8:56 a.m.
Not sure what could be the reason...
Are you seeing the browser cookie if you login to some Keycloak builtin
applications (admin console, account management)?
I wonder about something around "http" or "https" . Will it work if
you
switch SSL required for your realm to "ALWAYS" ? Or the other way, will
it work if you switch everything to "http" instead of "https" ?
Marek
On 27/04/17 11:21, Tech wrote:
We try both with Firefox, Chrome and Internet explorer, in none of
these cases we have this cookie.
What could it be the reason?
On 27/04/17 10:02, Marek Posolda wrote:
> Yes, KEYCLOAK_IDENTITY cookie should be in the browser after
> successful authentication to your portal1 is fully finished. Are you
> seeing the cookie after this authentication?
>
> Then the portal2 is supposed to be automatically authenticated due to
> this cookie.
>
> Marek
>
> On 27/04/17 09:14, Tech wrote:
>>
>> Hello,
>>
>> opening the browser the KEYCLOAK_IDENTITY cookie does not appear,
>> but in my understanding this is created when you have an active
>> session to Keycloak like accessing to the admin interface.
>>
>> No proxies, cookies or load balancers in the backend server.
>>
>>
>>
>>
>> On 26/04/17 16:17, Marek Posolda wrote:
>>> Thanks, are you seeing KEYCLOAK_IDENTITY cookie for your browser
>>> for path "/auth/realms/yourrealm" ? Are you using
>>> proxy/loadbalancer, which may cause that cookies sent to the proxy
>>> are not visible on the backend server (Keycloak)?
>>>
>>> Marek
>>>
>>>
>>> On 26/04/17 09:09, Tech wrote:
>>>> Hello again,
>>>>
>>>> so:
>>>> 1) they are both using the same kc realm
>>>> 2) the cookie is not disabled
>>>> 3) in attach a screenshot, it's identical for the two application,
>>>> with the difference that one the two URL has the "2"
>>>>
>>>>
>>>>
>>>>
>>>> On 26/04/17 06:17, Marek Posolda wrote:
>>>>> On 25/04/17 22:36, Tech wrote:
>>>>>>
>>>>>> Hello Marek,
>>>>>>
>>>>>> 1) yes, they are both using the same Kc realm
>>>>>>
>>>>>> 2) how can I check this point?
>>>>>>
>>>>> In Keycloak admin console, there is tab "Authentication"
and then
>>>>> flow "browser" .
>>>>>
>>>>> Marek
>>>>>>
>>>>>> 3) I checked already, I don't think that anything like that
is
>>>>>> enabled, but I will send you a screen shot in the coming hours
>>>>>> (not in the office right now)
>>>>>>
>>>>>> Thanks for the support
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> On 25.04.17 22:14, Marek Posolda wrote:
>>>>>>> Normally SSO between client applications is supposed to work.
I
>>>>>>> would check:
>>>>>>>
>>>>>>> - Are both your clients (portal1 and portal2) using same
>>>>>>> Keycloak realm? SSO will work just with same realm
>>>>>>>
>>>>>>> - Is Cookie authenticator enabled for authentication browser
>>>>>>> flow of your realm? Didn't you accidentally disable it?
SSO
>>>>>>> requires that it is enabled
>>>>>>>
>>>>>>> - How does URL to Keycloak login screen looks like? I wonder
if
>>>>>>> your PHP adapter uses some parameters, which causes SSO
>>>>>>> disabled (eg. prompt=login or max_age=0)
>>>>>>>
>>>>>>> Marek
>>>>>>>
>>>>>>> On 25/04/17 14:18, Tech wrote:
>>>>>>>>
>>>>>>>> Anybody with any ideas?
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> On 25/04/17 12:53, Tech wrote:
>>>>>>>>>
>>>>>>>>> Hello Marek,
>>>>>>>>>
>>>>>>>>> maybe my email was confusing, we run initially two
tests were
>>>>>>>>> we login and logout in both portal to check that the
oidc is
>>>>>>>>> working on each of them.
>>>>>>>>>
>>>>>>>>> Once we know that OIDC is working, then we are
expecting to
>>>>>>>>> login to portal1 and opening portal2, to find us
already
>>>>>>>>> logged in, but this doesn't happen and we are
forced to login
>>>>>>>>> again
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On 25/04/17 12:41, Marek Posolda wrote:
>>>>>>>>>> If you don't do "Logout from
portal1" at the end of first
>>>>>>>>>> test, then SSO should work and you will be
automatically
>>>>>>>>>> logged into portal2 without a need to put your
credentials.
>>>>>>>>>>
>>>>>>>>>> The logout is "SSO logout", hence it
also kills the SSO
>>>>>>>>>> session on Keycloak side and requires user to
re-login.
>>>>>>>>>>
>>>>>>>>>> Marek
>>>>>>>>>>
>>>>>>>>>> On 25/04/17 12:31, Tech wrote:
>>>>>>>>>>> Dear experts,
>>>>>>>>>>>
>>>>>>>>>>> we are working with Moodle, a PHP based
platform, where we
>>>>>>>>>>> have been
>>>>>>>>>>> able to configure correctly Keycloak to
implement OIDC.
>>>>>>>>>>>
>>>>>>>>>>> To test Keycloak we cloned this application,
with different
>>>>>>>>>>> URLs and we
>>>>>>>>>>> did the first test:
>>>>>>>>>>>
>>>>>>>>>>> * Connect to portal1
>>>>>>>>>>> * User not recognized and redirected to
Keycloak through
>>>>>>>>>>> OIDC
>>>>>>>>>>> * Enter credentials stored into Keycloak
>>>>>>>>>>> * User accepted and redirected to portal1
>>>>>>>>>>> * Logout from portal1
>>>>>>>>>>>
>>>>>>>>>>> After this we tested the second application:
>>>>>>>>>>>
>>>>>>>>>>> * Connect to portal2
>>>>>>>>>>> * User not recognized and redirected to
Keycloak through
>>>>>>>>>>> OIDC
>>>>>>>>>>> * Enter credentials stored into Keycloak
>>>>>>>>>>> * User accepted and redirected to portal2
>>>>>>>>>>> * Logout from portal2
>>>>>>>>>>>
>>>>>>>>>>> In this case I know that OIDC is working for
the two
>>>>>>>>>>> applications and we
>>>>>>>>>>> can expect that also the SSO is working, but
after the
>>>>>>>>>>> login in portal1
>>>>>>>>>>> we have to login again portal2, and
vice-versa.
>>>>>>>>>>>
>>>>>>>>>>> We attach below here some logs, could you
please help?
