[keycloak-user] Two OIDC working, but not SSO
Marek Posolda
mposolda at redhat.com
Thu Apr 27 09:56:06 EDT 2017
Not sure what could be the reason...
Are you seeing the browser cookie if you login to some Keycloak builtin
applications (admin console, account management)?
I wonder about something around "http" or "https" . Will it work if you
switch SSL required for your realm to "ALWAYS" ? Or the other way, will
it work if you switch everything to "http" instead of "https" ?
Marek
On 27/04/17 11:21, Tech wrote:
>
> We try both with Firefox, Chrome and Internet explorer, in none of
> these cases we have this cookie.
>
> What could it be the reason?
>
>
>
>
> On 27/04/17 10:02, Marek Posolda wrote:
>> Yes, KEYCLOAK_IDENTITY cookie should be in the browser after
>> successful authentication to your portal1 is fully finished. Are you
>> seeing the cookie after this authentication?
>>
>> Then the portal2 is supposed to be automatically authenticated due to
>> this cookie.
>>
>> Marek
>>
>> On 27/04/17 09:14, Tech wrote:
>>>
>>> Hello,
>>>
>>> opening the browser the KEYCLOAK_IDENTITY cookie does not appear,
>>> but in my understanding this is created when you have an active
>>> session to Keycloak like accessing to the admin interface.
>>>
>>> No proxies, cookies or load balancers in the backend server.
>>>
>>>
>>>
>>>
>>> On 26/04/17 16:17, Marek Posolda wrote:
>>>> Thanks, are you seeing KEYCLOAK_IDENTITY cookie for your browser
>>>> for path "/auth/realms/yourrealm" ? Are you using
>>>> proxy/loadbalancer, which may cause that cookies sent to the proxy
>>>> are not visible on the backend server (Keycloak)?
>>>>
>>>> Marek
>>>>
>>>>
>>>> On 26/04/17 09:09, Tech wrote:
>>>>> Hello again,
>>>>>
>>>>> so:
>>>>> 1) they are both using the same kc realm
>>>>> 2) the cookie is not disabled
>>>>> 3) in attach a screenshot, it's identical for the two application,
>>>>> with the difference that one the two URL has the "2"
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On 26/04/17 06:17, Marek Posolda wrote:
>>>>>> On 25/04/17 22:36, Tech wrote:
>>>>>>>
>>>>>>> Hello Marek,
>>>>>>>
>>>>>>> 1) yes, they are both using the same Kc realm
>>>>>>>
>>>>>>> 2) how can I check this point?
>>>>>>>
>>>>>> In Keycloak admin console, there is tab "Authentication" and then
>>>>>> flow "browser" .
>>>>>>
>>>>>> Marek
>>>>>>>
>>>>>>> 3) I checked already, I don't think that anything like that is
>>>>>>> enabled, but I will send you a screen shot in the coming hours
>>>>>>> (not in the office right now)
>>>>>>>
>>>>>>> Thanks for the support
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On 25.04.17 22:14, Marek Posolda wrote:
>>>>>>>> Normally SSO between client applications is supposed to work. I
>>>>>>>> would check:
>>>>>>>>
>>>>>>>> - Are both your clients (portal1 and portal2) using same
>>>>>>>> Keycloak realm? SSO will work just with same realm
>>>>>>>>
>>>>>>>> - Is Cookie authenticator enabled for authentication browser
>>>>>>>> flow of your realm? Didn't you accidentally disable it? SSO
>>>>>>>> requires that it is enabled
>>>>>>>>
>>>>>>>> - How does URL to Keycloak login screen looks like? I wonder if
>>>>>>>> your PHP adapter uses some parameters, which causes SSO
>>>>>>>> disabled (eg. prompt=login or max_age=0)
>>>>>>>>
>>>>>>>> Marek
>>>>>>>>
>>>>>>>> On 25/04/17 14:18, Tech wrote:
>>>>>>>>>
>>>>>>>>> Anybody with any ideas?
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On 25/04/17 12:53, Tech wrote:
>>>>>>>>>>
>>>>>>>>>> Hello Marek,
>>>>>>>>>>
>>>>>>>>>> maybe my email was confusing, we run initially two tests were
>>>>>>>>>> we login and logout in both portal to check that the oidc is
>>>>>>>>>> working on each of them.
>>>>>>>>>>
>>>>>>>>>> Once we know that OIDC is working, then we are expecting to
>>>>>>>>>> login to portal1 and opening portal2, to find us already
>>>>>>>>>> logged in, but this doesn't happen and we are forced to login
>>>>>>>>>> again
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On 25/04/17 12:41, Marek Posolda wrote:
>>>>>>>>>>> If you don't do "Logout from portal1" at the end of first
>>>>>>>>>>> test, then SSO should work and you will be automatically
>>>>>>>>>>> logged into portal2 without a need to put your credentials.
>>>>>>>>>>>
>>>>>>>>>>> The logout is "SSO logout", hence it also kills the SSO
>>>>>>>>>>> session on Keycloak side and requires user to re-login.
>>>>>>>>>>>
>>>>>>>>>>> Marek
>>>>>>>>>>>
>>>>>>>>>>> On 25/04/17 12:31, Tech wrote:
>>>>>>>>>>>> Dear experts,
>>>>>>>>>>>>
>>>>>>>>>>>> we are working with Moodle, a PHP based platform, where we
>>>>>>>>>>>> have been
>>>>>>>>>>>> able to configure correctly Keycloak to implement OIDC.
>>>>>>>>>>>>
>>>>>>>>>>>> To test Keycloak we cloned this application, with different
>>>>>>>>>>>> URLs and we
>>>>>>>>>>>> did the first test:
>>>>>>>>>>>>
>>>>>>>>>>>> * Connect to portal1
>>>>>>>>>>>> * User not recognized and redirected to Keycloak through
>>>>>>>>>>>> OIDC
>>>>>>>>>>>> * Enter credentials stored into Keycloak
>>>>>>>>>>>> * User accepted and redirected to portal1
>>>>>>>>>>>> * Logout from portal1
>>>>>>>>>>>>
>>>>>>>>>>>> After this we tested the second application:
>>>>>>>>>>>>
>>>>>>>>>>>> * Connect to portal2
>>>>>>>>>>>> * User not recognized and redirected to Keycloak through
>>>>>>>>>>>> OIDC
>>>>>>>>>>>> * Enter credentials stored into Keycloak
>>>>>>>>>>>> * User accepted and redirected to portal2
>>>>>>>>>>>> * Logout from portal2
>>>>>>>>>>>>
>>>>>>>>>>>> In this case I know that OIDC is working for the two
>>>>>>>>>>>> applications and we
>>>>>>>>>>>> can expect that also the SSO is working, but after the
>>>>>>>>>>>> login in portal1
>>>>>>>>>>>> we have to login again portal2, and vice-versa.
>>>>>>>>>>>>
>>>>>>>>>>>> We attach below here some logs, could you please help?
