Hi, I'm running my wildfly app with a docker and keycloak too. There are in the same docker network. The problem is when I go in my application ( http://127.0.0.1:8080/akatsuki-javaee-webapp/) the keycloak auth appear, I'm connecting and then I got a Forbidden. I'm trying to solve it since 1 week :/ Please find below some configurations file : *docker-compose.yml :* version: '2' services: wildfly: build: context: WildFly/ container_name: "wildfly" volumes: - /tmp/images:/opt/jboss/images ports: - "8080:8080" networks: - netaka filemanager: build: context: FileManager/ container_name: "filemanager" volumes: - /tmp/images:/usr/local/apache2/htdocs/ ports: - "8082:80" networks: - netaka keycloak: build: context: KeyCloak/ container_name: "keycloak" ports: - "8180:8080" environment: KEYCLOAK_USER: "admin" KEYCLOAK_PASSWORD: "admin" networks: - netaka networks: netaka: driver: bridge *Dockerfile (wildfly) :* FROM jboss/wildfly ADD target/akatsuki-javaee-webapp.war /opt/jboss/wildfly/standalone/deployments/ ENV KEYCLOAK_VERSION 4.6.0.Final WORKDIR /opt/jboss/wildfly/ RUN curl -L https://downloads.jboss.org/keycloak/$KEYCLOAK_VERSION/adapters/keycloak-... | tar zx RUN ./bin/jboss-cli.sh --file=bin/adapter-elytron-install-offline.cli WORKDIR /opt/jboss # Standalone.xml modifications COPY standalone.xml /opt/jboss/wildfly/standalone/configuration/ RUN mkdir -p /opt/jboss/images ## Attempt fix permissions error ## # Attepmt to fix for Error: Could not rename /opt/jboss/wildfly/standalone/configuration/standalone_xml_history/current # See https://stackoverflow.com/questions/20965737/docker-jboss7-war-commit-ser... RUN rm -rf /opt/jboss/wildfly/standalone/configuration/standalone_xml_history/current *I'm modifying standalone.xml in order to change this :* <subsystem xmlns="urn:jboss:domain:keycloak:1.1"> <secure-deployment name="akatsuki-javaee-webapp.war"> <realm>akatsukiRealm</realm> <auth-server-url>http://127.0.0.1:8180/auth</auth-server-url> <public-client>true</public-client> <ssl-required>EXTERNAL</ssl-required> <resource>akatsukiClient</resource> </secure-deployment> </subsystem> *Dockerfile (keycloak) :* FROM jboss/keycloak COPY standalone.xml /opt/jboss/keycloak/standalone/configuration/ *I'm modifying standalone.xml in order to change this line :* "<socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:100}">" *web.xml (in my wildfly app) :* <web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" version="3.0"> <module-name>akatsuki-javaee-webapp</module-name> <security-constraint> <web-resource-collection> <web-resource-name>Index</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>user</role-name> </auth-constraint> </security-constraint> <security-role> <role-name>user</role-name> </security-role> </web-app> *And when I'm trying to connect, I got this error :* wildfly | 18:26:46,931 ERROR [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-1) failed to turn code into token: java.net.ConnectException: Connection refused (Connection refused) wildfly | at java.net.PlainSocketImpl.socketConnect(Native Method) wildfly | at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350) wildfly | at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206) wildfly | at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188) wildfly | at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392) wildfly | at java.net.Socket.connect(Socket.java:589) wildfly | at org.apache.http.conn.scheme.PlainSocketFactory.connectSocket(PlainSocketFactory.java:120) wildfly | at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:179) wildfly | at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:144) wildfly | at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:134) wildfly | at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:612) wildfly | at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:447) wildfly | at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:884) wildfly | at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82) wildfly | at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107) wildfly | at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55) wildfly | at org.keycloak.adapters.ServerRequest.invokeAccessCodeToToken(ServerRequest.java:111) wildfly | at org.keycloak.adapters.OAuthRequestAuthenticator.resolveCode(OAuthRequestAuthenticator.java:335) wildfly | at org.keycloak.adapters.OAuthRequestAuthenticator.authenticate(OAuthRequestAuthenticator.java:280) wildfly | at org.keycloak.adapters.RequestAuthenticator.authenticate(RequestAuthenticator.java:139) wildfly | at org.keycloak.adapters.undertow.AbstractUndertowKeycloakAuthMech.keycloakAuthenticate(AbstractUndertowKeycloakAuthMech.java:110) wildfly | at org.keycloak.adapters.undertow.ServletKeycloakAuthMech.authenticate(ServletKeycloakAuthMech.java:92) wildfly | at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:245) wildfly | at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:268) wildfly | at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.access$100(SecurityContextImpl.java:231) wildfly | at io.undertow.security.impl.SecurityContextImpl.attemptAuthentication(SecurityContextImpl.java:125) wildfly | at io.undertow.security.impl.SecurityContextImpl.authTransition(SecurityContextImpl.java:99) wildfly | at io.undertow.security.impl.SecurityContextImpl.authenticate(SecurityContextImpl.java:92) wildfly | at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:55) wildfly | at io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:33) wildfly | at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) wildfly | at io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:53) wildfly | at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46) wildfly | at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64) wildfly | at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59) wildfly | at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60) wildfly | at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77) wildfly | at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50) wildfly | at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43) wildfly | at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) wildfly | at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61) wildfly | at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) wildfly | at org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68) wildfly | at org.keycloak.adapters.undertow.ServletPreAuthActionsHandler.handleRequest(ServletPreAuthActionsHandler.java:69) wildfly | at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) wildfly | at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292) wildfly | at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81) wildfly | at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138) wildfly | at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135) wildfly | at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48) wildfly | at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43) wildfly | at org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105) wildfly | at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502) wildfly | at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502) wildfly | at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502) wildfly | at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502) wildfly | at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502) wildfly | at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272) wildfly | at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81) wildfly | at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104) wildfly | at io.undertow.server.Connectors.executeRootHandler(Connectors.java:360) wildfly | at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:830) wildfly | at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35) wildfly | at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985) wildfly | at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487) wildfly | at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1378) wildfly | at java.lang.Thread.run(Thread.java:748) wildfly | I can join more details if needed. If someone help me, I would be very grateful. I'm waiting for your response. Thx a lot -- *Kevin HOARAU - Engineering student* Computer Science & Industrial Electronic ISEN