>>>>>>>>>>>
>>>>>>>>>>> Thanks
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> *Login to portal1*
>>>>>>>>>>>
>>>>>>>>>>> 2017-04-25 09:54:40,503 DEBUG
[org.jboss.ejb.client.txn]
>>>>>>>>>>> (Periodic
>>>>>>>>>>> Recovery) Send recover request for
transaction origin node
>>>>>>>>>>> identifier 1
>>>>>>>>>>> to EJB receiver with node name 79051ccf69ac
>>>>>>>>>>> 2017-04-25 09:54:45,055 DEBUG
>>>>>>>>>>>
[org.keycloak.transaction.JtaTransactionWrapper] (default
>>>>>>>>>>> task-30) new
>>>>>>>>>>> JtaTransactionWrapper
>>>>>>>>>>> 2017-04-25 09:54:45,056 DEBUG
>>>>>>>>>>>
[org.keycloak.transaction.JtaTransactionWrapper] (default
>>>>>>>>>>> task-30) was
>>>>>>>>>>> existing? false
>>>>>>>>>>> 2017-04-25 09:54:45,056 DEBUG
>>>>>>>>>>> [org.jboss.resteasy.resteasy_jaxrs.i18n]
>>>>>>>>>>> (default task-30) RESTEASY002315: PathInfo:
>>>>>>>>>>> /realms/demo/protocol/openid-connect/auth
>>>>>>>>>>> 2017-04-25 09:54:45,059 DEBUG
>>>>>>>>>>>
[org.keycloak.authentication.AuthenticationProcessor]
>>>>>>>>>>> (default task-30)
>>>>>>>>>>> AUTHENTICATE
>>>>>>>>>>> 2017-04-25 09:54:45,059 DEBUG
>>>>>>>>>>>
[org.keycloak.authentication.AuthenticationProcessor]
>>>>>>>>>>> (default task-30)
>>>>>>>>>>> AUTHENTICATE ONLY
>>>>>>>>>>> 2017-04-25 09:54:45,059 DEBUG
>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>> (default
>>>>>>>>>>> task-30) processFlow
>>>>>>>>>>> 2017-04-25 09:54:45,059 DEBUG
>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>> (default
>>>>>>>>>>> task-30) check execution: auth-cookie
requirement: ALTERNATIVE
>>>>>>>>>>> 2017-04-25 09:54:45,059 DEBUG
>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>> (default
>>>>>>>>>>> task-30) authenticator: auth-cookie
>>>>>>>>>>> 2017-04-25 09:54:45,059 DEBUG
>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>> (default
>>>>>>>>>>> task-30) invoke authenticator.authenticate
>>>>>>>>>>> 2017-04-25 09:54:45,059 DEBUG
>>>>>>>>>>>
[org.keycloak.services.managers.AuthenticationManager]
>>>>>>>>>>> (default task-30)
>>>>>>>>>>> Could not find cookie: KEYCLOAK_IDENTITY
>>>>>>>>>>> 2017-04-25 09:54:45,059 DEBUG
>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>> (default
>>>>>>>>>>> task-30) authenticator ATTEMPTED:
auth-cookie
>>>>>>>>>>> 2017-04-25 09:54:45,059 DEBUG
>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>> (default
>>>>>>>>>>> task-30) check execution: auth-spnego
requirement: DISABLED
>>>>>>>>>>> 2017-04-25 09:54:45,059 DEBUG
>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>> (default
>>>>>>>>>>> task-30) execution is processed
>>>>>>>>>>> 2017-04-25 09:54:45,059 DEBUG
>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>> (default
>>>>>>>>>>> task-30) check execution:
identity-provider-redirector
>>>>>>>>>>> requirement:
>>>>>>>>>>> ALTERNATIVE
>>>>>>>>>>> 2017-04-25 09:54:45,059 DEBUG
>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>> (default
>>>>>>>>>>> task-30) authenticator:
identity-provider-redirector
>>>>>>>>>>> 2017-04-25 09:54:45,059 DEBUG
>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>> (default
>>>>>>>>>>> task-30) invoke authenticator.authenticate
>>>>>>>>>>> 2017-04-25 09:54:45,059 DEBUG
>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>> (default
>>>>>>>>>>> task-30) authenticator ATTEMPTED:
identity-provider-redirector
>>>>>>>>>>> 2017-04-25 09:54:45,059 DEBUG
>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>> (default
>>>>>>>>>>> task-30) check execution: null requirement:
ALTERNATIVE
>>>>>>>>>>> 2017-04-25 09:54:45,059 DEBUG
>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>> (default
>>>>>>>>>>> task-30) execution is flow
>>>>>>>>>>> 2017-04-25 09:54:45,059 DEBUG
>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>> (default
>>>>>>>>>>> task-30) processFlow
>>>>>>>>>>> 2017-04-25 09:54:45,059 DEBUG
>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>> (default
>>>>>>>>>>> task-30) check execution:
auth-username-password-form
>>>>>>>>>>> requirement: REQUIRED
>>>>>>>>>>> 2017-04-25 09:54:45,059 DEBUG
>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>> (default
>>>>>>>>>>> task-30) authenticator:
auth-username-password-form
>>>>>>>>>>> 2017-04-25 09:54:45,059 DEBUG
>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>> (default
>>>>>>>>>>> task-30) invoke authenticator.authenticate
>>>>>>>>>>> 2017-04-25 09:54:45,060 DEBUG
[freemarker.cache] (default
>>>>>>>>>>> task-30)
>>>>>>>>>>>
TemplateLoader.findTemplateSource("template_en_US.ftl"):
>>>>>>>>>>> Not found
>>>>>>>>>>> 2017-04-25 09:54:45,060 DEBUG
[freemarker.cache] (default
>>>>>>>>>>> task-30)
>>>>>>>>>>>
TemplateLoader.findTemplateSource("template_en.ftl"): Not
>>>>>>>>>>> found
>>>>>>>>>>> 2017-04-25 09:54:45,060 DEBUG
[freemarker.cache] (default
>>>>>>>>>>> task-30)
>>>>>>>>>>>
TemplateLoader.findTemplateSource("template.ftl"): Found
>>>>>>>>>>> 2017-04-25 09:54:45,061 DEBUG
[freemarker.cache] (default
>>>>>>>>>>> task-30)
>>>>>>>>>>> "template.ftl"("en_US",
UTF-8, parsed): using cached since
>>>>>>>>>>>
file:/opt/jboss/keycloak/themes/base/login/template.ftl
>>>>>>>>>>> hasn't changed.
