[keycloak-user] multiple redirects after authentication

Jared Blashka jblashka at redhat.com
Tue Oct 4 11:53:53 EDT 2016 

Just a guess, but if your app is behind a load balancer you need to have
either sticky sessions on (to make sure client requests always end up at
the same server) or put the <distributable/> tag in your web.xml to enable
session replication between nodes. We had a similar issue that was resolved
by enabling session replication.

Jared

On Oct 4, 2016 11:25 AM, "Chris Savory" <chris.savory at edlogics.com> wrote:

> Is this using the JavaScript adapter? We ran into a similar problem
> yesterday.
>
> --
> Christopher Savory
> Software Engineer | EdLogics
> www.edlogics.com <http://www.edlogics.com/>
>
>  <http://www.edlogics.com/>
>  <https://www.linkedin.com/company/edlogics> <https://twitter.com/EdLogics
> >
>
> On 10/4/16, 9:45 AM, "keycloak-user-bounces at lists.jboss.org on behalf of
> Pulkit Gupta" <keycloak-user-bounces at lists.jboss.org on behalf of
> pulgupta at redhat.com> wrote:
>
>     Hi Josh,
>
>     I have the paths with trailing slashes in my web.xml. Just my entityId
> does
>     not has a trailing slash.
>     Also the application sometime works in one assertion and sometime it
> will
>     take 3-4 round trips but it always works eventually.
>     We enabled the debug logging but it seems adapter does not put
> anything in
>     the logs.
>
>     I am not sure where to look next. In case you can think of anything
> else
>     that will really help me unblock myself.
>
>     Regards,
>     Pulkit.
>
>
>     On Tue, Oct 4, 2016 at 7:15 PM, Josh Cain <jcain at redhat.com> wrote:
>
>     > I used to see something similar in Picketlink if I configured a
> web.xml
>     > without paying attention to the trailing slash (I.E.
> https://example.co
>     > m/foo vs https://example.com/foo/).  The IDP would isse an
>     > assertion/token for the audience that did not match the security
>     > constraint (based on the trailing slash), then an infinite redirect
>     > loop would occur.
>     >
>     > Maybe check your trailing slashes?
>     > On Tue, 2016-10-04 at 16:21 +0530, Pulkit Gupta wrote:
>     > > Yes,
>     > >
>     > > I am using the standard adapter.
>     > > This is happening more frequently now.
>     > >
>     > > Regards,
>     > > Pulkit.
>     > >
>     > > On Mon, Oct 3, 2016 at 9:24 PM, Bill Burke <bburke at redhat.com>
> wrote:
>     > >
>     > > >
>     > > > Are you using our adapters?
>     > > >
>     > > >
>     > > > On 10/3/16 3:13 AM, Pulkit Gupta wrote:
>     > > > >
>     > > > > Hi All,
>     > > > >
>     > > > > I am facing a problem with my keycloak integration.
>     > > > > When I enter the URL of my application it gets redirected to
> the
>     > > > > keycloak
>     > > > > server.
>     > > > >
>     > > > > After I enter the credentials the server redirects back to my
>     > > > > application
>     > > > > URL.
>     > > > > Till now things look ok. Once authentication is successful
> weird
>     > > > > thing
>     > > > > starts.
>     > > > >
>     > > > > Keycloak server redirects back to my application.
>     > > > > My application again redirects to the keycloak server which
>     > > > > without
>     > > > showing
>     > > > >
>     > > > > the login page again redirects to my application. This happens
>     > > > > once or
>     > > > > twice after which finally my application page loads. In this
>     > > > > process, I
>     > > > can
>     > > > >
>     > > > > see multiple SAML XMLs being exchanged.
>     > > > >
>     > > > > Environment and setup Details
>     > > > >              SP EntityID  :  /wapps/distributors
>     > > > >              Page I am visiting directly :
> https://www.xxxx.com/w
>     > > > > apps/
>     > > > > distributors/protected/nachannelsearch.html
>     > > > >              Server : 2 Jboss 6 servers running behind a LB
>     > > > >
>     > > > > Please let me know in case this is something related to
>     > > > > configuration or
>     > > > > might be some issue related to proxies or load balancers in my
>     > > > environment.
>     > > > >
>     > > > >
>     > > >
>     > > > _______________________________________________
>     > > > keycloak-user mailing list
>     > > > keycloak-user at lists.jboss.org
>     > > > https://lists.jboss.org/mailman/listinfo/keycloak-user
>     > > >
>     > >
>     > >
>     > >
>     >
>
>
>
>     --
>     Thanks,
>     Pulkit
>     AMS
>     _______________________________________________
>     keycloak-user mailing list
>     keycloak-user at lists.jboss.org
>     https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>

More information about the keycloak-user mailing list