[keycloak-user] Two OIDC working, but not SSO
Marek Posolda
mposolda at redhat.com
Tue Apr 25 06:41:47 EDT 2017
If you don't do "Logout from portal1" at the end of first test, then SSO
should work and you will be automatically logged into portal2 without a
need to put your credentials.
The logout is "SSO logout", hence it also kills the SSO session on
Keycloak side and requires user to re-login.
Marek
On 25/04/17 12:31, Tech wrote:
> Dear experts,
>
> we are working with Moodle, a PHP based platform, where we have been
> able to configure correctly Keycloak to implement OIDC.
>
> To test Keycloak we cloned this application, with different URLs and we
> did the first test:
>
> * Connect to portal1
> * User not recognized and redirected to Keycloak through OIDC
> * Enter credentials stored into Keycloak
> * User accepted and redirected to portal1
> * Logout from portal1
>
> After this we tested the second application:
>
> * Connect to portal2
> * User not recognized and redirected to Keycloak through OIDC
> * Enter credentials stored into Keycloak
> * User accepted and redirected to portal2
> * Logout from portal2
>
> In this case I know that OIDC is working for the two applications and we
> can expect that also the SSO is working, but after the login in portal1
> we have to login again portal2, and vice-versa.
>
> We attach below here some logs, could you please help?
>
> Thanks
>
>
>
>
>
> *Login to portal1*
>
> 2017-04-25 09:54:40,503 DEBUG [org.jboss.ejb.client.txn] (Periodic
> Recovery) Send recover request for transaction origin node identifier 1
> to EJB receiver with node name 79051ccf69ac
> 2017-04-25 09:54:45,055 DEBUG
> [org.keycloak.transaction.JtaTransactionWrapper] (default task-30) new
> JtaTransactionWrapper
> 2017-04-25 09:54:45,056 DEBUG
> [org.keycloak.transaction.JtaTransactionWrapper] (default task-30) was
> existing? false
> 2017-04-25 09:54:45,056 DEBUG [org.jboss.resteasy.resteasy_jaxrs.i18n]
> (default task-30) RESTEASY002315: PathInfo:
> /realms/demo/protocol/openid-connect/auth
> 2017-04-25 09:54:45,059 DEBUG
> [org.keycloak.authentication.AuthenticationProcessor] (default task-30)
> AUTHENTICATE
> 2017-04-25 09:54:45,059 DEBUG
> [org.keycloak.authentication.AuthenticationProcessor] (default task-30)
> AUTHENTICATE ONLY
> 2017-04-25 09:54:45,059 DEBUG
> [org.keycloak.authentication.DefaultAuthenticationFlow] (default
> task-30) processFlow
> 2017-04-25 09:54:45,059 DEBUG
> [org.keycloak.authentication.DefaultAuthenticationFlow] (default
> task-30) check execution: auth-cookie requirement: ALTERNATIVE
> 2017-04-25 09:54:45,059 DEBUG
> [org.keycloak.authentication.DefaultAuthenticationFlow] (default
> task-30) authenticator: auth-cookie
> 2017-04-25 09:54:45,059 DEBUG
> [org.keycloak.authentication.DefaultAuthenticationFlow] (default
> task-30) invoke authenticator.authenticate
> 2017-04-25 09:54:45,059 DEBUG
> [org.keycloak.services.managers.AuthenticationManager] (default task-30)
> Could not find cookie: KEYCLOAK_IDENTITY
> 2017-04-25 09:54:45,059 DEBUG
> [org.keycloak.authentication.DefaultAuthenticationFlow] (default
> task-30) authenticator ATTEMPTED: auth-cookie
> 2017-04-25 09:54:45,059 DEBUG
> [org.keycloak.authentication.DefaultAuthenticationFlow] (default
> task-30) check execution: auth-spnego requirement: DISABLED
> 2017-04-25 09:54:45,059 DEBUG
> [org.keycloak.authentication.DefaultAuthenticationFlow] (default
