[keycloak-user] Two OIDC working, but not SSO

Tech tech at psynd.net
Fri May 5 08:48:57 EDT 2017


Hello again,

I ran other tests using the out of the box applications given with the 
Keycloak examples, the customer and product portals, and also in that 
case the KEYCLOAK_IDENTITY cookie behave in the same way.

Using the other two applications, I can do both OIDC authentication on 
both and everything is fine, but in this case the SSO between them is 
working.

We cannot understand yet why the first application is not working, have 
you any idea?




On 27/04/17 15:56, Marek Posolda wrote:
> Not sure what could be the reason...
>
> Are you seeing the browser cookie if you login to some Keycloak 
> builtin applications (admin console, account management)?
>
> I wonder about something around "http" or "https" . Will it work if 
> you switch SSL required for your realm to "ALWAYS" ? Or the other way, 
> will it work if you switch everything to "http" instead of "https" ?
>
> Marek
>
>
> On 27/04/17 11:21, Tech wrote:
>>
>> We try both with Firefox, Chrome and Internet explorer, in none of 
>> these cases we have this cookie.
>>
>> What could it be the reason?
>>
>>
>>
>>
>> On 27/04/17 10:02, Marek Posolda wrote:
>>> Yes, KEYCLOAK_IDENTITY cookie should be in the browser after 
>>> successful authentication to your portal1 is fully finished. Are you 
>>> seeing the cookie after this authentication?
>>>
>>> Then the portal2 is supposed to be automatically authenticated due 
>>> to this cookie.
>>>
>>> Marek
>>>
>>> On 27/04/17 09:14, Tech wrote:
>>>>
>>>> Hello,
>>>>
>>>> opening the browser the KEYCLOAK_IDENTITY cookie does not appear, 
>>>> but in my understanding this is created when you have an active 
>>>> session to Keycloak like accessing to the admin interface.
>>>>
>>>> No proxies, cookies or load balancers in the backend server.
>>>>
>>>>
>>>>
>>>>
>>>> On 26/04/17 16:17, Marek Posolda wrote:
>>>>> Thanks, are you seeing KEYCLOAK_IDENTITY cookie for your browser 
>>>>> for path "/auth/realms/yourrealm" ? Are you using 
>>>>> proxy/loadbalancer, which may cause that cookies sent to the proxy 
>>>>> are not visible on the backend server (Keycloak)?
>>>>>
>>>>> Marek
>>>>>
>>>>>
>>>>> On 26/04/17 09:09, Tech wrote:
>>>>>> Hello again,
>>>>>>
>>>>>> so:
>>>>>> 1) they are both using the same kc realm
>>>>>> 2) the cookie is not disabled
>>>>>> 3) in attach a screenshot, it's identical for the two 
>>>>>> application, with the difference that one the two URL has the "2"
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> On 26/04/17 06:17, Marek Posolda wrote:
>>>>>>> On 25/04/17 22:36, Tech wrote:
>>>>>>>>
>>>>>>>> Hello Marek,
>>>>>>>>
>>>>>>>> 1) yes, they are both using the same Kc realm
>>>>>>>>
>>>>>>>> 2) how can I check this point?
>>>>>>>>
>>>>>>> In Keycloak admin console, there is tab "Authentication" and 
>>>>>>> then flow "browser" .
>>>>>>>
>>>>>>> Marek
>>>>>>>>
>>>>>>>> 3) I checked already, I don't think that anything like that is 
>>>>>>>> enabled, but I will send you a screen shot in the coming hours 
>>>>>>>> (not in the office right now)
>>>>>>>>
>>>>>>>> Thanks for the support
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> On 25.04.17 22:14, Marek Posolda wrote:
>>>>>>>>> Normally SSO between client applications is supposed to work. 
>>>>>>>>> I would check:
>>>>>>>>>
>>>>>>>>> - Are both your clients (portal1 and portal2) using same 
>>>>>>>>> Keycloak realm? SSO will work just with same realm
>>>>>>>>>
>>>>>>>>> - Is Cookie authenticator enabled for authentication browser 
>>>>>>>>> flow of your realm? Didn't you accidentally disable it? SSO 
>>>>>>>>> requires that it is enabled
>>>>>>>>>
>>>>>>>>> - How does URL to Keycloak login screen looks like? I wonder 
>>>>>>>>> if your PHP adapter uses some parameters, which causes SSO 
>>>>>>>>> disabled (eg. prompt=login or max_age=0)
>>>>>>>>>
>>>>>>>>> Marek
>>>>>>>>>
>>>>>>>>> On 25/04/17 14:18, Tech wrote:
>>>>>>>>>>
>>>>>>>>>> Anybody with any ideas?
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On 25/04/17 12:53, Tech wrote:
>>>>>>>>>>>
>>>>>>>>>>> Hello Marek,
>>>>>>>>>>>
>>>>>>>>>>> maybe my email was confusing, we run initially two tests 
>>>>>>>>>>> were we login and logout in both portal to check that the 
>>>>>>>>>>> oidc is working on each of them.
>>>>>>>>>>>
>>>>>>>>>>> Once we know that OIDC is working, then we are expecting to 
>>>>>>>>>>> login to portal1 and opening portal2, to find us already 
>>>>>>>>>>> logged in, but this doesn't happen and we are forced to 
>>>>>>>>>>> login again
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> On 25/04/17 12:41, Marek Posolda wrote:
>>>>>>>>>>>> If you don't do "Logout from portal1" at the end of first 
>>>>>>>>>>>> test, then SSO should work and you will be automatically 
>>>>>>>>>>>> logged into portal2 without a need to put your credentials.
>>>>>>>>>>>>
>>>>>>>>>>>> The logout is "SSO logout", hence it also kills the SSO 
>>>>>>>>>>>> session on Keycloak side and requires user to re-login.
>>>>>>>>>>>>
>>>>>>>>>>>> Marek
>>>>>>>>>>>>
>>>>>>>>>>>> On 25/04/17 12:31, Tech wrote:
>>>>>>>>>>>>> Dear experts,
>>>>>>>>>>>>>
>>>>>>>>>>>>> we are working with Moodle, a PHP based platform, where we 
>>>>>>>>>>>>> have been
>>>>>>>>>>>>> able to configure correctly Keycloak to implement OIDC.
>>>>>>>>>>>>>
>>>>>>>>>>>>> To test Keycloak we cloned this application, with 
>>>>>>>>>>>>> different URLs and we
>>>>>>>>>>>>> did the first test:
>>>>>>>>>>>>>
>>>>>>>>>>>>>    * Connect to portal1
>>>>>>>>>>>>>    * User not recognized and redirected to Keycloak 
>>>>>>>>>>>>> through OIDC
>>>>>>>>>>>>>    * Enter credentials stored into Keycloak
>>>>>>>>>>>>>    * User accepted and redirected to portal1
>>>>>>>>>>>>>    * Logout from portal1
>>>>>>>>>>>>>
>>>>>>>>>>>>> After this we tested the second application:
>>>>>>>>>>>>>
>>>>>>>>>>>>>    * Connect to portal2
>>>>>>>>>>>>>    * User not recognized and redirected to Keycloak 
>>>>>>>>>>>>> through OIDC
>>>>>>>>>>>>>    * Enter credentials stored into Keycloak
>>>>>>>>>>>>>    * User accepted and redirected to portal2
>>>>>>>>>>>>>    * Logout from portal2
>>>>>>>>>>>>>
>>>>>>>>>>>>> In this case I know that OIDC is working for the two 
>>>>>>>>>>>>> applications and we
>>>>>>>>>>>>> can expect that also the SSO is working, but after the 
>>>>>>>>>>>>> login in portal1
>>>>>>>>>>>>> we have to login again portal2, and vice-versa.
