[keycloak-user] multiple redirects after authentication
Marek Posolda
mposolda at redhat.com
Thu Oct 6 04:48:11 EDT 2016
Some related docs is here :
https://keycloak.gitbooks.io/securing-client-applications-guide/content/v/2.2/topics/oidc/java/application-clustering.html
Marek
On 06/10/16 08:46, Pulkit Gupta wrote:
> Hi All,
>
> Just a thought, can this be related to session replication.
> Also where can I find more documentation on how Keycloak uses sessions or
> saml tokens to authenticate users.
> Might be once I know the internal working of the adapter and the server
> authentication involved I can try something more.
>
> Regards,
> Pulkit.
>
> On Tue, Oct 4, 2016 at 9:41 PM, Pulkit Gupta <pulgupta at redhat.com> wrote:
>
>> Hi Jared,
>>
>> We already have <distributable /> in our web.xml but.still facing the
>> issue.
>> Also Chris, no this is a Java adapter for Jboss.
>>
>> Regards,
>> Pulkit.
>>
>> On Tue, Oct 4, 2016 at 9:23 PM, Jared Blashka <jblashka at redhat.com> wrote:
>>
>>> Just a guess, but if your app is behind a load balancer you need to have
>>> either sticky sessions on (to make sure client requests always end up at
>>> the same server) or put the <distributable/> tag in your web.xml to enable
>>> session replication between nodes. We had a similar issue that was resolved
>>> by enabling session replication.
>>>
>>> Jared
>>>
>>> On Oct 4, 2016 11:25 AM, "Chris Savory" <chris.savory at edlogics.com>
>>> wrote:
>>>
>>>> Is this using the JavaScript adapter? We ran into a similar problem
>>>> yesterday.
>>>>
>>>> --
>>>> Christopher Savory
>>>> Software Engineer | EdLogics
>>>> www.edlogics.com <http://www.edlogics.com/>
>>>>
>>>> <http://www.edlogics.com/>
>>>> <https://www.linkedin.com/company/edlogics> <
>>>> https://twitter.com/EdLogics>
>>>>
>>>> On 10/4/16, 9:45 AM, "keycloak-user-bounces at lists.jboss.org on behalf
>>>> of Pulkit Gupta" <keycloak-user-bounces at lists.jboss.org on behalf of
>>>> pulgupta at redhat.com> wrote:
>>>>
>>>> Hi Josh,
>>>>
>>>> I have the paths with trailing slashes in my web.xml. Just my
>>>> entityId does
>>>> not has a trailing slash.
>>>> Also the application sometime works in one assertion and sometime it
>>>> will
>>>> take 3-4 round trips but it always works eventually.
>>>> We enabled the debug logging but it seems adapter does not put
>>>> anything in
>>>> the logs.
>>>>
>>>> I am not sure where to look next. In case you can think of anything
>>>> else
>>>> that will really help me unblock myself.
>>>>
>>>> Regards,
>>>> Pulkit.
>>>>
>>>>
>>>> On Tue, Oct 4, 2016 at 7:15 PM, Josh Cain <jcain at redhat.com> wrote:
>>>>
>>>> > I used to see something similar in Picketlink if I configured a
>>>> web.xml
>>>> > without paying attention to the trailing slash (I.E.
>>>> https://example.co
>>>> > m/foo vs https://example.com/foo/). The IDP would isse an
>>>> > assertion/token for the audience that did not match the security
>>>> > constraint (based on the trailing slash), then an infinite redirect
>>>> > loop would occur.
>>>> >
>>>> > Maybe check your trailing slashes?
>>>> > On Tue, 2016-10-04 at 16:21 +0530, Pulkit Gupta wrote:
>>>> > > Yes,
>>>> > >
>>>> > > I am using the standard adapter.
>>>> > > This is happening more frequently now.
>>>> > >
>>>> > > Regards,
>>>> > > Pulkit.
>>>> > >
>>>> > > On Mon, Oct 3, 2016 at 9:24 PM, Bill Burke <bburke at redhat.com>
>>>> wrote:
>>>> > >
>>>> > > >
>>>> > > > Are you using our adapters?
>>>> > > >
>>>> > > >
>>>> > > > On 10/3/16 3:13 AM, Pulkit Gupta wrote:
>>>> > > > >
>>>> > > > > Hi All,
>>>> > > > >
>>>> > > > > I am facing a problem with my keycloak integration.
>>>> > > > > When I enter the URL of my application it gets redirected to
>>>> the
>>>> > > > > keycloak
>>>> > > > > server.
>>>> > > > >
>>>> > > > > After I enter the credentials the server redirects back to my
>>>> > > > > application
>>>> > > > > URL.
>>>> > > > > Till now things look ok. Once authentication is successful
>>>> weird
>>>> > > > > thing
>>>> > > > > starts.
>>>> > > > >
>>>> > > > > Keycloak server redirects back to my application.
>>>> > > > > My application again redirects to the keycloak server which
>>>> > > > > without
>>>> > > > showing
>>>> > > > >
>>>> > > > > the login page again redirects to my application. This
>>>> happens
>>>> > > > > once or
>>>> > > > > twice after which finally my application page loads. In this
>>>> > > > > process, I
>>>> > > > can
>>>> > > > >
>>>> > > > > see multiple SAML XMLs being exchanged.
>>>> > > > >
>>>> > > > > Environment and setup Details
>>>> > > > > SP EntityID : /wapps/distributors
>>>> > > > > Page I am visiting directly :
>>>> https://www.xxxx.com/w
>>>> > > > > apps/
>>>> > > > > distributors/protected/nachannelsearch.html
>>>> > > > > Server : 2 Jboss 6 servers running behind a LB
>>>> > > > >
>>>> > > > > Please let me know in case this is something related to
>>>> > > > > configuration or
>>>> > > > > might be some issue related to proxies or load balancers in
>>>> my
>>>> > > > environment.
>>>> > > > >
>>>> > > > >
>>>> > > >
>>>> > > > _______________________________________________
>>>> > > > keycloak-user mailing list
>>>> > > > keycloak-user at lists.jboss.org
>>>> > > > https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>> > > >
>>>> > >
>>>> > >
>>>> > >
>>>> >
>>>>
>>>>
>>>>
>>>> --
>>>> Thanks,
>>>> Pulkit
>>>> AMS
>>>> _______________________________________________
>>>> keycloak-user mailing list
>>>> keycloak-user at lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> keycloak-user mailing list
>>>> keycloak-user at lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>
>>
>> --
>> Thanks,
>> Pulkit
>> AMS
>>
>
>
More information about the keycloak-user
mailing list