[keycloak-user] Can not authenticate user using Spring Security Adapter

Michael Furman michael_furman at hotmail.com
Tue Nov 8 10:10:07 EST 2016

Hi all,

Can anybody help with this issue?

Probably I miss something small.

I do success to work with mod-auth-openidc and mitreid clients.

Probably I miss something small and I really need your help.

Best regards,


From: keycloak-user-bounces at lists.jboss.org <keycloak-user-bounces at lists.jboss.org> on behalf of Michael Furman <michael_furman at hotmail.com>
Sent: Monday, November 7, 2016 4:49 PM
To: keycloak-user at lists.jboss.org
Subject: [keycloak-user] Can not authenticate user using Spring Security Adapter

I will appreciate your help on the issue below.
I try to configure Spring Security Adapter (version 2.3.0.Final):
Spring Security Adapter | Securing Applications and ...<https://keycloak.gitbooks.io/securing-client-applications-guide/content/topics/oidc/java/spring-security-adapter.html>
To secure an application with Spring Security and Keycloak, add this adapter as a dependency to your project. You then have to provide some extra beans in your Spring ...

I suppose that Keycloak uses the static client registration since when I tries to connect without the client configuration in Keycloak I get the following:
16:15:43,174 WARN  [org.keycloak.events] (default task-3) type=LOGIN_ERROR, realmId=master, clientId=st_1, userId=null, ipAddress=, error=client_not_found

Please note that I was able to connect to Keycloak using non Keycloak OIDC client using the following configuration:
a) clientId
b) clientSecret
c) Scopes
d) redirectUris

Therefore I have configured the client at Keycloak using the same information.
I am not sure what is "Valid Redirect URIs" and I have configured the following value:
Now client redirects to Keycloak IDP using this URL

I authenticate the user and IDP returns URL back to the client using this URL:

Unfortunately then I have the endless loop.
While I debug KeycloakAuthenticationProcessingFilter I see that AuthOutcome get value NOT_ATTEMPTED and it cause additional redirect to IDP.
What I missed?
I have opened the bug https://issues.jboss.org/browse/KEYCLOAK-3868 with attached json file and Spring Security configuration.

Best regards,

keycloak-user mailing list
keycloak-user at lists.jboss.org

More information about the keycloak-user mailing list