I am trying to hook up APIMan with KeyCloak using Kerberos and OAuth2. I am trying to get a token from key cloak using the following URL:
2016-05-23 14:22:25,676 DEBUG [org.keycloak.services] (default task-51) AUTHENTICATE CLIENT
2016-05-23 14:22:25,676 TRACE [org.keycloak.services] (default task-51) Using executions for client authentication: [de08b32a-a4a5-469c-91cc-0fbca51e1c2f, de3db156-dcc2-4346-bf3a-e56e8e10ed5f]
2016-05-23 14:22:25,676 DEBUG [org.keycloak.services] (default task-51) client authenticator: client-secret
2016-05-23 14:22:25,676 DEBUG [org.keycloak.services] (default task-51) client authenticator SUCCESS: client-secret
2016-05-23 14:22:25,676 DEBUG [org.keycloak.services] (default task-51) Client mapper authenticated by client-secret
2016-05-23 14:22:25,676 TRACE [org.keycloak.models.sessions.infinispan.InfinispanUserSessionProvider] (default task-51) Adding cache operation: ADD on 7ad60b45-4e69-45a4-a995-ee65d9ee47ae
2016-05-23 14:22:25,676 TRACE [org.keycloak.models.sessions.infinispan.InfinispanUserSessionProvider] (default task-51) Adding cache operation: REPLACE on 7ad60b45-4e69-45a4-a995-ee65d9ee47ae
2016-05-23 14:22:25,676 TRACE [org.keycloak.models.sessions.infinispan.InfinispanUserSessionProvider] (default task-51) Adding cache operation: REPLACE on 7ad60b45-4e69-45a4-a995-ee65d9ee47ae
2016-05-23 14:22:25,676 TRACE [org.keycloak.models.sessions.infinispan.InfinispanUserSessionProvider] (default task-51) Adding cache operation: REPLACE on 7ad60b45-4e69-45a4-a995-ee65d9ee47ae
2016-05-23 14:22:25,676 TRACE [org.keycloak.models.sessions.infinispan.InfinispanUserSessionProvider] (default task-51) Adding cache operation: REPLACE on 7ad60b45-4e69-45a4-a995-ee65d9ee47ae
2016-05-23 14:22:25,676 TRACE [org.keycloak.models.sessions.infinispan.InfinispanUserSessionProvider] (default task-51) Adding cache operation: REPLACE on 7ad60b45-4e69-45a4-a995-ee65d9ee47ae
2016-05-23 14:22:25,676 DEBUG [org.keycloak.services] (default task-51) AUTHENTICATE ONLY
2016-05-23 14:22:25,676 TRACE [org.keycloak.models.sessions.infinispan.InfinispanUserSessionProvider] (default task-51) Adding cache operation: REPLACE on 7ad60b45-4e69-45a4-a995-ee65d9ee47ae
2016-05-23 14:22:25,676 DEBUG [org.keycloak.services] (default task-51) processFlow
2016-05-23 14:22:25,676 DEBUG [org.keycloak.services] (default task-51) check execution: direct-grant-validate-username requirement: REQUIRED
2016-05-23 14:22:25,676 DEBUG [org.keycloak.services] (default task-51) authenticator: direct-grant-validate-username
2016-05-23 14:22:25,676 DEBUG [org.keycloak.services] (default task-51) invoke authenticator.authenticate
2016-05-23 14:22:25,676 TRACE [org.keycloak.models.sessions.infinispan.InfinispanUserSessionProvider] (default task-51) Adding cache operation: REPLACE on 7ad60b45-4e69-45a4-a995-ee65d9ee47ae
2016-05-23 14:22:25,677 TRACE [org.keycloak.federation.ldap.idm.store.ldap.LDAPIdentityStore] (default task-51) Using filter for LDAP search: (&(uid=admin)(objectclass=person)) . Searching in DN: cn=users,cn=accounts,dc=example,dc=test
2016-05-23 14:22:25,682 TRACE [org.keycloak.federation.ldap.idm.store.ldap.LDAPIdentityStore] (default task-51) Found ldap object and populated with the attributes. LDAP Object: LDAP Object [ dn: uid=admin,cn=users,cn=accounts,dc=example,dc=test , uuid: afc65b08-1e75-11e6-9645-02420a01010f, attributes: {uid=[admin], gecos=[Administrator], sn=[Administrator], cn=[Administrator], createTimestamp=[20160520102908Z], modifyTimestamp=[20160523142225Z]}, readOnly attribute names: [createtimestamp, modifytimestamp] ]
2016-05-23 14:22:25,682 TRACE [org.keycloak.models.sessions.infinispan.InfinispanUserSessionProvider] (default task-51) Adding cache operation: REPLACE on 7ad60b45-4e69-45a4-a995-ee65d9ee47ae
2016-05-23 14:22:25,682 DEBUG [org.keycloak.services] (default task-51) authenticator SUCCESS: direct-grant-validate-username
