[keycloak-user] KeycloakOIDCFilter infinite loop after authentication

Thomas Isaksen thomas.isaksen at sysco.no
Tue Jan 23 09:18:42 EST 2018 

Anyone? This is the only thing stopping me from throwing out Oracle Access Manager. I need this to work :-) 

./t

-----Original Message-----
From: keycloak-user-bounces at lists.jboss.org [mailto:keycloak-user-bounces at lists.jboss.org] On Behalf Of Thomas Isaksen
Sent: mandag 22. januar 2018 14.32
To: keycloak-user at lists.jboss.org
Subject: [keycloak-user] KeycloakOIDCFilter infinite loop after authentication

[This sender failed our fraud detection checks and may not be who they appear to be. Learn about spoofing at http://aka.ms/LearnAboutSpoofing]

Hi

I tried sending another mail containing a fiddler log but it bounced for some reason. Anyway,

I have configured the filter on weblogic 12.2.1.3 as follows:

<filter>
    <filter-name>Keycloak Filter</filter-name>
    <filter-class>org.keycloak.adapters.servlet.KeycloakOIDCFilter</filter-class>
    <init-param>
        <param-name>keycloak.config.skipPattern</param-name>
        <param-value>^(example1|example2|whatever).*</param-value>
    </init-param>
</filter>
<filter-mapping>
    <filter-name>Keycloak Filter</filter-name>
    <url-pattern>/keycloak/*</url-pattern>
    <url-pattern>/*</url-pattern>
</filter-mapping>

My keycloak.json is located in /WEB-INF/

{
  "realm": "Toyota Development",
  "auth-server-url": "http://localhost:18080/auth",
  "ssl-required": "external",
  "resource": "dummyWeb",
  "credentials": {
    "secret": "e9be44b7-394b-40d9-a8c0-203cdb9c450b"
  },
  "confidential-port": 0
}

Client config:

Root URL: http://dev.toyota.no:7002/DummyWeb/
Valid Redirect URIs: http://dev.toyota.no:7002/DummyWeb/*
Base URL: http://dev.toyota.no:7002/DummyWeb/
Admin URL: http://dev.toyota.no:7002/DummyWeb/keycloak
Web Origins: http://localhost:8080 (keycloak server) http://dev.toyota.no.no:7002


Looks like I am getting authenticated but browser is stuck in an infinite loop. If I close the browser and try the same URL again it will go into a loop again unless I clear sessions from the keycloak admin console.

You can see the fiddler log or log as text here:
https://drive.google.com/drive/folders/1HiwSEe0WBWny3BQCrmXKz3LdNXVRxVVW?usp=sharing

If someone could please have a look at it I would be super happy!
Thanks!

--
Thomas Isaksen



_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user

More information about the keycloak-user mailing list