I have Keycloak hooked up to openldap via TLS. A customer requires that it work with StartTLS. I can connect to openldap and click on Test Authentication and received a success dialog. I can also import and view the users that are there.
But when I go to login as a user, I receive a bad credential error when using startTLS. When using just regular TLS, everything works as expected. I have logs below, but I’m not sure what is going wrong. This is very preplexing.
OpenLDAP log
5f163089 conn=1002 op=3 ENTRY dn="mail=1b.fa@omns.gumu,ou=omns users,dc=omns,dc=gumu"
ber_flush2: 260 bytes to sd 12
0000: 30 82 01 00 02 01 04 64 81 fa 04 32 6d 61 69 6c 0......d...2mail
0010: 3d 61 66 2e 62 31 40 6e 6f 6d 73 2e 6d 75 67 75 =1b.fa@omns.gumu
0020: 2c 6f 75 3d 4e 4f 4d 53 20 55 73 65 72 73 2c 64 ,ou=OMNS Users,d
0030: 63 3d 6e 6f 6d 73 2c 64 63 3d 6d 75 67 75 30 81 c=omns,dc=gumu0.
0040: c3 30 0d 04 02 63 6e 31 07 04 05 41 46 20 42 31 .0...cn1...1B FA
0050: 30 19 04 04 6d 61 69 6c 31 11 04 0f 61 66 2e 62 0...mail1...1b.f
0060: 31 40 6e 6f 6d 73 2e 6d 75 67 75 30 3c 04 0b 6f a@omns.gumu0<..o
0070: 62 6a 65 63 74 43 6c 61 73 73 31 2d 04 0d 69 6e bjectClass1-..in
0080: 65 74 4f 72 67 50 65 72 73 6f 6e 04 14 6f 72 67 etOrgPerson..org
0090: 61 6e 69 7a 61 74 69 6f 6e 61 6c 50 65 72 73 6f anizationalPerso
00a0: 6e 04 06 70 65 72 73 6f 6e 30 0d 04 02 73 6e 31 n..person0...sn1
00b0: 07 04 05 41 46 20 42 31 30 24 04 0f 63 72 65 61 ...FA 1B0$..crea
00c0: 74 65 54 69 6d 65 73 74 61 6d 70 31 11 04 0f 32 teTimestamp1...2
00d0: 30 32 30 30 37 32 30 32 33 35 37 32 34 5a 30 24 0200720235724Z0$
00e0: 04 0f 6d 6f 64 69 66 79 54 69 6d 65 73 74 61 6d ..modifyTimestam
00f0: 70 31 11 04 0f 32 30 32 30 30 37 32 30 32 33 35 p1...20200720235
0100: 37 32 34 5a 724Z
tls_write: want=289, written=289
0000: 17 03 03 01 1c 00 00 00 00 00 00 00 04 e1 87 08 ................
0010: 6b 4a 7c 4c 18 16 e4 9d b5 84 95 36 ef c5 60 80 kJ|L.......6..`.
0020: e5 8a d2 73 7e 68 25 d7 ba 57 34 8f 5c ae 9f 7b ...s~h%..W4.\..{
0030: da 6f 46 b3 ef b8 e9 e2 21 3c 2a 48 21 27 4c f8 .oF.....!<*H!'L.
0040: 3b be 14 47 d8 5a 57 d3 ee 2f 9b 9c 38 6a 97 5b ;..G.ZW../..8j.[
0050: 5c 05 08 b6 47 06 7a 22 ce b9 e8 a7 45 f2 8c 82 \...G.z"....E...
0060: 8f 3e 6f 02 b7 15 9d 04 ac f1 85 4f e0 f6 3c 69 .>o........O..<i
0070: 09 91 55 bc ff 9f 24 4a 84 8d 0e 83 f1 6c 39 eb ..U...$J.....l9.
0080: b2 b9 d5 2f c8 91 65 f2 cc b9 7e ab 9f 19 f7 f6 .../..e...~.....
0090: 33 2c ca 77 60 54 66 7b 67 d7 43 e9 ee 14 15 0c 3,.w`Tf{g.C.....
00a0: 54 ff 03 84 15 57 e7 30 74 c0 6f 4f 73 47 41 31 T....W.0t.oOsGA1
00b0: 13 cb f4 1a bd 0c c9 0e f6 19 9a b4 eb 20 cd 2d ............. .-
00c0: 84 c0 fc 6d 29 60 0b f4 aa 72 d8 2a bb 4b 26 c4 ...m)`...r.*.K&.