>>>>>>>>>>>>>
>>>>>>>>>>>>> We attach below here some logs, could you please help?
>>>>>>>>>>>>>
>>>>>>>>>>>>> Thanks
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> *Login to portal1*
>>>>>>>>>>>>>
>>>>>>>>>>>>> 2017-04-25 09:54:40,503 DEBUG [org.jboss.ejb.client.txn] 
>>>>>>>>>>>>> (Periodic
>>>>>>>>>>>>> Recovery) Send recover request for transaction origin node 
>>>>>>>>>>>>> identifier 1
>>>>>>>>>>>>> to EJB receiver with node name 79051ccf69ac
>>>>>>>>>>>>> 2017-04-25 09:54:45,055 DEBUG
>>>>>>>>>>>>> [org.keycloak.transaction.JtaTransactionWrapper] (default 
>>>>>>>>>>>>> task-30) new
>>>>>>>>>>>>> JtaTransactionWrapper
>>>>>>>>>>>>> 2017-04-25 09:54:45,056 DEBUG
>>>>>>>>>>>>> [org.keycloak.transaction.JtaTransactionWrapper] (default 
>>>>>>>>>>>>> task-30) was
>>>>>>>>>>>>> existing? false
>>>>>>>>>>>>> 2017-04-25 09:54:45,056 DEBUG 
>>>>>>>>>>>>> [org.jboss.resteasy.resteasy_jaxrs.i18n]
>>>>>>>>>>>>> (default task-30) RESTEASY002315: PathInfo:
>>>>>>>>>>>>> /realms/demo/protocol/openid-connect/auth
>>>>>>>>>>>>> 2017-04-25 09:54:45,059 DEBUG
>>>>>>>>>>>>> [org.keycloak.authentication.AuthenticationProcessor] 
>>>>>>>>>>>>> (default task-30)
>>>>>>>>>>>>> AUTHENTICATE
>>>>>>>>>>>>> 2017-04-25 09:54:45,059 DEBUG
>>>>>>>>>>>>> [org.keycloak.authentication.AuthenticationProcessor] 
>>>>>>>>>>>>> (default task-30)
>>>>>>>>>>>>> AUTHENTICATE ONLY
>>>>>>>>>>>>> 2017-04-25 09:54:45,059 DEBUG
>>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow] 
>>>>>>>>>>>>> (default
>>>>>>>>>>>>> task-30) processFlow
>>>>>>>>>>>>> 2017-04-25 09:54:45,059 DEBUG
>>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow] 
>>>>>>>>>>>>> (default
>>>>>>>>>>>>> task-30) check execution: auth-cookie requirement: 
>>>>>>>>>>>>> ALTERNATIVE
>>>>>>>>>>>>> 2017-04-25 09:54:45,059 DEBUG
>>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow] 
>>>>>>>>>>>>> (default
>>>>>>>>>>>>> task-30) authenticator: auth-cookie
>>>>>>>>>>>>> 2017-04-25 09:54:45,059 DEBUG
>>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow] 
>>>>>>>>>>>>> (default
>>>>>>>>>>>>> task-30) invoke authenticator.authenticate
>>>>>>>>>>>>> 2017-04-25 09:54:45,059 DEBUG
>>>>>>>>>>>>> [org.keycloak.services.managers.AuthenticationManager] 
>>>>>>>>>>>>> (default task-30)
>>>>>>>>>>>>> Could not find cookie: KEYCLOAK_IDENTITY
>>>>>>>>>>>>> 2017-04-25 09:54:45,059 DEBUG
>>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow] 
>>>>>>>>>>>>> (default
>>>>>>>>>>>>> task-30) authenticator ATTEMPTED: auth-cookie
>>>>>>>>>>>>> 2017-04-25 09:54:45,059 DEBUG
>>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow] 
>>>>>>>>>>>>> (default
>>>>>>>>>>>>> task-30) check execution: auth-spnego requirement: DISABLED
>>>>>>>>>>>>> 2017-04-25 09:54:45,059 DEBUG
>>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow] 
>>>>>>>>>>>>> (default
>>>>>>>>>>>>> task-30) execution is processed
>>>>>>>>>>>>> 2017-04-25 09:54:45,059 DEBUG
>>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow] 
>>>>>>>>>>>>> (default
>>>>>>>>>>>>> task-30) check execution: identity-provider-redirector 
>>>>>>>>>>>>> requirement:
>>>>>>>>>>>>> ALTERNATIVE
>>>>>>>>>>>>> 2017-04-25 09:54:45,059 DEBUG
>>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow] 
>>>>>>>>>>>>> (default
>>>>>>>>>>>>> task-30) authenticator: identity-provider-redirector
>>>>>>>>>>>>> 2017-04-25 09:54:45,059 DEBUG
>>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow] 
>>>>>>>>>>>>> (default
>>>>>>>>>>>>> task-30) invoke authenticator.authenticate
>>>>>>>>>>>>> 2017-04-25 09:54:45,059 DEBUG
>>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow] 
>>>>>>>>>>>>> (default
>>>>>>>>>>>>> task-30) authenticator ATTEMPTED: 
>>>>>>>>>>>>> identity-provider-redirector
>>>>>>>>>>>>> 2017-04-25 09:54:45,059 DEBUG
>>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow] 
>>>>>>>>>>>>> (default
>>>>>>>>>>>>> task-30) check execution: null requirement: ALTERNATIVE
>>>>>>>>>>>>> 2017-04-25 09:54:45,059 DEBUG
>>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow] 
>>>>>>>>>>>>> (default
>>>>>>>>>>>>> task-30) execution is flow
>>>>>>>>>>>>> 2017-04-25 09:54:45,059 DEBUG
>>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow] 
>>>>>>>>>>>>> (default
>>>>>>>>>>>>> task-30) processFlow
>>>>>>>>>>>>> 2017-04-25 09:54:45,059 DEBUG
>>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow] 
>>>>>>>>>>>>> (default
>>>>>>>>>>>>> task-30) check execution: auth-username-password-form 
>>>>>>>>>>>>> requirement: REQUIRED
>>>>>>>>>>>>> 2017-04-25 09:54:45,059 DEBUG
>>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow] 
>>>>>>>>>>>>> (default
>>>>>>>>>>>>> task-30) authenticator: auth-username-password-form
>>>>>>>>>>>>> 2017-04-25 09:54:45,059 DEBUG
>>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow] 
>>>>>>>>>>>>> (default
>>>>>>>>>>>>> task-30) invoke authenticator.authenticate
>>>>>>>>>>>>> 2017-04-25 09:54:45,060 DEBUG [freemarker.cache] (default 
>>>>>>>>>>>>> task-30)
>>>>>>>>>>>>> TemplateLoader.findTemplateSource("template_en_US.ftl"): 
>>>>>>>>>>>>> Not found
>>>>>>>>>>>>> 2017-04-25 09:54:45,060 DEBUG [freemarker.cache] (default 
>>>>>>>>>>>>> task-30)
>>>>>>>>>>>>> TemplateLoader.findTemplateSource("template_en.ftl"): Not 
>>>>>>>>>>>>> found
>>>>>>>>>>>>> 2017-04-25 09:54:45,060 DEBUG [freemarker.cache] (default 
>>>>>>>>>>>>> task-30)
>>>>>>>>>>>>> TemplateLoader.findTemplateSource("template.ftl"): Found
>>>>>>>>>>>>> 2017-04-25 09:54:45,061 DEBUG [freemarker.cache] (default 
>>>>>>>>>>>>> task-30)
>>>>>>>>>>>>> "template.ftl"("en_US", UTF-8, parsed): using cached since
>>>>>>>>>>>>> file:/opt/jboss/keycloak/themes/base/login/template.ftl 
>>>>>>>>>>>>> hasn't changed.
