7:48 a.m.
Hi guys,
Struggling with an odd problem here - will try my best to explain. Scenario is
as follows (KC 1.1.Beta2 / Wildfly 8.2.0.Final)...
* KeyCloak running on 'host1', app is running on 'host2' (with
multi-tenancy)
* Created a user with credentials.
* Checked that user login/logout/timeout works fine - it does.
* Leave the user logged out.
* From the KeyCloak user interface on host1 I update the user to 'Email
verified' = 'Off' and required user action to 'Verify email'
* On next login attempt app landing page redirects to KeyCloak login page *-
as expected*.
* After I enter username/password I get the 'EMAIL VERIFICATION' page and
receive an email with a verification link***- as expected*.
* Following the email link verifies the KC user account (now 'Email verified'
= 'On' and required user actions are empty)*- as expected*.
* KeyCloak redirects back to the correct app landing page on 'host2' *- as
expected*.
* User is now authenticated but no principal or roles have been propagated to
the app (principal is 'anonymous').
* An exception (see below) is logged by the KeyCloak adapter on 'host2'
Can't find any similar issues in JIRA/mailing lists - any thoughts ? Or where I
should be looking for more detail to clarify this ?
best rgds
Steve F.
THIS EXCEPTION IS LOGGED ON THE APP HOST
2015-01-26 11:00:00,006 ERROR [org.keycloak.adapters.OAuthRequestAuthenticator]
(default task-21) failed to turn code into token: java.net.SocketException:
Connection reset
at java.net.SocketInputStream.read(SocketInputStream.java:196)
[rt.jar:1.7.0_51]
at java.net.SocketInputStream.read(SocketInputStream.java:122)
[rt.jar:1.7.0_51]
at sun.security.ssl.InputRecord.readFully(InputRecord.java:442)
[jsse.jar:1.7.0_51]
at sun.security.ssl.InputRecord.read(InputRecord.java:480) [jsse.jar:1.7.0_51]
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:927)
[jsse.jar:1.7.0_51]
at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:884)
[jsse.jar:1.7.0_51]
at sun.security.ssl.AppInputStream.read(AppInputStream.java:102)
[jsse.jar:1.7.0_51]
at
org.apache.http.impl.io.AbstractSessionInputBuffer.fillBuffer(AbstractSessionInputBuffer.java:166)
at
org.apache.http.impl.io.SocketInputBuffer.fillBuffer(SocketInputBuffer.java:90)
at
org.apache.http.impl.io.AbstractSessionInputBuffer.readLine(AbstractSessionInputBuffer.java:281)
at
org.apache.http.impl.conn.DefaultHttpResponseParser.parseHead(DefaultHttpResponseParser.java:92)
at
org.apache.http.impl.conn.DefaultHttpResponseParser.parseHead(DefaultHttpResponseParser.java:62)
at
org.apache.http.impl.io.AbstractMessageParser.parse(AbstractMessageParser.java:254)
at
org.apache.http.impl.AbstractHttpClientConnection.receiveResponseHeader(AbstractHttpClientConnection.java:289)
at
org.apache.http.impl.conn.DefaultClientConnection.receiveResponseHeader(DefaultClientConnection.java:252)
at
org.apache.http.impl.conn.AbstractClientConnAdapter.receiveResponseHeader(AbstractClientConnAdapter.java:219)
at
org.apache.http.protocol.HttpRequestExecutor.doReceiveResponse(HttpRequestExecutor.java:300)
at
org.apache.http.protocol.HttpRequestExecutor.execute(HttpRequestExecutor.java:127)
at
org.apache.http.impl.client.DefaultRequestDirector.tryExecute(DefaultRequestDirector.java:712)
at
org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:517)
at
org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906)
at
org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:805)
at
org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:784)
at
org.keycloak.adapters.ServerRequest.invokeAccessCodeToToken(ServerRequest.java:122)
[keycloak-adapter-core-1.1.0.Beta2.jar:1.1.0.Beta2]
at
org.keycloak.adapters.ServerRequest.invokeAccessCodeToToken(ServerRequest.java:95)
[keycloak-adapter-core-1.1.0.Beta2.jar:1.1.0.Beta2]
at
org.keycloak.adapters.OAuthRequestAuthenticator.resolveCode(OAuthRequestAuthenticator.java:261)
[keycloak-adapter-core-1.1.0.Beta2.jar:1.1.0.Beta2]
at
org.keycloak.adapters.OAuthRequestAuthenticator.authenticate(OAuthRequestAuthenticator.java:208)
[keycloak-adapter-core-1.1.0.Beta2.jar:1.1.0.Beta2]
at
org.keycloak.adapters.RequestAuthenticator.authenticate(RequestAuthenticator.java:90)
[keycloak-adapter-core-1.1.0.Beta2.jar:1.1.0.Beta2]
at
org.keycloak.adapters.undertow.AbstractUndertowKeycloakAuthMech.keycloakAuthenticate(AbstractUndertowKeycloakAuthMech.java:93)
[keycloak-undertow-adapter-1.1.0.Beta2.jar:1.1.0.Beta2]
at
org.keycloak.adapters.undertow.ServletKeycloakAuthMech.authenticate(ServletKeycloakAuthMech.java:60)