>>>>>>>>>>> 2017-04-25 09:54:45,064 DEBUG
>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>> (default
>>>>>>>>>>> task-30) authenticator CHALLENGE:
auth-username-password-form
>>>>>>>>>>> 2017-04-25 09:54:45,064 DEBUG
>>>>>>>>>>>
[org.keycloak.transaction.JtaTransactionWrapper] (default
>>>>>>>>>>> task-30)
>>>>>>>>>>> JtaTransactionWrapper commit
>>>>>>>>>>> 2017-04-25 09:54:45,064 DEBUG
>>>>>>>>>>>
[org.keycloak.transaction.JtaTransactionWrapper] (default
>>>>>>>>>>> task-30)
>>>>>>>>>>> JtaTransactionWrapper end
>>>>>>>>>>> 2017-04-25 09:54:50,503 DEBUG
[org.jboss.ejb.client.txn]
>>>>>>>>>>> (Periodic
>>>>>>>>>>> Recovery) Send recover request for
transaction origin node
>>>>>>>>>>> identifier 1
>>>>>>>>>>> to EJB receiver with node name 79051ccf69ac
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> *After authentication to portal1**
>>>>>>>>>>> *
>>>>>>>>>>> 2017-04-25 09:54:56,041 DEBUG
>>>>>>>>>>>
[org.keycloak.transaction.JtaTransactionWrapper] (default
>>>>>>>>>>> task-31) new
>>>>>>>>>>> JtaTransactionWrapper
>>>>>>>>>>> 2017-04-25 09:54:56,041 DEBUG
>>>>>>>>>>>
[org.keycloak.transaction.JtaTransactionWrapper] (default
>>>>>>>>>>> task-31) was
>>>>>>>>>>> existing? false
>>>>>>>>>>> 2017-04-25 09:54:56,042 DEBUG
>>>>>>>>>>> [org.jboss.resteasy.resteasy_jaxrs.i18n]
>>>>>>>>>>> (default task-31) RESTEASY002315: PathInfo:
>>>>>>>>>>> /realms/Demo/login-actions/authenticate
>>>>>>>>>>> 2017-04-25 09:54:56,042 DEBUG
>>>>>>>>>>>
[org.keycloak.authentication.AuthenticationProcessor]
>>>>>>>>>>> (default task-31)
>>>>>>>>>>> authenticationAction
>>>>>>>>>>> 2017-04-25 09:54:56,042 DEBUG
>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>> (default
>>>>>>>>>>> task-31) processAction:
dfde24fe-5e06-4dc9-8dc2-f82eedd89846
>>>>>>>>>>> 2017-04-25 09:54:56,043 DEBUG
>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>> (default
>>>>>>>>>>> task-31) check: auth-cookie requirement:
ALTERNATIVE
>>>>>>>>>>> 2017-04-25 09:54:56,043 DEBUG
>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>> (default
>>>>>>>>>>> task-31) execution is processed
>>>>>>>>>>> 2017-04-25 09:54:56,043 DEBUG
>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>> (default
>>>>>>>>>>> task-31) check: auth-spnego requirement:
DISABLED
>>>>>>>>>>> 2017-04-25 09:54:56,043 DEBUG
>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>> (default
>>>>>>>>>>> task-31) execution is processed
>>>>>>>>>>> 2017-04-25 09:54:56,043 DEBUG
>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>> (default
>>>>>>>>>>> task-31) check: identity-provider-redirector
requirement:
>>>>>>>>>>> ALTERNATIVE
>>>>>>>>>>> 2017-04-25 09:54:56,043 DEBUG
>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>> (default
>>>>>>>>>>> task-31) execution is processed
>>>>>>>>>>> 2017-04-25 09:54:56,043 DEBUG
>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>> (default
>>>>>>>>>>> task-31) check: null requirement:
ALTERNATIVE
>>>>>>>>>>> 2017-04-25 09:54:56,043 DEBUG
>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>> (default
>>>>>>>>>>> task-31) processAction:
dfde24fe-5e06-4dc9-8dc2-f82eedd89846
>>>>>>>>>>> 2017-04-25 09:54:56,043 DEBUG
>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>> (default
>>>>>>>>>>> task-31) check: auth-username-password-form
requirement:
>>>>>>>>>>> REQUIRED
>>>>>>>>>>> 2017-04-25 09:54:56,043 DEBUG
>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>> (default
>>>>>>>>>>> task-31) action: auth-username-password-form
>>>>>>>>>>> 2017-04-25 09:54:56,141 DEBUG
>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>> (default
>>>>>>>>>>> task-31) authenticator SUCCESS:
auth-username-password-form
>>>>>>>>>>> 2017-04-25 09:54:56,141 DEBUG
>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>> (default
>>>>>>>>>>> task-31) processFlow
>>>>>>>>>>> 2017-04-25 09:54:56,141 DEBUG
>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>> (default
>>>>>>>>>>> task-31) check execution: auth-otp-form
requirement: OPTIONAL
>>>>>>>>>>> 2017-04-25 09:54:56,141 DEBUG
>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>> (default
>>>>>>>>>>> task-31) authenticator: auth-otp-form
>>>>>>>>>>> 2017-04-25 09:54:56,141 DEBUG
>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>> (default
>>>>>>>>>>> task-31) processFlow
>>>>>>>>>>> 2017-04-25 09:54:56,141 DEBUG
>>>>>>>>>>>
[org.hibernate.resource.transaction.backend.jta.internal.JtaTransactionCoordinatorImpl]
>>>>>>>>>>>
>>>>>>>>>>> (default task-31) Hibernate
RegisteredSynchronization
>>>>>>>>>>> successfully
>>>>>>>>>>> registered with JTA platform
>>>>>>>>>>> 2017-04-25 09:54:56,142 DEBUG
[org.hibernate.SQL] (default
>>>>>>>>>>> task-31)
>>>>>>>>>>> select
>>>>>>>>>>> roleentity0_.ID as col_0_0_
>>>>>>>>>>> from
>>>>>>>>>>> KEYCLOAK_ROLE roleentity0_
>>>>>>>>>>> where
>>>>>>>>>>> roleentity0_.CLIENT_ROLE=0
>>>>>>>>>>> and roleentity0_.NAME=?
>>>>>>>>>>> and roleentity0_.REALM=?
>>>>>>>>>>> 2017-04-25 09:54:56,142 DEBUG
>>>>>>>>>>>
[org.jboss.jca.core.connectionmanager.pool.strategy.OnePool]
>>>>>>>>>>> (default
>>>>>>>>>>> task-31) MySqlDS: getConnection(null,
>>>>>>>>>>>
WrappedConnectionRequestInfo@4570d800[userName=KeycloakUSR])
>>>>>>>>>>> [0/20]
>>>>>>>>>>> 2017-04-25 09:54:56,143 DEBUG
>>>>>>>>>>>
[org.hibernate.resource.jdbc.internal.LogicalConnectionManagedImpl]
>>>>>>>>>>>
>>>>>>>>>>> (default task-31) Initiating JDBC connection
release from
>>>>>>>>>>> afterStatement
>>>>>>>>>>> 2017-04-25 09:54:56,143 DEBUG
[org.hibernate.SQL] (default
>>>>>>>>>>> task-31)
>>>>>>>>>>> select
>>>>>>>>>>> roleentity0_.ID as col_0_0_
>>>>>>>>>>> from
>>>>>>>>>>> KEYCLOAK_ROLE roleentity0_
>>>>>>>>>>> where
>>>>>>>>>>> roleentity0_.CLIENT_ROLE=0
>>>>>>>>>>> and roleentity0_.NAME=?