>>>>>>>>>>>>> 2017-04-25 09:54:45,064 DEBUG
>>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow] 
>>>>>>>>>>>>> (default
>>>>>>>>>>>>> task-30) authenticator CHALLENGE: auth-username-password-form
>>>>>>>>>>>>> 2017-04-25 09:54:45,064 DEBUG
>>>>>>>>>>>>> [org.keycloak.transaction.JtaTransactionWrapper] (default 
>>>>>>>>>>>>> task-30)
>>>>>>>>>>>>> JtaTransactionWrapper  commit
>>>>>>>>>>>>> 2017-04-25 09:54:45,064 DEBUG
>>>>>>>>>>>>> [org.keycloak.transaction.JtaTransactionWrapper] (default 
>>>>>>>>>>>>> task-30)
>>>>>>>>>>>>> JtaTransactionWrapper end
>>>>>>>>>>>>> 2017-04-25 09:54:50,503 DEBUG [org.jboss.ejb.client.txn] 
>>>>>>>>>>>>> (Periodic
>>>>>>>>>>>>> Recovery) Send recover request for transaction origin node 
>>>>>>>>>>>>> identifier 1
>>>>>>>>>>>>> to EJB receiver with node name 79051ccf69ac
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> *After authentication to portal1**
>>>>>>>>>>>>> *
>>>>>>>>>>>>> 2017-04-25 09:54:56,041 DEBUG
>>>>>>>>>>>>> [org.keycloak.transaction.JtaTransactionWrapper] (default 
>>>>>>>>>>>>> task-31) new
>>>>>>>>>>>>> JtaTransactionWrapper
>>>>>>>>>>>>> 2017-04-25 09:54:56,041 DEBUG
>>>>>>>>>>>>> [org.keycloak.transaction.JtaTransactionWrapper] (default 
>>>>>>>>>>>>> task-31) was
>>>>>>>>>>>>> existing? false
>>>>>>>>>>>>> 2017-04-25 09:54:56,042 DEBUG 
>>>>>>>>>>>>> [org.jboss.resteasy.resteasy_jaxrs.i18n]
>>>>>>>>>>>>> (default task-31) RESTEASY002315: PathInfo:
>>>>>>>>>>>>> /realms/Demo/login-actions/authenticate
>>>>>>>>>>>>> 2017-04-25 09:54:56,042 DEBUG
>>>>>>>>>>>>> [org.keycloak.authentication.AuthenticationProcessor] 
>>>>>>>>>>>>> (default task-31)
>>>>>>>>>>>>> authenticationAction
>>>>>>>>>>>>> 2017-04-25 09:54:56,042 DEBUG
>>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow] 
>>>>>>>>>>>>> (default
>>>>>>>>>>>>> task-31) processAction: dfde24fe-5e06-4dc9-8dc2-f82eedd89846
>>>>>>>>>>>>> 2017-04-25 09:54:56,043 DEBUG
>>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow] 
>>>>>>>>>>>>> (default
>>>>>>>>>>>>> task-31) check: auth-cookie requirement: ALTERNATIVE
>>>>>>>>>>>>> 2017-04-25 09:54:56,043 DEBUG
>>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow] 
>>>>>>>>>>>>> (default
>>>>>>>>>>>>> task-31) execution is processed
>>>>>>>>>>>>> 2017-04-25 09:54:56,043 DEBUG
>>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow] 
>>>>>>>>>>>>> (default
>>>>>>>>>>>>> task-31) check: auth-spnego requirement: DISABLED
>>>>>>>>>>>>> 2017-04-25 09:54:56,043 DEBUG
>>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow] 
>>>>>>>>>>>>> (default
>>>>>>>>>>>>> task-31) execution is processed
>>>>>>>>>>>>> 2017-04-25 09:54:56,043 DEBUG
>>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow] 
>>>>>>>>>>>>> (default
>>>>>>>>>>>>> task-31) check: identity-provider-redirector requirement: 
>>>>>>>>>>>>> ALTERNATIVE
>>>>>>>>>>>>> 2017-04-25 09:54:56,043 DEBUG
>>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow] 
>>>>>>>>>>>>> (default
>>>>>>>>>>>>> task-31) execution is processed
>>>>>>>>>>>>> 2017-04-25 09:54:56,043 DEBUG
>>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow] 
>>>>>>>>>>>>> (default
>>>>>>>>>>>>> task-31) check: null requirement: ALTERNATIVE
>>>>>>>>>>>>> 2017-04-25 09:54:56,043 DEBUG
>>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow] 
>>>>>>>>>>>>> (default
>>>>>>>>>>>>> task-31) processAction: dfde24fe-5e06-4dc9-8dc2-f82eedd89846
>>>>>>>>>>>>> 2017-04-25 09:54:56,043 DEBUG
>>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow] 
>>>>>>>>>>>>> (default
>>>>>>>>>>>>> task-31) check: auth-username-password-form requirement: 
>>>>>>>>>>>>> REQUIRED
>>>>>>>>>>>>> 2017-04-25 09:54:56,043 DEBUG
>>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow] 
>>>>>>>>>>>>> (default
>>>>>>>>>>>>> task-31) action: auth-username-password-form
>>>>>>>>>>>>> 2017-04-25 09:54:56,141 DEBUG
>>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow] 
>>>>>>>>>>>>> (default
>>>>>>>>>>>>> task-31) authenticator SUCCESS: auth-username-password-form
>>>>>>>>>>>>> 2017-04-25 09:54:56,141 DEBUG
>>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow] 
>>>>>>>>>>>>> (default
>>>>>>>>>>>>> task-31) processFlow
>>>>>>>>>>>>> 2017-04-25 09:54:56,141 DEBUG
>>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow] 
>>>>>>>>>>>>> (default
>>>>>>>>>>>>> task-31) check execution: auth-otp-form requirement: OPTIONAL
>>>>>>>>>>>>> 2017-04-25 09:54:56,141 DEBUG
>>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow] 
>>>>>>>>>>>>> (default
>>>>>>>>>>>>> task-31) authenticator: auth-otp-form
>>>>>>>>>>>>> 2017-04-25 09:54:56,141 DEBUG
>>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow] 
>>>>>>>>>>>>> (default
>>>>>>>>>>>>> task-31) processFlow
>>>>>>>>>>>>> 2017-04-25 09:54:56,141 DEBUG
>>>>>>>>>>>>> [org.hibernate.resource.transaction.backend.jta.internal.JtaTransactionCoordinatorImpl] 
>>>>>>>>>>>>>
>>>>>>>>>>>>> (default task-31) Hibernate RegisteredSynchronization 
>>>>>>>>>>>>> successfully
>>>>>>>>>>>>> registered with JTA platform
>>>>>>>>>>>>> 2017-04-25 09:54:56,142 DEBUG [org.hibernate.SQL] (default 
>>>>>>>>>>>>> task-31)
>>>>>>>>>>>>>       select
>>>>>>>>>>>>>           roleentity0_.ID as col_0_0_
>>>>>>>>>>>>>       from
>>>>>>>>>>>>>           KEYCLOAK_ROLE roleentity0_
>>>>>>>>>>>>>       where
>>>>>>>>>>>>>           roleentity0_.CLIENT_ROLE=0
>>>>>>>>>>>>>           and roleentity0_.NAME=?
>>>>>>>>>>>>>           and roleentity0_.REALM=?