[keycloak-undertow-adapter-1.1.0.Beta2.jar:1.1.0.Beta2]
at
io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:281)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
at
io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:298)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
at
io.undertow.security.impl.SecurityContextImpl$AuthAttempter.access$100(SecurityContextImpl.java:268)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
at
io.undertow.security.impl.SecurityContextImpl.attemptAuthentication(SecurityContextImpl.java:131)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
at
io.undertow.security.impl.SecurityContextImpl.authTransition(SecurityContextImpl.java:106)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
at
io.undertow.security.impl.SecurityContextImpl.authenticate(SecurityContextImpl.java:99)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
at
io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:54)
[undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
at
io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:33)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
at
io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:51)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
at
io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:45)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
at
io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:63)
[undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
at
io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:56)
[undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
at
io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
at
io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:70)
[undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
at
io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
at
org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
at
org.keycloak.adapters.undertow.ServletPreAuthActionsHandler.handleRequest(ServletPreAuthActionsHandler.java:69)
[keycloak-undertow-adapter-1.1.0.Beta2.jar:1.1.0.Beta2]
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
at
io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:261)
[undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
at
io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:247)
[undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
at
io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:76)
[undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
at
io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:166)
[undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
at io.undertow.server.Connectors.executeRootHandler(Connectors.java:197)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:759)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
[rt.jar:1.7.0_51]
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
[rt.jar:1.7.0_51]
at java.lang.Thread.run(Thread.java:744) [rt.jar:1.7.0_51]
--
===================================================
*Stephen Flynn*
*Director, JF Technology (UK) Ltd*
Cell (UK) : +44 7768 003 882
Phone : +44 20 7833 8346
IM : xmpp:stephen.flynn@jftechnology.com
IM : aim:stephen.flynn@jftechnology.com
Website : http://www.jftechnology.com
Tech support : support(a)jftechnology.com <mailto:support@jftechnology.com>
===================================================
7:21 a.m.
New subject: Email verification : failed to turn code into token: java.net.SocketException
Do you have the same issue without multi-tenancy?
Do you have the same issue with just a regular login, or is it just with email
verification?
----- Original Message -----
From: "Stephen Flynn"
<stephen.flynn(a)jftechnology.com>
To: keycloak-user(a)lists.jboss.org
Sent: Monday, 26 January, 2015 2:48:00 PM
Subject: [keycloak-user] Email verification : failed to turn code into token:
java.net.SocketException
Hi guys ,
Struggling with an odd problem here - will try my best to explain. Scenario
is as follows (KC 1.1.Beta2 / Wildfly 8.2.0.Final)...
* KeyCloak running on 'host1', app is running on 'host2' (with
multi-tenancy)
* Created a user with credentials.
* Checked that user login/logout/timeout works fine - it does.
* Leave the user logged out.
* From the KeyCloak user interface on host1 I update the user to 'Email
verified' = 'Off' and required user action to 'Verify email'
* On next login attempt app landing page redirects to KeyCloak login page
- as expected .
