[keycloak-user] multiple redirects after authentication

Pulkit Gupta pulgupta at redhat.com
Thu Oct 6 02:46:15 EDT 2016 

Hi All,

Just  a thought, can this be related to session replication.
Also where can I find more documentation on how Keycloak uses sessions or
saml tokens to authenticate users.
Might be once I know the internal working of the adapter and the server
authentication involved I can try something more.

Regards,
Pulkit.

On Tue, Oct 4, 2016 at 9:41 PM, Pulkit Gupta <pulgupta at redhat.com> wrote:

> Hi Jared,
>
> We already have <distributable /> in our web.xml but.still facing the
> issue.
> Also Chris, no this is a Java adapter for Jboss.
>
> Regards,
> Pulkit.
>
> On Tue, Oct 4, 2016 at 9:23 PM, Jared Blashka <jblashka at redhat.com> wrote:
>
>> Just a guess, but if your app is behind a load balancer you need to have
>> either sticky sessions on (to make sure client requests always end up at
>> the same server) or put the <distributable/> tag in your web.xml to enable
>> session replication between nodes. We had a similar issue that was resolved
>> by enabling session replication.
>>
>> Jared
>>
>> On Oct 4, 2016 11:25 AM, "Chris Savory" <chris.savory at edlogics.com>
>> wrote:
>>
>>> Is this using the JavaScript adapter? We ran into a similar problem
>>> yesterday.
>>>
>>> --
>>> Christopher Savory
>>> Software Engineer | EdLogics
>>> www.edlogics.com <http://www.edlogics.com/>
>>>
>>>  <http://www.edlogics.com/>
>>>  <https://www.linkedin.com/company/edlogics> <
>>> https://twitter.com/EdLogics>
>>>
>>> On 10/4/16, 9:45 AM, "keycloak-user-bounces at lists.jboss.org on behalf
>>> of Pulkit Gupta" <keycloak-user-bounces at lists.jboss.org on behalf of
>>> pulgupta at redhat.com> wrote:
>>>
>>>     Hi Josh,
>>>
>>>     I have the paths with trailing slashes in my web.xml. Just my
>>> entityId does
>>>     not has a trailing slash.
>>>     Also the application sometime works in one assertion and sometime it
>>> will
>>>     take 3-4 round trips but it always works eventually.
>>>     We enabled the debug logging but it seems adapter does not put
>>> anything in
>>>     the logs.
>>>
>>>     I am not sure where to look next. In case you can think of anything
>>> else
>>>     that will really help me unblock myself.
>>>
>>>     Regards,
>>>     Pulkit.
>>>
>>>
>>>     On Tue, Oct 4, 2016 at 7:15 PM, Josh Cain <jcain at redhat.com> wrote:
>>>
>>>     > I used to see something similar in Picketlink if I configured a
>>> web.xml
>>>     > without paying attention to the trailing slash (I.E.
>>> https://example.co
>>>     > m/foo vs https://example.com/foo/).  The IDP would isse an
>>>     > assertion/token for the audience that did not match the security
>>>     > constraint (based on the trailing slash), then an infinite redirect
>>>     > loop would occur.
>>>     >
>>>     > Maybe check your trailing slashes?
>>>     > On Tue, 2016-10-04 at 16:21 +0530, Pulkit Gupta wrote:
>>>     > > Yes,
>>>     > >
>>>     > > I am using the standard adapter.
>>>     > > This is happening more frequently now.
>>>     > >
>>>     > > Regards,
>>>     > > Pulkit.
>>>     > >
>>>     > > On Mon, Oct 3, 2016 at 9:24 PM, Bill Burke <bburke at redhat.com>
>>> wrote:
>>>     > >
>>>     > > >
>>>     > > > Are you using our adapters?
>>>     > > >
>>>     > > >
>>>     > > > On 10/3/16 3:13 AM, Pulkit Gupta wrote:
>>>     > > > >
>>>     > > > > Hi All,
>>>     > > > >
>>>     > > > > I am facing a problem with my keycloak integration.
>>>     > > > > When I enter the URL of my application it gets redirected to
>>> the
>>>     > > > > keycloak
>>>     > > > > server.
>>>     > > > >
>>>     > > > > After I enter the credentials the server redirects back to my
>>>     > > > > application
>>>     > > > > URL.
>>>     > > > > Till now things look ok. Once authentication is successful
>>> weird
>>>     > > > > thing
>>>     > > > > starts.
>>>     > > > >
>>>     > > > > Keycloak server redirects back to my application.
>>>     > > > > My application again redirects to the keycloak server which
>>>     > > > > without
>>>     > > > showing
>>>     > > > >
>>>     > > > > the login page again redirects to my application. This
>>> happens
>>>     > > > > once or
>>>     > > > > twice after which finally my application page loads. In this
>>>     > > > > process, I
>>>     > > > can
>>>     > > > >
>>>     > > > > see multiple SAML XMLs being exchanged.
>>>     > > > >
>>>     > > > > Environment and setup Details
>>>     > > > >              SP EntityID  :  /wapps/distributors
>>>     > > > >              Page I am visiting directly :
>>> https://www.xxxx.com/w
>>>     > > > > apps/
>>>     > > > > distributors/protected/nachannelsearch.html
>>>     > > > >              Server : 2 Jboss 6 servers running behind a LB
>>>     > > > >
>>>     > > > > Please let me know in case this is something related to
>>>     > > > > configuration or
>>>     > > > > might be some issue related to proxies or load balancers in
>>> my
>>>     > > > environment.
>>>     > > > >
>>>     > > > >
>>>     > > >
>>>     > > > _______________________________________________
>>>     > > > keycloak-user mailing list
>>>     > > > keycloak-user at lists.jboss.org
>>>     > > > https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>     > > >
>>>     > >
>>>     > >
>>>     > >
>>>     >
>>>
>>>
>>>
>>>     --
>>>     Thanks,
>>>     Pulkit
>>>     AMS
>>>     _______________________________________________
>>>     keycloak-user mailing list
>>>     keycloak-user at lists.jboss.org
>>>     https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>>
>>>
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>
>
>
> --
> Thanks,
> Pulkit
> AMS
>



-- 
Thanks,
Pulkit
AMS

More information about the keycloak-user mailing list