloak/keycloak/blob/1.9.x/services/src/main/java/org/keycloak/authentication/authenticators/browser/SpnegoAuthenticator.java#L137</a></div>
          </div>
          <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt"><br>
          </div>
          <div style="color:rgb(0,0,0);font-family:Tahoma;font-size:10pt"><a href="https://github.com/keycloak/keycloak/blob/1.9.x/services/src/main/java/org/keycloak/authentication/AuthenticationProcessor.java#L476" target="_blank"></a><a href="https://github.com/keycloak/keycloak/blob/1.9.x/services/src/main/java/org/keycloak/authentication/AuthenticationProcessor.java#L476" target="_blank">https://github.com/keycloak/keycloak/blob/1.9.x/services/src/main/java/org/keycloak/authentication/AuthenticationProcessor.java#L476</a></div>
        </blockquote>
        <div><br>
        </div>
        <div>Can anyone point me in the right direction please.</div>
        <div><br>
        </div>
        -- <br>
        <div>
          <div dir="ltr"><span style="font-size:small">Gareth Healy </span><br>
            <span style="font-size:small">UKI Middleware Consultant </span><br>
            <span style="font-size:small">Red Hat UK Ltd </span><br>
            <span style="font-size:small">200 Fowler Avenue </span><br>
            <span style="font-size:small">Farnborough, Hants </span><br>
            <span style="font-size:small">GU14 7JP, UK </span><br>
            <br>
            <span style="font-size:small">Mobile: <a href="tel:%2B44%280%297818511214" value="+447818511214" target="_blank">+44(0)7818511214</a> </span><br>
            <span style="font-size:small">E-Mail: <a href="mailto:gahealy@redhat.com" target="_blank"></a><a href="mailto:gahealy@redhat.com" target="_blank">gahealy@redhat.com</a> </span><br>
            <br>
            <span style="font-size:small">Registered in England and
              Wales under Company Registration No. 03798903</span><br>
          </div>
        </div>
      </div>
      <br>
      <fieldset></fieldset>
      <br>
      </div></div><pre>_______________________________________________
keycloak-user mailing list
<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>
    </blockquote>
    <br>
  </div>

</blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr"><span style="font-size:small">Gareth Healy </span><br><span style="font-size:small">UKI Middleware Consultant </span><br><span style="font-size:small">Red Hat UK Ltd </span><br><span style="font-size:small">200 Fowler Avenue </span><br><span style="font-size:small">Farnborough, Hants </span><br><span style="font-size:small">GU14 7JP, UK </span><br><br><span style="font-size:small">Mobile: +44(0)7818511214 </span><br><span style="font-size:small">E-Mail: <a href="mailto:gahealy@redhat.com" target="_blank">gahealy@redhat.com</a> </span><br><br><span style="font-size:small">Registered in England and Wales under Company Registration No. 03798903</span><br></div></div>
</div>