Hi guys,

Struggling with an odd problem here - will try my best to explain. Scenario is as follows (KC 1.1.Beta2 / Wildfly 8.2.0.Final)...

KeyCloak running on 'host1', app is running on 'host2' (with multi-tenancy)
Created a user with credentials.
Checked that user login/logout/timeout works fine - it does.
Leave the user logged out.
From the KeyCloak user interface on host1 I update the user to 'Email verified' = 'Off' and required user action to 'Verify email'
On next login attempt app landing page redirects to KeyCloak login page - as expected.
After I enter username/password I get the 'EMAIL VERIFICATION' page and receive an email with a verification link - as expected.
Following the email link verifies the KC user account (now 'Email verified' = 'On' and required user actions are empty) - as expected.
KeyCloak redirects back to the correct app landing page on 'host2' - as expected.
User is now authenticated but no principal or roles have been propagated to the app (principal is 'anonymous').
An exception (see below) is logged by the KeyCloak adapter on 'host2'

Can't find any similar issues in JIRA/mailing lists - any thoughts ? Or where I should be looking for more detail to clarify this ?

best rgds

Steve F.

THIS EXCEPTION IS LOGGED ON THE APP HOST

2015-01-26 11:00:00,006 ERROR [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-21) failed to turn code into token: java.net.SocketException: Connection reset
    at java.net.SocketInputStream.read(SocketInputStream.java:196) [rt.jar:1.7.0_51]
    at java.net.SocketInputStream.read(SocketInputStream.java:122) [rt.jar:1.7.0_51]
    at sun.security.ssl.InputRecord.readFully(InputRecord.java:442) [jsse.jar:1.7.0_51]
    at sun.security.ssl.InputRecord.read(InputRecord.java:480) [jsse.jar:1.7.0_51]
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:927) [jsse.jar:1.7.0_51]
    at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:884) [jsse.jar:1.7.0_51]
    at sun.security.ssl.AppInputStream.read(AppInputStream.java:102) [jsse.jar:1.7.0_51]
    at org.apache.http.impl.io.AbstractSessionInputBuffer.fillBuffer(AbstractSessionInputBuffer.java:166)
    at org.apache.http.impl.io.SocketInputBuffer.fillBuffer(SocketInputBuffer.java:90)
    at org.apache.http.impl.io.AbstractSessionInputBuffer.readLine(AbstractSessionInputBuffer.java:281)
    at org.apache.http.impl.conn.DefaultHttpResponseParser.parseHead(DefaultHttpResponseParser.java:92)
    at org.apache.http.impl.conn.DefaultHttpResponseParser.parseHead(DefaultHttpResponseParser.java:62)
    at org.apache.http.impl.io.AbstractMessageParser.parse(AbstractMessageParser.java:254)
    at org.apache.http.impl.AbstractHttpClientConnection.receiveResponseHeader(AbstractHttpClientConnection.java:289)
    at org.apache.http.impl.conn.DefaultClientConnection.receiveResponseHeader(DefaultClientConnection.java:252)
    at org.apache.http.impl.conn.AbstractClientConnAdapter.receiveResponseHeader(AbstractClientConnAdapter.java:219)
    at org.apache.http.protocol.HttpRequestExecutor.doReceiveResponse(HttpRequestExecutor.java:300)
    at org.apache.http.protocol.HttpRequestExecutor.execute(HttpRequestExecutor.java:127)
    at org.apache.http.impl.client.DefaultRequestDirector.tryExecute(DefaultRequestDirector.java:712)
    at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:517)
    at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906)
    at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:805)
    at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:784)
    at org.keycloak.adapters.ServerRequest.invokeAccessCodeToToken(ServerRequest.java:122) [keycloak-adapter-core-1.1.0.Beta2.jar:1.1.0.Beta2]
    at org.keycloak.adapters.ServerRequest.invokeAccessCodeToToken(ServerRequest.java:95) [keycloak-adapter-core-1.1.0.Beta2.jar:1.1.0.Beta2]
    at org.keycloak.adapters.OAuthRequestAuthenticator.resolveCode(OAuthRequestAuthenticator.java:261) [keycloak-adapter-core-1.1.0.Beta2.jar:1.1.0.Beta2]
    at org.keycloak.adapters.OAuthRequestAuthenticator.authenticate(OAuthRequestAuthenticator.java:208) [keycloak-adapter-core-1.1.0.Beta2.jar:1.1.0.Beta2]