>>>>>>>>>>>>> 2017-04-25 09:54:56,142 DEBUG
>>>>>>>>>>>>> [org.jboss.jca.core.connectionmanager.pool.strategy.OnePool] 
>>>>>>>>>>>>> (default
>>>>>>>>>>>>> task-31) MySqlDS: getConnection(null,
>>>>>>>>>>>>> WrappedConnectionRequestInfo at 4570d800[userName=KeycloakUSR]) 
>>>>>>>>>>>>> [0/20]
>>>>>>>>>>>>> 2017-04-25 09:54:56,143 DEBUG
>>>>>>>>>>>>> [org.hibernate.resource.jdbc.internal.LogicalConnectionManagedImpl] 
>>>>>>>>>>>>>
>>>>>>>>>>>>> (default task-31) Initiating JDBC connection release from 
>>>>>>>>>>>>> afterStatement
>>>>>>>>>>>>> 2017-04-25 09:54:56,143 DEBUG [org.hibernate.SQL] (default 
>>>>>>>>>>>>> task-31)
>>>>>>>>>>>>>       select
>>>>>>>>>>>>>           roleentity0_.ID as col_0_0_
>>>>>>>>>>>>>       from
>>>>>>>>>>>>>           KEYCLOAK_ROLE roleentity0_
>>>>>>>>>>>>>       where
>>>>>>>>>>>>>           roleentity0_.CLIENT_ROLE=0
>>>>>>>>>>>>>           and roleentity0_.NAME=?
>>>>>>>>>>>>>           and roleentity0_.REALM=?
>>>>>>>>>>>>> 2017-04-25 09:54:56,144 DEBUG
>>>>>>>>>>>>> [org.hibernate.resource.jdbc.internal.LogicalConnectionManagedImpl] 
>>>>>>>>>>>>>
>>>>>>>>>>>>> (default task-31) Initiating JDBC connection release from 
>>>>>>>>>>>>> afterStatement
>>>>>>>>>>>>> 2017-04-25 09:54:56,144 DEBUG [org.hibernate.SQL] (default 
>>>>>>>>>>>>> task-31)
>>>>>>>>>>>>>       select
>>>>>>>>>>>>>           roleentity0_.ID as col_0_0_
>>>>>>>>>>>>>       from
>>>>>>>>>>>>>           KEYCLOAK_ROLE roleentity0_
>>>>>>>>>>>>>       where
>>>>>>>>>>>>>           roleentity0_.CLIENT_ROLE=0
>>>>>>>>>>>>>           and roleentity0_.NAME=?
>>>>>>>>>>>>>           and roleentity0_.REALM=?
>>>>>>>>>>>>> 2017-04-25 09:54:56,144 DEBUG
>>>>>>>>>>>>> [org.hibernate.resource.jdbc.internal.LogicalConnectionManagedImpl] 
>>>>>>>>>>>>>
>>>>>>>>>>>>> (default task-31) Initiating JDBC connection release from 
>>>>>>>>>>>>> afterStatement
>>>>>>>>>>>>> 2017-04-25 09:54:56,145 DEBUG [org.keycloak.events] 
>>>>>>>>>>>>> (default task-31)
>>>>>>>>>>>>> type=LOGIN, realmId=Demo, clientId=moodle,
>>>>>>>>>>>>> userId=ed5ba52a-531d-4e6e-b12e-9bc0957a8c1f, 
>>>>>>>>>>>>> ipAddress=192.168.0.27,
>>>>>>>>>>>>> auth_method=openid-connect, auth_type=code,
>>>>>>>>>>>>> redirect_uri=https://localhost/moodleiam/auth/oidc/,
>>>>>>>>>>>>> consent=no_consent_required,
>>>>>>>>>>>>> code_id=08539f13-cb1c-423e-86a3-365c29b055f1, 
>>>>>>>>>>>>> username=testuser
>>>>>>>>>>>>> 2017-04-25 09:54:56,145 DEBUG
>>>>>>>>>>>>> [org.keycloak.services.managers.AuthenticationManager] 
>>>>>>>>>>>>> (default task-31)
>>>>>>>>>>>>> Removing old user session: session: 
>>>>>>>>>>>>> 9a5218f8-aa9c-496c-aa00-780430f19c1b
>>>>>>>>>>>>> 2017-04-25 09:54:56,145 DEBUG
>>>>>>>>>>>>> [org.keycloak.services.managers.AuthenticationManager] 
>>>>>>>>>>>>> (default task-31)
>>>>>>>>>>>>> Create login cookie - name: KEYCLOAK_IDENTITY, path: 
>>>>>>>>>>>>> /auth/realms/Demo,
>>>>>>>>>>>>> max-age: -1
>>>>>>>>>>>>> 2017-04-25 09:54:56,145 DEBUG
>>>>>>>>>>>>> [org.keycloak.services.managers.AuthenticationManager] 
>>>>>>>>>>>>> (default task-31)
>>>>>>>>>>>>> Expiring remember me cookie
>>>>>>>>>>>>> 2017-04-25 09:54:56,145 DEBUG
>>>>>>>>>>>>> [org.keycloak.services.managers.AuthenticationManager] 
>>>>>>>>>>>>> (default task-31)
>>>>>>>>>>>>> Expiring cookie: KEYCLOAK_REMEMBER_ME path: /auth/realms/Demo
>>>>>>>>>>>>> 2017-04-25 09:54:56,146 DEBUG
>>>>>>>>>>>>> [org.keycloak.protocol.oidc.OIDCLoginProtocol] (default 
>>>>>>>>>>>>> task-31)
>>>>>>>>>>>>> redirectAccessCode: state: bIJNAcPb8Rxz8Wb
>>>>>>>>>>>>> 2017-04-25 09:54:56,146 DEBUG
>>>>>>>>>>>>> [org.keycloak.transaction.JtaTransactionWrapper] (default 
>>>>>>>>>>>>> task-31)
>>>>>>>>>>>>> JtaTransactionWrapper  commit
>>>>>>>>>>>>> 2017-04-25 09:54:56,149 DEBUG
>>>>>>>>>>>>> [org.jboss.jca.core.connectionmanager.pool.strategy.OnePool] 
>>>>>>>>>>>>> (default
>>>>>>>>>>>>> task-31) MySqlDS: returnConnection(4edba62b, false) [0/20]
>>>>>>>>>>>>> 2017-04-25 09:54:56,149 DEBUG
>>>>>>>>>>>>> [org.hibernate.resource.jdbc.internal.LogicalConnectionManagedImpl] 
>>>>>>>>>>>>>
>>>>>>>>>>>>> (default task-31) Initiating JDBC connection release from 
>>>>>>>>>>>>> afterTransaction
>>>>>>>>>>>>> 2017-04-25 09:54:56,149 DEBUG
>>>>>>>>>>>>> [org.keycloak.transaction.JtaTransactionWrapper] (default 
>>>>>>>>>>>>> task-31)
>>>>>>>>>>>>> JtaTransactionWrapper end
>>>>>>>>>>>>> 2017-04-25 09:54:56,642 DEBUG
>>>>>>>>>>>>> [org.keycloak.transaction.JtaTransactionWrapper] (default 
>>>>>>>>>>>>> task-24) new
>>>>>>>>>>>>> JtaTransactionWrapper
>>>>>>>>>>>>> 2017-04-25 09:54:56,642 DEBUG
>>>>>>>>>>>>> [org.keycloak.transaction.JtaTransactionWrapper] (default 
>>>>>>>>>>>>> task-24) was
>>>>>>>>>>>>> existing? false
>>>>>>>>>>>>> 2017-04-25 09:54:56,642 DEBUG 
>>>>>>>>>>>>> [org.jboss.resteasy.resteasy_jaxrs.i18n]
>>>>>>>>>>>>> (default task-24) RESTEASY002315: PathInfo:
>>>>>>>>>>>>> /realms/demo/protocol/openid-connect/token
>>>>>>>>>>>>> 2017-04-25 09:54:56,643 DEBUG
>>>>>>>>>>>>> [org.keycloak.authentication.AuthenticationProcessor] 
>>>>>>>>>>>>> (default task-24)
>>>>>>>>>>>>> AUTHENTICATE CLIENT
>>>>>>>>>>>>> 2017-04-25 09:54:56,643 DEBUG
>>>>>>>>>>>>> [org.keycloak.authentication.ClientAuthenticationFlow] 
>>>>>>>>>>>>> (default task-24)
>>>>>>>>>>>>> client authenticator: client-secret
>>>>>>>>>>>>> 2017-04-25 09:54:56,643 DEBUG
>>>>>>>>>>>>> [org.keycloak.authentication.ClientAuthenticationFlow] 
>>>>>>>>>>>>> (default task-24)
>>>>>>>>>>>>> client authenticator SUCCESS: client-secret
>>>>>>>>>>>>> 2017-04-25 09:54:56,643 DEBUG
>>>>>>>>>>>>> [org.keycloak.authentication.ClientAuthenticationFlow] 
>>>>>>>>>>>>> (default task-24)
>>>>>>>>>>>>> Client moodle authenticated by client-secret
>>>>>>>>>>>>> 2017-04-25 09:54:56,663 DEBUG [org.keycloak.events] 
>>>>>>>>>>>>> (default task-24)
>>>>>>>>>>>>> type=CODE_TO_TOKEN, realmId=Demo, clientId=moodle,
>>>>>>>>>>>>> userId=ed5ba52a-531d-4e6e-b12e-9bc0957a8c1f, 