>>>>>>>>>>> and roleentity0_.REALM=?
>>>>>>>>>>> 2017-04-25 09:54:56,144 DEBUG
>>>>>>>>>>>
[org.hibernate.resource.jdbc.internal.LogicalConnectionManagedImpl]
>>>>>>>>>>>
>>>>>>>>>>> (default task-31) Initiating JDBC connection
release from
>>>>>>>>>>> afterStatement
>>>>>>>>>>> 2017-04-25 09:54:56,144 DEBUG
[org.hibernate.SQL] (default
>>>>>>>>>>> task-31)
>>>>>>>>>>> select
>>>>>>>>>>> roleentity0_.ID as col_0_0_
>>>>>>>>>>> from
>>>>>>>>>>> KEYCLOAK_ROLE roleentity0_
>>>>>>>>>>> where
>>>>>>>>>>> roleentity0_.CLIENT_ROLE=0
>>>>>>>>>>> and roleentity0_.NAME=?
>>>>>>>>>>> and roleentity0_.REALM=?
>>>>>>>>>>> 2017-04-25 09:54:56,144 DEBUG
>>>>>>>>>>>
[org.hibernate.resource.jdbc.internal.LogicalConnectionManagedImpl]
>>>>>>>>>>>
>>>>>>>>>>> (default task-31) Initiating JDBC connection
release from
>>>>>>>>>>> afterStatement
>>>>>>>>>>> 2017-04-25 09:54:56,145 DEBUG
[org.keycloak.events]
>>>>>>>>>>> (default task-31)
>>>>>>>>>>> type=LOGIN, realmId=Demo, clientId=moodle,
>>>>>>>>>>> userId=ed5ba52a-531d-4e6e-b12e-9bc0957a8c1f,
>>>>>>>>>>> ipAddress=192.168.0.27,
>>>>>>>>>>> auth_method=openid-connect, auth_type=code,
>>>>>>>>>>>
redirect_uri=https://localhost/moodleiam/auth/oidc/,
>>>>>>>>>>> consent=no_consent_required,
>>>>>>>>>>> code_id=08539f13-cb1c-423e-86a3-365c29b055f1,
>>>>>>>>>>> username=testuser
>>>>>>>>>>> 2017-04-25 09:54:56,145 DEBUG
>>>>>>>>>>>
[org.keycloak.services.managers.AuthenticationManager]
>>>>>>>>>>> (default task-31)
>>>>>>>>>>> Removing old user session: session:
>>>>>>>>>>> 9a5218f8-aa9c-496c-aa00-780430f19c1b
>>>>>>>>>>> 2017-04-25 09:54:56,145 DEBUG
>>>>>>>>>>>
[org.keycloak.services.managers.AuthenticationManager]
>>>>>>>>>>> (default task-31)
>>>>>>>>>>> Create login cookie - name:
KEYCLOAK_IDENTITY, path:
>>>>>>>>>>> /auth/realms/Demo,
>>>>>>>>>>> max-age: -1
>>>>>>>>>>> 2017-04-25 09:54:56,145 DEBUG
>>>>>>>>>>>
[org.keycloak.services.managers.AuthenticationManager]
>>>>>>>>>>> (default task-31)
>>>>>>>>>>> Expiring remember me cookie
>>>>>>>>>>> 2017-04-25 09:54:56,145 DEBUG
>>>>>>>>>>>
[org.keycloak.services.managers.AuthenticationManager]
>>>>>>>>>>> (default task-31)
>>>>>>>>>>> Expiring cookie: KEYCLOAK_REMEMBER_ME path:
/auth/realms/Demo
>>>>>>>>>>> 2017-04-25 09:54:56,146 DEBUG
>>>>>>>>>>>
[org.keycloak.protocol.oidc.OIDCLoginProtocol] (default
>>>>>>>>>>> task-31)
>>>>>>>>>>> redirectAccessCode: state: bIJNAcPb8Rxz8Wb
>>>>>>>>>>> 2017-04-25 09:54:56,146 DEBUG
>>>>>>>>>>>
[org.keycloak.transaction.JtaTransactionWrapper] (default
>>>>>>>>>>> task-31)
>>>>>>>>>>> JtaTransactionWrapper commit
>>>>>>>>>>> 2017-04-25 09:54:56,149 DEBUG
>>>>>>>>>>>
[org.jboss.jca.core.connectionmanager.pool.strategy.OnePool]
>>>>>>>>>>> (default
>>>>>>>>>>> task-31) MySqlDS: returnConnection(4edba62b,
false) [0/20]
>>>>>>>>>>> 2017-04-25 09:54:56,149 DEBUG
>>>>>>>>>>>
[org.hibernate.resource.jdbc.internal.LogicalConnectionManagedImpl]
>>>>>>>>>>>
>>>>>>>>>>> (default task-31) Initiating JDBC connection
release from
>>>>>>>>>>> afterTransaction
>>>>>>>>>>> 2017-04-25 09:54:56,149 DEBUG
>>>>>>>>>>>
[org.keycloak.transaction.JtaTransactionWrapper] (default
>>>>>>>>>>> task-31)
>>>>>>>>>>> JtaTransactionWrapper end
>>>>>>>>>>> 2017-04-25 09:54:56,642 DEBUG
>>>>>>>>>>>
[org.keycloak.transaction.JtaTransactionWrapper] (default
>>>>>>>>>>> task-24) new
>>>>>>>>>>> JtaTransactionWrapper
>>>>>>>>>>> 2017-04-25 09:54:56,642 DEBUG
>>>>>>>>>>>
[org.keycloak.transaction.JtaTransactionWrapper] (default
>>>>>>>>>>> task-24) was
>>>>>>>>>>> existing? false
>>>>>>>>>>> 2017-04-25 09:54:56,642 DEBUG
>>>>>>>>>>> [org.jboss.resteasy.resteasy_jaxrs.i18n]
>>>>>>>>>>> (default task-24) RESTEASY002315: PathInfo:
>>>>>>>>>>> /realms/demo/protocol/openid-connect/token
>>>>>>>>>>> 2017-04-25 09:54:56,643 DEBUG
>>>>>>>>>>>
[org.keycloak.authentication.AuthenticationProcessor]
>>>>>>>>>>> (default task-24)
>>>>>>>>>>> AUTHENTICATE CLIENT
>>>>>>>>>>> 2017-04-25 09:54:56,643 DEBUG
>>>>>>>>>>>
[org.keycloak.authentication.ClientAuthenticationFlow]
>>>>>>>>>>> (default task-24)
>>>>>>>>>>> client authenticator: client-secret
>>>>>>>>>>> 2017-04-25 09:54:56,643 DEBUG
>>>>>>>>>>>
[org.keycloak.authentication.ClientAuthenticationFlow]
>>>>>>>>>>> (default task-24)
>>>>>>>>>>> client authenticator SUCCESS: client-secret
>>>>>>>>>>> 2017-04-25 09:54:56,643 DEBUG
>>>>>>>>>>>
[org.keycloak.authentication.ClientAuthenticationFlow]
>>>>>>>>>>> (default task-24)
>>>>>>>>>>> Client moodle authenticated by client-secret
>>>>>>>>>>> 2017-04-25 09:54:56,663 DEBUG
[org.keycloak.events]
>>>>>>>>>>> (default task-24)
>>>>>>>>>>> type=CODE_TO_TOKEN, realmId=Demo,
clientId=moodle,
>>>>>>>>>>> userId=ed5ba52a-531d-4e6e-b12e-9bc0957a8c1f,
>>>>>>>>>>> ipAddress=153.109.152.213,
>>>>>>>>>>>
token_id=75173922-dd56-44ca-9255-9a5368e557f4,
>>>>>>>>>>> grant_type=authorization_code,
refresh_token_type=Refresh,
>>>>>>>>>>>
refresh_token_id=d7daabe5-8e73-4b8e-b108-92188e1118df,
>>>>>>>>>>>
code_id=08539f13-cb1c-423e-86a3-365c29b055f1,
>>>>>>>>>>> client_auth_method=client-secret
>>>>>>>>>>> 2017-04-25 09:54:56,663 DEBUG
>>>>>>>>>>>
