<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">

<head>

<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">

<meta name="Generator" content="Microsoft Word 14 (filtered medium)">

<style><!--

/* Font Definitions */

@font-face

        {font-family:SimSun;

        panose-1:2 1 6 0 3 1 1 1 1 1;}

@font-face

        {font-family:SimSun;

        panose-1:2 1 6 0 3 1 1 1 1 1;}

@font-face

        {font-family:Calibri;

        panose-1:2 15 5 2 2 2 4 3 2 4;}

@font-face

        {font-family:Tahoma;

        panose-1:2 11 6 4 3 5 4 4 2 4;}

@font-face

        {font-family:"Times New Roman \, serif ";}

@font-face

        {font-family:SimSun;

        panose-1:2 1 6 0 3 1 1 1 1 1;}

/* Style Definitions */

p.MsoNormal, li.MsoNormal, div.MsoNormal

        {margin:0cm;

        margin-bottom:.0001pt;

        text-align:justify;

        text-justify:inter-ideograph;

        font-size:10.5pt;

        font-family:"Calibri","sans-serif";

        color:black;}

a:link, span.MsoHyperlink

        {mso-style-priority:99;

        color:blue;

        text-decoration:underline;}

a:visited, span.MsoHyperlinkFollowed

        {mso-style-priority:99;

        color:purple;

        text-decoration:underline;}

pre

        {mso-style-priority:99;

        mso-style-link:"HTML Preformatted Char";

        margin:0cm;

        margin-bottom:.0001pt;

        font-size:10.0pt;

        font-family:"Courier New";

        color:black;}

p.MsoAcetate, li.MsoAcetate, div.MsoAcetate

        {mso-style-priority:99;

        mso-style-link:"Balloon Text Char";

        margin:0cm;

        margin-bottom:.0001pt;

        text-align:justify;

        text-justify:inter-ideograph;

        font-size:8.0pt;

        font-family:"Calibri","sans-serif";

        color:black;}

span.HTMLPreformattedChar

        {mso-style-name:"HTML Preformatted Char";

        mso-style-priority:99;

        mso-style-link:"HTML Preformatted";

        font-family:"Courier New";

        color:black;}

span.BalloonTextChar

        {mso-style-name:"Balloon Text Char";

        mso-style-priority:99;

        mso-style-link:"Balloon Text";

        font-family:"Calibri","sans-serif";

        color:black;}

span.EmailStyle21

        {mso-style-type:personal;

        font-family:"Calibri","sans-serif";

        color:windowtext;}

span.EmailStyle22

        {mso-style-type:personal;

        font-family:"Calibri","sans-serif";

        color:#1F497D;}

span.EmailStyle23

        {mso-style-type:personal;

        font-family:"Calibri","sans-serif";

        color:#1F497D;}

span.EmailStyle24

        {mso-style-type:personal;

        font-family:"Calibri","sans-serif";

        color:#1F497D;}

span.EmailStyle25

        {mso-style-type:personal-reply;

        font-family:"Calibri","sans-serif";

        color:#1F497D;}

.MsoChpDefault

        {mso-style-type:export-only;

        font-size:10.0pt;}

@page WordSection1

        {size:612.0pt 792.0pt;

        margin:72.0pt 90.0pt 72.0pt 90.0pt;}

div.WordSection1

        {page:WordSection1;}

--></style><!--[if gte mso 9]><xml>

<o:shapedefaults v:ext="edit" spidmax="1026" />

</xml><![endif]--><!--[if gte mso 9]><xml>

<o:shapelayout v:ext="edit">

<o:idmap v:ext="edit" data="1" />

</o:shapelayout></xml><![endif]-->

</head>

<body bgcolor="white" lang="ZH-CN" link="blue" vlink="purple">

<div class="WordSection1">

<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">Marek,<o:p></o:p></span></p>

<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D"><o:p>&nbsp;</o:p></span></p>

<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">&nbsp;&nbsp;&nbsp;&nbsp; After setting https.proxyHost and https.proxyPort of JVM, &#8220;Connection timed out&#8221; issue is fixed.<o:p></o:p></span></p>

<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D"><o:p>&nbsp;</o:p></span></p>

