[keycloak-user] Keycloak, iframe, Safari and cookies

[Kristoffer Skaret]

Our organization is implementing an OIDC platform based on Keycloak, and so
far we are over all happy with the result. But we are left with one major
issue regarding cookies and iframes.


Background:

   - Our OIDC platform will be exposed through public domain on the
   Internet, and will be used as an authentication service in a long range of
   different web sites
   - As a result, the clients to our service will run on different domains
   - Many of the client applications will prefer to present the OIDC user
   interface in an iFrame


The problem came up when we tried running with this setup using the Safari
browser. As it seems, Safari treats cookies presented in an iframe as 3rd
party cookies. So the browser will refuse to save these, unless a similar
cookie has already been presented.

   - Has anybody else experience with this issue?
   - Any suggested solutions?


As we have learned, Keycloak is very dependent upon cookies regarding many
different aspects of the functionality. However, we are considering the
option to try and make a fork of Keycloak without the need for cookies.
Many aspects, such as cookie-based SSO are not relevant In our solution.


Thanks,

Kristoffer