[keycloak-user] KeyCloak POC with minimal setup, won't work in IE

[Thomas Peeters]

I've made a POC to show some required functionality for some of our applications using Keycloak. Mainly, secured URL and SSO. 
The POC consists of a minimal setup: no SSL, ... 

We're using JBoss EAP 6.4 as application server, Spring-security (with keycloak adapter), front-end is JSF 2.1 with RichFaces 4. 

I've rather easily gotten it to work in all browsers except for IE outside of localhost. Meaning, it all seems to work when everything is configured for localhost addresses. 

Then when I deploy it all to a staging area where I don't use localhost anymore it just won't work in IE (8,9,10). Which is kind of a showstopper because some old (poorly written) applications in the SSO domain ony work in IE. 


What happens: 

I enter the application URL in IE, the browser should redirect me to the keycloak login page. However that doesn't happen and I only see my own 'access denied 401' page. 
Attempting to open the administration console of Keycloak shows me ''{{notification.header}} {{notification.message}} ", with loading... at the left-hand bottom of the screen. This does work when the address used is localhost, in fact, everything works using localhost. 
It even works in Edge, not that means much. 

I can't find much about this online, except for a handful pages that don't seem to add much info (to me). 

KeyCloak 3.4.0.Final 
Keycloak-spring-security-adapter 3.4.0.Final (Maven) 
Spring Security (web & config + transitive dependencies) 3.2.0.RELEASE 
JBoss 6.4 EAP 


Keycloak.json: 

{ 
"realm" : "<realmname>" , 
"auth-server-url" : "<non-localhost - non-https address>" , 
"ssl-required" : "none" , 
"resource" : "<client name>" , 
"public-client" : true 
} 

Which was extracted from the keycloak admin console. 

I'm putting way too much time into this, and I'm not sure anymore where to look. And I find it quite odd that it works with localhost names. 

Thanks for reading 
T