[keycloak-dev] Cookie token storage for Spring Security

Sjoerd Cranen sjoerd.cranen at teampicnic.com
Fri Jun 23 09:08:34 EDT 2017

Hi all,

It seems that "token-store: cookie" is not implemented for the Spring
Security adapter. I would be happy to have a go at it, if nobody objects.

One thing I'm wondering is why the cookie path for the adapter state cookie
is always set to the context root in CookieTokenStore. In particular, it
would seem that if I change the Spring Security adapter in a
straightforward way to store the cookies, the cookie would always be set on
"/sso", which would not be very useful.

A second question I had is about the redirect after login. Currently the
redirect location is stored in the HTTP session. Since you would typically
enable "token-store: cookie" to get rid of HTTP sessions, that would also
have to change. I couldn't really figure out how other adapters were doing
this, and I don't have the time at the moment to experiment with the other
adapters to see what happens; if someone could give me some pointers then
that would be very helpful.

Best regards,
Sjoerd Cranen

More information about the keycloak-dev mailing list