> task-30) execution is processed
> 2017-04-25 09:54:45,059 DEBUG
> [org.keycloak.authentication.DefaultAuthenticationFlow] (default
> task-30) check execution: identity-provider-redirector requirement:
> ALTERNATIVE
> 2017-04-25 09:54:45,059 DEBUG
> [org.keycloak.authentication.DefaultAuthenticationFlow] (default
> task-30) authenticator: identity-provider-redirector
> 2017-04-25 09:54:45,059 DEBUG
> [org.keycloak.authentication.DefaultAuthenticationFlow] (default
> task-30) invoke authenticator.authenticate
> 2017-04-25 09:54:45,059 DEBUG
> [org.keycloak.authentication.DefaultAuthenticationFlow] (default
> task-30) authenticator ATTEMPTED: identity-provider-redirector
> 2017-04-25 09:54:45,059 DEBUG
> [org.keycloak.authentication.DefaultAuthenticationFlow] (default
> task-30) check execution: null requirement: ALTERNATIVE
> 2017-04-25 09:54:45,059 DEBUG
> [org.keycloak.authentication.DefaultAuthenticationFlow] (default
> task-30) execution is flow
> 2017-04-25 09:54:45,059 DEBUG
> [org.keycloak.authentication.DefaultAuthenticationFlow] (default
> task-30) processFlow
> 2017-04-25 09:54:45,059 DEBUG
> [org.keycloak.authentication.DefaultAuthenticationFlow] (default
> task-30) check execution: auth-username-password-form requirement: REQUIRED
> 2017-04-25 09:54:45,059 DEBUG
> [org.keycloak.authentication.DefaultAuthenticationFlow] (default
> task-30) authenticator: auth-username-password-form
> 2017-04-25 09:54:45,059 DEBUG
> [org.keycloak.authentication.DefaultAuthenticationFlow] (default
> task-30) invoke authenticator.authenticate
> 2017-04-25 09:54:45,060 DEBUG [freemarker.cache] (default task-30)
> TemplateLoader.findTemplateSource("template_en_US.ftl"): Not found
> 2017-04-25 09:54:45,060 DEBUG [freemarker.cache] (default task-30)
> TemplateLoader.findTemplateSource("template_en.ftl"): Not found
> 2017-04-25 09:54:45,060 DEBUG [freemarker.cache] (default task-30)
> TemplateLoader.findTemplateSource("template.ftl"): Found
> 2017-04-25 09:54:45,061 DEBUG [freemarker.cache] (default task-30)
> "template.ftl"("en_US", UTF-8, parsed): using cached since
> file:/opt/jboss/keycloak/themes/base/login/template.ftl hasn't changed.
> 2017-04-25 09:54:45,064 DEBUG
> [org.keycloak.authentication.DefaultAuthenticationFlow] (default
> task-30) authenticator CHALLENGE: auth-username-password-form
> 2017-04-25 09:54:45,064 DEBUG
> [org.keycloak.transaction.JtaTransactionWrapper] (default task-30)
> JtaTransactionWrapper commit
> 2017-04-25 09:54:45,064 DEBUG
> [org.keycloak.transaction.JtaTransactionWrapper] (default task-30)
> JtaTransactionWrapper end
> 2017-04-25 09:54:50,503 DEBUG [org.jboss.ejb.client.txn] (Periodic
> Recovery) Send recover request for transaction origin node identifier 1
> to EJB receiver with node name 79051ccf69ac
>
>
>
>
> *After authentication to portal1**
> *
> 2017-04-25 09:54:56,041 DEBUG
> [org.keycloak.transaction.JtaTransactionWrapper] (default task-31) new
> JtaTransactionWrapper
> 2017-04-25 09:54:56,041 DEBUG
> [org.keycloak.transaction.JtaTransactionWrapper] (default task-31) was
> existing? false
> 2017-04-25 09:54:56,042 DEBUG [org.jboss.resteasy.resteasy_jaxrs.i18n]
> (default task-31) RESTEASY002315: PathInfo:
> /realms/Demo/login-actions/authenticate
> 2017-04-25 09:54:56,042 DEBUG
> [org.keycloak.authentication.AuthenticationProcessor] (default task-31)
> authenticationAction
> 2017-04-25 09:54:56,042 DEBUG
