[keycloak-user] KeycloakOIDCFilter infinite loop after authentication

Thomas Isaksen thomas.isaksen at sysco.no
Wed Jan 24 02:46:40 EST 2018


I changed my filter to /secret/index.html but it's still looping the redirect.  I also checked that 3rd party cookies are allowed.
I don't know what else to try.


./t

-----Original Message-----
From: Tero Ahonen [mailto:tahonen at redhat.com] 
Sent: tirsdag 23. januar 2018 16.30
To: BlackBellamy <blackbellamy at posteo.de>
Cc: Thomas Isaksen <thomas.isaksen at sysco.no>; keycloak-user at lists.jboss.org
Subject: Re: [keycloak-user] KeycloakOIDCFilter infinite loop after authentication

Just to check...are u sure that filter mapping isn’t causes that loop :)

.t

Sent from my iPhone

> On 23 Jan 2018, at 17.10, BlackBellamy <blackbellamy at posteo.de> wrote:
> 
> Just to be sure: Did you perhaps set your browser to not accept 
> 3rd-party-cookies? Cost me half a morning once to figure out the 
> reason for an infinite loop...
> 
> 
>> On 01/23/2018 03:18 PM, Thomas Isaksen wrote:
>> Anyone? This is the only thing stopping me from throwing out Oracle 
>> Access Manager. I need this to work :-)
>> 
>> ./t
>> 
>> -----Original Message-----
>> From: keycloak-user-bounces at lists.jboss.org 
>> [mailto:keycloak-user-bounces at lists.jboss.org] On Behalf Of Thomas 
>> Isaksen
>> Sent: mandag 22. januar 2018 14.32
>> To: keycloak-user at lists.jboss.org
>> Subject: [keycloak-user] KeycloakOIDCFilter infinite loop after 
>> authentication
>> 
>> [This sender failed our fraud detection checks and may not be who 
>> they appear to be. Learn about spoofing at 
>> http://aka.ms/LearnAboutSpoofing]
>> 
>> Hi
>> 
>> I tried sending another mail containing a fiddler log but it bounced 
>> for some reason. Anyway,
>> 
>> I have configured the filter on weblogic 12.2.1.3 as follows:
>> 
>> <filter>
>>    <filter-name>Keycloak Filter</filter-name>
>>    <filter-class>org.keycloak.adapters.servlet.KeycloakOIDCFilter</filter-class>
>>    <init-param>
>>        <param-name>keycloak.config.skipPattern</param-name>
>>        <param-value>^(example1|example2|whatever).*</param-value>
>>    </init-param>
>> </filter>
>> <filter-mapping>
>>    <filter-name>Keycloak Filter</filter-name>
>>    <url-pattern>/keycloak/*</url-pattern>
>>    <url-pattern>/*</url-pattern>
>> </filter-mapping>
>> 
>> My keycloak.json is located in /WEB-INF/
>> 
>> {
>>  "realm": "Toyota Development",
>>  "auth-server-url": "http://localhost:18080/auth",
>>  "ssl-required": "external",
>>  "resource": "dummyWeb",
>>  "credentials": {
>>    "secret": "e9be44b7-394b-40d9-a8c0-203cdb9c450b"
>>  },
>>  "confidential-port": 0
>> }
>> 
>> Client config:
>> 
>> Root URL: http://dev.toyota.no:7002/DummyWeb/
>> Valid Redirect URIs: http://dev.toyota.no:7002/DummyWeb/*
>> Base URL: http://dev.toyota.no:7002/DummyWeb/
>> Admin URL: http://dev.toyota.no:7002/DummyWeb/keycloak
>> Web Origins: http://localhost:8080 (keycloak server) 
>> http://dev.toyota.no.no:7002
>> 
>> 
>> Looks like I am getting authenticated but browser is stuck in an infinite loop. If I close the browser and try the same URL again it will go into a loop again unless I clear sessions from the keycloak admin console.
>> 
>> You can see the fiddler log or log as text here:
>> https://drive.google.com/drive/folders/1HiwSEe0WBWny3BQCrmXKz3LdNXVRx
>> VVW?usp=sharing
>> 
>> If someone could please have a look at it I would be super happy!
>> Thanks!
>> 
>> --
>> Thomas Isaksen
>> 
>> 
>> 
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>> 
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>> 
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user



More information about the keycloak-user mailing list