Hello, I'm going to use Spring Session to substitute container specific session managment and clustering session purposes. KeycloakSecurityContext also will be stored in HTTP session. It means that KeycloakPrincipal with KeycloakSecurityContext wil be serialized and deserialized between requests. In this case I faced with the following situation:  - After successfull authentication  2018-02-14 01:02:52.672 DEBUG 14424 --- [nio-8080-exec-6] f.KeycloakAuthenticationProcessingFilter : Auth outcome: AUTHENTICATED 2018-02-14 01:02:52.672 DEBUG 14424 --- [nio-8080-exec-6] o.s.s.authentication.ProviderManager     : Authentication attempt using org.keycloak.adapters.springsecurity.authentication.KeycloakAuthenticationProvider 2018-02-14 01:02:52.672 DEBUG 14424 --- [nio-8080-exec-6] f.KeycloakAuthenticationProcessingFilter : Authentication success. Updating SecurityContextHolder to contain: org.keycloak.adapters.springsecurity.token.KeycloakAuthenticationToken@b78d8e87: Principal: user1; Credentials: [PROTECTED]; Authenticated: true; Details: org.keycloak.adapters.springsecurity.account.SimpleKeycloakAccount@1906910f; Granted Authorities: ROLE_user, ROLE_uma_authorization - KeycloakSecurityContextRequestFilter clear SecurityContextHolder . 2018-02-14 01:02:52.715 DEBUG 14424 --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy        : /customers at position 11 of 15 in additional filter chain; firing Filter: 'KeycloakSecurityContextRequestFilter' 2018-02-14 01:02:52.715 DEBUG 14424 --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy        : /customers at position 12 of 15 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter' 2018-02-14 01:02:52.716 DEBUG 14424 --- [nio-8080-exec-7] o.s.s.w.a.AnonymousAuthenticationFilter  : Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@6fabe8e0: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffe9938: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 06690a32-ab3f-48d6-8776-de16f5d1ad05; Granted Authorities: ROLE_ANONYMOUS' As a result I had infinite loop of redirection between my webapp and Keycloak server. After some investigation I have found why it happend. When KeycloakSecurityContextRequestFilter check refreshableSecurityContext.isActive() refreshableSecurityContext do not contain KeycloakDeployment ( = null). Thus refreshableSecurityContext.isActive() always false. public boolean isActive() { return token != null && this.token.isActive() && deployment!=null && this.token.getIssuedAt() > deployment.getNotBefore(); } The cause of this situation that RefreshableKeycloakSecurityContext created via deserialization and deployment not reassigned. If you agree with that issue I can suggest the solution to set deployment in the doFilter method of the KeycloakSecurityContextRequestFilter. ... if (keycloakSecurityContext instanceof RefreshableKeycloakSecurityContext) { RefreshableKeycloakSecurityContext refreshableSecurityContext = (RefreshableKeycloakSecurityContext) keycloakSecurityContext; KeycloakDeployment deployment = resolveDeployment(request, response); if (refreshableSecurityContext.getDeployment() == null) { AdapterTokenStore adapterTokenStore = adapterTokenStoreFactory.createAdapterTokenStore(deployment,(HttpServletRequest)request); refreshableSecurityContext.setCurrentRequestInfo(deployment,adapterTokenStore); } ...