Hi, I have a Spring Boot 1.5.2 Web App packaged as a .war hosted on an Apache Tomcat 7.0.68. I want to use the Keycloak Tomcat Adapter but I encounter HTTP 401 returns on every endpoints included in the configuration...I am using the 3.4.3.Final version. I have read the doc @ http://www.keycloak.org/docs/2.5/securing_apps/topics/oidc/java/tomcat-ad.... Done : * Downloaded https://downloads.jboss.org/keycloak/3.4.3.Final/adapters/keycloak-oidc/k... and extracted under <tomcat_folder>/lib/ * Created a META-INF/context.xml file with :<?xml version="1.0" encoding="UTF-8"?><Context path="/my-app"> <Valve className="org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve"/></Context> * Created a WEB-INF/keycloak.json file with :{    "realm" : "my_realm",    "resource" : "my_client",    "principal-attribute": "preferred_username",    "truststore" : "/my_path/keycloak-truststore.jks",    "ssl-required" : "external",     "truststore-password" : "my_password",    "credentials" : {        "secret" : "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"    },    "auth-server-url" : "http://<keycloak_server>.fr:8443/auth"} * Created a WEB-INF/web.xml file with : <?xml version="1.0" encoding="UTF-8"?><web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:web="http://xmlns.jcp.org/xml/ns/javaee" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" version="2.5"> <display-name>my-app</display-name>    <module-name>my-app</module-name> <login-config>        <auth-method>BASIC</auth-method>        <realm-name>my_realm</realm-name>    </login-config> <security-constraint>        <web-resource-collection>            <url-pattern>/customer/*</url-pattern>        </web-resource-collection>        <auth-constraint>            <role-name>uma_authorization</role-name>        </auth-constraint>    </security-constraint> <security-role> <role-name>uma_authorization</role-name> </security-role></web-app> (simple test with uma_authorization, role that every user has) After that : HTTP 200 on every endpoints except /customer/* where I get HTTP 401. In debug, I have detected that the variable "account" is always null on the line 61 from the CatalinaSessionTokenStore class (from Tomcat Keycloak Adapter dependency) :     Session catalinaSession = request.getSessionInternal(false);    if (catalinaSession == null) return;    SerializableKeycloakAccount account = (SerializableKeycloakAccount) catalinaSession.getSession().getAttribute(SerializableKeycloakAccount.class.getName());    if (account == null) {        return;    }    (... next lines are to control the content of the Keycloak context) Nothing in the Tomcat log even with TRACE level activated. Have I forgot something to configure ? Is it a bug ? Thanks