* After I enter username/password I get the 'EMAIL VERIFICATION' page and
receive an email with a verification link - as expected .
* Following the email link verifies the KC user account (now 'Email
verified' = 'On' and required user actions are empty) - as expected .
* KeyCloak redirects back to the correct app landing page on 'host2' - as
expected .
* User is now authenticated but no principal or roles have been
propagated to the app (principal is 'anonymous').
* An exception (see below) is logged by the KeyCloak adapter on 'host2'
Can't find any similar issues in JIRA/mailing lists - any thoughts ? Or where
I should be looking for more detail to clarify this ?
best rgds
Steve F.
THIS EXCEPTION IS LOGGED ON THE APP HOST
2015-01-26 11:00:00,006 ERROR
[org.keycloak.adapters.OAuthRequestAuthenticator] (default task-21) failed
to turn code into token: java.net.SocketException: Connection reset
at java.net.SocketInputStream.read(SocketInputStream.java:196)
[rt.jar:1.7.0_51]
at java.net.SocketInputStream.read(SocketInputStream.java:122)
[rt.jar:1.7.0_51]
at sun.security.ssl.InputRecord.readFully(InputRecord.java:442)
[jsse.jar:1.7.0_51]
at sun.security.ssl.InputRecord.read(InputRecord.java:480)
[jsse.jar:1.7.0_51]
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:927)
[jsse.jar:1.7.0_51]
at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:884)
[jsse.jar:1.7.0_51]
at sun.security.ssl.AppInputStream.read(AppInputStream.java:102)
[jsse.jar:1.7.0_51]
at
org.apache.http.impl.io.AbstractSessionInputBuffer.fillBuffer(AbstractSessionInputBuffer.java:166)
at
org.apache.http.impl.io.SocketInputBuffer.fillBuffer(SocketInputBuffer.java:90)
at
org.apache.http.impl.io.AbstractSessionInputBuffer.readLine(AbstractSessionInputBuffer.java:281)
at
org.apache.http.impl.conn.DefaultHttpResponseParser.parseHead(DefaultHttpResponseParser.java:92)
at
org.apache.http.impl.conn.DefaultHttpResponseParser.parseHead(DefaultHttpResponseParser.java:62)
at
org.apache.http.impl.io.AbstractMessageParser.parse(AbstractMessageParser.java:254)
at
org.apache.http.impl.AbstractHttpClientConnection.receiveResponseHeader(AbstractHttpClientConnection.java:289)
at
org.apache.http.impl.conn.DefaultClientConnection.receiveResponseHeader(DefaultClientConnection.java:252)
at
org.apache.http.impl.conn.AbstractClientConnAdapter.receiveResponseHeader(AbstractClientConnAdapter.java:219)
at
org.apache.http.protocol.HttpRequestExecutor.doReceiveResponse(HttpRequestExecutor.java:300)
at
org.apache.http.protocol.HttpRequestExecutor.execute(HttpRequestExecutor.java:127)
at
org.apache.http.impl.client.DefaultRequestDirector.tryExecute(DefaultRequestDirector.java:712)
at
org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:517)
at
org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906)
at
org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:805)
at
org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:784)
at
org.keycloak.adapters.ServerRequest.invokeAccessCodeToToken(ServerRequest.java:122)
[keycloak-adapter-core-1.1.0.Beta2.jar:1.1.0.Beta2]
at
org.keycloak.adapters.ServerRequest.invokeAccessCodeToToken(ServerRequest.java:95)
[keycloak-adapter-core-1.1.0.Beta2.jar:1.1.0.Beta2]
at
org.keycloak.adapters.OAuthRequestAuthenticator.resolveCode(OAuthRequestAuthenticator.java:261)
[keycloak-adapter-core-1.1.0.Beta2.jar:1.1.0.Beta2]
at
org.keycloak.adapters.OAuthRequestAuthenticator.authenticate(OAuthRequestAuthenticator.java:208)
[keycloak-adapter-core-1.1.0.Beta2.jar:1.1.0.Beta2]
at
org.keycloak.adapters.RequestAuthenticator.authenticate(RequestAuthenticator.java:90)
[keycloak-adapter-core-1.1.0.Beta2.jar:1.1.0.Beta2]
at
org.keycloak.adapters.undertow.AbstractUndertowKeycloakAuthMech.keycloakAuthenticate(AbstractUndertowKeycloakAuthMech.java:93)
[keycloak-undertow-adapter-1.1.0.Beta2.jar:1.1.0.Beta2]
at
org.keycloak.adapters.undertow.ServletKeycloakAuthMech.authenticate(ServletKeycloakAuthMech.java:60)
[keycloak-undertow-adapter-1.1.0.Beta2.jar:1.1.0.Beta2]
at
io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:281)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
at
io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:298)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
at
io.undertow.security.impl.SecurityContextImpl$AuthAttempter.access$100(SecurityContextImpl.java:268)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
at
io.undertow.security.impl.SecurityContextImpl.attemptAuthentication(SecurityContextImpl.java:131)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