<p class="MsoNormal" style="text-indent:9.6pt"><span lang="EN-US" style="color:#1F497D">Thanks,<o:p></o:p></span></p>

<p class="MsoNormal" style="text-indent:9.6pt"><span lang="EN-US" style="color:#1F497D"><o:p>&nbsp;</o:p></span></p>

<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">Ming Li<o:p></o:p></span></p>

<div>

<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm">

<p class="MsoNormal" align="left" style="text-align:left"><b><span lang="EN-US" style="font-size:10.0pt;font-family:&quot;Tahoma&quot;,&quot;sans-serif&quot;;color:windowtext">From:</span></b><span lang="EN-US" style="font-size:10.0pt;font-family:&quot;Tahoma&quot;,&quot;sans-serif&quot;;color:windowtext">

 Marek Posolda [mailto:mposolda@redhat.com] <br>

<b>Sent:</b> Wednesday, June 08, 2016 6:08 PM<br>

<b>To:</b> LI Ming; keycloak-user@lists.jboss.org<br>

<b>Subject:</b> Re: [keycloak-user] When using Social Identity Provider, it failed with failure &quot;Connection timed out&quot;<o:p></o:p></span></p>

</div>

</div>

<p class="MsoNormal" align="left" style="text-align:left"><span lang="EN-US"><o:p>&nbsp;</o:p></span></p>

<div>

<p class="MsoNormal"><span lang="EN-US">The keycloak tries to send POST request to the endpoint specified as &quot;token URL&quot; in the configuration. In case of github provider, token URL is set to

</span><b><span lang="EN-US" style="color:green"><a href="https://github.com/login/oauth/access_token">https://github.com/login/oauth/access_token</a> .<br>

<br>

</span></b><span lang="EN-US">TBH I don't know how exactly this works if you are behind proxy. However SimpleHttp class is using standard java.net.HttpURLConnection to send backchannel request and it seems that this is able to read system properties &quot;http.proxyHost&quot;

 and &quot;http.proxyPort&quot; as Niels pointed. I assume that system properties are working based on the

<a href="http://stackoverflow.com/questions/1432961/how-do-i-make-httpurlconnection-use-a-proxy">

http://stackoverflow.com/questions/1432961/how-do-i-make-httpurlconnection-use-a-proxy</a> (see post from Sean Owen).<br>

<br>

Marek<br>

<br>

On 08/06/16 00:04, LI Ming wrote:<o:p></o:p></span></p>

</div>

<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">

<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">Marek,</span><span lang="EN-US"><o:p></o:p></span></p>

<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">&nbsp;</span><span lang="EN-US"><o:p></o:p></span></p>

<p class="MsoNormal" style="text-indent:9.6pt"><span lang="EN-US" style="color:#1F497D">Do you have idea on the failure reason ?</span><span lang="EN-US"><o:p></o:p></span></p>

<p class="MsoNormal" style="text-indent:9.6pt"><span lang="EN-US" style="color:#1F497D">From the call stack, Keycloak hung at the following function:</span><span lang="EN-US"><o:p></o:p></span></p>

<p class="MsoNormal" style="text-indent:26.25pt"><span lang="EN-US" style="color:#1F497D">org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider$Endpoint.authResponse(AbstractOAuth2IdentityProvider.java:228</span><span lang="EN-US"><o:p></o:p></span></p>

<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">&nbsp;&nbsp;&nbsp; In the source code, Keycloak tried to send Post request to the below Url:</span><span lang="EN-US"><o:p></o:p></span></p>

<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;tokenUrl:&nbsp;

<a href="https://135.1.34.23:8443/auth/realms/demo/protocol/openid-connect/token">

https://135.1.34.23:8443/auth/realms/demo/protocol/openid-connect/token</a></span><span lang="EN-US"><o:p></o:p></span></p>

<p class="MsoNormal" style="text-indent:9.6pt"><span lang="EN-US" style="color:#1F497D">It is local token authentication service, why reporting &#8220;Connection timed out&#8221;?</span><span lang="EN-US"><o:p></o:p></span></p>

<p class="MsoNormal" style="text-indent:9.6pt"><span lang="EN-US" style="color:#1F497D">&nbsp;</span><span lang="EN-US"><o:p></o:p></span></p>