00d0: b8 f9 93 f8 d3 61 87 b6 fd 0b fd bc fd 98 b6 ed .....a..........
00e0: 9d 49 aa 01 08 86 bc f0 75 52 be 17 89 9b 5f 24 .I......uR...._$
00f0: ec a8 bd 49 b7 73 3c 62 c3 01 9b 35 6e 75 57 3b ...I.s<b...5nuW;
0100: 97 a3 f8 76 27 cf e7 9c 8d 03 a3 31 46 3b be 17 ...v'......1F;..
0110: 42 d5 6c 49 12 76 c3 ab a6 d6 ad e7 41 11 80 29 B.lI.v......A..)
0120: ca .
ldap_write: want=260, written=260
0000: 30 82 01 00 02 01 04 64 81 fa 04 32 6d 61 69 6c 0......d...2mail
0010: 3d 61 66 2e 62 31 40 6e 6f 6d 73 2e 6d 75 67 75 =1b.fa@omns.gumu
0020: 2c 6f 75 3d 4e 4f 4d 53 20 55 73 65 72 73 2c 64 ,ou=OMNS Users,d
0030: 63 3d 6e 6f 6d 73 2c 64 63 3d 6d 75 67 75 30 81 c=omns,dc=gumu0.
0040: c3 30 0d 04 02 63 6e 31 07 04 05 41 46 20 42 31 .0...cn1...1B FA
0050: 30 19 04 04 6d 61 69 6c 31 11 04 0f 61 66 2e 62 0...mail1...b1.f
0060: 31 40 6e 6f 6d 73 2e 6d 75 67 75 30 3c 04 0b 6f a@omns.gumu0<..o
0070: 62 6a 65 63 74 43 6c 61 73 73 31 2d 04 0d 69 6e bjectClass1-..in
0080: 65 74 4f 72 67 50 65 72 73 6f 6e 04 14 6f 72 67 etOrgPerson..org
0090: 61 6e 69 7a 61 74 69 6f 6e 61 6c 50 65 72 73 6f anizationalPerso
00a0: 6e 04 06 70 65 72 73 6f 6e 30 0d 04 02 73 6e 31 n..person0...sn1
00b0: 07 04 05 41 46 20 42 31 30 24 04 0f 63 72 65 61 ...1B FA0$..crea
00c0: 74 65 54 69 6d 65 73 74 61 6d 70 31 11 04 0f 32 teTimestamp1...2
00d0: 30 32 30 30 37 32 30 32 33 35 37 32 34 5a 30 24 0200720235724Z0$
00e0: 04 0f 6d 6f 64 69 66 79 54 69 6d 65 73 74 61 6d ..modifyTimestam
00f0: 70 31 11 04 0f 32 30 32 30 30 37 32 30 32 33 35 p1...20200720235
0100: 37 32 34 5a 724Z
5f163089 <= send_search_entry: conn 1002 exit.
5f163089 send_ldap_result: conn=1002 op=3 p=3
5f163089 send_ldap_result: err=0 matched="" text=""
5f163089 send_ldap_response: msgid=4 tag=101 err=0
ber_flush2: 14 bytes to sd 12
0000: 30 0c 02 01 04 65 07 0a 01 00 04 00 04 00 0....e........
tls_write: want=43, written=43
0000: 17 03 03 00 26 00 00 00 00 00 00 00 05 80 a5 80 ....&...........
0010: 56 b4 40 a4 54 16 4c 6e e3 55 a9 a3 69 3b 10 a4 V.@.T.Ln.U..i;..
0020: 3e a0 d0 31 cd 18 50 57 07 e0 3e >..1..PW..>
ldap_write: want=14, written=14
0000: 30 0c 02 01 04 65 07 0a 01 00 04 00 04 00 0....e........