> [org.keycloak.authentication.DefaultAuthenticationFlow] (default
> task-31) processAction: dfde24fe-5e06-4dc9-8dc2-f82eedd89846
> 2017-04-25 09:54:56,043 DEBUG
> [org.keycloak.authentication.DefaultAuthenticationFlow] (default
> task-31) check: auth-cookie requirement: ALTERNATIVE
> 2017-04-25 09:54:56,043 DEBUG
> [org.keycloak.authentication.DefaultAuthenticationFlow] (default
> task-31) execution is processed
> 2017-04-25 09:54:56,043 DEBUG
> [org.keycloak.authentication.DefaultAuthenticationFlow] (default
> task-31) check: auth-spnego requirement: DISABLED
> 2017-04-25 09:54:56,043 DEBUG
> [org.keycloak.authentication.DefaultAuthenticationFlow] (default
> task-31) execution is processed
> 2017-04-25 09:54:56,043 DEBUG
> [org.keycloak.authentication.DefaultAuthenticationFlow] (default
> task-31) check: identity-provider-redirector requirement: ALTERNATIVE
> 2017-04-25 09:54:56,043 DEBUG
> [org.keycloak.authentication.DefaultAuthenticationFlow] (default
> task-31) execution is processed
> 2017-04-25 09:54:56,043 DEBUG
> [org.keycloak.authentication.DefaultAuthenticationFlow] (default
> task-31) check: null requirement: ALTERNATIVE
> 2017-04-25 09:54:56,043 DEBUG
> [org.keycloak.authentication.DefaultAuthenticationFlow] (default
> task-31) processAction: dfde24fe-5e06-4dc9-8dc2-f82eedd89846
> 2017-04-25 09:54:56,043 DEBUG
> [org.keycloak.authentication.DefaultAuthenticationFlow] (default
> task-31) check: auth-username-password-form requirement: REQUIRED
> 2017-04-25 09:54:56,043 DEBUG
> [org.keycloak.authentication.DefaultAuthenticationFlow] (default
> task-31) action: auth-username-password-form
> 2017-04-25 09:54:56,141 DEBUG
> [org.keycloak.authentication.DefaultAuthenticationFlow] (default
> task-31) authenticator SUCCESS: auth-username-password-form
> 2017-04-25 09:54:56,141 DEBUG
> [org.keycloak.authentication.DefaultAuthenticationFlow] (default
> task-31) processFlow
> 2017-04-25 09:54:56,141 DEBUG
> [org.keycloak.authentication.DefaultAuthenticationFlow] (default
> task-31) check execution: auth-otp-form requirement: OPTIONAL
> 2017-04-25 09:54:56,141 DEBUG
> [org.keycloak.authentication.DefaultAuthenticationFlow] (default
> task-31) authenticator: auth-otp-form
> 2017-04-25 09:54:56,141 DEBUG
> [org.keycloak.authentication.DefaultAuthenticationFlow] (default
> task-31) processFlow
> 2017-04-25 09:54:56,141 DEBUG
> [org.hibernate.resource.transaction.backend.jta.internal.JtaTransactionCoordinatorImpl]
> (default task-31) Hibernate RegisteredSynchronization successfully
> registered with JTA platform
> 2017-04-25 09:54:56,142 DEBUG [org.hibernate.SQL] (default task-31)
> select
> roleentity0_.ID as col_0_0_
> from
> KEYCLOAK_ROLE roleentity0_
> where
> roleentity0_.CLIENT_ROLE=0
> and roleentity0_.NAME=?
> and roleentity0_.REALM=?
> 2017-04-25 09:54:56,142 DEBUG
> [org.jboss.jca.core.connectionmanager.pool.strategy.OnePool] (default
> task-31) MySqlDS: getConnection(null,
> WrappedConnectionRequestInfo at 4570d800[userName=KeycloakUSR]) [0/20]
> 2017-04-25 09:54:56,143 DEBUG
> [org.hibernate.resource.jdbc.internal.LogicalConnectionManagedImpl]
> (default task-31) Initiating JDBC connection release from afterStatement
> 2017-04-25 09:54:56,143 DEBUG [org.hibernate.SQL] (default task-31)
> select
> roleentity0_.ID as col_0_0_
> from
> KEYCLOAK_ROLE roleentity0_
> where
> roleentity0_.CLIENT_ROLE=0
> and roleentity0_.NAME=?
> and roleentity0_.REALM=?