at
io.undertow.security.impl.SecurityContextImpl.authTransition(SecurityContextImpl.java:106)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
at
io.undertow.security.impl.SecurityContextImpl.authenticate(SecurityContextImpl.java:99)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
at
io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:54)
[undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
at
io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:33)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
at
io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:51)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
at
io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:45)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
at
io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:63)
[undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
at
io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:56)
[undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
at
io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
at
io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:70)
[undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
at
io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
at
org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
at
org.keycloak.adapters.undertow.ServletPreAuthActionsHandler.handleRequest(ServletPreAuthActionsHandler.java:69)
[keycloak-undertow-adapter-1.1.0.Beta2.jar:1.1.0.Beta2]
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
at
io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:261)
[undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
at
io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:247)
[undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
at
io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:76)
[undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
at
io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:166)
[undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
at io.undertow.server.Connectors.executeRootHandler(Connectors.java:197)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:759)
[undertow-core-1.1.0.Final.jar:1.1.0.Final]
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
[rt.jar:1.7.0_51]
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
[rt.jar:1.7.0_51]
at java.lang.Thread.run(Thread.java:744) [rt.jar:1.7.0_51]
--
===================================================
Stephen Flynn
Director, JF Technology (UK) Ltd
Cell (UK) : +44 7768 003 882
Phone : +44 20 7833 8346
IM : xmpp:stephen.flynn@jftechnology.com
IM : aim:stephen.flynn@jftechnology.com
Website : http://www.jftechnology.com
Tech support : support(a)jftechnology.com
===================================================
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
11:53 a.m.
Do you have the same issue without multi-tenancy?
Will check
this against 1.1.0.Final as soon as I can. For what it is worth the
multi-tenancy seems to be working as expected in every other way (hits the right
realm, redirects back to the correct landing page, etc).
Do you have the same issue with just a regular login, or is it just with email
verification?
Just with email verification - everything else works perfectly (and
congrats on
1.1.0.Final BTW - sterling work)
----- Original Message -----
> From: "Stephen Flynn" <stephen.flynn(a)jftechnology.com>
> To: keycloak-user(a)lists.jboss.org
> Sent: Monday, 26 January, 2015 2:48:00 PM
> Subject: [keycloak-user] Email verification : failed to turn code into token:
java.net.SocketException
>
>
> Hi guys ,
>
> Struggling with an odd problem here - will try my best to explain. Scenario
> is as follows (KC 1.1.Beta2 / Wildfly 8.2.0.Final)...
>
>
> * KeyCloak running on 'host1', app is running on 'host2' (with
> multi-tenancy)
> * Created a user with credentials.
> * Checked that user login/logout/timeout works fine - it does.
> * Leave the user logged out.
> * From the KeyCloak user interface on host1 I update the user to 'Email
> verified' = 'Off' and required user action to 'Verify
email'
> * On next login attempt app landing page redirects to KeyCloak login page
> - as expected .
> * After I enter username/password I get the 'EMAIL VERIFICATION' page
and
> receive an email with a verification link - as expected .
> * Following the email link verifies the KC user account (now 'Email
> verified' = 'On' and required user actions are empty) - as expected
.