5f163089 conn=1002 op=3 SEARCH RESULT tag=101 err=0 nentries=1 text=
5f163089 daemon: activity on 1 descriptor
5f163089 daemon: activity on:
5f163089 daemon: epoll: listen=6 active_threads=0 tvp=zero
5f163089 daemon: epoll: listen=7 active_threads=0 tvp=zero
5f163089 daemon: epoll: listen=8 active_threads=0 tvp=zero
5f163089 daemon: activity on 1 descriptor
5f163089 daemon: activity on: 12r
5f163089 daemon: read active on 12
5f163089 daemon: epoll: listen=6 active_threads=0 tvp=zero
5f163089 daemon: epoll: listen=7 active_threads=0 tvp=zero
5f163089 daemon: epoll: listen=8 active_threads=0 tvp=zero
5f163089 connection_get(12)
5f163089 connection_get(12): got connid=1002
5f163089 connection_read(12): checking for input on id=1002
ber_get_next
tls_read: want=5, got=5
0000: 15 03 03 00 1a .....
tls_read: want=26, got=26
0000: 00 00 00 00 00 00 00 04 8a 81 33 a7 14 58 00 e3 ..........3..X..
0010: 45 1e 2d 95 02 ce fe ae bd 2a E.-......*
ldap_read: want=8, got=0
5f163089 ber_get_next on fd 12 failed errno=0 (Success)
5f163089 connection_read(12): input error=-2 id=1002, closing.
5f163089 connection_closing: readying conn=1002 sd=12 for close
5f163089 connection_close: conn=1002 sd=12
5f163089 daemon: removing 12
tls_write: want=31, written=31
0000: 15 03 03 00 1a 00 00 00 00 00 00 00 06 a0 33 b9 ..............3.
0010: 00 19 05 d4 1d 2a 2b 06 ed f8 8b 7e 84 9d 25 .....*+....~..%
5f163089 conn=1002 fd=12 closed (connection lost)
5f163089 daemon: activity on 1 descriptor
5f163089 daemon: activity on:
5f163089 daemon: epoll: listen=6 active_threads=0 tvp=zero
5f163089 daemon: epoll: listen=7 active_threads=0 tvp=zero
5f163089 daemon: epoll: listen=8 active_threads=0 tvp=zero
5f163089 daemon: activity on 1 descriptor
5f163089 daemon: activity on:
5f163089 slap_listener_activate(6):
5f163089 daemon: epoll: listen=6 busy
5f163089 daemon: epoll: listen=7 active_threads=0 tvp=zero
5f163089 daemon: epoll: listen=8 active_threads=0 tvp=zero
5f163089 >>> slap_listener(ldap://openldap.omns.gumu)
5f163089 daemon: listen=6, new connection on 12
5f163089 daemon: added 12r (active) listener=(nil)
5f163089 conn=1003 fd=12 ACCEPT from IP=10.225.0.20:50666 (IP=0.0.0.0:389)
5f163089 daemon: activity on 1 descriptor
5f163089 daemon: activity on:
5f163089 daemon: epoll: listen=6 active_threads=0 tvp=zero
5f163089 daemon: epoll: listen=7 active_threads=0 tvp=zero
5f163089 daemon: epoll: listen=8 active_threads=0 tvp=zero
5f163089 daemon: activity on 1 descriptor
5f163089 daemon: activity on: 12r
5f163089 daemon: read active on 12
5f163089 daemon: epoll: listen=6 active_threads=0 tvp=zero
5f163089 daemon: epoll: listen=7 active_threads=0 tvp=zero
5f163089 daemon: epoll: listen=8 active_threads=0 tvp=zero
5f163089 connection_get(12)
5f163089 connection_get(12): got connid=1003
5f163089 connection_read(12): checking for input on id=1003
ber_get_next
ldap_read: want=8, got=8
0000: 16 03 03 01 ae 01 00 01 ........
5f163089 ber_get_next on fd 12 failed errno=34 (Numerical result out of range)
5f163089 connection_read(12): input error=-2 id=1003, closing.