[org.keycloak.transaction.JtaTransactionWrapper] (default
>>>>>>>>>>> task-24)
>>>>>>>>>>> JtaTransactionWrapper commit
>>>>>>>>>>> 2017-04-25 09:54:56,663 DEBUG
>>>>>>>>>>>
[org.keycloak.transaction.JtaTransactionWrapper] (default
>>>>>>>>>>> task-24)
>>>>>>>>>>> JtaTransactionWrapper end
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> *Login to portal2**
>>>>>>>>>>> *
>>>>>>>>>>> 2017-04-25 09:56:17,566 DEBUG
>>>>>>>>>>>
[org.keycloak.transaction.JtaTransactionWrapper] (default
>>>>>>>>>>> task-6) new
>>>>>>>>>>> JtaTransactionWrapper
>>>>>>>>>>> 2017-04-25 09:56:17,566 DEBUG
>>>>>>>>>>>
[org.keycloak.transaction.JtaTransactionWrapper] (default
>>>>>>>>>>> task-6) was
>>>>>>>>>>> existing? false
>>>>>>>>>>> 2017-04-25 09:56:17,567 DEBUG
>>>>>>>>>>> [org.jboss.resteasy.resteasy_jaxrs.i18n]
>>>>>>>>>>> (default task-6) RESTEASY002315: PathInfo:
>>>>>>>>>>> /realms/demo/protocol/openid-connect/auth
>>>>>>>>>>> 2017-04-25 09:56:17,569 DEBUG
>>>>>>>>>>>
[org.keycloak.authentication.AuthenticationProcessor]
>>>>>>>>>>> (default task-6)
>>>>>>>>>>> AUTHENTICATE
>>>>>>>>>>> 2017-04-25 09:56:17,569 DEBUG
>>>>>>>>>>>
[org.keycloak.authentication.AuthenticationProcessor]
>>>>>>>>>>> (default task-6)
>>>>>>>>>>> AUTHENTICATE ONLY
>>>>>>>>>>> 2017-04-25 09:56:17,569 DEBUG
>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>> (default task-6)
>>>>>>>>>>> processFlow
>>>>>>>>>>> 2017-04-25 09:56:17,569 DEBUG
>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>> (default task-6)
>>>>>>>>>>> check execution: auth-cookie requirement:
ALTERNATIVE
>>>>>>>>>>> 2017-04-25 09:56:17,569 DEBUG
>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>> (default task-6)
>>>>>>>>>>> authenticator: auth-cookie
>>>>>>>>>>> 2017-04-25 09:56:17,569 DEBUG
>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>> (default task-6)
>>>>>>>>>>> invoke authenticator.authenticate
>>>>>>>>>>> 2017-04-25 09:56:17,569 DEBUG
>>>>>>>>>>>
[org.keycloak.services.managers.AuthenticationManager]
>>>>>>>>>>> (default task-6)
>>>>>>>>>>> Could not find cookie: KEYCLOAK_IDENTITY
>>>>>>>>>>> 2017-04-25 09:56:17,569 DEBUG
>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>> (default task-6)
>>>>>>>>>>> authenticator ATTEMPTED: auth-cookie
>>>>>>>>>>> 2017-04-25 09:56:17,569 DEBUG
>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>> (default task-6)
>>>>>>>>>>> check execution: auth-spnego requirement:
DISABLED
>>>>>>>>>>> 2017-04-25 09:56:17,569 DEBUG
>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>> (default task-6)
>>>>>>>>>>> execution is processed
>>>>>>>>>>> 2017-04-25 09:56:17,569 DEBUG
>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>> (default task-6)
>>>>>>>>>>> check execution: identity-provider-redirector
requirement:
>>>>>>>>>>> ALTERNATIVE
>>>>>>>>>>> 2017-04-25 09:56:17,569 DEBUG
>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>> (default task-6)
>>>>>>>>>>> authenticator: identity-provider-redirector
>>>>>>>>>>> 2017-04-25 09:56:17,569 DEBUG
>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>> (default task-6)
>>>>>>>>>>> invoke authenticator.authenticate
>>>>>>>>>>> 2017-04-25 09:56:17,569 DEBUG
>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>> (default task-6)
>>>>>>>>>>> authenticator ATTEMPTED:
identity-provider-redirector
>>>>>>>>>>> 2017-04-25 09:56:17,569 DEBUG
>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>> (default task-6)
>>>>>>>>>>> check execution: null requirement:
ALTERNATIVE
>>>>>>>>>>> 2017-04-25 09:56:17,569 DEBUG
>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>> (default task-6)
>>>>>>>>>>> execution is flow
>>>>>>>>>>> 2017-04-25 09:56:17,569 DEBUG
>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>> (default task-6)
>>>>>>>>>>> processFlow
>>>>>>>>>>> 2017-04-25 09:56:17,569 DEBUG
>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>> (default task-6)
>>>>>>>>>>> check execution: auth-username-password-form
requirement:
>>>>>>>>>>> REQUIRED
>>>>>>>>>>> 2017-04-25 09:56:17,569 DEBUG
>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>> (default task-6)
>>>>>>>>>>> authenticator: auth-username-password-form
>>>>>>>>>>> 2017-04-25 09:56:17,569 DEBUG
>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>> (default task-6)
>>>>>>>>>>> invoke authenticator.authenticate
>>>>>>>>>>> 2017-04-25 09:56:17,572 DEBUG
[freemarker.cache] (default
>>>>>>>>>>> task-6)
>>>>>>>>>>>
TemplateLoader.findTemplateSource("template_en_US.ftl"):
>>>>>>>>>>> Not found
>>>>>>>>>>> 2017-04-25 09:56:17,572 DEBUG
[freemarker.cache] (default
>>>>>>>>>>> task-6)
>>>>>>>>>>>
TemplateLoader.findTemplateSource("template_en.ftl"): Not
>>>>>>>>>>> found
>>>>>>>>>>> 2017-04-25 09:56:17,572 DEBUG
[freemarker.cache] (default
>>>>>>>>>>> task-6)
>>>>>>>>>>>
TemplateLoader.findTemplateSource("template.ftl"): Found
>>>>>>>>>>> 2017-04-25 09:56:17,572 DEBUG
[freemarker.cache] (default
>>>>>>>>>>> task-6)
>>>>>>>>>>> "template.ftl"("en_US",
UTF-8, parsed): using cached since
>>>>>>>>>>>
file:/opt/jboss/keycloak/themes/base/login/template.ftl
>>>>>>>>>>> hasn't changed.