> 2017-04-25 09:54:56,144 DEBUG
> [org.hibernate.resource.jdbc.internal.LogicalConnectionManagedImpl]
> (default task-31) Initiating JDBC connection release from afterStatement
> 2017-04-25 09:54:56,144 DEBUG [org.hibernate.SQL] (default task-31)
> select
> roleentity0_.ID as col_0_0_
> from
> KEYCLOAK_ROLE roleentity0_
> where
> roleentity0_.CLIENT_ROLE=0
> and roleentity0_.NAME=?
> and roleentity0_.REALM=?
> 2017-04-25 09:54:56,144 DEBUG
> [org.hibernate.resource.jdbc.internal.LogicalConnectionManagedImpl]
> (default task-31) Initiating JDBC connection release from afterStatement
> 2017-04-25 09:54:56,145 DEBUG [org.keycloak.events] (default task-31)
> type=LOGIN, realmId=Demo, clientId=moodle,
> userId=ed5ba52a-531d-4e6e-b12e-9bc0957a8c1f, ipAddress=192.168.0.27,
> auth_method=openid-connect, auth_type=code,
> redirect_uri=https://localhost/moodleiam/auth/oidc/,
> consent=no_consent_required,
> code_id=08539f13-cb1c-423e-86a3-365c29b055f1, username=testuser
> 2017-04-25 09:54:56,145 DEBUG
> [org.keycloak.services.managers.AuthenticationManager] (default task-31)
> Removing old user session: session: 9a5218f8-aa9c-496c-aa00-780430f19c1b
> 2017-04-25 09:54:56,145 DEBUG
> [org.keycloak.services.managers.AuthenticationManager] (default task-31)
> Create login cookie - name: KEYCLOAK_IDENTITY, path: /auth/realms/Demo,
> max-age: -1
> 2017-04-25 09:54:56,145 DEBUG
> [org.keycloak.services.managers.AuthenticationManager] (default task-31)
> Expiring remember me cookie
> 2017-04-25 09:54:56,145 DEBUG
> [org.keycloak.services.managers.AuthenticationManager] (default task-31)
> Expiring cookie: KEYCLOAK_REMEMBER_ME path: /auth/realms/Demo
> 2017-04-25 09:54:56,146 DEBUG
> [org.keycloak.protocol.oidc.OIDCLoginProtocol] (default task-31)
> redirectAccessCode: state: bIJNAcPb8Rxz8Wb
> 2017-04-25 09:54:56,146 DEBUG
> [org.keycloak.transaction.JtaTransactionWrapper] (default task-31)
> JtaTransactionWrapper commit
> 2017-04-25 09:54:56,149 DEBUG
> [org.jboss.jca.core.connectionmanager.pool.strategy.OnePool] (default
> task-31) MySqlDS: returnConnection(4edba62b, false) [0/20]
> 2017-04-25 09:54:56,149 DEBUG
> [org.hibernate.resource.jdbc.internal.LogicalConnectionManagedImpl]
> (default task-31) Initiating JDBC connection release from afterTransaction
> 2017-04-25 09:54:56,149 DEBUG
> [org.keycloak.transaction.JtaTransactionWrapper] (default task-31)
> JtaTransactionWrapper end
> 2017-04-25 09:54:56,642 DEBUG
> [org.keycloak.transaction.JtaTransactionWrapper] (default task-24) new
> JtaTransactionWrapper
> 2017-04-25 09:54:56,642 DEBUG
> [org.keycloak.transaction.JtaTransactionWrapper] (default task-24) was
> existing? false
> 2017-04-25 09:54:56,642 DEBUG [org.jboss.resteasy.resteasy_jaxrs.i18n]
> (default task-24) RESTEASY002315: PathInfo:
> /realms/demo/protocol/openid-connect/token
> 2017-04-25 09:54:56,643 DEBUG
> [org.keycloak.authentication.AuthenticationProcessor] (default task-24)
> AUTHENTICATE CLIENT
> 2017-04-25 09:54:56,643 DEBUG
> [org.keycloak.authentication.ClientAuthenticationFlow] (default task-24)
> client authenticator: client-secret
> 2017-04-25 09:54:56,643 DEBUG
> [org.keycloak.authentication.ClientAuthenticationFlow] (default task-24)
> client authenticator SUCCESS: client-secret
> 2017-04-25 09:54:56,643 DEBUG
> [org.keycloak.authentication.ClientAuthenticationFlow] (default task-24)
> Client moodle authenticated by client-secret
> 2017-04-25 09:54:56,663 DEBUG [org.keycloak.events] (default task-24)
> type=CODE_TO_TOKEN, realmId=Demo, clientId=moodle,
> userId=ed5ba52a-531d-4e6e-b12e-9bc0957a8c1f, ipAddress=153.109.152.213,
> token_id=75173922-dd56-44ca-9255-9a5368e557f4,
> grant_type=authorization_code, refresh_token_type=Refresh,
> refresh_token_id=d7daabe5-8e73-4b8e-b108-92188e1118df,
> code_id=08539f13-cb1c-423e-86a3-365c29b055f1,
> client_auth_method=client-secret
> 2017-04-25 09:54:56,663 DEBUG
