Hi,

Running KeyCloak alpha 4 on Wildfly 8.1.0.CR1.  I'm currently trying to get the bundled examples working but having a hell of a time doing so.

I have my domain setup, domain roles configured, application scope configured, keycloak.json in WEB-INF, web.xml set to KEYCLOAK.

When I go to access the "Customer Listings" of customer-portal.war it redirects me to keycloak login, after I successfully login with valid user with "user" role.  Once the keycloak server redirects back to the application I am greeted with a "Forbidden" page.

Here are my logs:

23:22:58,030 DEBUG [org.keycloak.adapters.PreAuthActionsHandler] (default task-7) adminRequest http://localhost:8080/customer-portal/customers/view.jsp
23:22:58,030 DEBUG [org.keycloak.adapters.PreAuthActionsHandler] (default task-7) checkCorsPreflight http://localhost:8080/customer-portal/customers/view.jsp
23:22:58,031 INFO  [org.keycloak.adapters.RequestAuthenticator] (default task-7) --> authenticate()
23:22:58,031 INFO  [org.keycloak.adapters.RequestAuthenticator] (default task-7) try bearer
23:22:58,032 INFO  [org.keycloak.adapters.RequestAuthenticator] (default task-7) try oauth
23:22:58,032 INFO  [org.keycloak.adapters.RequestAuthenticator] (default task-7) session was null, returning null
23:22:58,032 INFO  [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-7) there was no code
23:22:58,032 INFO  [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-7) redirecting to auth server
23:22:58,032 INFO  [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-7) sending redirect uri: http://localhost:8080/customer-portal/customers/view.jsp
23:22:58,125 DEBUG [org.keycloak.adapters.PreAuthActionsHandler] (default task-8) adminRequest http://localhost:8080/customer-portal/customers/view.jsp?code=eyJhbGciOiJSUzI1NiJ9.NWRkZjJjZmYtNTJhNi00YzRhLWI2N2QtNzcwYjU4ZjRkYTFmMTM5OTc4NTM2NzYyNg.VZ713boG0lvc9Qq5Su3QLYITgHknYGKBcc0NYyGEoIou__cEWwUEcGGnQB4_HAW8RNko1gwVNtgY08NJfxWCubCzPqhkJBsO5ywDJDqBj1sps19wnSmLNWac3wSHfm9O5c-_YxKi3XmhjHtQXl7AWnBhcn8zgI1-yBAFB4pPD7w0cv3DE36xUt2fRuBWud9iHzwTDl0iEhMkZP9r9VtqJee8WByaLlkCir7HOFLjzN-ZReEwacFR86ra_eD6TJdb1gb_L5-SL2IAl6mpMo-JnJP0fwx90VbXnx8yVdviO_-DeRdneUmrOWZPawU_DPt4FHdoaffAMdZQM-9b2dv79A&state=2%2F058bc8d1-d621-4f4e-9afa-6608f522c7bb
23:22:58,125 DEBUG [org.keycloak.adapters.PreAuthActionsHandler] (default task-8) checkCorsPreflight http://localhost:8080/customer-portal/customers/view.jsp?code=eyJhbGciOiJSUzI1NiJ9.NWRkZjJjZmYtNTJhNi00YzRhLWI2N2QtNzcwYjU4ZjRkYTFmMTM5OTc4NTM2NzYyNg.VZ713boG0lvc9Qq5Su3QLYITgHknYGKBcc0NYyGEoIou__cEWwUEcGGnQB4_HAW8RNko1gwVNtgY08NJfxWCubCzPqhkJBsO5ywDJDqBj1sps19wnSmLNWac3wSHfm9O5c-_YxKi3XmhjHtQXl7AWnBhcn8zgI1-yBAFB4pPD7w0cv3DE36xUt2fRuBWud9iHzwTDl0iEhMkZP9r9VtqJee8WByaLlkCir7HOFLjzN-ZReEwacFR86ra_eD6TJdb1gb_L5-SL2IAl6mpMo-JnJP0fwx90VbXnx8yVdviO_-DeRdneUmrOWZPawU_DPt4FHdoaffAMdZQM-9b2dv79A&state=2%2F058bc8d1-d621-4f4e-9afa-6608f522c7bb