5f163089 connection_closing: readying conn=1003 sd=12 for close
5f163089 connection_close: conn=1003 sd=12
5f163089 daemon: removing 12
5f163089 conn=1003 fd=12 closed (connection lost)
5f163089 daemon: activity on 1 descriptor
5f163089 daemon: activity on:
5f163089 daemon: epoll: listen=6 active_threads=0 tvp=zero
5f163089 daemon: epoll: listen=7 active_threads=0 tvp=zero
5f163089 daemon: epoll: listen=8 active_threads=0 tvp=zero
Keycloak Log
23:09:59,522 INFO [org.keycloak.storage.ldap.LDAPIdentityStoreRegistry] (default task-28) Creating new LDAP Store for the LDAP storage provider: 'omns-ldap', LDAP Configuration: {pagination=[true], fullSyncPeriod=[-1], startTls=[true], usersDn=[ou=OMNS Users,dc=omns,dc=gumu], connectionPooling=[true], cachePolicy=[DEFAULT], useKerberosForPasswordAuthentication=[false], importEnabled=[true], enabled=[true], bindDn=[cn=OMNS Manager,dc=omns,dc=gumu], usernameLDAPAttribute=[mail], changedSyncPeriod=[-1], lastSync=[1595285046], vendor=[other], uuidLDAPAttribute=[mail], connectionUrl=[ldap://openldap.omns.gumu:389], allowKerberosAuthentication=[false], syncRegistrations=[false], authType=[simple], debug=[false], searchScope=[1], useTruststoreSpi=[always], usePasswordModifyExtendedOp=[false], priority=[0], trustEmail=[false], userObjectClasses=[person, inetOrgPerson, organizationalPerson], rdnLDAPAttribute=[destinationindicator], editMode=[WRITABLE], validatePasswordPolicy=[false], batchSizeForSync=[1000]}, binaryAttributes: []
23:10:44,082 ERROR [org.keycloak.storage.ldap.idm.store.ldap.LDAPContextManager] (default task-29) Could not negotiate TLS: javax.naming.CommunicationException: Remote host terminated the handshake [Root exception is javax.net.ssl.SSLHandshakeException: Remote host terminated the handshake]
at java.naming/com.sun.jndi.ldap.LdapCtx.extendedOperation(LdapCtx.java:3330)
at java.naming/javax.naming.ldap.InitialLdapContext.extendedOperation(InitialLdapContext.java:184)
at java.naming/javax.naming.ldap.InitialLdapContext.extendedOperation(InitialLdapContext.java:184)
at org.keycloak.keycloak-ldap-federation@11.0.0-SNAPSHOT//org.keycloak.storage.ldap.idm.store.ldap.LDAPContextManager.startTLS(LDAPContextManager.java:120)
at org.keycloak.keycloak-ldap-federation@11.0.0-SNAPSHOT//org.keycloak.storage.ldap.idm.store.ldap.LDAPOperationManager.authenticate(LDAPOperationManager.java:526)
at org.keycloak.keycloak-ldap-federation@11.0.0-SNAPSHOT//org.keycloak.storage.ldap.idm.store.ldap.LDAPIdentityStore.validatePassword(LDAPIdentityStore.java:355)
at org.keycloak.keycloak-ldap-federation@11.0.0-SNAPSHOT//org.keycloak.storage.ldap.LDAPStorageProvider.validPassword(LDAPStorageProvider.java:607)
at org.keycloak.keycloak-ldap-federation@11.0.0-SNAPSHOT//org.keycloak.storage.ldap.LDAPStorageProvider.isValid(LDAPStorageProvider.java:693)
at org.keycloak.keycloak-services@11.0.0-SNAPSHOT//org.keycloak.credential.UserCredentialStoreManager.validate(UserCredentialStoreManager.java:187)
at org.keycloak.keycloak-services@11.0.0-SNAPSHOT//org.keycloak.credential.UserCredentialStoreManager.isValid(UserCredentialStoreManager.java:168)
at org.keycloak.keycloak-services@11.0.0-SNAPSHOT//org.keycloak.credential.UserCredentialStoreManager.isValid(UserCredentialStoreManager.java:112)
at org.keycloak.keycloak-services@11.0.0-SNAPSHOT//org.keycloak.authentication.authenticators.directgrant.ValidatePassword.authenticate(ValidatePassword.java:47)
at org.keycloak.keycloak-services@11.0.0-SNAPSHOT//org.keycloak.authentication.DefaultAuthenticationFlow.processSingleFlowExecutionModel(DefaultAuthenticationFlow.java:443)
at org.keycloak.keycloak-services@11.0.0-SNAPSHOT//org.keycloak.authentication.DefaultAuthenticationFlow.processFlow(DefaultAuthenticationFlow.java:252)
at org.keycloak.keycloak-services@11.0.0-SNAPSHOT//org.keycloak.authentication.AuthenticationProcessor.authenticateOnly(AuthenticationProcessor.java:978)
at org.keycloak.keycloak-services@11.0.0-SNAPSHOT//org.keycloak.protocol.oidc.endpoints.TokenEndpoint.resourceOwnerPasswordCredentialsGrant(TokenEndpoint.java:617)
at org.keycloak.keycloak-services@11.0.0-SNAPSHOT//org.keycloak.protocol.oidc.endpoints.TokenEndpoint.processGrantRequest(TokenEndpoint.java:216)
at jdk.internal.reflect.GeneratedMethodAccessor753.invoke(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.jboss.resteasy.resteasy-jaxrs@3.11.2.Final//org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:138)
at org.jboss.resteasy.resteasy-jaxrs@3.11.2.Final//org.jboss.resteasy.core.ResourceMethodInvoker.internalInvokeOnTarget(ResourceMethodInvoker.java:535)