>>>>>>>>>>>>> ipAddress=153.109.152.213,
>>>>>>>>>>>>> token_id=75173922-dd56-44ca-9255-9a5368e557f4,
>>>>>>>>>>>>> grant_type=authorization_code, refresh_token_type=Refresh,
>>>>>>>>>>>>> refresh_token_id=d7daabe5-8e73-4b8e-b108-92188e1118df,
>>>>>>>>>>>>> code_id=08539f13-cb1c-423e-86a3-365c29b055f1,
>>>>>>>>>>>>> client_auth_method=client-secret
>>>>>>>>>>>>> 2017-04-25 09:54:56,663 DEBUG
>>>>>>>>>>>>> [org.keycloak.transaction.JtaTransactionWrapper] (default 
>>>>>>>>>>>>> task-24)
>>>>>>>>>>>>> JtaTransactionWrapper  commit
>>>>>>>>>>>>> 2017-04-25 09:54:56,663 DEBUG
>>>>>>>>>>>>> [org.keycloak.transaction.JtaTransactionWrapper] (default 
>>>>>>>>>>>>> task-24)
>>>>>>>>>>>>> JtaTransactionWrapper end
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> *Login to portal2**
>>>>>>>>>>>>> *
>>>>>>>>>>>>> 2017-04-25 09:56:17,566 DEBUG
>>>>>>>>>>>>> [org.keycloak.transaction.JtaTransactionWrapper] (default 
>>>>>>>>>>>>> task-6) new
>>>>>>>>>>>>> JtaTransactionWrapper
>>>>>>>>>>>>> 2017-04-25 09:56:17,566 DEBUG
>>>>>>>>>>>>> [org.keycloak.transaction.JtaTransactionWrapper] (default 
>>>>>>>>>>>>> task-6) was
>>>>>>>>>>>>> existing? false
>>>>>>>>>>>>> 2017-04-25 09:56:17,567 DEBUG 
>>>>>>>>>>>>> [org.jboss.resteasy.resteasy_jaxrs.i18n]
>>>>>>>>>>>>> (default task-6) RESTEASY002315: PathInfo:
>>>>>>>>>>>>> /realms/demo/protocol/openid-connect/auth
>>>>>>>>>>>>> 2017-04-25 09:56:17,569 DEBUG
>>>>>>>>>>>>> [org.keycloak.authentication.AuthenticationProcessor] 
>>>>>>>>>>>>> (default task-6)
>>>>>>>>>>>>> AUTHENTICATE
>>>>>>>>>>>>> 2017-04-25 09:56:17,569 DEBUG
>>>>>>>>>>>>> [org.keycloak.authentication.AuthenticationProcessor] 
>>>>>>>>>>>>> (default task-6)
>>>>>>>>>>>>> AUTHENTICATE ONLY
>>>>>>>>>>>>> 2017-04-25 09:56:17,569 DEBUG
>>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow] 
>>>>>>>>>>>>> (default task-6)
>>>>>>>>>>>>> processFlow
>>>>>>>>>>>>> 2017-04-25 09:56:17,569 DEBUG
>>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow] 
>>>>>>>>>>>>> (default task-6)
>>>>>>>>>>>>> check execution: auth-cookie requirement: ALTERNATIVE
>>>>>>>>>>>>> 2017-04-25 09:56:17,569 DEBUG
>>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow] 
>>>>>>>>>>>>> (default task-6)
>>>>>>>>>>>>> authenticator: auth-cookie
>>>>>>>>>>>>> 2017-04-25 09:56:17,569 DEBUG
>>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow] 
>>>>>>>>>>>>> (default task-6)
>>>>>>>>>>>>> invoke authenticator.authenticate
>>>>>>>>>>>>> 2017-04-25 09:56:17,569 DEBUG
>>>>>>>>>>>>> [org.keycloak.services.managers.AuthenticationManager] 
>>>>>>>>>>>>> (default task-6)
>>>>>>>>>>>>> Could not find cookie: KEYCLOAK_IDENTITY
>>>>>>>>>>>>> 2017-04-25 09:56:17,569 DEBUG
>>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow] 
>>>>>>>>>>>>> (default task-6)
>>>>>>>>>>>>> authenticator ATTEMPTED: auth-cookie
>>>>>>>>>>>>> 2017-04-25 09:56:17,569 DEBUG
>>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow] 
>>>>>>>>>>>>> (default task-6)
>>>>>>>>>>>>> check execution: auth-spnego requirement: DISABLED
>>>>>>>>>>>>> 2017-04-25 09:56:17,569 DEBUG
>>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow] 
>>>>>>>>>>>>> (default task-6)
>>>>>>>>>>>>> execution is processed
>>>>>>>>>>>>> 2017-04-25 09:56:17,569 DEBUG
>>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow] 
>>>>>>>>>>>>> (default task-6)
>>>>>>>>>>>>> check execution: identity-provider-redirector requirement: 
>>>>>>>>>>>>> ALTERNATIVE
>>>>>>>>>>>>> 2017-04-25 09:56:17,569 DEBUG
>>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow] 
>>>>>>>>>>>>> (default task-6)
>>>>>>>>>>>>> authenticator: identity-provider-redirector
>>>>>>>>>>>>> 2017-04-25 09:56:17,569 DEBUG
>>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow] 
>>>>>>>>>>>>> (default task-6)
>>>>>>>>>>>>> invoke authenticator.authenticate
>>>>>>>>>>>>> 2017-04-25 09:56:17,569 DEBUG
>>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow] 
>>>>>>>>>>>>> (default task-6)
>>>>>>>>>>>>> authenticator ATTEMPTED: identity-provider-redirector
>>>>>>>>>>>>> 2017-04-25 09:56:17,569 DEBUG
>>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow] 
>>>>>>>>>>>>> (default task-6)
>>>>>>>>>>>>> check execution: null requirement: ALTERNATIVE
>>>>>>>>>>>>> 2017-04-25 09:56:17,569 DEBUG
>>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow] 
>>>>>>>>>>>>> (default task-6)
>>>>>>>>>>>>> execution is flow
>>>>>>>>>>>>> 2017-04-25 09:56:17,569 DEBUG
>>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow] 
>>>>>>>>>>>>> (default task-6)
>>>>>>>>>>>>> processFlow
>>>>>>>>>>>>> 2017-04-25 09:56:17,569 DEBUG
>>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow] 
>>>>>>>>>>>>> (default task-6)
>>>>>>>>>>>>> check execution: auth-username-password-form requirement: 
>>>>>>>>>>>>> REQUIRED
>>>>>>>>>>>>> 2017-04-25 09:56:17,569 DEBUG
>>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow] 
>>>>>>>>>>>>> (default task-6)
>>>>>>>>>>>>> authenticator: auth-username-password-form
>>>>>>>>>>>>> 2017-04-25 09:56:17,569 DEBUG
>>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow] 
>>>>>>>>>>>>> (default task-6)
>>>>>>>>>>>>> invoke authenticator.authenticate
>>>>>>>>>>>>> 2017-04-25 09:56:17,572 DEBUG [freemarker.cache] (default 
>>>>>>>>>>>>> task-6)
>>>>>>>>>>>>> TemplateLoader.findTemplateSource("template_en_US.ftl"): 
>>>>>>>>>>>>> Not found
>>>>>>>>>>>>> 2017-04-25 09:56:17,572 DEBUG [freemarker.cache] (default 
>>>>>>>>>>>>> task-6)
>>>>>>>>>>>>> TemplateLoader.findTemplateSource("template_en.ftl"): Not 
>>>>>>>>>>>>> found
>>>>>>>>>>>>> 2017-04-25 09:56:17,572 DEBUG [freemarker.cache] (default 
>>>>>>>>>>>>> task-6)
>>>>>>>>>>>>> TemplateLoader.findTemplateSource("template.ftl"): Found
>>>>>>>>>>>>> 2017-04-25 09:56:17,572 DEBUG [freemarker.cache] (default 
>>>>>>>>>>>>> task-6)
>>>>>>>>>>>>> "template.ftl"("en_US", UTF-8, parsed): using cached since
>>>>>>>>>>>>> file:/opt/jboss/keycloak/themes/base/login/template.ftl 
>>>>>>>>>>>>> hasn't changed.
