[keycloak-user] Email verification : failed to turn code into token: java.net.SocketException
Stephen Flynn
stephen.flynn at jftechnology.com
Fri Jan 30 12:53:58 EST 2015
> Do you have the same issue without multi-tenancy?
Will check this against 1.1.0.Final as soon as I can. For what it is worth the
multi-tenancy seems to be working as expected in every other way (hits the right
realm, redirects back to the correct landing page, etc).
>
> Do you have the same issue with just a regular login, or is it just with email verification?
Just with email verification - everything else works perfectly (and congrats on
1.1.0.Final BTW - sterling work)
>
> ----- Original Message -----
>> From: "Stephen Flynn" <stephen.flynn at jftechnology.com>
>> To: keycloak-user at lists.jboss.org
>> Sent: Monday, 26 January, 2015 2:48:00 PM
>> Subject: [keycloak-user] Email verification : failed to turn code into token: java.net.SocketException
>>
>>
>> Hi guys ,
>>
>> Struggling with an odd problem here - will try my best to explain. Scenario
>> is as follows (KC 1.1.Beta2 / Wildfly 8.2.0.Final)...
>>
>>
>> * KeyCloak running on 'host1', app is running on 'host2' (with
>> multi-tenancy)
>> * Created a user with credentials.
>> * Checked that user login/logout/timeout works fine - it does.
>> * Leave the user logged out.
>> * From the KeyCloak user interface on host1 I update the user to 'Email
>> verified' = 'Off' and required user action to 'Verify email'
>> * On next login attempt app landing page redirects to KeyCloak login page
>> - as expected .
>> * After I enter username/password I get the 'EMAIL VERIFICATION' page and
>> receive an email with a verification link - as expected .
>> * Following the email link verifies the KC user account (now 'Email
>> verified' = 'On' and required user actions are empty) - as expected .
>> * KeyCloak redirects back to the correct app landing page on 'host2' - as
>> expected .
>> * User is now authenticated but no principal or roles have been
>> propagated to the app (principal is 'anonymous').
>> * An exception (see below) is logged by the KeyCloak adapter on 'host2'
>>
>>
>> Can't find any similar issues in JIRA/mailing lists - any thoughts ? Or where
>> I should be looking for more detail to clarify this ?
>>
>>
>> best rgds
>>
>> Steve F.
>>
>>
>> THIS EXCEPTION IS LOGGED ON THE APP HOST
>> 2015-01-26 11:00:00,006 ERROR
>> [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-21) failed
>> to turn code into token: java.net.SocketException: Connection reset
>> at java.net.SocketInputStream.read(SocketInputStream.java:196)
>> [rt.jar:1.7.0_51]
>> at java.net.SocketInputStream.read(SocketInputStream.java:122)
>> [rt.jar:1.7.0_51]
>> at sun.security.ssl.InputRecord.readFully(InputRecord.java:442)
>> [jsse.jar:1.7.0_51]
>> at sun.security.ssl.InputRecord.read(InputRecord.java:480)
>> [jsse.jar:1.7.0_51]
>> at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:927)
>> [jsse.jar:1.7.0_51]
>> at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:884)
>> [jsse.jar:1.7.0_51]
>> at sun.security.ssl.AppInputStream.read(AppInputStream.java:102)
>> [jsse.jar:1.7.0_51]
>> at
>> org.apache.http.impl.io.AbstractSessionInputBuffer.fillBuffer(AbstractSessionInputBuffer.java:166)
>> at
>> org.apache.http.impl.io.SocketInputBuffer.fillBuffer(SocketInputBuffer.java:90)
>> at
>> org.apache.http.impl.io.AbstractSessionInputBuffer.readLine(AbstractSessionInputBuffer.java:281)
>> at
>> org.apache.http.impl.conn.DefaultHttpResponseParser.parseHead(DefaultHttpResponseParser.java:92)
>> at
>> org.apache.http.impl.conn.DefaultHttpResponseParser.parseHead(DefaultHttpResponseParser.java:62)
>> at
>> org.apache.http.impl.io.AbstractMessageParser.parse(AbstractMessageParser.java:254)
>> at
>> org.apache.http.impl.AbstractHttpClientConnection.receiveResponseHeader(AbstractHttpClientConnection.java:289)
>> at
>> org.apache.http.impl.conn.DefaultClientConnection.receiveResponseHeader(DefaultClientConnection.java:252)
>> at
>> org.apache.http.impl.conn.AbstractClientConnAdapter.receiveResponseHeader(AbstractClientConnAdapter.java:219)
>> at
>> org.apache.http.protocol.HttpRequestExecutor.doReceiveResponse(HttpRequestExecutor.java:300)
>> at
>> org.apache.http.protocol.HttpRequestExecutor.execute(HttpRequestExecutor.java:127)
>> at
>> org.apache.http.impl.client.DefaultRequestDirector.tryExecute(DefaultRequestDirector.java:712)
>> at
>> org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:517)
>> at
>> org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906)
>> at
>> org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:805)
>> at
>> org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:784)
>> at
>> org.keycloak.adapters.ServerRequest.invokeAccessCodeToToken(ServerRequest.java:122)
>> [keycloak-adapter-core-1.1.0.Beta2.jar:1.1.0.Beta2]
>> at
>> org.keycloak.adapters.ServerRequest.invokeAccessCodeToToken(ServerRequest.java:95)
>> [keycloak-adapter-core-1.1.0.Beta2.jar:1.1.0.Beta2]
>> at
>> org.keycloak.adapters.OAuthRequestAuthenticator.resolveCode(OAuthRequestAuthenticator.java:261)