at org.jboss.resteasy.resteasy-jaxrs@3.11.2.Final//org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTargetAfterFilter(ResourceMethodInvoker.java:424)
at org.jboss.resteasy.resteasy-jaxrs@3.11.2.Final//org.jboss.resteasy.core.ResourceMethodInvoker.lambda$invokeOnTarget$0(ResourceMethodInvoker.java:385)
at org.jboss.resteasy.resteasy-jaxrs@3.11.2.Final//org.jboss.resteasy.core.interception.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:356)
at org.jboss.resteasy.resteasy-jaxrs@3.11.2.Final//org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:387)
at org.jboss.resteasy.resteasy-jaxrs@3.11.2.Final//org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:356)
at org.jboss.resteasy.resteasy-jaxrs@3.11.2.Final//org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:150)
at org.jboss.resteasy.resteasy-jaxrs@3.11.2.Final//org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:110)
at org.jboss.resteasy.resteasy-jaxrs@3.11.2.Final//org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:141)
at org.jboss.resteasy.resteasy-jaxrs@3.11.2.Final//org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:104)
at org.jboss.resteasy.resteasy-jaxrs@3.11.2.Final//org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:440)
at org.jboss.resteasy.resteasy-jaxrs@3.11.2.Final//org.jboss.resteasy.core.SynchronousDispatcher.lambda$invoke$4(SynchronousDispatcher.java:229)
at org.jboss.resteasy.resteasy-jaxrs@3.11.2.Final//org.jboss.resteasy.core.SynchronousDispatcher.lambda$preprocess$0(SynchronousDispatcher.java:135)
at org.jboss.resteasy.resteasy-jaxrs@3.11.2.Final//org.jboss.resteasy.core.interception.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:356)
at org.jboss.resteasy.resteasy-jaxrs@3.11.2.Final//org.jboss.resteasy.core.SynchronousDispatcher.preprocess(SynchronousDispatcher.java:138)
at org.jboss.resteasy.resteasy-jaxrs@3.11.2.Final//org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:215)
at org.jboss.resteasy.resteasy-jaxrs@3.11.2.Final//org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:227)
at org.jboss.resteasy.resteasy-jaxrs@3.11.2.Final//org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
at org.jboss.resteasy.resteasy-jaxrs@3.11.2.Final//org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
at javax.servlet.api@2.0.0.Final//javax.servlet.http.HttpServlet.service(HttpServlet.java:590)
at io.undertow.servlet@2.1.0.Final//io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74)
at io.undertow.servlet@2.1.0.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
at org.keycloak.keycloak-wildfly-extensions@11.0.0-SNAPSHOT//org.keycloak.provider.wildfly.WildFlyRequestFilter.lambda$doFilter$0(WildFlyRequestFilter.java:41)
at org.keycloak.keycloak-services@11.0.0-SNAPSHOT//org.keycloak.services.filters.AbstractRequestFilter.filter(AbstractRequestFilter.java:43)
at org.keycloak.keycloak-wildfly-extensions@11.0.0-SNAPSHOT//org.keycloak.provider.wildfly.WildFlyRequestFilter.doFilter(WildFlyRequestFilter.java:39)
at io.undertow.servlet@2.1.0.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
at io.undertow.servlet@2.1.0.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
at io.undertow.servlet@2.1.0.Final//io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
at io.undertow.servlet@2.1.0.Final//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
at io.undertow.servlet@2.1.0.Final//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
at io.undertow.servlet@2.1.0.Final//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
at org.wildfly.extension.undertow@19.1.0.Final//org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
at io.undertow.core@2.1.0.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.servlet@2.1.0.Final//io.undertow.servlet.handlers.RedirectDirHandler.handleRequest(RedirectDirHandler.java:68)
at io.undertow.servlet@2.1.0.Final//io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:132)
at io.undertow.servlet@2.1.0.Final//io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
at io.undertow.core@2.1.0.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.core@2.1.0.Final//io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
at io.undertow.servlet@2.1.0.Final//io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
at io.undertow.core@2.1.0.Final//io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
at io.undertow.servlet@2.1.0.Final//io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
at io.undertow.core@2.1.0.Final//io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
at io.undertow.core@2.1.0.Final//io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