<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">Ming Li</span><span lang="EN-US"><o:p></o:p></span></p>

<div>

<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm">

<p class="MsoNormal" align="left" style="text-align:left"><b><span lang="EN-US" style="font-size:10.0pt;font-family:&quot;Tahoma&quot;,&quot;sans-serif&quot;;color:windowtext">From:</span></b><span lang="EN-US" style="font-size:10.0pt;font-family:&quot;Tahoma&quot;,&quot;sans-serif&quot;;color:windowtext">

<a href="mailto:keycloak-user-bounces@lists.jboss.org">keycloak-user-bounces@lists.jboss.org</a> [<a href="mailto:keycloak-user-bounces@lists.jboss.org">mailto:keycloak-user-bounces@lists.jboss.org</a>]

<b>On Behalf Of </b>LI Ming<br>

<b>Sent:</b> Tuesday, June 07, 2016 4:42 PM<br>

<b>To:</b> Marek Posolda; <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>

<b>Subject:</b> Re: [keycloak-user] When using Social Identity Provider, it failed with failure &quot;Connection timed out&quot;</span><span lang="EN-US"><o:p></o:p></span></p>

</div>

</div>

<p class="MsoNormal" align="left" style="text-align:left"><span lang="EN-US">&nbsp;<o:p></o:p></span></p>

<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">No, github is not working.</span><span lang="EN-US"><o:p></o:p></span></p>

<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">BTW, my server needs set http_proxy/https_proxy to access github.com.</span><span lang="EN-US"><o:p></o:p></span></p>

<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">&nbsp;</span><span lang="EN-US"><o:p></o:p></span></p>

<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">wget --secure-protocol=TLSv1 github.com</span><span lang="EN-US"><o:p></o:p></span></p>

<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">&nbsp;</span><span lang="EN-US"><o:p></o:p></span></p>

<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">--2016-06-07 03:39:02--&nbsp;

<a href="http://github.com/">http://github.com/</a></span><span lang="EN-US"><o:p></o:p></span></p>

<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">Resolving global.proxy.alcatel-lucent.com (global.proxy.alcatel-lucent.com)... 135.245.48.33</span><span lang="EN-US"><o:p></o:p></span></p>

<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">Connecting to global.proxy.alcatel-lucent.com (global.proxy.alcatel-lucent.com)|135.245.48.33|:8000... connected.</span><span lang="EN-US"><o:p></o:p></span></p>

<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">Proxy request sent, awaiting response... 301 Moved Permanently</span><span lang="EN-US"><o:p></o:p></span></p>

<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">Location: <a href="https://github.com/">

https://github.com/</a> [following]</span><span lang="EN-US"><o:p></o:p></span></p>

<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">--2016-06-07 03:39:03--&nbsp;

<a href="https://github.com/">https://github.com/</a></span><span lang="EN-US"><o:p></o:p></span></p>

<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">Connecting to global.proxy.alcatel-lucent.com (global.proxy.alcatel-lucent.com)|135.245.48.33|:8000... connected.</span><span lang="EN-US"><o:p></o:p></span></p>

<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">Proxy request sent, awaiting response... 200 OK</span><span lang="EN-US"><o:p></o:p></span></p>

<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">Length: unspecified [text/html]</span><span lang="EN-US"><o:p></o:p></span></p>

<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">Saving to: 'index.html'</span><span lang="EN-US"><o:p></o:p></span></p>

<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">&nbsp;</span><span lang="EN-US"><o:p></o:p></span></p>

<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">&nbsp;&nbsp;&nbsp; [ &lt;=&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ] 25,508&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; --.-K/s&nbsp;&nbsp; in 0.03s&nbsp;&nbsp;

</span><span lang="EN-US"><o:p></o:p></span></p>

<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">&nbsp;</span><span lang="EN-US"><o:p></o:p></span></p>

<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">2016-06-07 03:39:03 (870 KB/s) - 'index.html' saved [25508]</span><span lang="EN-US"><o:p></o:p></span></p>

<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">&nbsp;</span><span lang="EN-US"><o:p></o:p></span></p>

<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">Github.com can be accessible via http proxy. I do not know why keycloak will complain the certificate.</span><span lang="EN-US"><o:p></o:p></span></p>