>>>>>>>>>>>>
>>>>>>>>>>>> Thanks
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> *Login to portal1*
>>>>>>>>>>>>
>>>>>>>>>>>> 2017-04-25 09:54:40,503 DEBUG [org.jboss.ejb.client.txn]
>>>>>>>>>>>> (Periodic
>>>>>>>>>>>> Recovery) Send recover request for transaction origin node
>>>>>>>>>>>> identifier 1
>>>>>>>>>>>> to EJB receiver with node name 79051ccf69ac
>>>>>>>>>>>> 2017-04-25 09:54:45,055 DEBUG
>>>>>>>>>>>> [org.keycloak.transaction.JtaTransactionWrapper] (default
>>>>>>>>>>>> task-30) new
>>>>>>>>>>>> JtaTransactionWrapper
>>>>>>>>>>>> 2017-04-25 09:54:45,056 DEBUG
>>>>>>>>>>>> [org.keycloak.transaction.JtaTransactionWrapper] (default
>>>>>>>>>>>> task-30) was
>>>>>>>>>>>> existing? false
>>>>>>>>>>>> 2017-04-25 09:54:45,056 DEBUG
>>>>>>>>>>>> [org.jboss.resteasy.resteasy_jaxrs.i18n]
>>>>>>>>>>>> (default task-30) RESTEASY002315: PathInfo:
>>>>>>>>>>>> /realms/demo/protocol/openid-connect/auth
>>>>>>>>>>>> 2017-04-25 09:54:45,059 DEBUG
>>>>>>>>>>>> [org.keycloak.authentication.AuthenticationProcessor]
>>>>>>>>>>>> (default task-30)
>>>>>>>>>>>> AUTHENTICATE
>>>>>>>>>>>> 2017-04-25 09:54:45,059 DEBUG
>>>>>>>>>>>> [org.keycloak.authentication.AuthenticationProcessor]
>>>>>>>>>>>> (default task-30)
>>>>>>>>>>>> AUTHENTICATE ONLY
>>>>>>>>>>>> 2017-04-25 09:54:45,059 DEBUG
>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default
>>>>>>>>>>>> task-30) processFlow
>>>>>>>>>>>> 2017-04-25 09:54:45,059 DEBUG
>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default
>>>>>>>>>>>> task-30) check execution: auth-cookie requirement: ALTERNATIVE
>>>>>>>>>>>> 2017-04-25 09:54:45,059 DEBUG
>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default
>>>>>>>>>>>> task-30) authenticator: auth-cookie
>>>>>>>>>>>> 2017-04-25 09:54:45,059 DEBUG
>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default
>>>>>>>>>>>> task-30) invoke authenticator.authenticate
>>>>>>>>>>>> 2017-04-25 09:54:45,059 DEBUG
>>>>>>>>>>>> [org.keycloak.services.managers.AuthenticationManager]
>>>>>>>>>>>> (default task-30)
>>>>>>>>>>>> Could not find cookie: KEYCLOAK_IDENTITY
>>>>>>>>>>>> 2017-04-25 09:54:45,059 DEBUG
>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default
>>>>>>>>>>>> task-30) authenticator ATTEMPTED: auth-cookie
>>>>>>>>>>>> 2017-04-25 09:54:45,059 DEBUG
>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default
>>>>>>>>>>>> task-30) check execution: auth-spnego requirement: DISABLED
>>>>>>>>>>>> 2017-04-25 09:54:45,059 DEBUG
>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default
>>>>>>>>>>>> task-30) execution is processed
>>>>>>>>>>>> 2017-04-25 09:54:45,059 DEBUG
>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default
>>>>>>>>>>>> task-30) check execution: identity-provider-redirector
>>>>>>>>>>>> requirement:
>>>>>>>>>>>> ALTERNATIVE
>>>>>>>>>>>> 2017-04-25 09:54:45,059 DEBUG
>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default
>>>>>>>>>>>> task-30) authenticator: identity-provider-redirector
>>>>>>>>>>>> 2017-04-25 09:54:45,059 DEBUG
>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default
>>>>>>>>>>>> task-30) invoke authenticator.authenticate
>>>>>>>>>>>> 2017-04-25 09:54:45,059 DEBUG
>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default
>>>>>>>>>>>> task-30) authenticator ATTEMPTED: identity-provider-redirector
>>>>>>>>>>>> 2017-04-25 09:54:45,059 DEBUG
>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default
>>>>>>>>>>>> task-30) check execution: null requirement: ALTERNATIVE
>>>>>>>>>>>> 2017-04-25 09:54:45,059 DEBUG
>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default
>>>>>>>>>>>> task-30) execution is flow
>>>>>>>>>>>> 2017-04-25 09:54:45,059 DEBUG
>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default
>>>>>>>>>>>> task-30) processFlow
>>>>>>>>>>>> 2017-04-25 09:54:45,059 DEBUG
>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default
>>>>>>>>>>>> task-30) check execution: auth-username-password-form
>>>>>>>>>>>> requirement: REQUIRED
>>>>>>>>>>>> 2017-04-25 09:54:45,059 DEBUG
>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default
>>>>>>>>>>>> task-30) authenticator: auth-username-password-form
>>>>>>>>>>>> 2017-04-25 09:54:45,059 DEBUG
>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default
>>>>>>>>>>>> task-30) invoke authenticator.authenticate
>>>>>>>>>>>> 2017-04-25 09:54:45,060 DEBUG [freemarker.cache] (default
>>>>>>>>>>>> task-30)
>>>>>>>>>>>> TemplateLoader.findTemplateSource("template_en_US.ftl"):
>>>>>>>>>>>> Not found
>>>>>>>>>>>> 2017-04-25 09:54:45,060 DEBUG [freemarker.cache] (default
>>>>>>>>>>>> task-30)
>>>>>>>>>>>> TemplateLoader.findTemplateSource("template_en.ftl"): Not
>>>>>>>>>>>> found
>>>>>>>>>>>> 2017-04-25 09:54:45,060 DEBUG [freemarker.cache] (default
>>>>>>>>>>>> task-30)
>>>>>>>>>>>> TemplateLoader.findTemplateSource("template.ftl"): Found
>>>>>>>>>>>> 2017-04-25 09:54:45,061 DEBUG [freemarker.cache] (default
>>>>>>>>>>>> task-30)
>>>>>>>>>>>> "template.ftl"("en_US", UTF-8, parsed): using cached since
>>>>>>>>>>>> file:/opt/jboss/keycloak/themes/base/login/template.ftl
>>>>>>>>>>>> hasn't changed.