23:22:58,126 INFO  [org.keycloak.adapters.RequestAuthenticator] (default task-8) --> authenticate()
23:22:58,126 INFO  [org.keycloak.adapters.RequestAuthenticator] (default task-8) try bearer
23:22:58,126 INFO  [org.keycloak.adapters.RequestAuthenticator] (default task-8) try oauth
23:22:58,126 INFO  [org.keycloak.adapters.RequestAuthenticator] (default task-8) session was null, returning null
23:22:58,126 INFO  [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-8) there was a code, resolving
23:22:58,126 INFO  [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-8) checking state cookie for after code
23:22:58,126 INFO  [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-8) ** reseting application state cookie
23:22:58,128 DEBUG [org.apache.http.impl.conn.tsccm.ThreadSafeClientConnManager] (default task-8) Get connection: {}->http://localhost:8083, timeout = 0
23:22:58,128 DEBUG [org.apache.http.impl.conn.tsccm.ConnPoolByRoute] (default task-8) [{}->http://localhost:8083] total kept alive: 1, total issued: 0, total allocated: 1 out of 20
23:22:58,128 DEBUG [org.apache.http.impl.conn.tsccm.ConnPoolByRoute] (default task-8) Getting free connection [{}->http://localhost:8083][null]
23:22:58,128 DEBUG [org.apache.http.impl.client.DefaultHttpClient] (default task-8) Stale connection check
23:22:58,130 DEBUG [org.apache.http.client.protocol.RequestAddCookies] (default task-8) CookieSpec selected: best-match
23:22:58,130 DEBUG [org.apache.http.client.protocol.RequestAuthCache] (default task-8) Auth cache not set in the context
23:22:58,130 DEBUG [org.apache.http.client.protocol.RequestProxyAuthentication] (default task-8) Proxy auth state: UNCHALLENGED
23:22:58,130 DEBUG [org.apache.http.impl.client.DefaultHttpClient] (default task-8) Attempt 1 to execute request
23:22:58,130 DEBUG [org.apache.http.impl.conn.DefaultClientConnection] (default task-8) Sending request: POST /auth/rest/realms/demo/tokens/access/codes HTTP/1.1
23:22:58,131 DEBUG [org.apache.http.wire] (default task-8) >> "POST /auth/rest/realms/demo/tokens/access/codes HTTP/1.1[\r][\n]"
23:22:58,131 DEBUG [org.apache.http.wire] (default task-8) >> "Authorization: Basic Y3VzdG9tZXItcG9ydGFsOjQxMmU1NzUzLWZiMTAtNGViMS05NjAzLTQzOWY5ZTdkZjZkOA==[\r][\n]"
23:22:58,131 DEBUG [org.apache.http.wire] (default task-8) >> "Content-Length: 549[\r][\n]"
23:22:58,131 DEBUG [org.apache.http.wire] (default task-8) >> "Content-Type: application/x-www-form-urlencoded; charset=UTF-8[\r][\n]"
23:22:58,131 DEBUG [org.apache.http.wire] (default task-8) >> "Host: localhost:8083[\r][\n]"
23:22:58,131 DEBUG [org.apache.http.wire] (default task-8) >> "Connection: Keep-Alive[\r][\n]"
23:22:58,131 DEBUG [org.apache.http.wire] (default task-8) >> "[\r][\n]"