<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">&nbsp;</span><span lang="EN-US"><o:p></o:p></span></p>

<div>

<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm">

<p class="MsoNormal" align="left" style="text-align:left"><b><span lang="EN-US" style="font-size:10.0pt;font-family:&quot;Tahoma&quot;,&quot;sans-serif&quot;;color:windowtext">From:</span></b><span lang="EN-US" style="font-size:10.0pt;font-family:&quot;Tahoma&quot;,&quot;sans-serif&quot;;color:windowtext">

 Marek Posolda [<a href="mailto:mposolda@redhat.com">mailto:mposolda@redhat.com</a>]

<br>

<b>Sent:</b> Tuesday, June 07, 2016 4:07 PM<br>

<b>To:</b> LI Ming; <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>

<b>Subject:</b> Re: [keycloak-user] When using Social Identity Provider, it failed with failure &quot;Connection timed out&quot;</span><span lang="EN-US"><o:p></o:p></span></p>

</div>

</div>

<p class="MsoNormal" align="left" style="text-align:left"><span lang="EN-US">&nbsp;<o:p></o:p></span></p>

<div>

<p class="MsoNormal"><span lang="EN-US">Hmm... is github working for you if you omit the &quot;truststore&quot; configuration in keycloak-server.json and use the default java cacerts file without any changes?<br>

<br>

Marek<br>

<br>

On 07/06/16 09:38, LI Ming wrote:<o:p></o:p></span></p>

</div>

<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">

<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">Marek,</span><span lang="EN-US"><o:p></o:p></span></p>

<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">&nbsp;</span><span lang="EN-US"><o:p></o:p></span></p>

<p class="MsoNormal" style="text-indent:9.6pt"><span lang="EN-US" style="color:#1F497D">I already set truststore file to the default java certificates file path in keycloak configuration file $KEYCLOAK_HOME/standalone/configuration/keycloak-server.json as below:</span><span lang="EN-US"><o:p></o:p></span></p>

<p class="MsoNormal" style="text-indent:9.6pt"><span lang="EN-US" style="color:#1F497D">&nbsp;&nbsp;&nbsp; &quot;truststore&quot;: {</span><span lang="EN-US"><o:p></o:p></span></p>

<p class="MsoNormal" style="text-indent:9.6pt"><span lang="EN-US" style="color:#1F497D">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &quot;file&quot;: {</span><span lang="EN-US"><o:p></o:p></span></p>

<p class="MsoNormal" style="text-indent:9.6pt"><span lang="EN-US" style="color:#1F497D">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &quot;file&quot;: &quot;/usr/java/jre/lib/security/cacerts&quot;,</span><span lang="EN-US"><o:p></o:p></span></p>

<p class="MsoNormal" style="text-indent:9.6pt"><span lang="EN-US" style="color:#1F497D">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &quot;password&quot;: &quot;changeit&quot;,</span><span lang="EN-US"><o:p></o:p></span></p>

<p class="MsoNormal" style="text-indent:9.6pt"><span lang="EN-US" style="color:#1F497D">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &quot;hostname-verification-policy&quot;: &quot;ANY&quot;,</span><span lang="EN-US"><o:p></o:p></span></p>

<p class="MsoNormal" style="text-indent:9.6pt"><span lang="EN-US" style="color:#1F497D">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &quot;disabled&quot;: false</span><span lang="EN-US"><o:p></o:p></span></p>

<p class="MsoNormal" style="text-indent:9.6pt"><span lang="EN-US" style="color:#1F497D">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }</span><span lang="EN-US"><o:p></o:p></span></p>

<p class="MsoNormal" style="text-indent:9.6pt"><span lang="EN-US" style="color:#1F497D">&nbsp;&nbsp;&nbsp; }</span><span lang="EN-US"><o:p></o:p></span></p>

<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">&nbsp;&nbsp; And I put my customer certificate file in it also.</span><span lang="EN-US"><o:p></o:p></span></p>

<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">&nbsp;</span><span lang="EN-US"><o:p></o:p></span></p>

<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">Ming Li</span><span lang="EN-US"><o:p></o:p></span></p>