>>>>>>>>>>>> 2017-04-25 09:54:45,064 DEBUG
>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default
>>>>>>>>>>>> task-30) authenticator CHALLENGE: auth-username-password-form
>>>>>>>>>>>> 2017-04-25 09:54:45,064 DEBUG
>>>>>>>>>>>> [org.keycloak.transaction.JtaTransactionWrapper] (default
>>>>>>>>>>>> task-30)
>>>>>>>>>>>> JtaTransactionWrapper commit
>>>>>>>>>>>> 2017-04-25 09:54:45,064 DEBUG
>>>>>>>>>>>> [org.keycloak.transaction.JtaTransactionWrapper] (default
>>>>>>>>>>>> task-30)
>>>>>>>>>>>> JtaTransactionWrapper end
>>>>>>>>>>>> 2017-04-25 09:54:50,503 DEBUG [org.jboss.ejb.client.txn]
>>>>>>>>>>>> (Periodic
>>>>>>>>>>>> Recovery) Send recover request for transaction origin node
>>>>>>>>>>>> identifier 1
>>>>>>>>>>>> to EJB receiver with node name 79051ccf69ac
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> *After authentication to portal1**
>>>>>>>>>>>> *
>>>>>>>>>>>> 2017-04-25 09:54:56,041 DEBUG
>>>>>>>>>>>> [org.keycloak.transaction.JtaTransactionWrapper] (default
>>>>>>>>>>>> task-31) new
>>>>>>>>>>>> JtaTransactionWrapper
>>>>>>>>>>>> 2017-04-25 09:54:56,041 DEBUG
>>>>>>>>>>>> [org.keycloak.transaction.JtaTransactionWrapper] (default
>>>>>>>>>>>> task-31) was
>>>>>>>>>>>> existing? false
>>>>>>>>>>>> 2017-04-25 09:54:56,042 DEBUG
>>>>>>>>>>>> [org.jboss.resteasy.resteasy_jaxrs.i18n]
>>>>>>>>>>>> (default task-31) RESTEASY002315: PathInfo:
>>>>>>>>>>>> /realms/Demo/login-actions/authenticate
>>>>>>>>>>>> 2017-04-25 09:54:56,042 DEBUG
>>>>>>>>>>>> [org.keycloak.authentication.AuthenticationProcessor]
>>>>>>>>>>>> (default task-31)
>>>>>>>>>>>> authenticationAction
>>>>>>>>>>>> 2017-04-25 09:54:56,042 DEBUG
>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default
>>>>>>>>>>>> task-31) processAction: dfde24fe-5e06-4dc9-8dc2-f82eedd89846
>>>>>>>>>>>> 2017-04-25 09:54:56,043 DEBUG
>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default
>>>>>>>>>>>> task-31) check: auth-cookie requirement: ALTERNATIVE
>>>>>>>>>>>> 2017-04-25 09:54:56,043 DEBUG
>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default
>>>>>>>>>>>> task-31) execution is processed
>>>>>>>>>>>> 2017-04-25 09:54:56,043 DEBUG
>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default
>>>>>>>>>>>> task-31) check: auth-spnego requirement: DISABLED
>>>>>>>>>>>> 2017-04-25 09:54:56,043 DEBUG
>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default
>>>>>>>>>>>> task-31) execution is processed
>>>>>>>>>>>> 2017-04-25 09:54:56,043 DEBUG
>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default
>>>>>>>>>>>> task-31) check: identity-provider-redirector requirement:
>>>>>>>>>>>> ALTERNATIVE
>>>>>>>>>>>> 2017-04-25 09:54:56,043 DEBUG
>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default
>>>>>>>>>>>> task-31) execution is processed
>>>>>>>>>>>> 2017-04-25 09:54:56,043 DEBUG
>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default
>>>>>>>>>>>> task-31) check: null requirement: ALTERNATIVE
>>>>>>>>>>>> 2017-04-25 09:54:56,043 DEBUG
>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default
>>>>>>>>>>>> task-31) processAction: dfde24fe-5e06-4dc9-8dc2-f82eedd89846
>>>>>>>>>>>> 2017-04-25 09:54:56,043 DEBUG
>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default
>>>>>>>>>>>> task-31) check: auth-username-password-form requirement:
>>>>>>>>>>>> REQUIRED
>>>>>>>>>>>> 2017-04-25 09:54:56,043 DEBUG
>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default
>>>>>>>>>>>> task-31) action: auth-username-password-form
>>>>>>>>>>>> 2017-04-25 09:54:56,141 DEBUG
>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default
>>>>>>>>>>>> task-31) authenticator SUCCESS: auth-username-password-form
>>>>>>>>>>>> 2017-04-25 09:54:56,141 DEBUG
>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default
>>>>>>>>>>>> task-31) processFlow
>>>>>>>>>>>> 2017-04-25 09:54:56,141 DEBUG
>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default
>>>>>>>>>>>> task-31) check execution: auth-otp-form requirement: OPTIONAL
>>>>>>>>>>>> 2017-04-25 09:54:56,141 DEBUG
>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default
>>>>>>>>>>>> task-31) authenticator: auth-otp-form
>>>>>>>>>>>> 2017-04-25 09:54:56,141 DEBUG
>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default
>>>>>>>>>>>> task-31) processFlow
>>>>>>>>>>>> 2017-04-25 09:54:56,141 DEBUG
>>>>>>>>>>>> [org.hibernate.resource.transaction.backend.jta.internal.JtaTransactionCoordinatorImpl]
>>>>>>>>>>>>
>>>>>>>>>>>> (default task-31) Hibernate RegisteredSynchronization
>>>>>>>>>>>> successfully
>>>>>>>>>>>> registered with JTA platform
>>>>>>>>>>>> 2017-04-25 09:54:56,142 DEBUG [org.hibernate.SQL] (default
>>>>>>>>>>>> task-31)
>>>>>>>>>>>> select
>>>>>>>>>>>> roleentity0_.ID as col_0_0_
>>>>>>>>>>>> from
>>>>>>>>>>>> KEYCLOAK_ROLE roleentity0_
>>>>>>>>>>>> where
>>>>>>>>>>>> roleentity0_.CLIENT_ROLE=0
>>>>>>>>>>>> and roleentity0_.NAME=?
>>>>>>>>>>>> and roleentity0_.REALM=?
>>>>>>>>>>>> 2017-04-25 09:54:56,142 DEBUG
>>>>>>>>>>>> [org.jboss.jca.core.connectionmanager.pool.strategy.OnePool]
>>>>>>>>>>>> (default
>>>>>>>>>>>> task-31) MySqlDS: getConnection(null,
>>>>>>>>>>>> WrappedConnectionRequestInfo at 4570d800[userName=KeycloakUSR])
>>>>>>>>>>>> [0/20]
>>>>>>>>>>>> 2017-04-25 09:54:56,143 DEBUG
>>>>>>>>>>>> [org.hibernate.resource.jdbc.internal.LogicalConnectionManagedImpl]
>>>>>>>>>>>>
>>>>>>>>>>>> (default task-31) Initiating JDBC connection release from
>>>>>>>>>>>> afterStatement
>>>>>>>>>>>> 2017-04-25 09:54:56,143 DEBUG [org.hibernate.SQL] (default
>>>>>>>>>>>> task-31)
>>>>>>>>>>>> select
>>>>>>>>>>>> roleentity0_.ID as col_0_0_
>>>>>>>>>>>> from
>>>>>>>>>>>> KEYCLOAK_ROLE roleentity0_
>>>>>>>>>>>> where
>>>>>>>>>>>> roleentity0_.CLIENT_ROLE=0
>>>>>>>>>>>> and roleentity0_.NAME=?
