The social auth/oauth modules (not tree nodes) appear not to work in a sub-realm since the fix for OPENAM-9257.
- Configure a social auth module (e.g. Google via the wizard) in a sub-realm
- Try to login with it
Login fails with "Request not valid !"
Use the social auth tree nodes instead.
The hasReservedParameters method checks to make sure that the URL after the redirect doesn't contain various special parameters, including the "realm" parameter. When running in a sub-realm, this URL will always contain a "realm" parameter unless you have a DNS alias configured for the realm.