2016-05-23 14:22:25,682 TRACE [org.keycloak.models.sessions.infinispan.InfinispanUserSessionProvider] (default task-51) Adding cache operation: REPLACE on 7ad60b45-4e69-45a4-a995-ee65d9ee47ae
2016-05-23 14:22:25,682 DEBUG [org.keycloak.services] (default task-51) check execution: direct-grant-validate-password requirement: DISABLED
2016-05-23 14:22:25,682 DEBUG [org.keycloak.services] (default task-51) execution is processed
2016-05-23 14:22:25,682 DEBUG [org.keycloak.services] (default task-51) check execution: auth-spnego requirement: ALTERNATIVE
2016-05-23 14:22:25,682 DEBUG [org.keycloak.services] (default task-51) authenticator: auth-spnego
2016-05-23 14:22:25,682 DEBUG [org.keycloak.services] (default task-51) invoke authenticator.authenticate
2016-05-23 14:22:25,682 TRACE [org.keycloak.services] (default task-51) Sending back WWW-Authenticate: Negotiate
2016-05-23 14:22:25,682 TRACE [org.keycloak.models.sessions.infinispan.InfinispanUserSessionProvider] (default task-51) Adding cache operation: REPLACE on 7ad60b45-4e69-45a4-a995-ee65d9ee47ae
2016-05-23 14:22:25,683 ERROR [io.undertow.request] (default task-51) UT005023: Exception handling request to /auth/realms/freeipa/protocol/openid-connect/token: org.jboss.resteasy.spi.UnhandledException: java.lang.IllegalArgumentException: RESTEASY003715: path was null
at org.jboss.resteasy.core.ExceptionHandler.handleApplicationException(ExceptionHandler.java:76)
at org.jboss.resteasy.core.ExceptionHandler.handleException(ExceptionHandler.java:212)
at org.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:168)
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:411)
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:202)
at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:221)
at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
at org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:78)
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:284)
at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:263)
at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:174)
at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:793)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.IllegalArgumentException: RESTEASY003715: path was null
at org.jboss.resteasy.specimpl.ResteasyUriBuilder.path(ResteasyUriBuilder.java:357)
at org.keycloak.authentication.AuthenticationProcessor$Result.getActionUrl(AuthenticationProcessor.java:478)
at org.keycloak.authentication.authenticators.browser.SpnegoAuthenticator.optionalChallengeRedirect(SpnegoAuthenticator.java:137)
at org.keycloak.authentication.authenticators.browser.SpnegoAuthenticator.challengeNegotiation(SpnegoAuthenticator.java:121)
at org.keycloak.authentication.authenticators.browser.SpnegoAuthenticator.authenticate(SpnegoAuthenticator.java:65)
at org.keycloak.authentication.DefaultAuthenticationFlow.processFlow(DefaultAuthenticationFlow.java:183)
at org.keycloak.authentication.AuthenticationProcessor.authenticateOnly(AuthenticationProcessor.java:789)
at org.keycloak.protocol.oidc.endpoints.TokenEndpoint.buildResourceOwnerPasswordCredentialsGrant(TokenEndpoint.java:379)
at org.keycloak.protocol.oidc.endpoints.TokenEndpoint.build(TokenEndpoint.java:125)
at sun.reflect.GeneratedMethodAccessor587.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:497)
at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:139)
at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:295)
at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:249)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:138)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:107)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:133)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:101)
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:395)
Can anyone point me in the right direction please.