> [org.keycloak.transaction.JtaTransactionWrapper] (default task-24)
> JtaTransactionWrapper commit
> 2017-04-25 09:54:56,663 DEBUG
> [org.keycloak.transaction.JtaTransactionWrapper] (default task-24)
> JtaTransactionWrapper end
>
>
>
>
> *Login to portal2**
> *
> 2017-04-25 09:56:17,566 DEBUG
> [org.keycloak.transaction.JtaTransactionWrapper] (default task-6) new
> JtaTransactionWrapper
> 2017-04-25 09:56:17,566 DEBUG
> [org.keycloak.transaction.JtaTransactionWrapper] (default task-6) was
> existing? false
> 2017-04-25 09:56:17,567 DEBUG [org.jboss.resteasy.resteasy_jaxrs.i18n]
> (default task-6) RESTEASY002315: PathInfo:
> /realms/demo/protocol/openid-connect/auth
> 2017-04-25 09:56:17,569 DEBUG
> [org.keycloak.authentication.AuthenticationProcessor] (default task-6)
> AUTHENTICATE
> 2017-04-25 09:56:17,569 DEBUG
> [org.keycloak.authentication.AuthenticationProcessor] (default task-6)
> AUTHENTICATE ONLY
> 2017-04-25 09:56:17,569 DEBUG
> [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-6)
> processFlow
> 2017-04-25 09:56:17,569 DEBUG
> [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-6)
> check execution: auth-cookie requirement: ALTERNATIVE
> 2017-04-25 09:56:17,569 DEBUG
> [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-6)
> authenticator: auth-cookie
> 2017-04-25 09:56:17,569 DEBUG
> [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-6)
> invoke authenticator.authenticate
> 2017-04-25 09:56:17,569 DEBUG
> [org.keycloak.services.managers.AuthenticationManager] (default task-6)
> Could not find cookie: KEYCLOAK_IDENTITY
> 2017-04-25 09:56:17,569 DEBUG
> [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-6)
> authenticator ATTEMPTED: auth-cookie
> 2017-04-25 09:56:17,569 DEBUG
> [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-6)
> check execution: auth-spnego requirement: DISABLED
> 2017-04-25 09:56:17,569 DEBUG
> [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-6)
> execution is processed
> 2017-04-25 09:56:17,569 DEBUG
> [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-6)
> check execution: identity-provider-redirector requirement: ALTERNATIVE
> 2017-04-25 09:56:17,569 DEBUG
> [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-6)
> authenticator: identity-provider-redirector
> 2017-04-25 09:56:17,569 DEBUG
> [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-6)
> invoke authenticator.authenticate
> 2017-04-25 09:56:17,569 DEBUG
> [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-6)
> authenticator ATTEMPTED: identity-provider-redirector
> 2017-04-25 09:56:17,569 DEBUG
> [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-6)
> check execution: null requirement: ALTERNATIVE
> 2017-04-25 09:56:17,569 DEBUG
> [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-6)
> execution is flow
> 2017-04-25 09:56:17,569 DEBUG
> [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-6)
> processFlow
> 2017-04-25 09:56:17,569 DEBUG
> [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-6)
> check execution: auth-username-password-form requirement: REQUIRED
> 2017-04-25 09:56:17,569 DEBUG
> [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-6)
> authenticator: auth-username-password-form
> 2017-04-25 09:56:17,569 DEBUG
> [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-6)
> invoke authenticator.authenticate
> 2017-04-25 09:56:17,572 DEBUG [freemarker.cache] (default task-6)
> TemplateLoader.findTemplateSource("template_en_US.ftl"): Not found
> 2017-04-25 09:56:17,572 DEBUG [freemarker.cache] (default task-6)
> TemplateLoader.findTemplateSource("template_en.ftl"): Not found
> 2017-04-25 09:56:17,572 DEBUG [freemarker.cache] (default task-6)
> TemplateLoader.findTemplateSource("template.ftl"): Found
> 2017-04-25 09:56:17,572 DEBUG [freemarker.cache] (default task-6)
> "template.ftl"("en_US", UTF-8, parsed): using cached since
> file:/opt/jboss/keycloak/themes/base/login/template.ftl hasn't changed.
