Hello again,
I ran other tests using the out of the box applications given with the
Keycloak examples, the customer and product portals, and also in that
case the KEYCLOAK_IDENTITY cookie behave in the same way.
Using the other two applications, I can do both OIDC authentication on
both and everything is fine, but in this case the SSO between them is
working.
We cannot understand yet why the first application is not working, have
you any idea?
On 27/04/17 15:56, Marek Posolda wrote:
Not sure what could be the reason...
Are you seeing the browser cookie if you login to some Keycloak
builtin applications (admin console, account management)?
I wonder about something around "http" or "https" . Will it work if
you switch SSL required for your realm to "ALWAYS" ? Or the other way,
will it work if you switch everything to "http" instead of "https" ?
Marek
On 27/04/17 11:21, Tech wrote:
>
> We try both with Firefox, Chrome and Internet explorer, in none of
> these cases we have this cookie.
>
> What could it be the reason?
>
>
>
>
> On 27/04/17 10:02, Marek Posolda wrote:
>> Yes, KEYCLOAK_IDENTITY cookie should be in the browser after
>> successful authentication to your portal1 is fully finished. Are you
>> seeing the cookie after this authentication?
>>
>> Then the portal2 is supposed to be automatically authenticated due
>> to this cookie.
>>
>> Marek
>>
>> On 27/04/17 09:14, Tech wrote:
>>>
>>> Hello,
>>>
>>> opening the browser the KEYCLOAK_IDENTITY cookie does not appear,
>>> but in my understanding this is created when you have an active
>>> session to Keycloak like accessing to the admin interface.
>>>
>>> No proxies, cookies or load balancers in the backend server.
>>>
>>>
>>>
>>>
>>> On 26/04/17 16:17, Marek Posolda wrote:
>>>> Thanks, are you seeing KEYCLOAK_IDENTITY cookie for your browser
>>>> for path "/auth/realms/yourrealm" ? Are you using
>>>> proxy/loadbalancer, which may cause that cookies sent to the proxy
>>>> are not visible on the backend server (Keycloak)?
>>>>
>>>> Marek
>>>>
>>>>
>>>> On 26/04/17 09:09, Tech wrote:
>>>>> Hello again,
>>>>>
>>>>> so:
>>>>> 1) they are both using the same kc realm
>>>>> 2) the cookie is not disabled
>>>>> 3) in attach a screenshot, it's identical for the two
>>>>> application, with the difference that one the two URL has the
"2"
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On 26/04/17 06:17, Marek Posolda wrote:
>>>>>> On 25/04/17 22:36, Tech wrote:
>>>>>>>
>>>>>>> Hello Marek,
>>>>>>>
>>>>>>> 1) yes, they are both using the same Kc realm
>>>>>>>
>>>>>>> 2) how can I check this point?
>>>>>>>
>>>>>> In Keycloak admin console, there is tab
"Authentication" and
>>>>>> then flow "browser" .
>>>>>>
>>>>>> Marek
>>>>>>>
>>>>>>> 3) I checked already, I don't think that anything like
that is
>>>>>>> enabled, but I will send you a screen shot in the coming
hours
>>>>>>> (not in the office right now)
>>>>>>>
>>>>>>> Thanks for the support
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On 25.04.17 22:14, Marek Posolda wrote:
>>>>>>>> Normally SSO between client applications is supposed to
work.
>>>>>>>> I would check:
>>>>>>>>
>>>>>>>> - Are both your clients (portal1 and portal2) using same
>>>>>>>> Keycloak realm? SSO will work just with same realm
>>>>>>>>
>>>>>>>> - Is Cookie authenticator enabled for authentication
browser
>>>>>>>> flow of your realm? Didn't you accidentally disable
it? SSO
>>>>>>>> requires that it is enabled
>>>>>>>>
>>>>>>>> - How does URL to Keycloak login screen looks like? I
wonder
>>>>>>>> if your PHP adapter uses some parameters, which causes
SSO
>>>>>>>> disabled (eg. prompt=login or max_age=0)
>>>>>>>>
>>>>>>>> Marek
>>>>>>>>
>>>>>>>> On 25/04/17 14:18, Tech wrote:
>>>>>>>>>
>>>>>>>>> Anybody with any ideas?
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On 25/04/17 12:53, Tech wrote:
>>>>>>>>>>
>>>>>>>>>> Hello Marek,
>>>>>>>>>>
>>>>>>>>>> maybe my email was confusing, we run initially
two tests
>>>>>>>>>> were we login and logout in both portal to check
that the
>>>>>>>>>> oidc is working on each of them.
>>>>>>>>>>
>>>>>>>>>> Once we know that OIDC is working, then we are
expecting to
>>>>>>>>>> login to portal1 and opening portal2, to find us
already
>>>>>>>>>> logged in, but this doesn't happen and we are
forced to
>>>>>>>>>> login again
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On 25/04/17 12:41, Marek Posolda wrote:
>>>>>>>>>>> If you don't do "Logout from
portal1" at the end of first
>>>>>>>>>>> test, then SSO should work and you will be
automatically
>>>>>>>>>>> logged into portal2 without a need to put
your credentials.
>>>>>>>>>>>
>>>>>>>>>>> The logout is "SSO logout", hence
it also kills the SSO
>>>>>>>>>>> session on Keycloak side and requires user to
re-login.
>>>>>>>>>>>
>>>>>>>>>>> Marek
>>>>>>>>>>>
>>>>>>>>>>> On 25/04/17 12:31, Tech wrote:
>>>>>>>>>>>> Dear experts,
>>>>>>>>>>>>
>>>>>>>>>>>> we are working with Moodle, a PHP based
platform, where we
>>>>>>>>>>>> have been
>>>>>>>>>>>> able to configure correctly Keycloak to
implement OIDC.
>>>>>>>>>>>>
>>>>>>>>>>>> To test Keycloak we cloned this
application, with
>>>>>>>>>>>> different URLs and we
>>>>>>>>>>>> did the first test:
>>>>>>>>>>>>
>>>>>>>>>>>> * Connect to portal1
>>>>>>>>>>>> * User not recognized and redirected
to Keycloak
>>>>>>>>>>>> through OIDC
>>>>>>>>>>>> * Enter credentials stored into
Keycloak
>>>>>>>>>>>> * User accepted and redirected to
portal1
>>>>>>>>>>>> * Logout from portal1
>>>>>>>>>>>>
>>>>>>>>>>>> After this we tested the second
application:
>>>>>>>>>>>>
>>>>>>>>>>>> * Connect to portal2
>>>>>>>>>>>> * User not recognized and redirected
to Keycloak
>>>>>>>>>>>> through OIDC
>>>>>>>>>>>> * Enter credentials stored into
Keycloak
>>>>>>>>>>>> * User accepted and redirected to
portal2
>>>>>>>>>>>> * Logout from portal2
>>>>>>>>>>>>
>>>>>>>>>>>> In this case I know that OIDC is working
for the two
>>>>>>>>>>>> applications and we
>>>>>>>>>>>> can expect that also the SSO is working,
but after the
>>>>>>>>>>>> login in portal1
>>>>>>>>>>>> we have to login again portal2, and
vice-versa.