>>>>>>>>>>>> and roleentity0_.REALM=?
>>>>>>>>>>>> 2017-04-25 09:54:56,144 DEBUG
>>>>>>>>>>>> [org.hibernate.resource.jdbc.internal.LogicalConnectionManagedImpl]
>>>>>>>>>>>>
>>>>>>>>>>>> (default task-31) Initiating JDBC connection release from
>>>>>>>>>>>> afterStatement
>>>>>>>>>>>> 2017-04-25 09:54:56,144 DEBUG [org.hibernate.SQL] (default
>>>>>>>>>>>> task-31)
>>>>>>>>>>>> select
>>>>>>>>>>>> roleentity0_.ID as col_0_0_
>>>>>>>>>>>> from
>>>>>>>>>>>> KEYCLOAK_ROLE roleentity0_
>>>>>>>>>>>> where
>>>>>>>>>>>> roleentity0_.CLIENT_ROLE=0
>>>>>>>>>>>> and roleentity0_.NAME=?
>>>>>>>>>>>> and roleentity0_.REALM=?
>>>>>>>>>>>> 2017-04-25 09:54:56,144 DEBUG
>>>>>>>>>>>> [org.hibernate.resource.jdbc.internal.LogicalConnectionManagedImpl]
>>>>>>>>>>>>
>>>>>>>>>>>> (default task-31) Initiating JDBC connection release from
>>>>>>>>>>>> afterStatement
>>>>>>>>>>>> 2017-04-25 09:54:56,145 DEBUG [org.keycloak.events]
>>>>>>>>>>>> (default task-31)
>>>>>>>>>>>> type=LOGIN, realmId=Demo, clientId=moodle,
>>>>>>>>>>>> userId=ed5ba52a-531d-4e6e-b12e-9bc0957a8c1f,
>>>>>>>>>>>> ipAddress=192.168.0.27,
>>>>>>>>>>>> auth_method=openid-connect, auth_type=code,
>>>>>>>>>>>> redirect_uri=https://localhost/moodleiam/auth/oidc/,
>>>>>>>>>>>> consent=no_consent_required,
>>>>>>>>>>>> code_id=08539f13-cb1c-423e-86a3-365c29b055f1,
>>>>>>>>>>>> username=testuser
>>>>>>>>>>>> 2017-04-25 09:54:56,145 DEBUG
>>>>>>>>>>>> [org.keycloak.services.managers.AuthenticationManager]
>>>>>>>>>>>> (default task-31)
>>>>>>>>>>>> Removing old user session: session:
>>>>>>>>>>>> 9a5218f8-aa9c-496c-aa00-780430f19c1b
>>>>>>>>>>>> 2017-04-25 09:54:56,145 DEBUG
>>>>>>>>>>>> [org.keycloak.services.managers.AuthenticationManager]
>>>>>>>>>>>> (default task-31)
>>>>>>>>>>>> Create login cookie - name: KEYCLOAK_IDENTITY, path:
>>>>>>>>>>>> /auth/realms/Demo,
>>>>>>>>>>>> max-age: -1
>>>>>>>>>>>> 2017-04-25 09:54:56,145 DEBUG
>>>>>>>>>>>> [org.keycloak.services.managers.AuthenticationManager]
>>>>>>>>>>>> (default task-31)
>>>>>>>>>>>> Expiring remember me cookie
>>>>>>>>>>>> 2017-04-25 09:54:56,145 DEBUG
>>>>>>>>>>>> [org.keycloak.services.managers.AuthenticationManager]
>>>>>>>>>>>> (default task-31)
>>>>>>>>>>>> Expiring cookie: KEYCLOAK_REMEMBER_ME path: /auth/realms/Demo
>>>>>>>>>>>> 2017-04-25 09:54:56,146 DEBUG
>>>>>>>>>>>> [org.keycloak.protocol.oidc.OIDCLoginProtocol] (default
>>>>>>>>>>>> task-31)
>>>>>>>>>>>> redirectAccessCode: state: bIJNAcPb8Rxz8Wb
>>>>>>>>>>>> 2017-04-25 09:54:56,146 DEBUG
>>>>>>>>>>>> [org.keycloak.transaction.JtaTransactionWrapper] (default
>>>>>>>>>>>> task-31)
>>>>>>>>>>>> JtaTransactionWrapper commit
>>>>>>>>>>>> 2017-04-25 09:54:56,149 DEBUG
>>>>>>>>>>>> [org.jboss.jca.core.connectionmanager.pool.strategy.OnePool]
>>>>>>>>>>>> (default
>>>>>>>>>>>> task-31) MySqlDS: returnConnection(4edba62b, false) [0/20]
>>>>>>>>>>>> 2017-04-25 09:54:56,149 DEBUG
>>>>>>>>>>>> [org.hibernate.resource.jdbc.internal.LogicalConnectionManagedImpl]
>>>>>>>>>>>>
>>>>>>>>>>>> (default task-31) Initiating JDBC connection release from
>>>>>>>>>>>> afterTransaction
>>>>>>>>>>>> 2017-04-25 09:54:56,149 DEBUG
>>>>>>>>>>>> [org.keycloak.transaction.JtaTransactionWrapper] (default
>>>>>>>>>>>> task-31)
>>>>>>>>>>>> JtaTransactionWrapper end
>>>>>>>>>>>> 2017-04-25 09:54:56,642 DEBUG
>>>>>>>>>>>> [org.keycloak.transaction.JtaTransactionWrapper] (default
>>>>>>>>>>>> task-24) new
>>>>>>>>>>>> JtaTransactionWrapper
>>>>>>>>>>>> 2017-04-25 09:54:56,642 DEBUG
>>>>>>>>>>>> [org.keycloak.transaction.JtaTransactionWrapper] (default
>>>>>>>>>>>> task-24) was
>>>>>>>>>>>> existing? false
>>>>>>>>>>>> 2017-04-25 09:54:56,642 DEBUG
>>>>>>>>>>>> [org.jboss.resteasy.resteasy_jaxrs.i18n]
>>>>>>>>>>>> (default task-24) RESTEASY002315: PathInfo:
>>>>>>>>>>>> /realms/demo/protocol/openid-connect/token
>>>>>>>>>>>> 2017-04-25 09:54:56,643 DEBUG
>>>>>>>>>>>> [org.keycloak.authentication.AuthenticationProcessor]
>>>>>>>>>>>> (default task-24)
>>>>>>>>>>>> AUTHENTICATE CLIENT
>>>>>>>>>>>> 2017-04-25 09:54:56,643 DEBUG
>>>>>>>>>>>> [org.keycloak.authentication.ClientAuthenticationFlow]
>>>>>>>>>>>> (default task-24)
>>>>>>>>>>>> client authenticator: client-secret
>>>>>>>>>>>> 2017-04-25 09:54:56,643 DEBUG
>>>>>>>>>>>> [org.keycloak.authentication.ClientAuthenticationFlow]
>>>>>>>>>>>> (default task-24)
>>>>>>>>>>>> client authenticator SUCCESS: client-secret
>>>>>>>>>>>> 2017-04-25 09:54:56,643 DEBUG
>>>>>>>>>>>> [org.keycloak.authentication.ClientAuthenticationFlow]
>>>>>>>>>>>> (default task-24)
>>>>>>>>>>>> Client moodle authenticated by client-secret
>>>>>>>>>>>> 2017-04-25 09:54:56,663 DEBUG [org.keycloak.events]
>>>>>>>>>>>> (default task-24)
>>>>>>>>>>>> type=CODE_TO_TOKEN, realmId=Demo, clientId=moodle,
>>>>>>>>>>>> userId=ed5ba52a-531d-4e6e-b12e-9bc0957a8c1f,
>>>>>>>>>>>> ipAddress=153.109.152.213,
>>>>>>>>>>>> token_id=75173922-dd56-44ca-9255-9a5368e557f4,
>>>>>>>>>>>> grant_type=authorization_code, refresh_token_type=Refresh,
>>>>>>>>>>>> refresh_token_id=d7daabe5-8e73-4b8e-b108-92188e1118df,
>>>>>>>>>>>> code_id=08539f13-cb1c-423e-86a3-365c29b055f1,
>>>>>>>>>>>> client_auth_method=client-secret