> 2017-04-25 09:56:17,573 DEBUG
> [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-6)
> authenticator CHALLENGE: auth-username-password-form
> 2017-04-25 09:56:17,573 DEBUG
> [org.keycloak.transaction.JtaTransactionWrapper] (default task-6)
> JtaTransactionWrapper commit
> 2017-04-25 09:56:17,573 DEBUG
> [org.keycloak.transaction.JtaTransactionWrapper] (default task-6)
> JtaTransactionWrapper end
>
>
>
>
> *After authentication to portal2**
> *
> 2017-04-25 09:56:29,001 DEBUG
> [org.keycloak.transaction.JtaTransactionWrapper] (default task-4) new
> JtaTransactionWrapper
> 2017-04-25 09:56:29,001 DEBUG
> [org.keycloak.transaction.JtaTransactionWrapper] (default task-4) was
> existing? false
> 2017-04-25 09:56:29,001 DEBUG [org.jboss.resteasy.resteasy_jaxrs.i18n]
> (default task-4) RESTEASY002315: PathInfo:
> /realms/Demo/login-actions/authenticate
> 2017-04-25 09:56:29,002 DEBUG
> [org.keycloak.authentication.AuthenticationProcessor] (default task-4)
> authenticationAction
> 2017-04-25 09:56:29,002 DEBUG
> [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-4)
> processAction: dfde24fe-5e06-4dc9-8dc2-f82eedd89846
> 2017-04-25 09:56:29,002 DEBUG
> [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-4)
> check: auth-cookie requirement: ALTERNATIVE
> 2017-04-25 09:56:29,002 DEBUG
> [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-4)
> execution is processed
> 2017-04-25 09:56:29,002 DEBUG
> [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-4)
> check: auth-spnego requirement: DISABLED
> 2017-04-25 09:56:29,002 DEBUG
> [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-4)
> execution is processed
> 2017-04-25 09:56:29,004 DEBUG
> [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-4)
> check: identity-provider-redirector requirement: ALTERNATIVE
> 2017-04-25 09:56:29,004 DEBUG
> [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-4)
> execution is processed
> 2017-04-25 09:56:29,004 DEBUG
> [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-4)
> check: null requirement: ALTERNATIVE
> 2017-04-25 09:56:29,004 DEBUG
> [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-4)
> processAction: dfde24fe-5e06-4dc9-8dc2-f82eedd89846
> 2017-04-25 09:56:29,004 DEBUG
> [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-4)
> check: auth-username-password-form requirement: REQUIRED
> 2017-04-25 09:56:29,004 DEBUG
> [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-4)
> action: auth-username-password-form
> 2017-04-25 09:56:29,099 DEBUG
> [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-4)
> authenticator SUCCESS: auth-username-password-form
> 2017-04-25 09:56:29,100 DEBUG
> [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-4)
> processFlow
> 2017-04-25 09:56:29,100 DEBUG
> [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-4)
> check execution: auth-otp-form requirement: OPTIONAL
> 2017-04-25 09:56:29,100 DEBUG
> [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-4)
> authenticator: auth-otp-form
> 2017-04-25 09:56:29,100 DEBUG
> [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-4)
> processFlow
> 2017-04-25 09:56:29,100 DEBUG
> [org.hibernate.resource.transaction.backend.jta.internal.JtaTransactionCoordinatorImpl]
> (default task-4) Hibernate RegisteredSynchronization successfully
> registered with JTA platform
> 2017-04-25 09:56:29,100 DEBUG [org.hibernate.SQL] (default task-4)
> select
> roleentity0_.ID as col_0_0_
> from
> KEYCLOAK_ROLE roleentity0_
> where
> roleentity0_.CLIENT_ROLE=0
> and roleentity0_.NAME=?