    at org.keycloak.adapters.RequestAuthenticator.authenticate(RequestAuthenticator.java:90) [keycloak-adapter-core-1.1.0.Beta2.jar:1.1.0.Beta2]
    at org.keycloak.adapters.undertow.AbstractUndertowKeycloakAuthMech.keycloakAuthenticate(AbstractUndertowKeycloakAuthMech.java:93) [keycloak-undertow-adapter-1.1.0.Beta2.jar:1.1.0.Beta2]
    at org.keycloak.adapters.undertow.ServletKeycloakAuthMech.authenticate(ServletKeycloakAuthMech.java:60) [keycloak-undertow-adapter-1.1.0.Beta2.jar:1.1.0.Beta2]
    at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:281) [undertow-core-1.1.0.Final.jar:1.1.0.Final]
    at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:298) [undertow-core-1.1.0.Final.jar:1.1.0.Final]
    at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.access$100(SecurityContextImpl.java:268) [undertow-core-1.1.0.Final.jar:1.1.0.Final]
    at io.undertow.security.impl.SecurityContextImpl.attemptAuthentication(SecurityContextImpl.java:131) [undertow-core-1.1.0.Final.jar:1.1.0.Final]
    at io.undertow.security.impl.SecurityContextImpl.authTransition(SecurityContextImpl.java:106) [undertow-core-1.1.0.Final.jar:1.1.0.Final]
    at io.undertow.security.impl.SecurityContextImpl.authenticate(SecurityContextImpl.java:99) [undertow-core-1.1.0.Final.jar:1.1.0.Final]
    at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:54) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
    at io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:33) [undertow-core-1.1.0.Final.jar:1.1.0.Final]
    at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.1.0.Final.jar:1.1.0.Final]
    at io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:51) [undertow-core-1.1.0.Final.jar:1.1.0.Final]
    at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:45) [undertow-core-1.1.0.Final.jar:1.1.0.Final]
    at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:63) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
    at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:56) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
    at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58) [undertow-core-1.1.0.Final.jar:1.1.0.Final]
    at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:70) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
    at io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76) [undertow-core-1.1.0.Final.jar:1.1.0.Final]
    at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.1.0.Final.jar:1.1.0.Final]
    at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
    at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.1.0.Final.jar:1.1.0.Final]
    at org.keycloak.adapters.undertow.ServletPreAuthActionsHandler.handleRequest(ServletPreAuthActionsHandler.java:69) [keycloak-undertow-adapter-1.1.0.Beta2.jar:1.1.0.Beta2]
    at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.1.0.Final.jar:1.1.0.Final]
    at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:261) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
    at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:247) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
    at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:76) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
    at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:166) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
    at io.undertow.server.Connectors.executeRootHandler(Connectors.java:197) [undertow-core-1.1.0.Final.jar:1.1.0.Final]
    at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:759) [undertow-core-1.1.0.Final.jar:1.1.0.Final]
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_51]
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_51]
    at java.lang.Thread.run(Thread.java:744) [rt.jar:1.7.0_51]

--
===================================================

Stephen Flynn

Director, JF Technology (UK) Ltd

Cell (UK) :	+44 7768 003 882
Phone :	+44 20 7833 8346
IM :	xmpp:stephen.flynn@jftechnology.com
IM :	aim:stephen.flynn@jftechnology.com
Website :	http://www.jftechnology.com
Tech support :	support@jftechnology.com

===================================================