[keycloak-user] KeyCloak POC with minimal setup, won't work in IE

Simon Payne simonpayne58 at gmail.com
Fri Dec 8 06:45:52 EST 2017 

Hi, is that localhost of your application or localhost of keycloak?  and
would you already have a single signon session in the browser?

is your client setup correctly to accept your non local domain as a valid
redirect url etc?

Simon.



On Fri, Dec 8, 2017 at 11:06 AM, Thomas Peeters <thomas.peeters1 at telenet.be>
wrote:

>
> I've made a POC to show some required functionality for some of our
> applications using Keycloak. Mainly, secured URL and SSO.
> The POC consists of a minimal setup: no SSL, ...
>
> We're using JBoss EAP 6.4 as application server, Spring-security (with
> keycloak adapter), front-end is JSF 2.1 with RichFaces 4.
>
> I've rather easily gotten it to work in all browsers except for IE outside
> of localhost. Meaning, it all seems to work when everything is configured
> for localhost addresses.
>
> Then when I deploy it all to a staging area where I don't use localhost
> anymore it just won't work in IE (8,9,10). Which is kind of a showstopper
> because some old (poorly written) applications in the SSO domain ony work
> in IE.
>
>
> What happens:
>
> I enter the application URL in IE, the browser should redirect me to the
> keycloak login page. However that doesn't happen and I only see my own
> 'access denied 401' page.
> Attempting to open the administration console of Keycloak shows me
> ''{{notification.header}} {{notification.message}} ", with loading... at
> the left-hand bottom of the screen. This does work when the address used is
> localhost, in fact, everything works using localhost.
> It even works in Edge, not that means much.
>
> I can't find much about this online, except for a handful pages that don't
> seem to add much info (to me).
>
> KeyCloak 3.4.0.Final
> Keycloak-spring-security-adapter 3.4.0.Final (Maven)
> Spring Security (web & config + transitive dependencies) 3.2.0.RELEASE
> JBoss 6.4 EAP
>
>
> Keycloak.json:
>
> {
> "realm" : "<realmname>" ,
> "auth-server-url" : "<non-localhost - non-https address>" ,
> "ssl-required" : "none" ,
> "resource" : "<client name>" ,
> "public-client" : true
> }
>
> Which was extracted from the keycloak admin console.
>
> I'm putting way too much time into this, and I'm not sure anymore where to
> look. And I find it quite odd that it works with localhost names.
>
> Thanks for reading
> T
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>

More information about the keycloak-user mailing list