>>>>>>>>>>>>> 2017-04-25 09:56:17,573 DEBUG
>>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow] 
>>>>>>>>>>>>> (default task-6)
>>>>>>>>>>>>> authenticator CHALLENGE: auth-username-password-form
>>>>>>>>>>>>> 2017-04-25 09:56:17,573 DEBUG
>>>>>>>>>>>>> [org.keycloak.transaction.JtaTransactionWrapper] (default 
>>>>>>>>>>>>> task-6)
>>>>>>>>>>>>> JtaTransactionWrapper  commit
>>>>>>>>>>>>> 2017-04-25 09:56:17,573 DEBUG
>>>>>>>>>>>>> [org.keycloak.transaction.JtaTransactionWrapper] (default 
>>>>>>>>>>>>> task-6)
>>>>>>>>>>>>> JtaTransactionWrapper end
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> *After authentication to portal2**
>>>>>>>>>>>>> *
>>>>>>>>>>>>> 2017-04-25 09:56:29,001 DEBUG
>>>>>>>>>>>>> [org.keycloak.transaction.JtaTransactionWrapper] (default 
>>>>>>>>>>>>> task-4) new
>>>>>>>>>>>>> JtaTransactionWrapper
>>>>>>>>>>>>> 2017-04-25 09:56:29,001 DEBUG
>>>>>>>>>>>>> [org.keycloak.transaction.JtaTransactionWrapper] (default 
>>>>>>>>>>>>> task-4) was
>>>>>>>>>>>>> existing? false
>>>>>>>>>>>>> 2017-04-25 09:56:29,001 DEBUG 
>>>>>>>>>>>>> [org.jboss.resteasy.resteasy_jaxrs.i18n]
>>>>>>>>>>>>> (default task-4) RESTEASY002315: PathInfo:
>>>>>>>>>>>>> /realms/Demo/login-actions/authenticate
>>>>>>>>>>>>> 2017-04-25 09:56:29,002 DEBUG
>>>>>>>>>>>>> [org.keycloak.authentication.AuthenticationProcessor] 
>>>>>>>>>>>>> (default task-4)
>>>>>>>>>>>>> authenticationAction
>>>>>>>>>>>>> 2017-04-25 09:56:29,002 DEBUG
>>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow] 
>>>>>>>>>>>>> (default task-4)
>>>>>>>>>>>>> processAction: dfde24fe-5e06-4dc9-8dc2-f82eedd89846
>>>>>>>>>>>>> 2017-04-25 09:56:29,002 DEBUG
>>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow] 
>>>>>>>>>>>>> (default task-4)
>>>>>>>>>>>>> check: auth-cookie requirement: ALTERNATIVE
>>>>>>>>>>>>> 2017-04-25 09:56:29,002 DEBUG
>>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow] 
>>>>>>>>>>>>> (default task-4)
>>>>>>>>>>>>> execution is processed
>>>>>>>>>>>>> 2017-04-25 09:56:29,002 DEBUG
>>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow] 
>>>>>>>>>>>>> (default task-4)
>>>>>>>>>>>>> check: auth-spnego requirement: DISABLED
>>>>>>>>>>>>> 2017-04-25 09:56:29,002 DEBUG
>>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow] 
>>>>>>>>>>>>> (default task-4)
>>>>>>>>>>>>> execution is processed
>>>>>>>>>>>>> 2017-04-25 09:56:29,004 DEBUG
>>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow] 
>>>>>>>>>>>>> (default task-4)
>>>>>>>>>>>>> check: identity-provider-redirector requirement: ALTERNATIVE
>>>>>>>>>>>>> 2017-04-25 09:56:29,004 DEBUG
>>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow] 
>>>>>>>>>>>>> (default task-4)
>>>>>>>>>>>>> execution is processed
>>>>>>>>>>>>> 2017-04-25 09:56:29,004 DEBUG
>>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow] 
>>>>>>>>>>>>> (default task-4)
>>>>>>>>>>>>> check: null requirement: ALTERNATIVE
>>>>>>>>>>>>> 2017-04-25 09:56:29,004 DEBUG
>>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow] 
>>>>>>>>>>>>> (default task-4)
>>>>>>>>>>>>> processAction: dfde24fe-5e06-4dc9-8dc2-f82eedd89846
>>>>>>>>>>>>> 2017-04-25 09:56:29,004 DEBUG
>>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow] 
>>>>>>>>>>>>> (default task-4)
>>>>>>>>>>>>> check: auth-username-password-form requirement: REQUIRED
>>>>>>>>>>>>> 2017-04-25 09:56:29,004 DEBUG
>>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow] 
>>>>>>>>>>>>> (default task-4)
>>>>>>>>>>>>> action: auth-username-password-form
>>>>>>>>>>>>> 2017-04-25 09:56:29,099 DEBUG
>>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow] 
>>>>>>>>>>>>> (default task-4)
>>>>>>>>>>>>> authenticator SUCCESS: auth-username-password-form
>>>>>>>>>>>>> 2017-04-25 09:56:29,100 DEBUG
>>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow] 
>>>>>>>>>>>>> (default task-4)
>>>>>>>>>>>>> processFlow
>>>>>>>>>>>>> 2017-04-25 09:56:29,100 DEBUG
>>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow] 
>>>>>>>>>>>>> (default task-4)
>>>>>>>>>>>>> check execution: auth-otp-form requirement: OPTIONAL
>>>>>>>>>>>>> 2017-04-25 09:56:29,100 DEBUG
>>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow] 
>>>>>>>>>>>>> (default task-4)
>>>>>>>>>>>>> authenticator: auth-otp-form
>>>>>>>>>>>>> 2017-04-25 09:56:29,100 DEBUG
>>>>>>>>>>>>> [org.keycloak.authentication.DefaultAuthenticationFlow] 
>>>>>>>>>>>>> (default task-4)
>>>>>>>>>>>>> processFlow
>>>>>>>>>>>>> 2017-04-25 09:56:29,100 DEBUG
>>>>>>>>>>>>> [org.hibernate.resource.transaction.backend.jta.internal.JtaTransactionCoordinatorImpl] 
>>>>>>>>>>>>>
>>>>>>>>>>>>> (default task-4) Hibernate RegisteredSynchronization 
>>>>>>>>>>>>> successfully
>>>>>>>>>>>>> registered with JTA platform
>>>>>>>>>>>>> 2017-04-25 09:56:29,100 DEBUG [org.hibernate.SQL] (default 
>>>>>>>>>>>>> task-4)
>>>>>>>>>>>>>       select
>>>>>>>>>>>>>           roleentity0_.ID as col_0_0_
>>>>>>>>>>>>>       from
>>>>>>>>>>>>>           KEYCLOAK_ROLE roleentity0_
>>>>>>>>>>>>>       where
>>>>>>>>>>>>>           roleentity0_.CLIENT_ROLE=0
>>>>>>>>>>>>>           and roleentity0_.NAME=?