at io.undertow.core@2.1.0.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at org.wildfly.extension.undertow@19.1.0.Final//org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
at io.undertow.core@2.1.0.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at org.wildfly.extension.undertow@19.1.0.Final//org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68)
at io.undertow.core@2.1.0.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.servlet@2.1.0.Final//io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:269)
at io.undertow.servlet@2.1.0.Final//io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:78)
at io.undertow.servlet@2.1.0.Final//io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:133)
at io.undertow.servlet@2.1.0.Final//io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:130)
at io.undertow.servlet@2.1.0.Final//io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
at io.undertow.servlet@2.1.0.Final//io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
at org.wildfly.extension.undertow@19.1.0.Final//org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)
at org.wildfly.extension.undertow@19.1.0.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1541)
at org.wildfly.extension.undertow@19.1.0.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1541)
at org.wildfly.extension.undertow@19.1.0.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1541)
at org.wildfly.extension.undertow@19.1.0.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1541)
at io.undertow.servlet@2.1.0.Final//io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:249)
at io.undertow.servlet@2.1.0.Final//io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:78)
at io.undertow.servlet@2.1.0.Final//io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:99)
at io.undertow.core@2.1.0.Final//io.undertow.server.Connectors.executeRootHandler(Connectors.java:370)
at io.undertow.core@2.1.0.Final//io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:830)
at org.jboss.threads@2.3.3.Final//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
at org.jboss.threads@2.3.3.Final//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982)
at org.jboss.threads@2.3.3.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
at org.jboss.threads@2.3.3.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
at java.base/java.lang.Thread.run(Thread.java:834)
Caused by: javax.net.ssl.SSLHandshakeException: Remote host terminated the handshake
at java.base/sun.security.ssl.SSLSocketImpl.handleEOF(SSLSocketImpl.java:1313)
at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1152)
at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1055)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:395)
at java.base/sun.security.ssl.SSLSocketImpl.ensureNegotiated(SSLSocketImpl.java:709)
at java.base/sun.security.ssl.SSLSocketImpl$AppOutputStream.write(SSLSocketImpl.java:962)
at java.base/java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:81)
at java.base/java.io.BufferedOutputStream.flush(BufferedOutputStream.java:142)
at java.naming/com.sun.jndi.ldap.Connection.writeRequest(Connection.java:398)
at java.naming/com.sun.jndi.ldap.Connection.writeRequest(Connection.java:371)
at java.naming/com.sun.jndi.ldap.LdapClient.extendedOp(LdapClient.java:1198)
at java.naming/com.sun.jndi.ldap.LdapCtx.extendedOperation(LdapCtx.java:3278)
... 89 more
Suppressed: java.net.SocketException: Broken pipe (Write failed)
at java.base/java.net.SocketOutputStream.socketWrite0(Native Method)
at java.base/java.net.SocketOutputStream.socketWrite(SocketOutputStream.java:110)
at java.base/java.net.SocketOutputStream.write(SocketOutputStream.java:150)
at java.base/sun.security.ssl.SSLSocketOutputRecord.encodeAlert(SSLSocketOutputRecord.java:81)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:357)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:269)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:398)
... 97 more
Caused by: java.io.EOFException: SSL peer shut down incorrectly
at java.base/sun.security.ssl.SSLSocketInputRecord.decode(SSLSocketInputRecord.java:167)
at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:108)
at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1144)
... 99 more
23:10:44,085 WARN [org.keycloak.events] (default task-29) type=LOGIN_ERROR, realmId=omns, clientId=login-client, userId=887955e9-991f-4c8c-8c6f-60a406d93e58, ipAddress=10.0.2.15, error=invalid_user_credentials, auth_method=openid-connect, grant_type=password, client_auth_method=client-secret, username=1b.fa@omns.gumu, authSessionParentId=adc2d85f-0169-4663-987c-f4568eedbba8, authSessionTabId=WvWoCKvESsc