>>>>>>>>>>>>
>>>>>>>>>>>> We attach below here some logs, could you
please help?
>>>>>>>>>>>>
>>>>>>>>>>>> Thanks
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> *Login to portal1*
>>>>>>>>>>>>
>>>>>>>>>>>> 2017-04-25 09:54:40,503 DEBUG
[org.jboss.ejb.client.txn]
>>>>>>>>>>>> (Periodic
>>>>>>>>>>>> Recovery) Send recover request for
transaction origin node
>>>>>>>>>>>> identifier 1
>>>>>>>>>>>> to EJB receiver with node name
79051ccf69ac
>>>>>>>>>>>> 2017-04-25 09:54:45,055 DEBUG
>>>>>>>>>>>>
[org.keycloak.transaction.JtaTransactionWrapper] (default
>>>>>>>>>>>> task-30) new
>>>>>>>>>>>> JtaTransactionWrapper
>>>>>>>>>>>> 2017-04-25 09:54:45,056 DEBUG
>>>>>>>>>>>>
[org.keycloak.transaction.JtaTransactionWrapper] (default
>>>>>>>>>>>> task-30) was
>>>>>>>>>>>> existing? false
>>>>>>>>>>>> 2017-04-25 09:54:45,056 DEBUG
>>>>>>>>>>>> [org.jboss.resteasy.resteasy_jaxrs.i18n]
>>>>>>>>>>>> (default task-30) RESTEASY002315:
PathInfo:
>>>>>>>>>>>>
/realms/demo/protocol/openid-connect/auth
>>>>>>>>>>>> 2017-04-25 09:54:45,059 DEBUG
>>>>>>>>>>>>
[org.keycloak.authentication.AuthenticationProcessor]
>>>>>>>>>>>> (default task-30)
>>>>>>>>>>>> AUTHENTICATE
>>>>>>>>>>>> 2017-04-25 09:54:45,059 DEBUG
>>>>>>>>>>>>
[org.keycloak.authentication.AuthenticationProcessor]
>>>>>>>>>>>> (default task-30)
>>>>>>>>>>>> AUTHENTICATE ONLY
>>>>>>>>>>>> 2017-04-25 09:54:45,059 DEBUG
>>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default
>>>>>>>>>>>> task-30) processFlow
>>>>>>>>>>>> 2017-04-25 09:54:45,059 DEBUG
>>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default
>>>>>>>>>>>> task-30) check execution: auth-cookie
requirement:
>>>>>>>>>>>> ALTERNATIVE
>>>>>>>>>>>> 2017-04-25 09:54:45,059 DEBUG
>>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default
>>>>>>>>>>>> task-30) authenticator: auth-cookie
>>>>>>>>>>>> 2017-04-25 09:54:45,059 DEBUG
>>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default
>>>>>>>>>>>> task-30) invoke
authenticator.authenticate
>>>>>>>>>>>> 2017-04-25 09:54:45,059 DEBUG
>>>>>>>>>>>>
[org.keycloak.services.managers.AuthenticationManager]
>>>>>>>>>>>> (default task-30)
>>>>>>>>>>>> Could not find cookie: KEYCLOAK_IDENTITY
>>>>>>>>>>>> 2017-04-25 09:54:45,059 DEBUG
>>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default
>>>>>>>>>>>> task-30) authenticator ATTEMPTED:
auth-cookie
>>>>>>>>>>>> 2017-04-25 09:54:45,059 DEBUG
>>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default
>>>>>>>>>>>> task-30) check execution: auth-spnego
requirement: DISABLED
>>>>>>>>>>>> 2017-04-25 09:54:45,059 DEBUG
>>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default
>>>>>>>>>>>> task-30) execution is processed
>>>>>>>>>>>> 2017-04-25 09:54:45,059 DEBUG
>>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default
>>>>>>>>>>>> task-30) check execution:
identity-provider-redirector
>>>>>>>>>>>> requirement:
>>>>>>>>>>>> ALTERNATIVE
>>>>>>>>>>>> 2017-04-25 09:54:45,059 DEBUG
>>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default
>>>>>>>>>>>> task-30) authenticator:
identity-provider-redirector
>>>>>>>>>>>> 2017-04-25 09:54:45,059 DEBUG
>>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default
>>>>>>>>>>>> task-30) invoke
authenticator.authenticate
>>>>>>>>>>>> 2017-04-25 09:54:45,059 DEBUG
>>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default
>>>>>>>>>>>> task-30) authenticator ATTEMPTED:
>>>>>>>>>>>> identity-provider-redirector
>>>>>>>>>>>> 2017-04-25 09:54:45,059 DEBUG
>>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default
>>>>>>>>>>>> task-30) check execution: null
requirement: ALTERNATIVE
>>>>>>>>>>>> 2017-04-25 09:54:45,059 DEBUG
>>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default
>>>>>>>>>>>> task-30) execution is flow
>>>>>>>>>>>> 2017-04-25 09:54:45,059 DEBUG
>>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default
>>>>>>>>>>>> task-30) processFlow
>>>>>>>>>>>> 2017-04-25 09:54:45,059 DEBUG
>>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default
>>>>>>>>>>>> task-30) check execution:
auth-username-password-form
>>>>>>>>>>>> requirement: REQUIRED
>>>>>>>>>>>> 2017-04-25 09:54:45,059 DEBUG
>>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default
>>>>>>>>>>>> task-30) authenticator:
auth-username-password-form
>>>>>>>>>>>> 2017-04-25 09:54:45,059 DEBUG
>>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default
>>>>>>>>>>>> task-30) invoke
authenticator.authenticate
>>>>>>>>>>>> 2017-04-25 09:54:45,060 DEBUG
[freemarker.cache] (default
>>>>>>>>>>>> task-30)
>>>>>>>>>>>>
TemplateLoader.findTemplateSource("template_en_US.ftl"):
>>>>>>>>>>>> Not found
>>>>>>>>>>>> 2017-04-25 09:54:45,060 DEBUG
[freemarker.cache] (default
>>>>>>>>>>>> task-30)
>>>>>>>>>>>>
TemplateLoader.findTemplateSource("template_en.ftl"): Not
>>>>>>>>>>>> found
>>>>>>>>>>>> 2017-04-25 09:54:45,060 DEBUG
[freemarker.cache] (default
>>>>>>>>>>>> task-30)
>>>>>>>>>>>>
TemplateLoader.findTemplateSource("template.ftl"): Found
>>>>>>>>>>>> 2017-04-25 09:54:45,061 DEBUG
[freemarker.cache] (default
>>>>>>>>>>>> task-30)
>>>>>>>>>>>>
"template.ftl"("en_US", UTF-8, parsed): using cached since
>>>>>>>>>>>>
file:/opt/jboss/keycloak/themes/base/login/template.ftl
>>>>>>>>>>>> hasn't changed.