>>>>>>>>>>>>>           and roleentity0_.REALM=?
>>>>>>>>>>>>> 2017-04-25 09:56:29,101 DEBUG
>>>>>>>>>>>>> [org.jboss.jca.core.connectionmanager.pool.strategy.OnePool] 
>>>>>>>>>>>>> (default
>>>>>>>>>>>>> task-4) MySqlDS: getConnection(null,
>>>>>>>>>>>>> WrappedConnectionRequestInfo at 4570d800[userName=KeycloakUSR]) 
>>>>>>>>>>>>> [0/20]
>>>>>>>>>>>>> 2017-04-25 09:56:29,102 DEBUG
>>>>>>>>>>>>> [org.hibernate.resource.jdbc.internal.LogicalConnectionManagedImpl] 
>>>>>>>>>>>>>
>>>>>>>>>>>>> (default task-4) Initiating JDBC connection release from 
>>>>>>>>>>>>> afterStatement
>>>>>>>>>>>>> 2017-04-25 09:56:29,103 DEBUG [org.hibernate.SQL] (default 
>>>>>>>>>>>>> task-4)
>>>>>>>>>>>>>       select
>>>>>>>>>>>>>           roleentity0_.ID as col_0_0_
>>>>>>>>>>>>>       from
>>>>>>>>>>>>>           KEYCLOAK_ROLE roleentity0_
>>>>>>>>>>>>>       where
>>>>>>>>>>>>>           roleentity0_.CLIENT_ROLE=0
>>>>>>>>>>>>>           and roleentity0_.NAME=?
>>>>>>>>>>>>>           and roleentity0_.REALM=?
>>>>>>>>>>>>> 2017-04-25 09:56:29,103 DEBUG
>>>>>>>>>>>>> [org.hibernate.resource.jdbc.internal.LogicalConnectionManagedImpl] 
>>>>>>>>>>>>>
>>>>>>>>>>>>> (default task-4) Initiating JDBC connection release from 
>>>>>>>>>>>>> afterStatement
>>>>>>>>>>>>> 2017-04-25 09:56:29,103 DEBUG [org.hibernate.SQL] (default 
>>>>>>>>>>>>> task-4)
>>>>>>>>>>>>>       select
>>>>>>>>>>>>>           roleentity0_.ID as col_0_0_
>>>>>>>>>>>>>       from
>>>>>>>>>>>>>           KEYCLOAK_ROLE roleentity0_
>>>>>>>>>>>>>       where
>>>>>>>>>>>>>           roleentity0_.CLIENT_ROLE=0
>>>>>>>>>>>>>           and roleentity0_.NAME=?
>>>>>>>>>>>>>           and roleentity0_.REALM=?
>>>>>>>>>>>>> 2017-04-25 09:56:29,104 DEBUG
>>>>>>>>>>>>> [org.hibernate.resource.jdbc.internal.LogicalConnectionManagedImpl] 
>>>>>>>>>>>>>
>>>>>>>>>>>>> (default task-4) Initiating JDBC connection release from 
>>>>>>>>>>>>> afterStatement
>>>>>>>>>>>>> 2017-04-25 09:56:29,104 DEBUG [org.keycloak.events] 
>>>>>>>>>>>>> (default task-4)
>>>>>>>>>>>>> type=LOGIN, realmId=Demo, clientId=moodle2,
>>>>>>>>>>>>> userId=ed5ba52a-531d-4e6e-b12e-9bc0957a8c1f, 
>>>>>>>>>>>>> ipAddress=192.168.0.27,
>>>>>>>>>>>>> auth_method=openid-connect, auth_type=code,
>>>>>>>>>>>>> redirect_uri=https://localhost/moodle2iam/auth/oidc/,
>>>>>>>>>>>>> consent=no_consent_required,
>>>>>>>>>>>>> code_id=cffeac69-54fc-4d19-be81-36f0f19ce1ef, 
>>>>>>>>>>>>> username=testuser
>>>>>>>>>>>>> 2017-04-25 09:56:29,104 DEBUG
>>>>>>>>>>>>> [org.keycloak.services.managers.AuthenticationManager] 
>>>>>>>>>>>>> (default task-4)
>>>>>>>>>>>>> Removing old user session: session: 
>>>>>>>>>>>>> 431cecf6-5a6b-4bbc-9467-3f52eff8090f
>>>>>>>>>>>>> 2017-04-25 09:56:29,105 DEBUG
>>>>>>>>>>>>> [org.keycloak.services.managers.AuthenticationManager] 
>>>>>>>>>>>>> (default task-4)
>>>>>>>>>>>>> Create login cookie - name: KEYCLOAK_IDENTITY, path: 
>>>>>>>>>>>>> /auth/realms/Demo,
>>>>>>>>>>>>> max-age: -1
>>>>>>>>>>>>> 2017-04-25 09:56:29,105 DEBUG
>>>>>>>>>>>>> [org.keycloak.services.managers.AuthenticationManager] 
>>>>>>>>>>>>> (default task-4)
>>>>>>>>>>>>> Expiring remember me cookie
>>>>>>>>>>>>> 2017-04-25 09:56:29,105 DEBUG
>>>>>>>>>>>>> [org.keycloak.services.managers.AuthenticationManager] 
>>>>>>>>>>>>> (default task-4)
>>>>>>>>>>>>> Expiring cookie: KEYCLOAK_REMEMBER_ME path: /auth/realms/Demo
>>>>>>>>>>>>> 2017-04-25 09:56:29,105 DEBUG
>>>>>>>>>>>>> [org.keycloak.protocol.oidc.OIDCLoginProtocol] (default 
>>>>>>>>>>>>> task-4)
>>>>>>>>>>>>> redirectAccessCode: state: WUCTMXokISFDbFN
>>>>>>>>>>>>> 2017-04-25 09:56:29,105 DEBUG
>>>>>>>>>>>>> [org.keycloak.transaction.JtaTransactionWrapper] (default 
>>>>>>>>>>>>> task-4)
>>>>>>>>>>>>> JtaTransactionWrapper  commit
>>>>>>>>>>>>> 2017-04-25 09:56:29,106 DEBUG
>>>>>>>>>>>>> [org.jboss.jca.core.connectionmanager.pool.strategy.OnePool] 
>>>>>>>>>>>>> (default
>>>>>>>>>>>>> task-4) MySqlDS: returnConnection(4edba62b, false) [0/20]
>>>>>>>>>>>>> 2017-04-25 09:56:29,106 DEBUG
>>>>>>>>>>>>> [org.hibernate.resource.jdbc.internal.LogicalConnectionManagedImpl] 
>>>>>>>>>>>>>
>>>>>>>>>>>>> (default task-4) Initiating JDBC connection release from 
>>>>>>>>>>>>> afterTransaction
>>>>>>>>>>>>> 2017-04-25 09:56:29,106 DEBUG
>>>>>>>>>>>>> [org.keycloak.transaction.JtaTransactionWrapper] (default 
>>>>>>>>>>>>> task-4)
>>>>>>>>>>>>> JtaTransactionWrapper end
>>>>>>>>>>>>> 2017-04-25 09:56:29,626 DEBUG
>>>>>>>>>>>>> [org.keycloak.transaction.JtaTransactionWrapper] (default 
>>>>>>>>>>>>> task-13) new
>>>>>>>>>>>>> JtaTransactionWrapper