23:22:58,131 DEBUG [org.apache.http.headers] (default task-8) >> POST /auth/rest/realms/demo/tokens/access/codes HTTP/1.1
23:22:58,131 DEBUG [org.apache.http.headers] (default task-8) >> Authorization: Basic Y3VzdG9tZXItcG9ydGFsOjQxMmU1NzUzLWZiMTAtNGViMS05NjAzLTQzOWY5ZTdkZjZkOA==
23:22:58,131 DEBUG [org.apache.http.headers] (default task-8) >> Content-Length: 549
23:22:58,131 DEBUG [org.apache.http.headers] (default task-8) >> Content-Type: application/x-www-form-urlencoded; charset=UTF-8
23:22:58,131 DEBUG [org.apache.http.headers] (default task-8) >> Host: localhost:8083
23:22:58,131 DEBUG [org.apache.http.headers] (default task-8) >> Connection: Keep-Alive
23:22:58,132 DEBUG [org.apache.http.wire] (default task-8) >> "grant_type=authorization_code&code=eyJhbGciOiJSUzI1NiJ9.NWRkZjJjZmYtNTJhNi00YzRhLWI2N2QtNzcwYjU4ZjRkYTFmMTM5OTc4NTM2NzYyNg.VZ713boG0lvc9Qq5Su3QLYITgHknYGKBcc0NYyGEoIou__cEWwUEcGGnQB4_HAW8RNko1gwVNtgY08NJfxWCubCzPqhkJBsO5ywDJDqBj1sps19wnSmLNWac3wSHfm9O5c-_YxKi3XmhjHtQXl7AWnBhcn8zgI1-yBAFB4pPD7w0cv3DE36xUt2fRuBWud9iHzwTDl0iEhMkZP9r9VtqJee8WByaLlkCir7HOFLjzN-ZReEwacFR86ra_eD6TJdb1gb_L5-SL2IAl6mpMo-JnJP0fwx90VbXnx8yVdviO_-DeRdneUmrOWZPawU_DPt4FHdoaffAMdZQM-9b2dv79A&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Fcustomer-portal%2Fcustomers%2Fview.jsp"
23:22:58,161 DEBUG [org.apache.http.wire] (default task-8) << "HTTP/1.1 200 OK[\r][\n]"
23:22:58,162 DEBUG [org.apache.http.wire] (default task-8) << "Connection: keep-alive[\r][\n]"
23:22:58,162 DEBUG [org.apache.http.wire] (default task-8) << "X-Powered-By: Undertow 1[\r][\n]"
23:22:58,162 DEBUG [org.apache.http.wire] (default task-8) << "Server: Wildfly 8[\r][\n]"
23:22:58,162 DEBUG [org.apache.http.wire] (default task-8) << "Transfer-Encoding: chunked[\r][\n]"
23:22:58,162 DEBUG [org.apache.http.wire] (default task-8) << "Content-Type: application/json[\r][\n]"
23:22:58,162 DEBUG [org.apache.http.wire] (default task-8) << "Date: Sun, 11 May 2014 05:16:07 GMT[\r][\n]"
23:22:58,162 DEBUG [org.apache.http.wire] (default task-8) << "[\r][\n]"
23:22:58,162 DEBUG [org.apache.http.impl.conn.DefaultClientConnection] (default task-8) Receiving response: HTTP/1.1 200 OK
23:22:58,162 DEBUG [org.apache.http.headers] (default task-8) << HTTP/1.1 200 OK
23:22:58,162 DEBUG [org.apache.http.headers] (default task-8) << Connection: keep-alive
23:22:58,162 DEBUG [org.apache.http.headers] (default task-8) << X-Powered-By: Undertow 1
23:22:58,162 DEBUG [org.apache.http.headers] (default task-8) << Server: Wildfly 8
23:22:58,162 DEBUG [org.apache.http.headers] (default task-8) << Transfer-Encoding: chunked
23:22:58,162 DEBUG [org.apache.http.headers] (default task-8) << Content-Type: application/json
23:22:58,163 DEBUG [org.apache.http.headers] (default task-8) << Date: Sun, 11 May 2014 05:16:07 GMT
23:22:58,163 DEBUG [org.apache.http.impl.client.DefaultHttpClient] (default task-8) Connection can be kept alive indefinitely