> and roleentity0_.REALM=?
> 2017-04-25 09:56:29,101 DEBUG
> [org.jboss.jca.core.connectionmanager.pool.strategy.OnePool] (default
> task-4) MySqlDS: getConnection(null,
> WrappedConnectionRequestInfo at 4570d800[userName=KeycloakUSR]) [0/20]
> 2017-04-25 09:56:29,102 DEBUG
> [org.hibernate.resource.jdbc.internal.LogicalConnectionManagedImpl]
> (default task-4) Initiating JDBC connection release from afterStatement
> 2017-04-25 09:56:29,103 DEBUG [org.hibernate.SQL] (default task-4)
> select
> roleentity0_.ID as col_0_0_
> from
> KEYCLOAK_ROLE roleentity0_
> where
> roleentity0_.CLIENT_ROLE=0
> and roleentity0_.NAME=?
> and roleentity0_.REALM=?
> 2017-04-25 09:56:29,103 DEBUG
> [org.hibernate.resource.jdbc.internal.LogicalConnectionManagedImpl]
> (default task-4) Initiating JDBC connection release from afterStatement
> 2017-04-25 09:56:29,103 DEBUG [org.hibernate.SQL] (default task-4)
> select
> roleentity0_.ID as col_0_0_
> from
> KEYCLOAK_ROLE roleentity0_
> where
> roleentity0_.CLIENT_ROLE=0
> and roleentity0_.NAME=?
> and roleentity0_.REALM=?
> 2017-04-25 09:56:29,104 DEBUG
> [org.hibernate.resource.jdbc.internal.LogicalConnectionManagedImpl]
> (default task-4) Initiating JDBC connection release from afterStatement
> 2017-04-25 09:56:29,104 DEBUG [org.keycloak.events] (default task-4)
> type=LOGIN, realmId=Demo, clientId=moodle2,
> userId=ed5ba52a-531d-4e6e-b12e-9bc0957a8c1f, ipAddress=192.168.0.27,
> auth_method=openid-connect, auth_type=code,
> redirect_uri=https://localhost/moodle2iam/auth/oidc/,
> consent=no_consent_required,
> code_id=cffeac69-54fc-4d19-be81-36f0f19ce1ef, username=testuser
> 2017-04-25 09:56:29,104 DEBUG
> [org.keycloak.services.managers.AuthenticationManager] (default task-4)
> Removing old user session: session: 431cecf6-5a6b-4bbc-9467-3f52eff8090f
> 2017-04-25 09:56:29,105 DEBUG
> [org.keycloak.services.managers.AuthenticationManager] (default task-4)
> Create login cookie - name: KEYCLOAK_IDENTITY, path: /auth/realms/Demo,
> max-age: -1
> 2017-04-25 09:56:29,105 DEBUG
> [org.keycloak.services.managers.AuthenticationManager] (default task-4)
> Expiring remember me cookie
> 2017-04-25 09:56:29,105 DEBUG
> [org.keycloak.services.managers.AuthenticationManager] (default task-4)
> Expiring cookie: KEYCLOAK_REMEMBER_ME path: /auth/realms/Demo
> 2017-04-25 09:56:29,105 DEBUG
> [org.keycloak.protocol.oidc.OIDCLoginProtocol] (default task-4)
> redirectAccessCode: state: WUCTMXokISFDbFN
> 2017-04-25 09:56:29,105 DEBUG
> [org.keycloak.transaction.JtaTransactionWrapper] (default task-4)
> JtaTransactionWrapper commit
> 2017-04-25 09:56:29,106 DEBUG
> [org.jboss.jca.core.connectionmanager.pool.strategy.OnePool] (default
> task-4) MySqlDS: returnConnection(4edba62b, false) [0/20]
> 2017-04-25 09:56:29,106 DEBUG
> [org.hibernate.resource.jdbc.internal.LogicalConnectionManagedImpl]
> (default task-4) Initiating JDBC connection release from afterTransaction
> 2017-04-25 09:56:29,106 DEBUG
> [org.keycloak.transaction.JtaTransactionWrapper] (default task-4)
> JtaTransactionWrapper end
> 2017-04-25 09:56:29,626 DEBUG