>>>>>>>>>>> 2017-04-25 09:56:17,573 DEBUG
>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>> (default task-6)
>>>>>>>>>>> authenticator CHALLENGE:
auth-username-password-form
>>>>>>>>>>> 2017-04-25 09:56:17,573 DEBUG
>>>>>>>>>>>
[org.keycloak.transaction.JtaTransactionWrapper] (default
>>>>>>>>>>> task-6)
>>>>>>>>>>> JtaTransactionWrapper commit
>>>>>>>>>>> 2017-04-25 09:56:17,573 DEBUG
>>>>>>>>>>>
[org.keycloak.transaction.JtaTransactionWrapper] (default
>>>>>>>>>>> task-6)
>>>>>>>>>>> JtaTransactionWrapper end
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> *After authentication to portal2**
>>>>>>>>>>> *
>>>>>>>>>>> 2017-04-25 09:56:29,001 DEBUG
>>>>>>>>>>>
[org.keycloak.transaction.JtaTransactionWrapper] (default
>>>>>>>>>>> task-4) new
>>>>>>>>>>> JtaTransactionWrapper
>>>>>>>>>>> 2017-04-25 09:56:29,001 DEBUG
>>>>>>>>>>>
[org.keycloak.transaction.JtaTransactionWrapper] (default
>>>>>>>>>>> task-4) was
>>>>>>>>>>> existing? false
>>>>>>>>>>> 2017-04-25 09:56:29,001 DEBUG
>>>>>>>>>>> [org.jboss.resteasy.resteasy_jaxrs.i18n]
>>>>>>>>>>> (default task-4) RESTEASY002315: PathInfo:
>>>>>>>>>>> /realms/Demo/login-actions/authenticate
>>>>>>>>>>> 2017-04-25 09:56:29,002 DEBUG
>>>>>>>>>>>
[org.keycloak.authentication.AuthenticationProcessor]
>>>>>>>>>>> (default task-4)
>>>>>>>>>>> authenticationAction
>>>>>>>>>>> 2017-04-25 09:56:29,002 DEBUG
>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>> (default task-4)
>>>>>>>>>>> processAction:
dfde24fe-5e06-4dc9-8dc2-f82eedd89846
>>>>>>>>>>> 2017-04-25 09:56:29,002 DEBUG
>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>> (default task-4)
>>>>>>>>>>> check: auth-cookie requirement: ALTERNATIVE
>>>>>>>>>>> 2017-04-25 09:56:29,002 DEBUG
>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>> (default task-4)
>>>>>>>>>>> execution is processed
>>>>>>>>>>> 2017-04-25 09:56:29,002 DEBUG
>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>> (default task-4)
>>>>>>>>>>> check: auth-spnego requirement: DISABLED
>>>>>>>>>>> 2017-04-25 09:56:29,002 DEBUG
>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>> (default task-4)
>>>>>>>>>>> execution is processed
>>>>>>>>>>> 2017-04-25 09:56:29,004 DEBUG
>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>> (default task-4)
>>>>>>>>>>> check: identity-provider-redirector
requirement: ALTERNATIVE
>>>>>>>>>>> 2017-04-25 09:56:29,004 DEBUG
>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>> (default task-4)
>>>>>>>>>>> execution is processed
>>>>>>>>>>> 2017-04-25 09:56:29,004 DEBUG
>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>> (default task-4)
>>>>>>>>>>> check: null requirement: ALTERNATIVE
>>>>>>>>>>> 2017-04-25 09:56:29,004 DEBUG
>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>> (default task-4)
>>>>>>>>>>> processAction:
dfde24fe-5e06-4dc9-8dc2-f82eedd89846
>>>>>>>>>>> 2017-04-25 09:56:29,004 DEBUG
>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>> (default task-4)
>>>>>>>>>>> check: auth-username-password-form
requirement: REQUIRED
>>>>>>>>>>> 2017-04-25 09:56:29,004 DEBUG
>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>> (default task-4)
>>>>>>>>>>> action: auth-username-password-form
>>>>>>>>>>> 2017-04-25 09:56:29,099 DEBUG
>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>> (default task-4)
>>>>>>>>>>> authenticator SUCCESS:
auth-username-password-form
>>>>>>>>>>> 2017-04-25 09:56:29,100 DEBUG
>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>> (default task-4)
>>>>>>>>>>> processFlow
>>>>>>>>>>> 2017-04-25 09:56:29,100 DEBUG
>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>> (default task-4)
>>>>>>>>>>> check execution: auth-otp-form requirement:
OPTIONAL
>>>>>>>>>>> 2017-04-25 09:56:29,100 DEBUG
>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>> (default task-4)
>>>>>>>>>>> authenticator: auth-otp-form
>>>>>>>>>>> 2017-04-25 09:56:29,100 DEBUG
>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>> (default task-4)
>>>>>>>>>>> processFlow
>>>>>>>>>>> 2017-04-25 09:56:29,100 DEBUG
>>>>>>>>>>>
[org.hibernate.resource.transaction.backend.jta.internal.JtaTransactionCoordinatorImpl]
>>>>>>>>>>>
>>>>>>>>>>> (default task-4) Hibernate
RegisteredSynchronization
>>>>>>>>>>> successfully
>>>>>>>>>>> registered with JTA platform
>>>>>>>>>>> 2017-04-25 09:56:29,100 DEBUG
[org.hibernate.SQL] (default
>>>>>>>>>>> task-4)
>>>>>>>>>>> select
>>>>>>>>>>> roleentity0_.ID as col_0_0_
>>>>>>>>>>> from
>>>>>>>>>>> KEYCLOAK_ROLE roleentity0_
>>>>>>>>>>> where
>>>>>>>>>>> roleentity0_.CLIENT_ROLE=0
>>>>>>>>>>> and roleentity0_.NAME=?