>>>>>>>>>>>> 2017-04-25 09:54:56,663 DEBUG
>>>>>>>>>>>> [org.keycloak.transaction.JtaTransactionWrapper] (default
>>>>>>>>>>>> task-24)
>>>>>>>>>>>> JtaTransactionWrapper commit
>>>>>>>>>>>> 2017-04-25 09:54:56,663 DEBUG
>>>>>>>>>>>> [org.keycloak.transaction.JtaTransactionWrapper] (default
>>>>>>>>>>>> task-24)
>>>>>>>>>>>> JtaTransactionWrapper end
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> *Login to portal2**
>>>>>>>>>>>> *
>>>>>>>>>>>> 2017-04-25 09:56:17,566 DEBUG
>>>>>>>>>>>> [org.keycloak.transaction.JtaTransactionWrapper] (default
>>>>>>>>>>>> task-6) new
>>>>>>>>>>>> JtaTransactionWrapper
>>>>>>>>>>>> 2017-04-25 09:56:17,566 DEBUG
>>>>>>>>>>>> [org.keycloak.transaction.JtaTransactionWrapper] (default
>>>>>>>>>>>> task-6) was
>>>>>>>>>>>> existing? false
>>>>>>>>>>>> 2017-04-25 09:56:17,567 DEBUG
>>>>>>>>>>>> [org.jboss.resteasy.resteasy_jaxrs.i18n]
>>>>>>>>>>>> (default task-6) RESTEASY002315: PathInfo:
>>>>>>>>>>>> /realms/demo/protocol/openid-connect/auth
>>>>>>>>>>>> 2017-04-25 09:56:17,569 DEBUG
>>>>>>>>>>>> [org.keycloak.authentication.AuthenticationProcessor]
>>>>>>>>>>>> (default task-6)
>>>>>>>>>>>> AUTHENTICATE
>>>>>>>>>>>> 2017-04-25 09:56:17,569 DEBUG
>>>>>>>>>>>> [org.keycloak.authentication.AuthenticationProcessor]
>>>>>>>>>>>> (default task-6)
>>>>>>>>>>>> AUTHENTICATE ONLY
>>>>>>>>>>>> 2017-04-25 09:56:17,569 DEBUG
>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default task-6)
>>>>>>>>>>>> processFlow
>>>>>>>>>>>> 2017-04-25 09:56:17,569 DEBUG
>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default task-6)
>>>>>>>>>>>> check execution: auth-cookie requirement: ALTERNATIVE
>>>>>>>>>>>> 2017-04-25 09:56:17,569 DEBUG
>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default task-6)
>>>>>>>>>>>> authenticator: auth-cookie
>>>>>>>>>>>> 2017-04-25 09:56:17,569 DEBUG
>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default task-6)
>>>>>>>>>>>> invoke authenticator.authenticate
>>>>>>>>>>>> 2017-04-25 09:56:17,569 DEBUG
>>>>>>>>>>>> [org.keycloak.services.managers.AuthenticationManager]
>>>>>>>>>>>> (default task-6)
>>>>>>>>>>>> Could not find cookie: KEYCLOAK_IDENTITY
>>>>>>>>>>>> 2017-04-25 09:56:17,569 DEBUG
>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default task-6)
>>>>>>>>>>>> authenticator ATTEMPTED: auth-cookie
>>>>>>>>>>>> 2017-04-25 09:56:17,569 DEBUG
>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default task-6)
>>>>>>>>>>>> check execution: auth-spnego requirement: DISABLED
>>>>>>>>>>>> 2017-04-25 09:56:17,569 DEBUG
>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default task-6)
>>>>>>>>>>>> execution is processed
>>>>>>>>>>>> 2017-04-25 09:56:17,569 DEBUG
>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default task-6)
>>>>>>>>>>>> check execution: identity-provider-redirector requirement:
>>>>>>>>>>>> ALTERNATIVE
>>>>>>>>>>>> 2017-04-25 09:56:17,569 DEBUG
>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default task-6)
>>>>>>>>>>>> authenticator: identity-provider-redirector
>>>>>>>>>>>> 2017-04-25 09:56:17,569 DEBUG
>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default task-6)
>>>>>>>>>>>> invoke authenticator.authenticate
>>>>>>>>>>>> 2017-04-25 09:56:17,569 DEBUG
>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default task-6)
>>>>>>>>>>>> authenticator ATTEMPTED: identity-provider-redirector
>>>>>>>>>>>> 2017-04-25 09:56:17,569 DEBUG
>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default task-6)
>>>>>>>>>>>> check execution: null requirement: ALTERNATIVE
>>>>>>>>>>>> 2017-04-25 09:56:17,569 DEBUG
>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default task-6)
>>>>>>>>>>>> execution is flow
>>>>>>>>>>>> 2017-04-25 09:56:17,569 DEBUG
>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default task-6)
>>>>>>>>>>>> processFlow
>>>>>>>>>>>> 2017-04-25 09:56:17,569 DEBUG
>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default task-6)
>>>>>>>>>>>> check execution: auth-username-password-form requirement:
>>>>>>>>>>>> REQUIRED
>>>>>>>>>>>> 2017-04-25 09:56:17,569 DEBUG
>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default task-6)
>>>>>>>>>>>> authenticator: auth-username-password-form
>>>>>>>>>>>> 2017-04-25 09:56:17,569 DEBUG
>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default task-6)
>>>>>>>>>>>> invoke authenticator.authenticate
>>>>>>>>>>>> 2017-04-25 09:56:17,572 DEBUG [freemarker.cache] (default
>>>>>>>>>>>> task-6)
>>>>>>>>>>>> TemplateLoader.findTemplateSource("template_en_US.ftl"):
>>>>>>>>>>>> Not found
>>>>>>>>>>>> 2017-04-25 09:56:17,572 DEBUG [freemarker.cache] (default
>>>>>>>>>>>> task-6)
>>>>>>>>>>>> TemplateLoader.findTemplateSource("template_en.ftl"): Not
>>>>>>>>>>>> found
>>>>>>>>>>>> 2017-04-25 09:56:17,572 DEBUG [freemarker.cache] (default
>>>>>>>>>>>> task-6)
>>>>>>>>>>>> TemplateLoader.findTemplateSource("template.ftl"): Found
>>>>>>>>>>>> 2017-04-25 09:56:17,572 DEBUG [freemarker.cache] (default
>>>>>>>>>>>> task-6)
>>>>>>>>>>>> "template.ftl"("en_US", UTF-8, parsed): using cached since
>>>>>>>>>>>> file:/opt/jboss/keycloak/themes/base/login/template.ftl
>>>>>>>>>>>> hasn't changed.