>>>>>>>>>>>> 2017-04-25 09:54:45,064 DEBUG
>>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default
>>>>>>>>>>>> task-30) authenticator CHALLENGE:
auth-username-password-form
>>>>>>>>>>>> 2017-04-25 09:54:45,064 DEBUG
>>>>>>>>>>>>
[org.keycloak.transaction.JtaTransactionWrapper] (default
>>>>>>>>>>>> task-30)
>>>>>>>>>>>> JtaTransactionWrapper commit
>>>>>>>>>>>> 2017-04-25 09:54:45,064 DEBUG
>>>>>>>>>>>>
[org.keycloak.transaction.JtaTransactionWrapper] (default
>>>>>>>>>>>> task-30)
>>>>>>>>>>>> JtaTransactionWrapper end
>>>>>>>>>>>> 2017-04-25 09:54:50,503 DEBUG
[org.jboss.ejb.client.txn]
>>>>>>>>>>>> (Periodic
>>>>>>>>>>>> Recovery) Send recover request for
transaction origin node
>>>>>>>>>>>> identifier 1
>>>>>>>>>>>> to EJB receiver with node name
79051ccf69ac
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> *After authentication to portal1**
>>>>>>>>>>>> *
>>>>>>>>>>>> 2017-04-25 09:54:56,041 DEBUG
>>>>>>>>>>>>
[org.keycloak.transaction.JtaTransactionWrapper] (default
>>>>>>>>>>>> task-31) new
>>>>>>>>>>>> JtaTransactionWrapper
>>>>>>>>>>>> 2017-04-25 09:54:56,041 DEBUG
>>>>>>>>>>>>
[org.keycloak.transaction.JtaTransactionWrapper] (default
>>>>>>>>>>>> task-31) was
>>>>>>>>>>>> existing? false
>>>>>>>>>>>> 2017-04-25 09:54:56,042 DEBUG
>>>>>>>>>>>> [org.jboss.resteasy.resteasy_jaxrs.i18n]
>>>>>>>>>>>> (default task-31) RESTEASY002315:
PathInfo:
>>>>>>>>>>>> /realms/Demo/login-actions/authenticate
>>>>>>>>>>>> 2017-04-25 09:54:56,042 DEBUG
>>>>>>>>>>>>
[org.keycloak.authentication.AuthenticationProcessor]
>>>>>>>>>>>> (default task-31)
>>>>>>>>>>>> authenticationAction
>>>>>>>>>>>> 2017-04-25 09:54:56,042 DEBUG
>>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default
>>>>>>>>>>>> task-31) processAction:
dfde24fe-5e06-4dc9-8dc2-f82eedd89846
>>>>>>>>>>>> 2017-04-25 09:54:56,043 DEBUG
>>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default
>>>>>>>>>>>> task-31) check: auth-cookie requirement:
ALTERNATIVE
>>>>>>>>>>>> 2017-04-25 09:54:56,043 DEBUG
>>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default
>>>>>>>>>>>> task-31) execution is processed
>>>>>>>>>>>> 2017-04-25 09:54:56,043 DEBUG
>>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default
>>>>>>>>>>>> task-31) check: auth-spnego requirement:
DISABLED
>>>>>>>>>>>> 2017-04-25 09:54:56,043 DEBUG
>>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default
>>>>>>>>>>>> task-31) execution is processed
>>>>>>>>>>>> 2017-04-25 09:54:56,043 DEBUG
>>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default
>>>>>>>>>>>> task-31) check:
identity-provider-redirector requirement:
>>>>>>>>>>>> ALTERNATIVE
>>>>>>>>>>>> 2017-04-25 09:54:56,043 DEBUG
>>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default
>>>>>>>>>>>> task-31) execution is processed
>>>>>>>>>>>> 2017-04-25 09:54:56,043 DEBUG
>>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default
>>>>>>>>>>>> task-31) check: null requirement:
ALTERNATIVE
>>>>>>>>>>>> 2017-04-25 09:54:56,043 DEBUG
>>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default
>>>>>>>>>>>> task-31) processAction:
dfde24fe-5e06-4dc9-8dc2-f82eedd89846
>>>>>>>>>>>> 2017-04-25 09:54:56,043 DEBUG
>>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default
>>>>>>>>>>>> task-31) check:
auth-username-password-form requirement:
>>>>>>>>>>>> REQUIRED
>>>>>>>>>>>> 2017-04-25 09:54:56,043 DEBUG
>>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default
>>>>>>>>>>>> task-31) action:
auth-username-password-form
>>>>>>>>>>>> 2017-04-25 09:54:56,141 DEBUG
>>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default
>>>>>>>>>>>> task-31) authenticator SUCCESS:
auth-username-password-form
>>>>>>>>>>>> 2017-04-25 09:54:56,141 DEBUG
>>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default
>>>>>>>>>>>> task-31) processFlow
>>>>>>>>>>>> 2017-04-25 09:54:56,141 DEBUG
>>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default
>>>>>>>>>>>> task-31) check execution: auth-otp-form
requirement: OPTIONAL
>>>>>>>>>>>> 2017-04-25 09:54:56,141 DEBUG
>>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default
>>>>>>>>>>>> task-31) authenticator: auth-otp-form
>>>>>>>>>>>> 2017-04-25 09:54:56,141 DEBUG
>>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default
>>>>>>>>>>>> task-31) processFlow
>>>>>>>>>>>> 2017-04-25 09:54:56,141 DEBUG
>>>>>>>>>>>>
[org.hibernate.resource.transaction.backend.jta.internal.JtaTransactionCoordinatorImpl]
>>>>>>>>>>>>
>>>>>>>>>>>> (default task-31) Hibernate
RegisteredSynchronization
>>>>>>>>>>>> successfully
>>>>>>>>>>>> registered with JTA platform
>>>>>>>>>>>> 2017-04-25 09:54:56,142 DEBUG
[org.hibernate.SQL] (default
>>>>>>>>>>>> task-31)
>>>>>>>>>>>> select
>>>>>>>>>>>> roleentity0_.ID as col_0_0_
>>>>>>>>>>>> from
>>>>>>>>>>>> KEYCLOAK_ROLE roleentity0_
>>>>>>>>>>>> where
>>>>>>>>>>>> roleentity0_.CLIENT_ROLE=0
>>>>>>>>>>>> and roleentity0_.NAME=?
>>>>>>>>>>>> and roleentity0_.REALM=?
>>>>>>>>>>>> 2017-04-25 09:54:56,142 DEBUG
>>>>>>>>>>>>
[org.jboss.jca.core.connectionmanager.pool.strategy.OnePool]
>>>>>>>>>>>> (default
>>>>>>>>>>>> task-31) MySqlDS: getConnection(null,
>>>>>>>>>>>>
WrappedConnectionRequestInfo@4570d800[userName=KeycloakUSR])
>>>>>>>>>>>> [0/20]
>>>>>>>>>>>> 2017-04-25 09:54:56,143 DEBUG
>>>>>>>>>>>>
[org.hibernate.resource.jdbc.internal.LogicalConnectionManagedImpl]
>>>>>>>>>>>>
>>>>>>>>>>>> (default task-31) Initiating JDBC
connection release from
>>>>>>>>>>>> afterStatement
>>>>>>>>>>>> 2017-04-25 09:54:56,143 DEBUG
[org.hibernate.SQL] (default
>>>>>>>>>>>> task-31)
>>>>>>>>>>>> select
>>>>>>>>>>>> roleentity0_.ID as col_0_0_
>>>>>>>>>>>> from
>>>>>>>>>>>> KEYCLOAK_ROLE roleentity0_
>>>>>>>>>>>> where
>>>>>>>>>>>> roleentity0_.CLIENT_ROLE=0
>>>>>>>>>>>> and roleentity0_.NAME=?