> * KeyCloak redirects back to the correct app landing page on 'host2' -
as
> expected .
> * User is now authenticated but no principal or roles have been
> propagated to the app (principal is 'anonymous').
> * An exception (see below) is logged by the KeyCloak adapter on 'host2'
>
>
> Can't find any similar issues in JIRA/mailing lists - any thoughts ? Or where
> I should be looking for more detail to clarify this ?
>
>
> best rgds
>
> Steve F.
>
>
> THIS EXCEPTION IS LOGGED ON THE APP HOST
> 2015-01-26 11:00:00,006 ERROR
> [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-21) failed
> to turn code into token: java.net.SocketException: Connection reset
> at java.net.SocketInputStream.read(SocketInputStream.java:196)
> [rt.jar:1.7.0_51]
> at java.net.SocketInputStream.read(SocketInputStream.java:122)
> [rt.jar:1.7.0_51]
> at sun.security.ssl.InputRecord.readFully(InputRecord.java:442)
> [jsse.jar:1.7.0_51]
> at sun.security.ssl.InputRecord.read(InputRecord.java:480)
> [jsse.jar:1.7.0_51]
> at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:927)
> [jsse.jar:1.7.0_51]
> at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:884)
> [jsse.jar:1.7.0_51]
> at sun.security.ssl.AppInputStream.read(AppInputStream.java:102)
> [jsse.jar:1.7.0_51]
> at
>
org.apache.http.impl.io.AbstractSessionInputBuffer.fillBuffer(AbstractSessionInputBuffer.java:166)
> at
> org.apache.http.impl.io.SocketInputBuffer.fillBuffer(SocketInputBuffer.java:90)
> at
>
org.apache.http.impl.io.AbstractSessionInputBuffer.readLine(AbstractSessionInputBuffer.java:281)
> at
>
org.apache.http.impl.conn.DefaultHttpResponseParser.parseHead(DefaultHttpResponseParser.java:92)
> at
>
org.apache.http.impl.conn.DefaultHttpResponseParser.parseHead(DefaultHttpResponseParser.java:62)
> at
> org.apache.http.impl.io.AbstractMessageParser.parse(AbstractMessageParser.java:254)
> at
>
org.apache.http.impl.AbstractHttpClientConnection.receiveResponseHeader(AbstractHttpClientConnection.java:289)
> at
>
org.apache.http.impl.conn.DefaultClientConnection.receiveResponseHeader(DefaultClientConnection.java:252)
> at
>
org.apache.http.impl.conn.AbstractClientConnAdapter.receiveResponseHeader(AbstractClientConnAdapter.java:219)
> at
>
org.apache.http.protocol.HttpRequestExecutor.doReceiveResponse(HttpRequestExecutor.java:300)
> at
> org.apache.http.protocol.HttpRequestExecutor.execute(HttpRequestExecutor.java:127)
> at
>
org.apache.http.impl.client.DefaultRequestDirector.tryExecute(DefaultRequestDirector.java:712)
> at
>
org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:517)
> at
> org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906)
> at
> org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:805)
> at
> org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:784)
> at
> org.keycloak.adapters.ServerRequest.invokeAccessCodeToToken(ServerRequest.java:122)
> [keycloak-adapter-core-1.1.0.Beta2.jar:1.1.0.Beta2]
> at
> org.keycloak.adapters.ServerRequest.invokeAccessCodeToToken(ServerRequest.java:95)
> [keycloak-adapter-core-1.1.0.Beta2.jar:1.1.0.Beta2]
> at
>
org.keycloak.adapters.OAuthRequestAuthenticator.resolveCode(OAuthRequestAuthenticator.java:261)
> [keycloak-adapter-core-1.1.0.Beta2.jar:1.1.0.Beta2]
> at
>
org.keycloak.adapters.OAuthRequestAuthenticator.authenticate(OAuthRequestAuthenticator.java:208)
> [keycloak-adapter-core-1.1.0.Beta2.jar:1.1.0.Beta2]
> at
>
org.keycloak.adapters.RequestAuthenticator.authenticate(RequestAuthenticator.java:90)
> [keycloak-adapter-core-1.1.0.Beta2.jar:1.1.0.Beta2]
> at
>
org.keycloak.adapters.undertow.AbstractUndertowKeycloakAuthMech.keycloakAuthenticate(AbstractUndertowKeycloakAuthMech.java:93)
> [keycloak-undertow-adapter-1.1.0.Beta2.jar:1.1.0.Beta2]
> at
>
org.keycloak.adapters.undertow.ServletKeycloakAuthMech.authenticate(ServletKeycloakAuthMech.java:60)
> [keycloak-undertow-adapter-1.1.0.Beta2.jar:1.1.0.Beta2]
> at
>
io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:281)