>>>>>>>>>>>>> 2017-04-25 09:56:29,626 DEBUG
>>>>>>>>>>>>> [org.keycloak.transaction.JtaTransactionWrapper] (default 
>>>>>>>>>>>>> task-13) was
>>>>>>>>>>>>> existing? false
>>>>>>>>>>>>> 2017-04-25 09:56:29,627 DEBUG 
>>>>>>>>>>>>> [org.jboss.resteasy.resteasy_jaxrs.i18n]
>>>>>>>>>>>>> (default task-13) RESTEASY002315: PathInfo:
>>>>>>>>>>>>> /realms/demo/protocol/openid-connect/token
>>>>>>>>>>>>> 2017-04-25 09:56:29,627 DEBUG
>>>>>>>>>>>>> [org.keycloak.authentication.AuthenticationProcessor] 
>>>>>>>>>>>>> (default task-13)
>>>>>>>>>>>>> AUTHENTICATE CLIENT
>>>>>>>>>>>>> 2017-04-25 09:56:29,627 DEBUG
>>>>>>>>>>>>> [org.keycloak.authentication.ClientAuthenticationFlow] 
>>>>>>>>>>>>> (default task-13)
>>>>>>>>>>>>> client authenticator: client-secret
>>>>>>>>>>>>> 2017-04-25 09:56:29,627 DEBUG
>>>>>>>>>>>>> [org.keycloak.authentication.ClientAuthenticationFlow] 
>>>>>>>>>>>>> (default task-13)
>>>>>>>>>>>>> client authenticator SUCCESS: client-secret
>>>>>>>>>>>>> 2017-04-25 09:56:29,627 DEBUG
>>>>>>>>>>>>> [org.keycloak.authentication.ClientAuthenticationFlow] 
>>>>>>>>>>>>> (default task-13)
>>>>>>>>>>>>> Client moodle2 authenticated by client-secret
>>>>>>>>>>>>> 2017-04-25 09:56:29,656 DEBUG [org.keycloak.events] 
>>>>>>>>>>>>> (default task-13)
>>>>>>>>>>>>> type=CODE_TO_TOKEN, realmId=Demo, clientId=moodle2,
>>>>>>>>>>>>> userId=ed5ba52a-531d-4e6e-b12e-9bc0957a8c1f, 
>>>>>>>>>>>>> ipAddress=153.109.152.213,
>>>>>>>>>>>>> token_id=ff9b3385-1362-4559-ad53-05317755b280,
>>>>>>>>>>>>> grant_type=authorization_code, refresh_token_type=Refresh,
>>>>>>>>>>>>> refresh_token_id=356011d7-e9fa-4c90-9368-a7627a445bc7,
>>>>>>>>>>>>> code_id=cffeac69-54fc-4d19-be81-36f0f19ce1ef,
>>>>>>>>>>>>> client_auth_method=client-secret
>>>>>>>>>>>>> 2017-04-25 09:56:29,656 DEBUG
>>>>>>>>>>>>> [org.keycloak.transaction.JtaTransactionWrapper] (default 
>>>>>>>>>>>>> task-13)
>>>>>>>>>>>>> JtaTransactionWrapper  commit
>>>>>>>>>>>>> 2017-04-25 09:56:29,656 DEBUG
>>>>>>>>>>>>> [org.keycloak.transaction.JtaTransactionWrapper] (default 
>>>>>>>>>>>>> task-13)
>>>>>>>>>>>>> JtaTransactionWrapper end
>>>>>>>>>>>>> 2017-04-25 09:56:29,660 DEBUG [io.undertow.request.io] 
>>>>>>>>>>>>> (default I/O-1)
>>>>>>>>>>>>> Error reading request: java.io.IOException: Connection 
>>>>>>>>>>>>> reset by peer
>>>>>>>>>>>>>           at sun.nio.ch.FileDispatcherImpl.read0(Native 
>>>>>>>>>>>>> Method)
>>>>>>>>>>>>>           at 
>>>>>>>>>>>>> sun.nio.ch.SocketDispatcher.read(SocketDispatcher.java:39)
>>>>>>>>>>>>>           at 
>>>>>>>>>>>>> sun.nio.ch.IOUtil.readIntoNativeBuffer(IOUtil.java:223)
>>>>>>>>>>>>>           at sun.nio.ch.IOUtil.read(IOUtil.java:192)
>>>>>>>>>>>>>           at 
>>>>>>>>>>>>> sun.nio.ch.SocketChannelImpl.read(SocketChannelImpl.java:380)
>>>>>>>>>>>>>           at 
>>>>>>>>>>>>> org.xnio.nio.NioSocketConduit.read(NioSocketConduit.java:282)
>>>>>>>>>>>>>           at
>>>>>>>>>>>>> io.undertow.protocols.ssl.SslConduit.doUnwrap(SslConduit.java:658) 
>>>>>>>>>>>>>
>>>>>>>>>>>>>           at 
>>>>>>>>>>>>> io.undertow.protocols.ssl.SslConduit.read(SslConduit.java:530) 
>>>>>>>>>>>>>
>>>>>>>>>>>>>           at
>>>>>>>>>>>>> org.xnio.conduits.ConduitStreamSourceChannel.read(ConduitStreamSourceChannel.java:127) 
>>>>>>>>>>>>>
>>>>>>>>>>>>>           at
>>>>>>>>>>>>> io.undertow.server.protocol.http.HttpReadListener.handleEventWithNoRunningRequest(HttpReadListener.java:152) 
>>>>>>>>>>>>>
>>>>>>>>>>>>>           at
>>>>>>>>>>>>> io.undertow.server.protocol.http.HttpReadListener.handleEvent(HttpReadListener.java:130) 
>>>>>>>>>>>>>
>>>>>>>>>>>>>           at
>>>>>>>>>>>>> io.undertow.server.protocol.http.HttpReadListener.handleEvent(HttpReadListener.java:56) 
>>>>>>>>>>>>>
>>>>>>>>>>>>>           at
>>>>>>>>>>>>> org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92) 
>>>>>>>>>>>>>
>>>>>>>>>>>>>           at
>>>>>>>>>>>>> org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66) 
>>>>>>>>>>>>>
>>>>>>>>>>>>>           at
>>>>>>>>>>>>> io.undertow.protocols.ssl.SslConduit$SslReadReadyHandler.readReady(SslConduit.java:1059) 
>>>>>>>>>>>>>
>>>>>>>>>>>>>           at
>>>>>>>>>>>>> org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:88) 
>>>>>>>>>>>>>
>>>>>>>>>>>>>           at 
>>>>>>>>>>>>> org.xnio.nio.WorkerThread.run(WorkerThread.java:559)
>>>>>>>>>>>>>
>>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>>> keycloak-user mailing list
>>>>>>>>>>>>> keycloak-user at lists.jboss.org
>>>>>>>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>



More information about the keycloak-user mailing list