>>>>>>>>>>>> and roleentity0_.REALM=?
>>>>>>>>>>>> 2017-04-25 09:54:56,144 DEBUG
>>>>>>>>>>>>
[org.hibernate.resource.jdbc.internal.LogicalConnectionManagedImpl]
>>>>>>>>>>>>
>>>>>>>>>>>> (default task-31) Initiating JDBC
connection release from
>>>>>>>>>>>> afterStatement
>>>>>>>>>>>> 2017-04-25 09:54:56,144 DEBUG
[org.hibernate.SQL] (default
>>>>>>>>>>>> task-31)
>>>>>>>>>>>> select
>>>>>>>>>>>> roleentity0_.ID as col_0_0_
>>>>>>>>>>>> from
>>>>>>>>>>>> KEYCLOAK_ROLE roleentity0_
>>>>>>>>>>>> where
>>>>>>>>>>>> roleentity0_.CLIENT_ROLE=0
>>>>>>>>>>>> and roleentity0_.NAME=?
>>>>>>>>>>>> and roleentity0_.REALM=?
>>>>>>>>>>>> 2017-04-25 09:54:56,144 DEBUG
>>>>>>>>>>>>
[org.hibernate.resource.jdbc.internal.LogicalConnectionManagedImpl]
>>>>>>>>>>>>
>>>>>>>>>>>> (default task-31) Initiating JDBC
connection release from
>>>>>>>>>>>> afterStatement
>>>>>>>>>>>> 2017-04-25 09:54:56,145 DEBUG
[org.keycloak.events]
>>>>>>>>>>>> (default task-31)
>>>>>>>>>>>> type=LOGIN, realmId=Demo,
clientId=moodle,
>>>>>>>>>>>>
userId=ed5ba52a-531d-4e6e-b12e-9bc0957a8c1f,
>>>>>>>>>>>> ipAddress=192.168.0.27,
>>>>>>>>>>>> auth_method=openid-connect,
auth_type=code,
>>>>>>>>>>>>
redirect_uri=https://localhost/moodleiam/auth/oidc/,
>>>>>>>>>>>> consent=no_consent_required,
>>>>>>>>>>>>
code_id=08539f13-cb1c-423e-86a3-365c29b055f1,
>>>>>>>>>>>> username=testuser
>>>>>>>>>>>> 2017-04-25 09:54:56,145 DEBUG
>>>>>>>>>>>>
[org.keycloak.services.managers.AuthenticationManager]
>>>>>>>>>>>> (default task-31)
>>>>>>>>>>>> Removing old user session: session:
>>>>>>>>>>>> 9a5218f8-aa9c-496c-aa00-780430f19c1b
>>>>>>>>>>>> 2017-04-25 09:54:56,145 DEBUG
>>>>>>>>>>>>
[org.keycloak.services.managers.AuthenticationManager]
>>>>>>>>>>>> (default task-31)
>>>>>>>>>>>> Create login cookie - name:
KEYCLOAK_IDENTITY, path:
>>>>>>>>>>>> /auth/realms/Demo,
>>>>>>>>>>>> max-age: -1
>>>>>>>>>>>> 2017-04-25 09:54:56,145 DEBUG
>>>>>>>>>>>>
[org.keycloak.services.managers.AuthenticationManager]
>>>>>>>>>>>> (default task-31)
>>>>>>>>>>>> Expiring remember me cookie
>>>>>>>>>>>> 2017-04-25 09:54:56,145 DEBUG
>>>>>>>>>>>>
[org.keycloak.services.managers.AuthenticationManager]
>>>>>>>>>>>> (default task-31)
>>>>>>>>>>>> Expiring cookie: KEYCLOAK_REMEMBER_ME
path: /auth/realms/Demo
>>>>>>>>>>>> 2017-04-25 09:54:56,146 DEBUG
>>>>>>>>>>>>
[org.keycloak.protocol.oidc.OIDCLoginProtocol] (default
>>>>>>>>>>>> task-31)
>>>>>>>>>>>> redirectAccessCode: state:
bIJNAcPb8Rxz8Wb
>>>>>>>>>>>> 2017-04-25 09:54:56,146 DEBUG
>>>>>>>>>>>>
[org.keycloak.transaction.JtaTransactionWrapper] (default
>>>>>>>>>>>> task-31)
>>>>>>>>>>>> JtaTransactionWrapper commit
>>>>>>>>>>>> 2017-04-25 09:54:56,149 DEBUG
>>>>>>>>>>>>
[org.jboss.jca.core.connectionmanager.pool.strategy.OnePool]
>>>>>>>>>>>> (default
>>>>>>>>>>>> task-31) MySqlDS:
returnConnection(4edba62b, false) [0/20]
>>>>>>>>>>>> 2017-04-25 09:54:56,149 DEBUG
>>>>>>>>>>>>
[org.hibernate.resource.jdbc.internal.LogicalConnectionManagedImpl]
>>>>>>>>>>>>
>>>>>>>>>>>> (default task-31) Initiating JDBC
connection release from
>>>>>>>>>>>> afterTransaction
>>>>>>>>>>>> 2017-04-25 09:54:56,149 DEBUG
>>>>>>>>>>>>
[org.keycloak.transaction.JtaTransactionWrapper] (default
>>>>>>>>>>>> task-31)
>>>>>>>>>>>> JtaTransactionWrapper end
>>>>>>>>>>>> 2017-04-25 09:54:56,642 DEBUG
>>>>>>>>>>>>
[org.keycloak.transaction.JtaTransactionWrapper] (default
>>>>>>>>>>>> task-24) new
>>>>>>>>>>>> JtaTransactionWrapper
>>>>>>>>>>>> 2017-04-25 09:54:56,642 DEBUG
>>>>>>>>>>>>
[org.keycloak.transaction.JtaTransactionWrapper] (default
>>>>>>>>>>>> task-24) was
>>>>>>>>>>>> existing? false
>>>>>>>>>>>> 2017-04-25 09:54:56,642 DEBUG
>>>>>>>>>>>> [org.jboss.resteasy.resteasy_jaxrs.i18n]
>>>>>>>>>>>> (default task-24) RESTEASY002315:
PathInfo:
>>>>>>>>>>>>
/realms/demo/protocol/openid-connect/token
>>>>>>>>>>>> 2017-04-25 09:54:56,643 DEBUG
>>>>>>>>>>>>
[org.keycloak.authentication.AuthenticationProcessor]
>>>>>>>>>>>> (default task-24)
>>>>>>>>>>>> AUTHENTICATE CLIENT
>>>>>>>>>>>> 2017-04-25 09:54:56,643 DEBUG
>>>>>>>>>>>>
[org.keycloak.authentication.ClientAuthenticationFlow]
>>>>>>>>>>>> (default task-24)
>>>>>>>>>>>> client authenticator: client-secret
>>>>>>>>>>>> 2017-04-25 09:54:56,643 DEBUG
>>>>>>>>>>>>
[org.keycloak.authentication.ClientAuthenticationFlow]
>>>>>>>>>>>> (default task-24)
>>>>>>>>>>>> client authenticator SUCCESS:
client-secret
>>>>>>>>>>>> 2017-04-25 09:54:56,643 DEBUG
>>>>>>>>>>>>
[org.keycloak.authentication.ClientAuthenticationFlow]
>>>>>>>>>>>> (default task-24)
>>>>>>>>>>>> Client moodle authenticated by
client-secret
>>>>>>>>>>>> 2017-04-25 09:54:56,663 DEBUG
[org.keycloak.events]
>>>>>>>>>>>> (default task-24)
>>>>>>>>>>>> type=CODE_TO_TOKEN, realmId=Demo,
clientId=moodle,
>>>>>>>>>>>>
userId=ed5ba52a-531d-4e6e-b12e-9bc0957a8c1f,
>>>>>>>>>>>> ipAddress=153.109.152.213,
>>>>>>>>>>>>
token_id=75173922-dd56-44ca-9255-9a5368e557f4,
>>>>>>>>>>>> grant_type=authorization_code,
refresh_token_type=Refresh,
>>>>>>>>>>>>
refresh_token_id=d7daabe5-8e73-4b8e-b108-92188e1118df,
>>>>>>>>>>>>
code_id=08539f13-cb1c-423e-86a3-365c29b055f1,
>>>>>>>>>>>> client_auth_method=client-secret