>>>>>>>>>>>> 2017-04-25 09:56:17,573 DEBUG
>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default task-6)
>>>>>>>>>>>> authenticator CHALLENGE: auth-username-password-form
>>>>>>>>>>>> 2017-04-25 09:56:17,573 DEBUG
>>>>>>>>>>>> [org.keycloak.transaction.JtaTransactionWrapper] (default
>>>>>>>>>>>> task-6)
>>>>>>>>>>>> JtaTransactionWrapper commit
>>>>>>>>>>>> 2017-04-25 09:56:17,573 DEBUG
>>>>>>>>>>>> [org.keycloak.transaction.JtaTransactionWrapper] (default
>>>>>>>>>>>> task-6)
>>>>>>>>>>>> JtaTransactionWrapper end
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> *After authentication to portal2**
>>>>>>>>>>>> *
>>>>>>>>>>>> 2017-04-25 09:56:29,001 DEBUG
>>>>>>>>>>>> [org.keycloak.transaction.JtaTransactionWrapper] (default
>>>>>>>>>>>> task-4) new
>>>>>>>>>>>> JtaTransactionWrapper
>>>>>>>>>>>> 2017-04-25 09:56:29,001 DEBUG
>>>>>>>>>>>> [org.keycloak.transaction.JtaTransactionWrapper] (default
>>>>>>>>>>>> task-4) was
>>>>>>>>>>>> existing? false
>>>>>>>>>>>> 2017-04-25 09:56:29,001 DEBUG
>>>>>>>>>>>> [org.jboss.resteasy.resteasy_jaxrs.i18n]
>>>>>>>>>>>> (default task-4) RESTEASY002315: PathInfo:
>>>>>>>>>>>> /realms/Demo/login-actions/authenticate
>>>>>>>>>>>> 2017-04-25 09:56:29,002 DEBUG
>>>>>>>>>>>> [org.keycloak.authentication.AuthenticationProcessor]
>>>>>>>>>>>> (default task-4)
>>>>>>>>>>>> authenticationAction
>>>>>>>>>>>> 2017-04-25 09:56:29,002 DEBUG
>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default task-4)
>>>>>>>>>>>> processAction: dfde24fe-5e06-4dc9-8dc2-f82eedd89846
>>>>>>>>>>>> 2017-04-25 09:56:29,002 DEBUG
>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default task-4)
>>>>>>>>>>>> check: auth-cookie requirement: ALTERNATIVE
>>>>>>>>>>>> 2017-04-25 09:56:29,002 DEBUG
>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default task-4)
>>>>>>>>>>>> execution is processed
>>>>>>>>>>>> 2017-04-25 09:56:29,002 DEBUG
>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default task-4)
>>>>>>>>>>>> check: auth-spnego requirement: DISABLED
>>>>>>>>>>>> 2017-04-25 09:56:29,002 DEBUG
>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default task-4)
>>>>>>>>>>>> execution is processed
>>>>>>>>>>>> 2017-04-25 09:56:29,004 DEBUG
>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default task-4)
>>>>>>>>>>>> check: identity-provider-redirector requirement: ALTERNATIVE
>>>>>>>>>>>> 2017-04-25 09:56:29,004 DEBUG
>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default task-4)
>>>>>>>>>>>> execution is processed
>>>>>>>>>>>> 2017-04-25 09:56:29,004 DEBUG
>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default task-4)
>>>>>>>>>>>> check: null requirement: ALTERNATIVE
>>>>>>>>>>>> 2017-04-25 09:56:29,004 DEBUG
>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default task-4)
>>>>>>>>>>>> processAction: dfde24fe-5e06-4dc9-8dc2-f82eedd89846
>>>>>>>>>>>> 2017-04-25 09:56:29,004 DEBUG
>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default task-4)
>>>>>>>>>>>> check: auth-username-password-form requirement: REQUIRED
>>>>>>>>>>>> 2017-04-25 09:56:29,004 DEBUG
>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default task-4)
>>>>>>>>>>>> action: auth-username-password-form
>>>>>>>>>>>> 2017-04-25 09:56:29,099 DEBUG
>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default task-4)
>>>>>>>>>>>> authenticator SUCCESS: auth-username-password-form
>>>>>>>>>>>> 2017-04-25 09:56:29,100 DEBUG
>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default task-4)
>>>>>>>>>>>> processFlow
>>>>>>>>>>>> 2017-04-25 09:56:29,100 DEBUG
>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default task-4)
>>>>>>>>>>>> check execution: auth-otp-form requirement: OPTIONAL
>>>>>>>>>>>> 2017-04-25 09:56:29,100 DEBUG
>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default task-4)
>>>>>>>>>>>> authenticator: auth-otp-form
>>>>>>>>>>>> 2017-04-25 09:56:29,100 DEBUG
>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow]
>>>>>>>>>>>> (default task-4)
>>>>>>>>>>>> processFlow
>>>>>>>>>>>> 2017-04-25 09:56:29,100 DEBUG
>>>>>>>>>>>> [org.hibernate.resource.transaction.backend.jta.internal.JtaTransactionCoordinatorImpl]
>>>>>>>>>>>>
>>>>>>>>>>>> (default task-4) Hibernate RegisteredSynchronization
>>>>>>>>>>>> successfully
>>>>>>>>>>>> registered with JTA platform
>>>>>>>>>>>> 2017-04-25 09:56:29,100 DEBUG [org.hibernate.SQL] (default
>>>>>>>>>>>> task-4)
>>>>>>>>>>>> select
>>>>>>>>>>>> roleentity0_.ID as col_0_0_
>>>>>>>>>>>> from
>>>>>>>>>>>> KEYCLOAK_ROLE roleentity0_
>>>>>>>>>>>> where
>>>>>>>>>>>> roleentity0_.CLIENT_ROLE=0
>>>>>>>>>>>> and roleentity0_.NAME=?