23:22:58,163 DEBUG [org.apache.http.wire] (default task-8) << "08bd[\r][\n]"
{"access_token":"eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiJlYTBjZTliNS1kMWY2LTQ4YjUtODc3Ny04ZDIwNGU2ZjU5YjMiLCJleHAiOjEzOTk3ODU2NjcsIm5iZiI6MCwiaWF0IjoxMzk5Nzg1MzY3LCJpc3MiOiJiaWdnZXJiZWFyIiwiYXVkIjoiYmlnZ2VyYmVhciIsInN1YiI6IjQ5M2I5Yzk2LWFhNzMtNGRhZi1iZWYwLTM5Y2FiMDVkY2YxZCIsImF6cCI6ImN1c3RvbWVyLXBvcnRhbCIsInByZWZlcnJlZF91c2VybmFtZSI6InNteXNuayIsImFsbG93ZWQtb3JpZ2lucyI6W10sInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJ1c2VyIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnt9fQ.b959FHRFh5coZeJw5su_SS4fjZ5R9cB5m_Tg93Xtu_Cw38ghqkL1bQaY0CwN-3ZBUNw9uuTMxWsIwHMzqU2rGcCCnj1Bx85L6QPQQuexvYA02Kc_8A6qmVwpOCu5mXy6FtRAvIB2LA260v7IS7zIQqqEopMo6TI45tpDUJaJDnzxKrtfPiGpQE_Y3hvs8k_KYDN9jqH9lSXPi7ZY4-kYeMQbXm6viOIDZ3QQirjpsOHwOYJs2tp5ct1W7TYc_JFLRKOhWiptGnv0dcLivASNCgREiHzPD_8MC8TarqXJ2mZ7oBx7gBXXXyUVdFjR7j9OTMNqHZfEsjU97lh0zuoImQ","expires_in":300,"refresh_token":"eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiIzYjVhNDFiZi00Y2FlLTQwYTMtOTJlYS1hYWY3OGJlOWMxZmYiLCJleHAiOjEzOTk4MjEzNjcsIm5iZiI6MCwiaWF0IjoxMzk5Nzg1MzY3LCJpc3MiOiJiaWdnZXJiZWFyIiwic3ViIjoiNDkzYjljOTYtYWE3My00ZGFmLWJlZjAtMzljYWIwNWRjZjFkIiwidHlwIjoiUkVGUkVTSCIsImF6cCI6ImN1c3RvbWVyLXBvcnRhbCIsInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJ1c2VyIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnt9fQ.FPueXowyHa7vcREfxMEsWh7JKfTkDgtbEaS_0AYPJFEsv1rF8JvWAaiW6FDkU1a8fDKYbTrr7TbxmQS7PJQBZcDAoSkYM2LE5W0O_yk9jF41jwMkS-Go4VwwNm28stlwVDH_LRG1yRyozQdK8b5Q3FzaES7yLklDGi5PARFt8WBTW2Jb_phjUk0HRDqEakxnHj0x-zUkQASfqNFyE_yQo1g6xwiLSkxGnRDuzfUb6iiJ6ZzYyNYcyiiSGGUF9duzHuGOW8ahWUqQZr9YaL1RQR-uOB_EfrJ2L-5lLLMF8ZsDE7VRLfr66vWaER1hx3C_95wOzZg16rhz3UmZOEfsQg","token_type":"bearer","id_token":"eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiI5ODEzYmEyNy01MmUwLTRhZjMtOWY5Ny0yNDNjOTVmNmQxMWYiLCJleHAiOjEzOTk3ODU2NjcsIm5iZiI6MCwiaWF0IjoxMzk5Nzg1MzY3LCJpc3MiOiJiaWdnZXJiZWFyIiwiYXVkIjoiYmlnZ2VyYmVhciIsInN1YiI6IjQ5M2I5Yzk2LWFhNzMtNGRhZi1iZWYwLTM5Y2FiMDVkY2YxZCIsImF6cCI6ImN1c3RvbWVyLXBvcnRhbCIsInByZWZlcnJlZF91c2VybmFtZSI6InNteXNuayJ9.AghauR6v63SLqna4jBERvRL-Lzl0j0PaHqprr1qZSt7qQ6jLtXHQVfuUAoU1nAWBb3MWcNmA13_BIvT7nsqTZEadfgJJxvYrOI-omvEhy0OGfmYP2r1rtK6ijc2anxzf4G3J15p87Zekf498ccGaKzFIpyP70XwCWeA5zzZkrYgnbJrpOdENIkYIE__OOooX_bwZxIQZgEoucD12QQFprcuUDnRzSbg0yS-2kVTqJUdigqAP1ANGACLrXC-SNDyNhrgasspGanabBmdFvOeCgMMbIrm4BjSQa948dRwHkUC3zcjX5URi4hjQfmoe-QH0Phl9jKlCEtjr8gir0TvIPQ","not-before-policy":0}23:22:58,315 DEBUG [org.apache.http.wire] (default task-8) << "[\r][\n]"
23:22:58,315 DEBUG [org.apache.http.wire] (default task-8) << "0[\r][\n]"
23:22:58,315 DEBUG [org.apache.http.wire] (default task-8) << "[\r][\n]"
23:22:58,315 DEBUG [org.apache.http.impl.conn.tsccm.ThreadSafeClientConnManager] (default task-8) Released connection is reusable.