>>>>>>>>>>>> 2017-04-25 09:54:56,663 DEBUG
>>>>>>>>>>>>
[org.keycloak.transaction.JtaTransactionWrapper] (default
>>>>>>>>>>>> task-24)
>>>>>>>>>>>> JtaTransactionWrapper commit
>>>>>>>>>>>> 2017-04-25 09:54:56,663 DEBUG
>>>>>>>>>>>>
[org.keycloak.transaction.JtaTransactionWrapper] (default
>>>>>>>>>>>> task-24)
>>>>>>>>>>>> JtaTransactionWrapper end
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> *Login to portal2**
>>>>>>>>>>>> *
>>>>>>>>>>>> 2017-04-25 09:56:17,566 DEBUG
>>>>>>>>>>>>
[org.keycloak.transaction.JtaTransactionWrapper] (default
>>>>>>>>>>>> task-6) new
>>>>>>>>>>>> JtaTransactionWrapper
>>>>>>>>>>>> 2017-04-25 09:56:17,566 DEBUG
>>>>>>>>>>>>
[org.keycloak.transaction.JtaTransactionWrapper] (default
>>>>>>>>>>>> task-6) was
>>>>>>>>>>>> existing? false
>>>>>>>>>>>> 2017-04-25 09:56:17,567 DEBUG
>>>>>>>>>>>> [org.jboss.resteasy.resteasy_jaxrs.i18n]
>>>>>>>>>>>> (default task-6) RESTEASY002315:
PathInfo:
>>>>>>>>>>>>
/realms/demo/protocol/openid-connect/auth
>>>>>>>>>>>> 2017-04-25 09:56:17,569 DEBUG
>>>>>>>>>>>>
[org.keycloak.authentication.AuthenticationProcessor]
>>>>>>>>>>>> (default task-6)
>>>>>>>>>>>> AUTHENTICATE
>>>>>>>>>>>> 2017-04-25 09:56:17,569 DEBUG
>>>>>>>>>>>>
[org.keycloak.authentication.AuthenticationProcessor]
>>>>>>>>>>>> (default task-6)
>>>>>>>>>>>> AUTHENTICATE ONLY
>>>>>>>>>>>> 2017-04-25 09:56:17,569 DEBUG
>>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default task-6)
>>>>>>>>>>>> processFlow
>>>>>>>>>>>> 2017-04-25 09:56:17,569 DEBUG
>>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default task-6)
>>>>>>>>>>>> check execution: auth-cookie requirement:
ALTERNATIVE
>>>>>>>>>>>> 2017-04-25 09:56:17,569 DEBUG
>>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default task-6)
>>>>>>>>>>>> authenticator: auth-cookie
>>>>>>>>>>>> 2017-04-25 09:56:17,569 DEBUG
>>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default task-6)
>>>>>>>>>>>> invoke authenticator.authenticate
>>>>>>>>>>>> 2017-04-25 09:56:17,569 DEBUG
>>>>>>>>>>>>
[org.keycloak.services.managers.AuthenticationManager]
>>>>>>>>>>>> (default task-6)
>>>>>>>>>>>> Could not find cookie: KEYCLOAK_IDENTITY
>>>>>>>>>>>> 2017-04-25 09:56:17,569 DEBUG
>>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default task-6)
>>>>>>>>>>>> authenticator ATTEMPTED: auth-cookie
>>>>>>>>>>>> 2017-04-25 09:56:17,569 DEBUG
>>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default task-6)
>>>>>>>>>>>> check execution: auth-spnego requirement:
DISABLED
>>>>>>>>>>>> 2017-04-25 09:56:17,569 DEBUG
>>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default task-6)
>>>>>>>>>>>> execution is processed
>>>>>>>>>>>> 2017-04-25 09:56:17,569 DEBUG
>>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default task-6)
>>>>>>>>>>>> check execution:
identity-provider-redirector requirement:
>>>>>>>>>>>> ALTERNATIVE
>>>>>>>>>>>> 2017-04-25 09:56:17,569 DEBUG
>>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default task-6)
>>>>>>>>>>>> authenticator:
identity-provider-redirector
>>>>>>>>>>>> 2017-04-25 09:56:17,569 DEBUG
>>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default task-6)
>>>>>>>>>>>> invoke authenticator.authenticate
>>>>>>>>>>>> 2017-04-25 09:56:17,569 DEBUG
>>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default task-6)
>>>>>>>>>>>> authenticator ATTEMPTED:
identity-provider-redirector
>>>>>>>>>>>> 2017-04-25 09:56:17,569 DEBUG
>>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default task-6)
>>>>>>>>>>>> check execution: null requirement:
ALTERNATIVE
>>>>>>>>>>>> 2017-04-25 09:56:17,569 DEBUG
>>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default task-6)
>>>>>>>>>>>> execution is flow
>>>>>>>>>>>> 2017-04-25 09:56:17,569 DEBUG
>>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default task-6)
>>>>>>>>>>>> processFlow
>>>>>>>>>>>> 2017-04-25 09:56:17,569 DEBUG
>>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default task-6)
>>>>>>>>>>>> check execution:
auth-username-password-form requirement:
>>>>>>>>>>>> REQUIRED
>>>>>>>>>>>> 2017-04-25 09:56:17,569 DEBUG
>>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default task-6)
>>>>>>>>>>>> authenticator:
auth-username-password-form
>>>>>>>>>>>> 2017-04-25 09:56:17,569 DEBUG
>>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default task-6)
>>>>>>>>>>>> invoke authenticator.authenticate
>>>>>>>>>>>> 2017-04-25 09:56:17,572 DEBUG
[freemarker.cache] (default
>>>>>>>>>>>> task-6)
>>>>>>>>>>>>
TemplateLoader.findTemplateSource("template_en_US.ftl"):
>>>>>>>>>>>> Not found
>>>>>>>>>>>> 2017-04-25 09:56:17,572 DEBUG
[freemarker.cache] (default
>>>>>>>>>>>> task-6)
>>>>>>>>>>>>
TemplateLoader.findTemplateSource("template_en.ftl"): Not
>>>>>>>>>>>> found
>>>>>>>>>>>> 2017-04-25 09:56:17,572 DEBUG
[freemarker.cache] (default
>>>>>>>>>>>> task-6)
>>>>>>>>>>>>
TemplateLoader.findTemplateSource("template.ftl"): Found
>>>>>>>>>>>> 2017-04-25 09:56:17,572 DEBUG
[freemarker.cache] (default
>>>>>>>>>>>> task-6)
>>>>>>>>>>>>
"template.ftl"("en_US", UTF-8, parsed): using cached since
>>>>>>>>>>>>
file:/opt/jboss/keycloak/themes/base/login/template.ftl
>>>>>>>>>>>> hasn't changed.