>>>>>>>>>>> and roleentity0_.REALM=?
>>>>>>>>>>> 2017-04-25 09:56:29,101 DEBUG
>>>>>>>>>>>
[org.jboss.jca.core.connectionmanager.pool.strategy.OnePool]
>>>>>>>>>>> (default
>>>>>>>>>>> task-4) MySqlDS: getConnection(null,
>>>>>>>>>>>
WrappedConnectionRequestInfo@4570d800[userName=KeycloakUSR])
>>>>>>>>>>> [0/20]
>>>>>>>>>>> 2017-04-25 09:56:29,102 DEBUG
>>>>>>>>>>>
[org.hibernate.resource.jdbc.internal.LogicalConnectionManagedImpl]
>>>>>>>>>>>
>>>>>>>>>>> (default task-4) Initiating JDBC connection
release from
>>>>>>>>>>> afterStatement
>>>>>>>>>>> 2017-04-25 09:56:29,103 DEBUG
[org.hibernate.SQL] (default
>>>>>>>>>>> task-4)
>>>>>>>>>>> select
>>>>>>>>>>> roleentity0_.ID as col_0_0_
>>>>>>>>>>> from
>>>>>>>>>>> KEYCLOAK_ROLE roleentity0_
>>>>>>>>>>> where
>>>>>>>>>>> roleentity0_.CLIENT_ROLE=0
>>>>>>>>>>> and roleentity0_.NAME=?
>>>>>>>>>>> and roleentity0_.REALM=?
>>>>>>>>>>> 2017-04-25 09:56:29,103 DEBUG
>>>>>>>>>>>
[org.hibernate.resource.jdbc.internal.LogicalConnectionManagedImpl]
>>>>>>>>>>>
>>>>>>>>>>> (default task-4) Initiating JDBC connection
release from
>>>>>>>>>>> afterStatement
>>>>>>>>>>> 2017-04-25 09:56:29,103 DEBUG
[org.hibernate.SQL] (default
>>>>>>>>>>> task-4)
>>>>>>>>>>> select
>>>>>>>>>>> roleentity0_.ID as col_0_0_
>>>>>>>>>>> from
>>>>>>>>>>> KEYCLOAK_ROLE roleentity0_
>>>>>>>>>>> where
>>>>>>>>>>> roleentity0_.CLIENT_ROLE=0
>>>>>>>>>>> and roleentity0_.NAME=?
>>>>>>>>>>> and roleentity0_.REALM=?
>>>>>>>>>>> 2017-04-25 09:56:29,104 DEBUG
>>>>>>>>>>>
[org.hibernate.resource.jdbc.internal.LogicalConnectionManagedImpl]
>>>>>>>>>>>
>>>>>>>>>>> (default task-4) Initiating JDBC connection
release from
>>>>>>>>>>> afterStatement
>>>>>>>>>>> 2017-04-25 09:56:29,104 DEBUG
[org.keycloak.events]
>>>>>>>>>>> (default task-4)
>>>>>>>>>>> type=LOGIN, realmId=Demo, clientId=moodle2,
>>>>>>>>>>> userId=ed5ba52a-531d-4e6e-b12e-9bc0957a8c1f,
>>>>>>>>>>> ipAddress=192.168.0.27,
>>>>>>>>>>> auth_method=openid-connect, auth_type=code,
>>>>>>>>>>>
redirect_uri=https://localhost/moodle2iam/auth/oidc/,
>>>>>>>>>>> consent=no_consent_required,
>>>>>>>>>>> code_id=cffeac69-54fc-4d19-be81-36f0f19ce1ef,
>>>>>>>>>>> username=testuser
>>>>>>>>>>> 2017-04-25 09:56:29,104 DEBUG
>>>>>>>>>>>
[org.keycloak.services.managers.AuthenticationManager]
>>>>>>>>>>> (default task-4)
>>>>>>>>>>> Removing old user session: session:
>>>>>>>>>>> 431cecf6-5a6b-4bbc-9467-3f52eff8090f
>>>>>>>>>>> 2017-04-25 09:56:29,105 DEBUG
>>>>>>>>>>>
[org.keycloak.services.managers.AuthenticationManager]
>>>>>>>>>>> (default task-4)
>>>>>>>>>>> Create login cookie - name:
KEYCLOAK_IDENTITY, path:
>>>>>>>>>>> /auth/realms/Demo,
>>>>>>>>>>> max-age: -1
>>>>>>>>>>> 2017-04-25 09:56:29,105 DEBUG
>>>>>>>>>>>
[org.keycloak.services.managers.AuthenticationManager]
>>>>>>>>>>> (default task-4)
>>>>>>>>>>> Expiring remember me cookie
>>>>>>>>>>> 2017-04-25 09:56:29,105 DEBUG
>>>>>>>>>>>
[org.keycloak.services.managers.AuthenticationManager]
>>>>>>>>>>> (default task-4)
>>>>>>>>>>> Expiring cookie: KEYCLOAK_REMEMBER_ME path:
/auth/realms/Demo
>>>>>>>>>>> 2017-04-25 09:56:29,105 DEBUG
>>>>>>>>>>>
[org.keycloak.protocol.oidc.OIDCLoginProtocol] (default
>>>>>>>>>>> task-4)
>>>>>>>>>>> redirectAccessCode: state: WUCTMXokISFDbFN
>>>>>>>>>>> 2017-04-25 09:56:29,105 DEBUG
>>>>>>>>>>>
[org.keycloak.transaction.JtaTransactionWrapper] (default
>>>>>>>>>>> task-4)
>>>>>>>>>>> JtaTransactionWrapper commit
>>>>>>>>>>> 2017-04-25 09:56:29,106 DEBUG
>>>>>>>>>>>
[org.jboss.jca.core.connectionmanager.pool.strategy.OnePool]
>>>>>>>>>>> (default
>>>>>>>>>>> task-4) MySqlDS: returnConnection(4edba62b,
false) [0/20]
>>>>>>>>>>> 2017-04-25 09:56:29,106 DEBUG
>>>>>>>>>>>
[org.hibernate.resource.jdbc.internal.LogicalConnectionManagedImpl]
>>>>>>>>>>>
>>>>>>>>>>> (default task-4) Initiating JDBC connection
release from
>>>>>>>>>>> afterTransaction
>>>>>>>>>>> 2017-04-25 09:56:29,106 DEBUG
>>>>>>>>>>>
[org.keycloak.transaction.JtaTransactionWrapper] (default
>>>>>>>>>>> task-4)
>>>>>>>>>>> JtaTransactionWrapper end
>>>>>>>>>>> 2017-04-25 09:56:29,626 DEBUG
>>>>>>>>>>>
[org.keycloak.transaction.JtaTransactionWrapper] (default
>>>>>>>>>>> task-13) new