<div>

<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm">

<p class="MsoNormal" align="left" style="text-align:left"><b><span lang="EN-US" style="font-size:10.0pt;font-family:&quot;Tahoma&quot;,&quot;sans-serif&quot;;color:windowtext">From:</span></b><span lang="EN-US" style="font-size:10.0pt;font-family:&quot;Tahoma&quot;,&quot;sans-serif&quot;;color:windowtext">

 Marek Posolda [<a href="mailto:mposolda@redhat.com">mailto:mposolda@redhat.com</a>]

<br>

<b>Sent:</b> Tuesday, June 07, 2016 3:17 PM<br>

<b>To:</b> LI Ming; <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>

<b>Subject:</b> Re: [keycloak-user] When using Social Identity Provider, it failed with failure &quot;Connection timed out&quot;</span><span lang="EN-US"><o:p></o:p></span></p>

</div>

</div>

<p class="MsoNormal" align="left" style="text-align:left"><span lang="EN-US">&nbsp;<o:p></o:p></span></p>

<div>

<p class="MsoNormal"><span lang="EN-US">It seems that's because Keycloak is not able to send backchannel request to github due to github certificate not trusted.

<br>

<br>

Are you using custom truststore set with truststore SPI or with &quot;javax.net.ssl.truststore&quot; system property? I think that by default github SSL certificate is verified by well-known CA, so it shouldn't be the issue to connect to that if you use default Java

 file with certificates (cacerts). However if you have custom trustore set, then default java cacerts file is possibly not used, so well-known certificates like the one from github are not trusted. We should likely have a solution, which will allow to set custom

 truststore in addition to default java cacerts file. But until we have it, you probably need to manually create truststore file, where you import both the &quot;well-known&quot; certificates together with your custom certificates.<br>

<br>

Marek<br>

<br>

On 07/06/16 08:02, LI Ming wrote:<o:p></o:p></span></p>

</div>

<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">

<p class="MsoNormal"><span lang="EN-US">Hi,<o:p></o:p></span></p>

<p class="MsoNormal"><span lang="EN-US">&nbsp;<o:p></o:p></span></p>

<p class="MsoNormal"><span lang="EN-US">&nbsp; When I setup social identity provider (GitHub) to authenticate the user, it always failed with the below error:<o:p></o:p></span></p>

<p class="MsoNormal"><span lang="EN-US">&nbsp;<o:p></o:p></span></p>

<p class="MsoNormal"><span lang="EN-US">2016-06-07 00:49:05,349 ERROR [org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider] (default task-9) Failed to make identity provider oauth callback: java.net.ConnectException: Connection timed out<o:p></o:p></span></p>

<p class="MsoNormal"><span lang="EN-US">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at java.net.PlainSocketImpl.socketConnect(Native Method)<o:p></o:p></span></p>

<p class="MsoNormal"><span lang="EN-US">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)<o:p></o:p></span></p>

<p class="MsoNormal"><span lang="EN-US">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)<o:p></o:p></span></p>

<p class="MsoNormal"><span lang="EN-US">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)<o:p></o:p></span></p>

<p class="MsoNormal"><span lang="EN-US">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)<o:p></o:p></span></p>

<p class="MsoNormal"><span lang="EN-US">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at java.net.Socket.connect(Socket.java:589)<o:p></o:p></span></p>

<p class="MsoNormal"><span lang="EN-US">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:668)<o:p></o:p></span></p>

<p class="MsoNormal"><span lang="EN-US">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at sun.security.ssl.BaseSSLSocketImpl.connect(BaseSSLSocketImpl.java:173)<o:p></o:p></span></p>

<p class="MsoNormal"><span lang="EN-US">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at sun.net.NetworkClient.doConnect(NetworkClient.java:180)<o:p></o:p></span></p>

<p class="MsoNormal"><span lang="EN-US">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at sun.net.www.http.HttpClient.openServer(HttpClient.java:432)<o:p></o:p></span></p>

<p class="MsoNormal"><span lang="EN-US">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at sun.net.www.http.HttpClient.openServer(HttpClient.java:527)<o:p></o:p></span></p>

<p class="MsoNormal"><span lang="EN-US">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at sun.net.www.protocol.https.HttpsClient.&lt;init&gt;(HttpsClient.java:264)<o:p></o:p></span></p>