>>>>>>>>>>>> 2017-04-25 09:56:17,573 DEBUG
>>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default task-6)
>>>>>>>>>>>> authenticator CHALLENGE:
auth-username-password-form
>>>>>>>>>>>> 2017-04-25 09:56:17,573 DEBUG
>>>>>>>>>>>>
[org.keycloak.transaction.JtaTransactionWrapper] (default
>>>>>>>>>>>> task-6)
>>>>>>>>>>>> JtaTransactionWrapper commit
>>>>>>>>>>>> 2017-04-25 09:56:17,573 DEBUG
>>>>>>>>>>>>
[org.keycloak.transaction.JtaTransactionWrapper] (default
>>>>>>>>>>>> task-6)
>>>>>>>>>>>> JtaTransactionWrapper end
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> *After authentication to portal2**
>>>>>>>>>>>> *
>>>>>>>>>>>> 2017-04-25 09:56:29,001 DEBUG
>>>>>>>>>>>>
[org.keycloak.transaction.JtaTransactionWrapper] (default
>>>>>>>>>>>> task-4) new
>>>>>>>>>>>> JtaTransactionWrapper
>>>>>>>>>>>> 2017-04-25 09:56:29,001 DEBUG
>>>>>>>>>>>>
[org.keycloak.transaction.JtaTransactionWrapper] (default
>>>>>>>>>>>> task-4) was
>>>>>>>>>>>> existing? false
>>>>>>>>>>>> 2017-04-25 09:56:29,001 DEBUG
>>>>>>>>>>>> [org.jboss.resteasy.resteasy_jaxrs.i18n]
>>>>>>>>>>>> (default task-4) RESTEASY002315:
PathInfo:
>>>>>>>>>>>> /realms/Demo/login-actions/authenticate
>>>>>>>>>>>> 2017-04-25 09:56:29,002 DEBUG
>>>>>>>>>>>>
[org.keycloak.authentication.AuthenticationProcessor]
>>>>>>>>>>>> (default task-4)
>>>>>>>>>>>> authenticationAction
>>>>>>>>>>>> 2017-04-25 09:56:29,002 DEBUG
>>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default task-4)
>>>>>>>>>>>> processAction:
dfde24fe-5e06-4dc9-8dc2-f82eedd89846
>>>>>>>>>>>> 2017-04-25 09:56:29,002 DEBUG
>>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default task-4)
>>>>>>>>>>>> check: auth-cookie requirement:
ALTERNATIVE
>>>>>>>>>>>> 2017-04-25 09:56:29,002 DEBUG
>>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default task-4)
>>>>>>>>>>>> execution is processed
>>>>>>>>>>>> 2017-04-25 09:56:29,002 DEBUG
>>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default task-4)
>>>>>>>>>>>> check: auth-spnego requirement: DISABLED
>>>>>>>>>>>> 2017-04-25 09:56:29,002 DEBUG
>>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default task-4)
>>>>>>>>>>>> execution is processed
>>>>>>>>>>>> 2017-04-25 09:56:29,004 DEBUG
>>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default task-4)
>>>>>>>>>>>> check: identity-provider-redirector
requirement: ALTERNATIVE
>>>>>>>>>>>> 2017-04-25 09:56:29,004 DEBUG
>>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default task-4)
>>>>>>>>>>>> execution is processed
>>>>>>>>>>>> 2017-04-25 09:56:29,004 DEBUG
>>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default task-4)
>>>>>>>>>>>> check: null requirement: ALTERNATIVE
>>>>>>>>>>>> 2017-04-25 09:56:29,004 DEBUG
>>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default task-4)
>>>>>>>>>>>> processAction:
dfde24fe-5e06-4dc9-8dc2-f82eedd89846
>>>>>>>>>>>> 2017-04-25 09:56:29,004 DEBUG
>>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default task-4)
>>>>>>>>>>>> check: auth-username-password-form
requirement: REQUIRED
>>>>>>>>>>>> 2017-04-25 09:56:29,004 DEBUG
>>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default task-4)
>>>>>>>>>>>> action: auth-username-password-form
>>>>>>>>>>>> 2017-04-25 09:56:29,099 DEBUG
>>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default task-4)
>>>>>>>>>>>> authenticator SUCCESS:
auth-username-password-form
>>>>>>>>>>>> 2017-04-25 09:56:29,100 DEBUG
>>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default task-4)
>>>>>>>>>>>> processFlow
>>>>>>>>>>>> 2017-04-25 09:56:29,100 DEBUG
>>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default task-4)
>>>>>>>>>>>> check execution: auth-otp-form
requirement: OPTIONAL
>>>>>>>>>>>> 2017-04-25 09:56:29,100 DEBUG
>>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default task-4)
>>>>>>>>>>>> authenticator: auth-otp-form
>>>>>>>>>>>> 2017-04-25 09:56:29,100 DEBUG
>>>>>>>>>>>>
[org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default task-4)
>>>>>>>>>>>> processFlow
>>>>>>>>>>>> 2017-04-25 09:56:29,100 DEBUG
>>>>>>>>>>>>
[org.hibernate.resource.transaction.backend.jta.internal.JtaTransactionCoordinatorImpl]
>>>>>>>>>>>>
>>>>>>>>>>>> (default task-4) Hibernate
RegisteredSynchronization
>>>>>>>>>>>> successfully
>>>>>>>>>>>> registered with JTA platform
>>>>>>>>>>>> 2017-04-25 09:56:29,100 DEBUG
[org.hibernate.SQL] (default
>>>>>>>>>>>> task-4)
>>>>>>>>>>>> select
>>>>>>>>>>>> roleentity0_.ID as col_0_0_
>>>>>>>>>>>> from
>>>>>>>>>>>> KEYCLOAK_ROLE roleentity0_
>>>>>>>>>>>> where
>>>>>>>>>>>> roleentity0_.CLIENT_ROLE=0
>>>>>>>>>>>> and roleentity0_.NAME=?