23:22:58,315 DEBUG [org.apache.http.impl.conn.tsccm.ConnPoolByRoute] (default task-8) Releasing connection [{}->http://localhost:8083][null]
23:22:58,315 DEBUG [org.apache.http.impl.conn.tsccm.ConnPoolByRoute] (default task-8) Pooling connection [{}->http://localhost:8083][null]; keep alive indefinitely
23:22:58,315 DEBUG [org.apache.http.impl.conn.tsccm.ConnPoolByRoute] (default task-8) Notifying no-one, there are no waiting threads
23:22:58,318 ERROR [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-8) failed verification of token
23:23:00,262 DEBUG [org.jboss.ejb.client.txn] (Periodic Recovery) Send recover request for transaction origin node identifier 1 to EJB receiver with node name joshuas-macbook-pro
23:23:05,995 DEBUG [org.keycloak.adapters.PreAuthActionsHandler] (default task-9) adminRequest http://localhost:8080/customer-portal/customers/view.jsp?code=eyJhbGciOiJSUzI1NiJ9.NWRkZjJjZmYtNTJhNi00YzRhLWI2N2QtNzcwYjU4ZjRkYTFmMTM5OTc4NTM2NzYyNg.VZ713boG0lvc9Qq5Su3QLYITgHknYGKBcc0NYyGEoIou__cEWwUEcGGnQB4_HAW8RNko1gwVNtgY08NJfxWCubCzPqhkJBsO5ywDJDqBj1sps19wnSmLNWac3wSHfm9O5c-_YxKi3XmhjHtQXl7AWnBhcn8zgI1-yBAFB4pPD7w0cv3DE36xUt2fRuBWud9iHzwTDl0iEhMkZP9r9VtqJee8WByaLlkCir7HOFLjzN-ZReEwacFR86ra_eD6TJdb1gb_L5-SL2IAl6mpMo-JnJP0fwx90VbXnx8yVdviO_-DeRdneUmrOWZPawU_DPt4FHdoaffAMdZQM-9b2dv79A&state=2%2F058bc8d1-d621-4f4e-9afa-6608f522c7bb
23:23:05,996 DEBUG [org.keycloak.adapters.PreAuthActionsHandler] (default task-9) checkCorsPreflight http://localhost:8080/customer-portal/customers/view.jsp?code=eyJhbGciOiJSUzI1NiJ9.NWRkZjJjZmYtNTJhNi00YzRhLWI2N2QtNzcwYjU4ZjRkYTFmMTM5OTc4NTM2NzYyNg.VZ713boG0lvc9Qq5Su3QLYITgHknYGKBcc0NYyGEoIou__cEWwUEcGGnQB4_HAW8RNko1gwVNtgY08NJfxWCubCzPqhkJBsO5ywDJDqBj1sps19wnSmLNWac3wSHfm9O5c-_YxKi3XmhjHtQXl7AWnBhcn8zgI1-yBAFB4pPD7w0cv3DE36xUt2fRuBWud9iHzwTDl0iEhMkZP9r9VtqJee8WByaLlkCir7HOFLjzN-ZReEwacFR86ra_eD6TJdb1gb_L5-SL2IAl6mpMo-JnJP0fwx90VbXnx8yVdviO_-DeRdneUmrOWZPawU_DPt4FHdoaffAMdZQM-9b2dv79A&state=2%2F058bc8d1-d621-4f4e-9afa-6608f522c7bb
23:23:05,996 INFO  [org.keycloak.adapters.RequestAuthenticator] (default task-9) --> authenticate()
23:23:05,996 INFO  [org.keycloak.adapters.RequestAuthenticator] (default task-9) try bearer
23:23:05,996 INFO  [org.keycloak.adapters.RequestAuthenticator] (default task-9) try oauth
23:23:05,997 INFO  [org.keycloak.adapters.RequestAuthenticator] (default task-9) session was null, returning null
23:23:05,997 INFO  [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-9) there was a code, resolving
23:23:05,997 INFO  [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-9) checking state cookie for after code
23:23:05,997 WARN  [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-9) No state cookie
[

Any help would be appreciated, thank you!

- Josh