>>>>>>>>>>> JtaTransactionWrapper
>>>>>>>>>>> 2017-04-25 09:56:29,626 DEBUG
>>>>>>>>>>>
[org.keycloak.transaction.JtaTransactionWrapper] (default
>>>>>>>>>>> task-13) was
>>>>>>>>>>> existing? false
>>>>>>>>>>> 2017-04-25 09:56:29,627 DEBUG
>>>>>>>>>>> [org.jboss.resteasy.resteasy_jaxrs.i18n]
>>>>>>>>>>> (default task-13) RESTEASY002315: PathInfo:
>>>>>>>>>>> /realms/demo/protocol/openid-connect/token
>>>>>>>>>>> 2017-04-25 09:56:29,627 DEBUG
>>>>>>>>>>>
[org.keycloak.authentication.AuthenticationProcessor]
>>>>>>>>>>> (default task-13)
>>>>>>>>>>> AUTHENTICATE CLIENT
>>>>>>>>>>> 2017-04-25 09:56:29,627 DEBUG
>>>>>>>>>>>
[org.keycloak.authentication.ClientAuthenticationFlow]
>>>>>>>>>>> (default task-13)
>>>>>>>>>>> client authenticator: client-secret
>>>>>>>>>>> 2017-04-25 09:56:29,627 DEBUG
>>>>>>>>>>>
[org.keycloak.authentication.ClientAuthenticationFlow]
>>>>>>>>>>> (default task-13)
>>>>>>>>>>> client authenticator SUCCESS: client-secret
>>>>>>>>>>> 2017-04-25 09:56:29,627 DEBUG
>>>>>>>>>>>
[org.keycloak.authentication.ClientAuthenticationFlow]
>>>>>>>>>>> (default task-13)
>>>>>>>>>>> Client moodle2 authenticated by
client-secret
>>>>>>>>>>> 2017-04-25 09:56:29,656 DEBUG
[org.keycloak.events]
>>>>>>>>>>> (default task-13)
>>>>>>>>>>> type=CODE_TO_TOKEN, realmId=Demo,
clientId=moodle2,
>>>>>>>>>>> userId=ed5ba52a-531d-4e6e-b12e-9bc0957a8c1f,
>>>>>>>>>>> ipAddress=153.109.152.213,
>>>>>>>>>>>
token_id=ff9b3385-1362-4559-ad53-05317755b280,
>>>>>>>>>>> grant_type=authorization_code,
refresh_token_type=Refresh,
>>>>>>>>>>>
refresh_token_id=356011d7-e9fa-4c90-9368-a7627a445bc7,
>>>>>>>>>>>
code_id=cffeac69-54fc-4d19-be81-36f0f19ce1ef,
>>>>>>>>>>> client_auth_method=client-secret
>>>>>>>>>>> 2017-04-25 09:56:29,656 DEBUG
>>>>>>>>>>>
[org.keycloak.transaction.JtaTransactionWrapper] (default
>>>>>>>>>>> task-13)
>>>>>>>>>>> JtaTransactionWrapper commit
>>>>>>>>>>> 2017-04-25 09:56:29,656 DEBUG
>>>>>>>>>>>
[org.keycloak.transaction.JtaTransactionWrapper] (default
>>>>>>>>>>> task-13)
>>>>>>>>>>> JtaTransactionWrapper end
>>>>>>>>>>> 2017-04-25 09:56:29,660 DEBUG
[io.undertow.request.io]
>>>>>>>>>>> (default I/O-1)
>>>>>>>>>>> Error reading request: java.io.IOException:
Connection
>>>>>>>>>>> reset by peer
>>>>>>>>>>> at
sun.nio.ch.FileDispatcherImpl.read0(Native
>>>>>>>>>>> Method)
>>>>>>>>>>> at
>>>>>>>>>>>
sun.nio.ch.SocketDispatcher.read(SocketDispatcher.java:39)
>>>>>>>>>>> at
>>>>>>>>>>>
sun.nio.ch.IOUtil.readIntoNativeBuffer(IOUtil.java:223)
>>>>>>>>>>> at
sun.nio.ch.IOUtil.read(IOUtil.java:192)
>>>>>>>>>>> at
>>>>>>>>>>>
sun.nio.ch.SocketChannelImpl.read(SocketChannelImpl.java:380)
>>>>>>>>>>> at
>>>>>>>>>>>
org.xnio.nio.NioSocketConduit.read(NioSocketConduit.java:282)
>>>>>>>>>>> at
>>>>>>>>>>>
io.undertow.protocols.ssl.SslConduit.doUnwrap(SslConduit.java:658)
>>>>>>>>>>>
>>>>>>>>>>> at
>>>>>>>>>>>
io.undertow.protocols.ssl.SslConduit.read(SslConduit.java:530)
>>>>>>>>>>> at
>>>>>>>>>>>
org.xnio.conduits.ConduitStreamSourceChannel.read(ConduitStreamSourceChannel.java:127)
>>>>>>>>>>>
>>>>>>>>>>> at
>>>>>>>>>>>
io.undertow.server.protocol.http.HttpReadListener.handleEventWithNoRunningRequest(HttpReadListener.java:152)
>>>>>>>>>>>
>>>>>>>>>>> at
>>>>>>>>>>>
io.undertow.server.protocol.http.HttpReadListener.handleEvent(HttpReadListener.java:130)
>>>>>>>>>>>
>>>>>>>>>>> at
>>>>>>>>>>>
io.undertow.server.protocol.http.HttpReadListener.handleEvent(HttpReadListener.java:56)
>>>>>>>>>>>
>>>>>>>>>>> at
>>>>>>>>>>>
org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
>>>>>>>>>>>
>>>>>>>>>>> at
>>>>>>>>>>>
org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66)
>>>>>>>>>>>
>>>>>>>>>>> at
>>>>>>>>>>>
io.undertow.protocols.ssl.SslConduit$SslReadReadyHandler.readReady(SslConduit.java:1059)
>>>>>>>>>>>
>>>>>>>>>>> at
>>>>>>>>>>>
org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:88)
>>>>>>>>>>>
>>>>>>>>>>> at
>>>>>>>>>>>
org.xnio.nio.WorkerThread.run(WorkerThread.java:559)
>>>>>>>>>>>
>>>>>>>>>>>
_______________________________________________
>>>>>>>>>>> keycloak-user mailing list
>>>>>>>>>>> keycloak-user(a)lists.jboss.org
>>>>>>>>>>>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>