>>>>>>>>>>>> and roleentity0_.REALM=?
>>>>>>>>>>>> 2017-04-25 09:56:29,101 DEBUG
>>>>>>>>>>>>
[org.jboss.jca.core.connectionmanager.pool.strategy.OnePool]
>>>>>>>>>>>> (default
>>>>>>>>>>>> task-4) MySqlDS: getConnection(null,
>>>>>>>>>>>>
WrappedConnectionRequestInfo@4570d800[userName=KeycloakUSR])
>>>>>>>>>>>> [0/20]
>>>>>>>>>>>> 2017-04-25 09:56:29,102 DEBUG
>>>>>>>>>>>>
[org.hibernate.resource.jdbc.internal.LogicalConnectionManagedImpl]
>>>>>>>>>>>>
>>>>>>>>>>>> (default task-4) Initiating JDBC
connection release from
>>>>>>>>>>>> afterStatement
>>>>>>>>>>>> 2017-04-25 09:56:29,103 DEBUG
[org.hibernate.SQL] (default
>>>>>>>>>>>> task-4)
>>>>>>>>>>>> select
>>>>>>>>>>>> roleentity0_.ID as col_0_0_
>>>>>>>>>>>> from
>>>>>>>>>>>> KEYCLOAK_ROLE roleentity0_
>>>>>>>>>>>> where
>>>>>>>>>>>> roleentity0_.CLIENT_ROLE=0
>>>>>>>>>>>> and roleentity0_.NAME=?
>>>>>>>>>>>> and roleentity0_.REALM=?
>>>>>>>>>>>> 2017-04-25 09:56:29,103 DEBUG
>>>>>>>>>>>>
[org.hibernate.resource.jdbc.internal.LogicalConnectionManagedImpl]
>>>>>>>>>>>>
>>>>>>>>>>>> (default task-4) Initiating JDBC
connection release from
>>>>>>>>>>>> afterStatement
>>>>>>>>>>>> 2017-04-25 09:56:29,103 DEBUG
[org.hibernate.SQL] (default
>>>>>>>>>>>> task-4)
>>>>>>>>>>>> select
>>>>>>>>>>>> roleentity0_.ID as col_0_0_
>>>>>>>>>>>> from
>>>>>>>>>>>> KEYCLOAK_ROLE roleentity0_
>>>>>>>>>>>> where
>>>>>>>>>>>> roleentity0_.CLIENT_ROLE=0
>>>>>>>>>>>> and roleentity0_.NAME=?
>>>>>>>>>>>> and roleentity0_.REALM=?
>>>>>>>>>>>> 2017-04-25 09:56:29,104 DEBUG
>>>>>>>>>>>>
[org.hibernate.resource.jdbc.internal.LogicalConnectionManagedImpl]
>>>>>>>>>>>>
>>>>>>>>>>>> (default task-4) Initiating JDBC
connection release from
>>>>>>>>>>>> afterStatement
>>>>>>>>>>>> 2017-04-25 09:56:29,104 DEBUG
[org.keycloak.events]
>>>>>>>>>>>> (default task-4)
>>>>>>>>>>>> type=LOGIN, realmId=Demo,
clientId=moodle2,
>>>>>>>>>>>>
userId=ed5ba52a-531d-4e6e-b12e-9bc0957a8c1f,
>>>>>>>>>>>> ipAddress=192.168.0.27,
>>>>>>>>>>>> auth_method=openid-connect,
auth_type=code,
>>>>>>>>>>>>
redirect_uri=https://localhost/moodle2iam/auth/oidc/,
>>>>>>>>>>>> consent=no_consent_required,
>>>>>>>>>>>>
code_id=cffeac69-54fc-4d19-be81-36f0f19ce1ef,
>>>>>>>>>>>> username=testuser
>>>>>>>>>>>> 2017-04-25 09:56:29,104 DEBUG
>>>>>>>>>>>>
[org.keycloak.services.managers.AuthenticationManager]
>>>>>>>>>>>> (default task-4)
>>>>>>>>>>>> Removing old user session: session:
>>>>>>>>>>>> 431cecf6-5a6b-4bbc-9467-3f52eff8090f
>>>>>>>>>>>> 2017-04-25 09:56:29,105 DEBUG
>>>>>>>>>>>>
[org.keycloak.services.managers.AuthenticationManager]
>>>>>>>>>>>> (default task-4)
>>>>>>>>>>>> Create login cookie - name:
KEYCLOAK_IDENTITY, path:
>>>>>>>>>>>> /auth/realms/Demo,
>>>>>>>>>>>> max-age: -1
>>>>>>>>>>>> 2017-04-25 09:56:29,105 DEBUG
>>>>>>>>>>>>
[org.keycloak.services.managers.AuthenticationManager]
>>>>>>>>>>>> (default task-4)
>>>>>>>>>>>> Expiring remember me cookie
>>>>>>>>>>>> 2017-04-25 09:56:29,105 DEBUG
>>>>>>>>>>>>
[org.keycloak.services.managers.AuthenticationManager]
>>>>>>>>>>>> (default task-4)
>>>>>>>>>>>> Expiring cookie: KEYCLOAK_REMEMBER_ME
path: /auth/realms/Demo
>>>>>>>>>>>> 2017-04-25 09:56:29,105 DEBUG
>>>>>>>>>>>>
[org.keycloak.protocol.oidc.OIDCLoginProtocol] (default
>>>>>>>>>>>> task-4)
>>>>>>>>>>>> redirectAccessCode: state:
WUCTMXokISFDbFN
>>>>>>>>>>>> 2017-04-25 09:56:29,105 DEBUG
>>>>>>>>>>>>
[org.keycloak.transaction.JtaTransactionWrapper] (default
>>>>>>>>>>>> task-4)
>>>>>>>>>>>> JtaTransactionWrapper commit
>>>>>>>>>>>> 2017-04-25 09:56:29,106 DEBUG
>>>>>>>>>>>>
[org.jboss.jca.core.connectionmanager.pool.strategy.OnePool]
>>>>>>>>>>>> (default
>>>>>>>>>>>> task-4) MySqlDS:
returnConnection(4edba62b, false) [0/20]
>>>>>>>>>>>> 2017-04-25 09:56:29,106 DEBUG
>>>>>>>>>>>>
[org.hibernate.resource.jdbc.internal.LogicalConnectionManagedImpl]
>>>>>>>>>>>>
>>>>>>>>>>>> (default task-4) Initiating JDBC
connection release from
>>>>>>>>>>>> afterTransaction
>>>>>>>>>>>> 2017-04-25 09:56:29,106 DEBUG
>>>>>>>>>>>>
[org.keycloak.transaction.JtaTransactionWrapper] (default
>>>>>>>>>>>> task-4)
>>>>>>>>>>>> JtaTransactionWrapper end
>>>>>>>>>>>> 2017-04-25 09:56:29,626 DEBUG
>>>>>>>>>>>>
[org.keycloak.transaction.JtaTransactionWrapper] (default
>>>>>>>>>>>> task-13) new
