[keycloak-dev] Issue with BrowserHandler using the saml2 adapter in wildfly 10

Hi everybody, I just started to use the SAML2-authentication-adapter of Keycloak in Wildfly 10. I use it according to this documentation: http://www.keycloak.org/docs/3.0/securing_apps/topics/saml/java/jboss-ada... As it did not work, I debugged into the adapter code and narrowed the problem down to org.keycloak.adapters.saml.undertow.UndertowSamlAuthenticator.createBrowserHandler(HttpFacade, SamlDeployment, SamlSessionStore) where a org.keycloak.adapters.saml.profile.webbrowsersso.BrowserHandler is instantiated. This BrowserHandler always passes null as samlRequest, samlResponse and relayState. When I create a org.keycloak.adapters.saml.profile.webbrowsersso.WebBrowserSsoAuthenticationHandler instead, the code works as expected. Is this a bug in the BrowserHandler or am I missing some important configuration option? -- Another question on this topic: The configuration with <secure-deployment >...</secure-deployment> bypasses any existing <login-module> as far as I can see. Is this the case? Is there any possibility to configure a custom login-module that could authenticate a user before using the Keycloak authentication mechanism? I would like to use the Keycloak authentication as a fallback only. Thanks in advance, Daniel Schmidt