>> [keycloak-adapter-core-1.1.0.Beta2.jar:1.1.0.Beta2]
>> at
>> org.keycloak.adapters.OAuthRequestAuthenticator.authenticate(OAuthRequestAuthenticator.java:208)
>> [keycloak-adapter-core-1.1.0.Beta2.jar:1.1.0.Beta2]
>> at
>> org.keycloak.adapters.RequestAuthenticator.authenticate(RequestAuthenticator.java:90)
>> [keycloak-adapter-core-1.1.0.Beta2.jar:1.1.0.Beta2]
>> at
>> org.keycloak.adapters.undertow.AbstractUndertowKeycloakAuthMech.keycloakAuthenticate(AbstractUndertowKeycloakAuthMech.java:93)
>> [keycloak-undertow-adapter-1.1.0.Beta2.jar:1.1.0.Beta2]
>> at
>> org.keycloak.adapters.undertow.ServletKeycloakAuthMech.authenticate(ServletKeycloakAuthMech.java:60)
>> [keycloak-undertow-adapter-1.1.0.Beta2.jar:1.1.0.Beta2]
>> at
>> io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:281)
>> [undertow-core-1.1.0.Final.jar:1.1.0.Final]
>> at
>> io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:298)
>> [undertow-core-1.1.0.Final.jar:1.1.0.Final]
>> at
>> io.undertow.security.impl.SecurityContextImpl$AuthAttempter.access$100(SecurityContextImpl.java:268)
>> [undertow-core-1.1.0.Final.jar:1.1.0.Final]
>> at
>> io.undertow.security.impl.SecurityContextImpl.attemptAuthentication(SecurityContextImpl.java:131)
>> [undertow-core-1.1.0.Final.jar:1.1.0.Final]
>> at
>> io.undertow.security.impl.SecurityContextImpl.authTransition(SecurityContextImpl.java:106)
>> [undertow-core-1.1.0.Final.jar:1.1.0.Final]
>> at
>> io.undertow.security.impl.SecurityContextImpl.authenticate(SecurityContextImpl.java:99)
>> [undertow-core-1.1.0.Final.jar:1.1.0.Final]
>> at
>> io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:54)
>> [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
>> at
>> io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:33)
>> [undertow-core-1.1.0.Final.jar:1.1.0.Final]
>> at
>> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>> [undertow-core-1.1.0.Final.jar:1.1.0.Final]
>> at
>> io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:51)
>> [undertow-core-1.1.0.Final.jar:1.1.0.Final]
>> at
>> io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:45)
>> [undertow-core-1.1.0.Final.jar:1.1.0.Final]
>> at
>> io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:63)
>> [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
>> at
>> io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:56)
>> [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
>> at
>> io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58)
>> [undertow-core-1.1.0.Final.jar:1.1.0.Final]
>> at
>> io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:70)
>> [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
>> at
>> io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76)
>> [undertow-core-1.1.0.Final.jar:1.1.0.Final]
>> at
>> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>> [undertow-core-1.1.0.Final.jar:1.1.0.Final]
>> at
>> org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
>> at
>> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>> [undertow-core-1.1.0.Final.jar:1.1.0.Final]
>> at
>> org.keycloak.adapters.undertow.ServletPreAuthActionsHandler.handleRequest(ServletPreAuthActionsHandler.java:69)
>> [keycloak-undertow-adapter-1.1.0.Beta2.jar:1.1.0.Beta2]
>> at
>> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>> [undertow-core-1.1.0.Final.jar:1.1.0.Final]
>> at
>> io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:261)
>> [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
>> at
>> io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:247)
>> [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
>> at
>> io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:76)
>> [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
>> at
>> io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:166)
>> [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
>> at io.undertow.server.Connectors.executeRootHandler(Connectors.java:197)
>> [undertow-core-1.1.0.Final.jar:1.1.0.Final]
>> at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:759)
>> [undertow-core-1.1.0.Final.jar:1.1.0.Final]
>> at
>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
>> [rt.jar:1.7.0_51]
>> at
>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
>> [rt.jar:1.7.0_51]
>> at java.lang.Thread.run(Thread.java:744) [rt.jar:1.7.0_51]
>> --
>> ===================================================
>>
>> Stephen Flynn
>>
>> Director, JF Technology (UK) Ltd
>>
>> Cell (UK) : +44 7768 003 882
>> Phone : +44 20 7833 8346
>> IM : xmpp:stephen.flynn at jftechnology.com
>> IM : aim:stephen.flynn at jftechnology.com
>> Website : http://www.jftechnology.com
>> Tech support : support at jftechnology.com
>> ===================================================
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
-------------- next part --------------
A non-text attachment was scrubbed...
Name: stephen_flynn.vcf
Type: text/x-vcard
Size: 233 bytes
Desc: not available
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20150130/89613cdd/attachment.vcf
More information about the keycloak-user
mailing list