>>>>>>>>>>>> JtaTransactionWrapper
>>>>>>>>>>>> 2017-04-25 09:56:29,626 DEBUG
>>>>>>>>>>>>
[org.keycloak.transaction.JtaTransactionWrapper] (default
>>>>>>>>>>>> task-13) was
>>>>>>>>>>>> existing? false
>>>>>>>>>>>> 2017-04-25 09:56:29,627 DEBUG
>>>>>>>>>>>> [org.jboss.resteasy.resteasy_jaxrs.i18n]
>>>>>>>>>>>> (default task-13) RESTEASY002315:
PathInfo:
>>>>>>>>>>>>
/realms/demo/protocol/openid-connect/token
>>>>>>>>>>>> 2017-04-25 09:56:29,627 DEBUG
>>>>>>>>>>>>
[org.keycloak.authentication.AuthenticationProcessor]
>>>>>>>>>>>> (default task-13)
>>>>>>>>>>>> AUTHENTICATE CLIENT
>>>>>>>>>>>> 2017-04-25 09:56:29,627 DEBUG
>>>>>>>>>>>>
[org.keycloak.authentication.ClientAuthenticationFlow]
>>>>>>>>>>>> (default task-13)
>>>>>>>>>>>> client authenticator: client-secret
>>>>>>>>>>>> 2017-04-25 09:56:29,627 DEBUG
>>>>>>>>>>>>
[org.keycloak.authentication.ClientAuthenticationFlow]
>>>>>>>>>>>> (default task-13)
>>>>>>>>>>>> client authenticator SUCCESS:
client-secret
>>>>>>>>>>>> 2017-04-25 09:56:29,627 DEBUG
>>>>>>>>>>>>
[org.keycloak.authentication.ClientAuthenticationFlow]
>>>>>>>>>>>> (default task-13)
>>>>>>>>>>>> Client moodle2 authenticated by
client-secret
>>>>>>>>>>>> 2017-04-25 09:56:29,656 DEBUG
[org.keycloak.events]
>>>>>>>>>>>> (default task-13)
>>>>>>>>>>>> type=CODE_TO_TOKEN, realmId=Demo,
clientId=moodle2,
>>>>>>>>>>>>
userId=ed5ba52a-531d-4e6e-b12e-9bc0957a8c1f,
>>>>>>>>>>>> ipAddress=153.109.152.213,
>>>>>>>>>>>>
token_id=ff9b3385-1362-4559-ad53-05317755b280,
>>>>>>>>>>>> grant_type=authorization_code,
refresh_token_type=Refresh,
>>>>>>>>>>>>
refresh_token_id=356011d7-e9fa-4c90-9368-a7627a445bc7,
>>>>>>>>>>>>
code_id=cffeac69-54fc-4d19-be81-36f0f19ce1ef,
>>>>>>>>>>>> client_auth_method=client-secret
>>>>>>>>>>>> 2017-04-25 09:56:29,656 DEBUG
>>>>>>>>>>>>
[org.keycloak.transaction.JtaTransactionWrapper] (default
>>>>>>>>>>>> task-13)
>>>>>>>>>>>> JtaTransactionWrapper commit
>>>>>>>>>>>> 2017-04-25 09:56:29,656 DEBUG
>>>>>>>>>>>>
[org.keycloak.transaction.JtaTransactionWrapper] (default
>>>>>>>>>>>> task-13)
>>>>>>>>>>>> JtaTransactionWrapper end
>>>>>>>>>>>> 2017-04-25 09:56:29,660 DEBUG
[io.undertow.request.io]
>>>>>>>>>>>> (default I/O-1)
>>>>>>>>>>>> Error reading request:
java.io.IOException: Connection
>>>>>>>>>>>> reset by peer
>>>>>>>>>>>> at
sun.nio.ch.FileDispatcherImpl.read0(Native
>>>>>>>>>>>> Method)
>>>>>>>>>>>> at
>>>>>>>>>>>>
sun.nio.ch.SocketDispatcher.read(SocketDispatcher.java:39)
>>>>>>>>>>>> at
>>>>>>>>>>>>
sun.nio.ch.IOUtil.readIntoNativeBuffer(IOUtil.java:223)
>>>>>>>>>>>> at
sun.nio.ch.IOUtil.read(IOUtil.java:192)
>>>>>>>>>>>> at
>>>>>>>>>>>>
sun.nio.ch.SocketChannelImpl.read(SocketChannelImpl.java:380)
>>>>>>>>>>>> at
>>>>>>>>>>>>
org.xnio.nio.NioSocketConduit.read(NioSocketConduit.java:282)
>>>>>>>>>>>> at
>>>>>>>>>>>>
io.undertow.protocols.ssl.SslConduit.doUnwrap(SslConduit.java:658)
>>>>>>>>>>>>
>>>>>>>>>>>> at
>>>>>>>>>>>>
io.undertow.protocols.ssl.SslConduit.read(SslConduit.java:530)
>>>>>>>>>>>>
>>>>>>>>>>>> at
>>>>>>>>>>>>
org.xnio.conduits.ConduitStreamSourceChannel.read(ConduitStreamSourceChannel.java:127)
>>>>>>>>>>>>
>>>>>>>>>>>> at
>>>>>>>>>>>>
io.undertow.server.protocol.http.HttpReadListener.handleEventWithNoRunningRequest(HttpReadListener.java:152)
>>>>>>>>>>>>
>>>>>>>>>>>> at
>>>>>>>>>>>>
io.undertow.server.protocol.http.HttpReadListener.handleEvent(HttpReadListener.java:130)
>>>>>>>>>>>>
>>>>>>>>>>>> at
>>>>>>>>>>>>
io.undertow.server.protocol.http.HttpReadListener.handleEvent(HttpReadListener.java:56)
>>>>>>>>>>>>
>>>>>>>>>>>> at
>>>>>>>>>>>>
org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
>>>>>>>>>>>>
>>>>>>>>>>>> at
>>>>>>>>>>>>
org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66)
>>>>>>>>>>>>
>>>>>>>>>>>> at
>>>>>>>>>>>>
io.undertow.protocols.ssl.SslConduit$SslReadReadyHandler.readReady(SslConduit.java:1059)
>>>>>>>>>>>>
>>>>>>>>>>>> at
>>>>>>>>>>>>
org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:88)
>>>>>>>>>>>>
>>>>>>>>>>>> at
>>>>>>>>>>>>
org.xnio.nio.WorkerThread.run(WorkerThread.java:559)
>>>>>>>>>>>>
>>>>>>>>>>>>
_______________________________________________
>>>>>>>>>>>> keycloak-user mailing list
>>>>>>>>>>>> keycloak-user(a)lists.jboss.org
>>>>>>>>>>>>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>