> [org.keycloak.transaction.JtaTransactionWrapper] (default task-13) new
> JtaTransactionWrapper
> 2017-04-25 09:56:29,626 DEBUG
> [org.keycloak.transaction.JtaTransactionWrapper] (default task-13) was
> existing? false
> 2017-04-25 09:56:29,627 DEBUG [org.jboss.resteasy.resteasy_jaxrs.i18n]
> (default task-13) RESTEASY002315: PathInfo:
> /realms/demo/protocol/openid-connect/token
> 2017-04-25 09:56:29,627 DEBUG
> [org.keycloak.authentication.AuthenticationProcessor] (default task-13)
> AUTHENTICATE CLIENT
> 2017-04-25 09:56:29,627 DEBUG
> [org.keycloak.authentication.ClientAuthenticationFlow] (default task-13)
> client authenticator: client-secret
> 2017-04-25 09:56:29,627 DEBUG
> [org.keycloak.authentication.ClientAuthenticationFlow] (default task-13)
> client authenticator SUCCESS: client-secret
> 2017-04-25 09:56:29,627 DEBUG
> [org.keycloak.authentication.ClientAuthenticationFlow] (default task-13)
> Client moodle2 authenticated by client-secret
> 2017-04-25 09:56:29,656 DEBUG [org.keycloak.events] (default task-13)
> type=CODE_TO_TOKEN, realmId=Demo, clientId=moodle2,
> userId=ed5ba52a-531d-4e6e-b12e-9bc0957a8c1f, ipAddress=153.109.152.213,
> token_id=ff9b3385-1362-4559-ad53-05317755b280,
> grant_type=authorization_code, refresh_token_type=Refresh,
> refresh_token_id=356011d7-e9fa-4c90-9368-a7627a445bc7,
> code_id=cffeac69-54fc-4d19-be81-36f0f19ce1ef,
> client_auth_method=client-secret
> 2017-04-25 09:56:29,656 DEBUG
> [org.keycloak.transaction.JtaTransactionWrapper] (default task-13)
> JtaTransactionWrapper commit
> 2017-04-25 09:56:29,656 DEBUG
> [org.keycloak.transaction.JtaTransactionWrapper] (default task-13)
> JtaTransactionWrapper end
> 2017-04-25 09:56:29,660 DEBUG [io.undertow.request.io] (default I/O-1)
> Error reading request: java.io.IOException: Connection reset by peer
> at sun.nio.ch.FileDispatcherImpl.read0(Native Method)
> at sun.nio.ch.SocketDispatcher.read(SocketDispatcher.java:39)
> at sun.nio.ch.IOUtil.readIntoNativeBuffer(IOUtil.java:223)
> at sun.nio.ch.IOUtil.read(IOUtil.java:192)
> at sun.nio.ch.SocketChannelImpl.read(SocketChannelImpl.java:380)
> at org.xnio.nio.NioSocketConduit.read(NioSocketConduit.java:282)
> at
> io.undertow.protocols.ssl.SslConduit.doUnwrap(SslConduit.java:658)
> at io.undertow.protocols.ssl.SslConduit.read(SslConduit.java:530)
> at
> org.xnio.conduits.ConduitStreamSourceChannel.read(ConduitStreamSourceChannel.java:127)
> at
> io.undertow.server.protocol.http.HttpReadListener.handleEventWithNoRunningRequest(HttpReadListener.java:152)
> at
> io.undertow.server.protocol.http.HttpReadListener.handleEvent(HttpReadListener.java:130)
> at
> io.undertow.server.protocol.http.HttpReadListener.handleEvent(HttpReadListener.java:56)
> at
> org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
> at
> org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66)
> at
> io.undertow.protocols.ssl.SslConduit$SslReadReadyHandler.readReady(SslConduit.java:1059)
> at
> org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:88)
> at org.xnio.nio.WorkerThread.run(WorkerThread.java:559)
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list