>>>>>>>>>>>> and roleentity0_.REALM=?
>>>>>>>>>>>> 2017-04-25 09:56:29,101 DEBUG
>>>>>>>>>>>> [org.jboss.jca.core.connectionmanager.pool.strategy.OnePool]
>>>>>>>>>>>> (default
>>>>>>>>>>>> task-4) MySqlDS: getConnection(null,
>>>>>>>>>>>> WrappedConnectionRequestInfo at 4570d800[userName=KeycloakUSR])
>>>>>>>>>>>> [0/20]
>>>>>>>>>>>> 2017-04-25 09:56:29,102 DEBUG
>>>>>>>>>>>> [org.hibernate.resource.jdbc.internal.LogicalConnectionManagedImpl]
>>>>>>>>>>>>
>>>>>>>>>>>> (default task-4) Initiating JDBC connection release from
>>>>>>>>>>>> afterStatement
>>>>>>>>>>>> 2017-04-25 09:56:29,103 DEBUG [org.hibernate.SQL] (default
>>>>>>>>>>>> task-4)
>>>>>>>>>>>> select
>>>>>>>>>>>> roleentity0_.ID as col_0_0_
>>>>>>>>>>>> from
>>>>>>>>>>>> KEYCLOAK_ROLE roleentity0_
>>>>>>>>>>>> where
>>>>>>>>>>>> roleentity0_.CLIENT_ROLE=0
>>>>>>>>>>>> and roleentity0_.NAME=?
>>>>>>>>>>>> and roleentity0_.REALM=?
>>>>>>>>>>>> 2017-04-25 09:56:29,103 DEBUG
>>>>>>>>>>>> [org.hibernate.resource.jdbc.internal.LogicalConnectionManagedImpl]
>>>>>>>>>>>>
>>>>>>>>>>>> (default task-4) Initiating JDBC connection release from
>>>>>>>>>>>> afterStatement
>>>>>>>>>>>> 2017-04-25 09:56:29,103 DEBUG [org.hibernate.SQL] (default
>>>>>>>>>>>> task-4)
>>>>>>>>>>>> select
>>>>>>>>>>>> roleentity0_.ID as col_0_0_
>>>>>>>>>>>> from
>>>>>>>>>>>> KEYCLOAK_ROLE roleentity0_
>>>>>>>>>>>> where
>>>>>>>>>>>> roleentity0_.CLIENT_ROLE=0
>>>>>>>>>>>> and roleentity0_.NAME=?
>>>>>>>>>>>> and roleentity0_.REALM=?
>>>>>>>>>>>> 2017-04-25 09:56:29,104 DEBUG
>>>>>>>>>>>> [org.hibernate.resource.jdbc.internal.LogicalConnectionManagedImpl]
>>>>>>>>>>>>
>>>>>>>>>>>> (default task-4) Initiating JDBC connection release from
>>>>>>>>>>>> afterStatement
>>>>>>>>>>>> 2017-04-25 09:56:29,104 DEBUG [org.keycloak.events]
>>>>>>>>>>>> (default task-4)
>>>>>>>>>>>> type=LOGIN, realmId=Demo, clientId=moodle2,
>>>>>>>>>>>> userId=ed5ba52a-531d-4e6e-b12e-9bc0957a8c1f,
>>>>>>>>>>>> ipAddress=192.168.0.27,
>>>>>>>>>>>> auth_method=openid-connect, auth_type=code,
>>>>>>>>>>>> redirect_uri=https://localhost/moodle2iam/auth/oidc/,
>>>>>>>>>>>> consent=no_consent_required,
>>>>>>>>>>>> code_id=cffeac69-54fc-4d19-be81-36f0f19ce1ef,
>>>>>>>>>>>> username=testuser
>>>>>>>>>>>> 2017-04-25 09:56:29,104 DEBUG
>>>>>>>>>>>> [org.keycloak.services.managers.AuthenticationManager]
>>>>>>>>>>>> (default task-4)
>>>>>>>>>>>> Removing old user session: session:
>>>>>>>>>>>> 431cecf6-5a6b-4bbc-9467-3f52eff8090f
>>>>>>>>>>>> 2017-04-25 09:56:29,105 DEBUG
>>>>>>>>>>>> [org.keycloak.services.managers.AuthenticationManager]
>>>>>>>>>>>> (default task-4)
>>>>>>>>>>>> Create login cookie - name: KEYCLOAK_IDENTITY, path:
>>>>>>>>>>>> /auth/realms/Demo,
>>>>>>>>>>>> max-age: -1
>>>>>>>>>>>> 2017-04-25 09:56:29,105 DEBUG
>>>>>>>>>>>> [org.keycloak.services.managers.AuthenticationManager]
>>>>>>>>>>>> (default task-4)
>>>>>>>>>>>> Expiring remember me cookie
>>>>>>>>>>>> 2017-04-25 09:56:29,105 DEBUG
>>>>>>>>>>>> [org.keycloak.services.managers.AuthenticationManager]
>>>>>>>>>>>> (default task-4)
>>>>>>>>>>>> Expiring cookie: KEYCLOAK_REMEMBER_ME path: /auth/realms/Demo
>>>>>>>>>>>> 2017-04-25 09:56:29,105 DEBUG
>>>>>>>>>>>> [org.keycloak.protocol.oidc.OIDCLoginProtocol] (default
>>>>>>>>>>>> task-4)
>>>>>>>>>>>> redirectAccessCode: state: WUCTMXokISFDbFN
>>>>>>>>>>>> 2017-04-25 09:56:29,105 DEBUG
>>>>>>>>>>>> [org.keycloak.transaction.JtaTransactionWrapper] (default
>>>>>>>>>>>> task-4)
>>>>>>>>>>>> JtaTransactionWrapper commit
>>>>>>>>>>>> 2017-04-25 09:56:29,106 DEBUG
>>>>>>>>>>>> [org.jboss.jca.core.connectionmanager.pool.strategy.OnePool]
>>>>>>>>>>>> (default
>>>>>>>>>>>> task-4) MySqlDS: returnConnection(4edba62b, false) [0/20]
>>>>>>>>>>>> 2017-04-25 09:56:29,106 DEBUG
>>>>>>>>>>>> [org.hibernate.resource.jdbc.internal.LogicalConnectionManagedImpl]
>>>>>>>>>>>>
>>>>>>>>>>>> (default task-4) Initiating JDBC connection release from
>>>>>>>>>>>> afterTransaction
>>>>>>>>>>>> 2017-04-25 09:56:29,106 DEBUG
>>>>>>>>>>>> [org.keycloak.transaction.JtaTransactionWrapper] (default
>>>>>>>>>>>> task-4)
>>>>>>>>>>>> JtaTransactionWrapper end
>>>>>>>>>>>> 2017-04-25 09:56:29,626 DEBUG
>>>>>>>>>>>> [org.keycloak.transaction.JtaTransactionWrapper] (default
>>>>>>>>>>>> task-13) new
>>>>>>>>>>>> JtaTransactionWrapper