<p class="MsoNormal"><span lang="EN-US">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:367)<o:p></o:p></span></p>

<p class="MsoNormal"><span lang="EN-US">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(AbstractDelegateHttpsURLConnection.java:191)<o:p></o:p></span></p>

<p class="MsoNormal"><span lang="EN-US">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at sun.net.www.protocol.http.HttpURLConnection.plainConnect0(HttpURLConnection.java:1105)<o:p></o:p></span></p>

<p class="MsoNormal"><span lang="EN-US">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:999)<o:p></o:p></span></p>

<p class="MsoNormal"><span lang="EN-US">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:177)<o:p></o:p></span></p>

<p class="MsoNormal"><span lang="EN-US">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(HttpURLConnection.java:1283)<o:p></o:p></span></p>

<p class="MsoNormal"><span lang="EN-US">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1258)<o:p></o:p></span></p>

<p class="MsoNormal"><span lang="EN-US">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:250)<o:p></o:p></span></p>

<p class="MsoNormal"><span lang="EN-US">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.keycloak.broker.provider.util.SimpleHttp.asString(SimpleHttp.java:141)<o:p></o:p></span></p>

<p class="MsoNormal"><span lang="EN-US">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider$Endpoint.authResponse(AbstractOAuth2IdentityProvider.java:228)<o:p></o:p></span></p>

<p class="MsoNormal"><span lang="EN-US">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)<o:p></o:p></span></p>

<p class="MsoNormal"><span lang="EN-US">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &#8230;<o:p></o:p></span></p>

<p class="MsoNormal"><span lang="EN-US">2016-06-07 00:49:05,355 WARN&nbsp; [org.keycloak.events] (default task-9) type=LOGIN_ERROR, realmId=demo, clientId=null, userId=null, ipAddress=135.252.159.35, error=identity_provider_login_failure<o:p></o:p></span></p>

<p class="MsoNormal"><span lang="EN-US">&nbsp;<o:p></o:p></span></p>

<p class="MsoNormal"><span lang="EN-US">&nbsp;&nbsp; Can you help to identity the failure reason?<o:p></o:p></span></p>

<p class="MsoNormal"><span lang="EN-US">&nbsp;<o:p></o:p></span></p>

<p class="MsoNormal"><span lang="EN-US">&nbsp;&nbsp; Thanks,<o:p></o:p></span></p>

<p class="MsoNormal"><span lang="EN-US">&nbsp;<o:p></o:p></span></p>

<p class="MsoNormal"><span lang="EN-US">Ming Li<o:p></o:p></span></p>

<p class="MsoNormal" align="left" style="margin-bottom:12.0pt;text-align:left"><span lang="EN-US" style="font-size:12.0pt;font-family:&quot;Times New Roman \, serif &quot;"><br>

<br>

<br>

<br>

</span><span lang="EN-US"><o:p></o:p></span></p>

<pre><span lang="EN-US">_______________________________________________<o:p></o:p></span></pre>

<pre><span lang="EN-US">keycloak-user mailing list<o:p></o:p></span></pre>

<pre><span lang="EN-US"><a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><o:p></o:p></span></pre>

<pre><span lang="EN-US"><a href="https://lists.jboss.org/mailman/listinfo/keycloak-user">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><o:p></o:p></span></pre>

</blockquote>

<p class="MsoNormal" align="left" style="text-align:left"><span lang="EN-US" style="font-size:12.0pt;font-family:&quot;Times New Roman \, serif &quot;">&nbsp;</span><span lang="EN-US"><o:p></o:p></span></p>

</blockquote>

<p class="MsoNormal" align="left" style="text-align:left"><span lang="EN-US" style="font-size:12.0pt;font-family:&quot;Times New Roman \, serif &quot;">&nbsp;</span><span lang="EN-US"><o:p></o:p></span></p>

</blockquote>

<p class="MsoNormal" align="left" style="text-align:left"><span lang="EN-US" style="font-size:12.0pt;font-family:&quot;Times New Roman&quot;,&quot;serif&quot;"><o:p>&nbsp;</o:p></span></p>

</div>

</body>

</html>