> [undertow-core-1.1.0.Final.jar:1.1.0.Final]
> at
>
io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:298)
> [undertow-core-1.1.0.Final.jar:1.1.0.Final]
> at
>
io.undertow.security.impl.SecurityContextImpl$AuthAttempter.access$100(SecurityContextImpl.java:268)
> [undertow-core-1.1.0.Final.jar:1.1.0.Final]
> at
>
io.undertow.security.impl.SecurityContextImpl.attemptAuthentication(SecurityContextImpl.java:131)
> [undertow-core-1.1.0.Final.jar:1.1.0.Final]
> at
>
io.undertow.security.impl.SecurityContextImpl.authTransition(SecurityContextImpl.java:106)
> [undertow-core-1.1.0.Final.jar:1.1.0.Final]
> at
>
io.undertow.security.impl.SecurityContextImpl.authenticate(SecurityContextImpl.java:99)
> [undertow-core-1.1.0.Final.jar:1.1.0.Final]
> at
>
io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:54)
> [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
> at
>
io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:33)
> [undertow-core-1.1.0.Final.jar:1.1.0.Final]
> at
> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> [undertow-core-1.1.0.Final.jar:1.1.0.Final]
> at
>
io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:51)
> [undertow-core-1.1.0.Final.jar:1.1.0.Final]
> at
>
io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:45)
> [undertow-core-1.1.0.Final.jar:1.1.0.Final]
> at
>
io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:63)
> [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
> at
>
io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:56)
> [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
> at
>
io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58)
> [undertow-core-1.1.0.Final.jar:1.1.0.Final]
> at
>
io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:70)
> [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
> at
>
io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76)
> [undertow-core-1.1.0.Final.jar:1.1.0.Final]
> at
> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> [undertow-core-1.1.0.Final.jar:1.1.0.Final]
> at
>
org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
> at
> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> [undertow-core-1.1.0.Final.jar:1.1.0.Final]
> at
>
org.keycloak.adapters.undertow.ServletPreAuthActionsHandler.handleRequest(ServletPreAuthActionsHandler.java:69)
> [keycloak-undertow-adapter-1.1.0.Beta2.jar:1.1.0.Beta2]
> at
> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> [undertow-core-1.1.0.Final.jar:1.1.0.Final]
> at
>
io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:261)
> [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
> at
>
io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:247)
> [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
> at
>
io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:76)
> [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
> at
>
io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:166)
> [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
> at io.undertow.server.Connectors.executeRootHandler(Connectors.java:197)
> [undertow-core-1.1.0.Final.jar:1.1.0.Final]
> at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:759)
> [undertow-core-1.1.0.Final.jar:1.1.0.Final]
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
> [rt.jar:1.7.0_51]
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
> [rt.jar:1.7.0_51]
> at java.lang.Thread.run(Thread.java:744) [rt.jar:1.7.0_51]
> --
> ===================================================
>
> Stephen Flynn
>
> Director, JF Technology (UK) Ltd
>
> Cell (UK) : +44 7768 003 882
> Phone : +44 20 7833 8346
> IM : xmpp:stephen.flynn@jftechnology.com
> IM : aim:stephen.flynn@jftechnology.com
> Website : http://www.jftechnology.com
> Tech support : support(a)jftechnology.com
> ===================================================
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
3630
days inactive
3634
days old
2 comments
2 participants
participants (2)
-
Stephen Flynn -
Stian Thorgersen