>>>>>>>>>>>> 2017-04-25 09:56:29,626 DEBUG
>>>>>>>>>>>> [org.keycloak.transaction.JtaTransactionWrapper] (default
>>>>>>>>>>>> task-13) was
>>>>>>>>>>>> existing? false
>>>>>>>>>>>> 2017-04-25 09:56:29,627 DEBUG
>>>>>>>>>>>> [org.jboss.resteasy.resteasy_jaxrs.i18n]
>>>>>>>>>>>> (default task-13) RESTEASY002315: PathInfo:
>>>>>>>>>>>> /realms/demo/protocol/openid-connect/token
>>>>>>>>>>>> 2017-04-25 09:56:29,627 DEBUG
>>>>>>>>>>>> [org.keycloak.authentication.AuthenticationProcessor]
>>>>>>>>>>>> (default task-13)
>>>>>>>>>>>> AUTHENTICATE CLIENT
>>>>>>>>>>>> 2017-04-25 09:56:29,627 DEBUG
>>>>>>>>>>>> [org.keycloak.authentication.ClientAuthenticationFlow]
>>>>>>>>>>>> (default task-13)
>>>>>>>>>>>> client authenticator: client-secret
>>>>>>>>>>>> 2017-04-25 09:56:29,627 DEBUG
>>>>>>>>>>>> [org.keycloak.authentication.ClientAuthenticationFlow]
>>>>>>>>>>>> (default task-13)
>>>>>>>>>>>> client authenticator SUCCESS: client-secret
>>>>>>>>>>>> 2017-04-25 09:56:29,627 DEBUG
>>>>>>>>>>>> [org.keycloak.authentication.ClientAuthenticationFlow]
>>>>>>>>>>>> (default task-13)
>>>>>>>>>>>> Client moodle2 authenticated by client-secret
>>>>>>>>>>>> 2017-04-25 09:56:29,656 DEBUG [org.keycloak.events]
>>>>>>>>>>>> (default task-13)
>>>>>>>>>>>> type=CODE_TO_TOKEN, realmId=Demo, clientId=moodle2,
>>>>>>>>>>>> userId=ed5ba52a-531d-4e6e-b12e-9bc0957a8c1f,
>>>>>>>>>>>> ipAddress=153.109.152.213,
>>>>>>>>>>>> token_id=ff9b3385-1362-4559-ad53-05317755b280,
>>>>>>>>>>>> grant_type=authorization_code, refresh_token_type=Refresh,
>>>>>>>>>>>> refresh_token_id=356011d7-e9fa-4c90-9368-a7627a445bc7,
>>>>>>>>>>>> code_id=cffeac69-54fc-4d19-be81-36f0f19ce1ef,
>>>>>>>>>>>> client_auth_method=client-secret
>>>>>>>>>>>> 2017-04-25 09:56:29,656 DEBUG
>>>>>>>>>>>> [org.keycloak.transaction.JtaTransactionWrapper] (default
>>>>>>>>>>>> task-13)
>>>>>>>>>>>> JtaTransactionWrapper commit
>>>>>>>>>>>> 2017-04-25 09:56:29,656 DEBUG
>>>>>>>>>>>> [org.keycloak.transaction.JtaTransactionWrapper] (default
>>>>>>>>>>>> task-13)
>>>>>>>>>>>> JtaTransactionWrapper end
>>>>>>>>>>>> 2017-04-25 09:56:29,660 DEBUG [io.undertow.request.io]
>>>>>>>>>>>> (default I/O-1)
>>>>>>>>>>>> Error reading request: java.io.IOException: Connection
>>>>>>>>>>>> reset by peer
>>>>>>>>>>>> at sun.nio.ch.FileDispatcherImpl.read0(Native
>>>>>>>>>>>> Method)
>>>>>>>>>>>> at
>>>>>>>>>>>> sun.nio.ch.SocketDispatcher.read(SocketDispatcher.java:39)
>>>>>>>>>>>> at
>>>>>>>>>>>> sun.nio.ch.IOUtil.readIntoNativeBuffer(IOUtil.java:223)
>>>>>>>>>>>> at sun.nio.ch.IOUtil.read(IOUtil.java:192)
>>>>>>>>>>>> at
>>>>>>>>>>>> sun.nio.ch.SocketChannelImpl.read(SocketChannelImpl.java:380)
>>>>>>>>>>>> at
>>>>>>>>>>>> org.xnio.nio.NioSocketConduit.read(NioSocketConduit.java:282)
>>>>>>>>>>>> at
>>>>>>>>>>>> io.undertow.protocols.ssl.SslConduit.doUnwrap(SslConduit.java:658)
>>>>>>>>>>>>
>>>>>>>>>>>> at
>>>>>>>>>>>> io.undertow.protocols.ssl.SslConduit.read(SslConduit.java:530)
>>>>>>>>>>>> at
>>>>>>>>>>>> org.xnio.conduits.ConduitStreamSourceChannel.read(ConduitStreamSourceChannel.java:127)
>>>>>>>>>>>>
>>>>>>>>>>>> at
>>>>>>>>>>>> io.undertow.server.protocol.http.HttpReadListener.handleEventWithNoRunningRequest(HttpReadListener.java:152)
>>>>>>>>>>>>
>>>>>>>>>>>> at
>>>>>>>>>>>> io.undertow.server.protocol.http.HttpReadListener.handleEvent(HttpReadListener.java:130)
>>>>>>>>>>>>
>>>>>>>>>>>> at
>>>>>>>>>>>> io.undertow.server.protocol.http.HttpReadListener.handleEvent(HttpReadListener.java:56)
>>>>>>>>>>>>
>>>>>>>>>>>> at
>>>>>>>>>>>> org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
>>>>>>>>>>>>
>>>>>>>>>>>> at
>>>>>>>>>>>> org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66)
>>>>>>>>>>>>
>>>>>>>>>>>> at
>>>>>>>>>>>> io.undertow.protocols.ssl.SslConduit$SslReadReadyHandler.readReady(SslConduit.java:1059)
>>>>>>>>>>>>
>>>>>>>>>>>> at
>>>>>>>>>>>> org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:88)
>>>>>>>>>>>>
>>>>>>>>>>>> at
>>>>>>>>>>>> org.xnio.nio.WorkerThread.run(WorkerThread.java:559)
>>>>>>>>>>>>
>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>> keycloak-user mailing list
>>>>>>>>>>>> keycloak-user at lists.jboss.org
>>>>>>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>
More information about the keycloak-user
mailing list