<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">

</head>

<body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-family: Calibri, sans-serif;">

<div>Ran into your issue, found that securing the channel between nginx and keycloak did the trick.</div>

<div>—Doug</div>

<div><br>

</div>

<span id="OLK_SRC_BODY_SECTION">

<div style="font-family:Calibri; font-size:11pt; text-align:left; color:black; BORDER-BOTTOM: medium none; BORDER-LEFT: medium none; PADDING-BOTTOM: 0in; PADDING-LEFT: 0in; PADDING-RIGHT: 0in; BORDER-TOP: #b5c4df 1pt solid; BORDER-RIGHT: medium none; PADDING-TOP: 3pt">

<span style="font-weight:bold">From: </span>&lt;<a href="mailto:keycloak-user-bounces@lists.jboss.org">keycloak-user-bounces@lists.jboss.org</a>&gt; on behalf of Adrian Matei &lt;<a href="mailto:adrianmatei@gmail.com">adrianmatei@gmail.com</a>&gt;<br>

<span style="font-weight:bold">Date: </span>Friday, January 29, 2016 at 4:12 AM<br>

<span style="font-weight:bold">To: </span>Marek Posolda &lt;<a href="mailto:mposolda@redhat.com">mposolda@redhat.com</a>&gt;<br>

<span style="font-weight:bold">Cc: </span>keycloak-user &lt;<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a>&gt;<br>

<span style="font-weight:bold">Subject: </span>Re: [keycloak-user] keycloak &#43; nginx reverse proxy &#43; too many redirects issue<br>

</div>

<div><br>

</div>

<div>

<div>

<div dir="ltr">Hi Marek,

<div><br>

</div>

<div>everything works fine with both fb and google logins via nginx as reverse proxy, as long as I do everything over HTTP. Once I switch to HTTPS now I get either &quot;Invalid parameter:redirect_uri&quot; (the redirect_uri query parameter is generated with

<b>http, not https</b> in the navigation bar) before reaching the login form dialog or the redirect loops (fb login) or&nbsp;<span style="margin:0px;padding:0px;font-size:15px;line-height:22px">Error: redirect_uri_mismatch with google<b>&nbsp;</b>login&nbsp;</span>if I manage

 to get passed that... In the realm client configuration I've added both&nbsp;<a href="https://podcastmania.ro/*">https://podcastmania.ro/*</a> and&nbsp;<a href="http://podcastmania.ro/*">http://podcastmania.ro/*</a> as valid redirect URIs.&nbsp;</div>

<div><br>

</div>

<div>Note: the builtin account application can be accessed correctly both with fb and google via https too...</div>

<div><br>

</div>

<div>I guess the next step would be to try to secure also the channel between nginx and keycloak, but that shouldn't be mandatory right?...&nbsp;</div>

<div><br>

</div>

<div>Thanks,</div>

<div>Adrian</div>

<div class="gmail_extra"><br>

<div class="gmail_quote">On Thu, Jan 28, 2016 at 3:35 PM, Marek Posolda <span dir="ltr">

&lt;<a href="mailto:mposolda@redhat.com" target="_blank">mposolda@redhat.com</a>&gt;</span> wrote:<br>

<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">

<div bgcolor="#FFFFFF" text="#000000">

<div>Does login through Google works if you don't use nginx proxy? Is there anything in the log?<span class=""><font color="#888888"><br>

<br>

Marek</font></span>

<div>

<div class="h5"><br>

<br>

On 28/01/16 13:23, Adrian Matei wrote:<br>

</div>

</div>

</div>

<div>

<div class="h5">

<blockquote type="cite">

<div dir="ltr">Thanks Marek, that fixed the NoClassDefFoundError, but now I am getting the same &quot;This webpage has a redirect loop&quot;&nbsp;message&nbsp;when trying to sign in with Google also...

<div class="gmail_extra"><br>

<div class="gmail_quote">On Thu, Jan 28, 2016 at 12:28 PM, Marek Posolda <span dir="ltr">

&lt;<a href="mailto:mposolda@redhat.com" target="_blank">mposolda@redhat.com</a>&gt;</span> wrote:<br>

<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">

<div bgcolor="#FFFFFF" text="#000000">

<div>I suppose you're using Keycloak 1.7? There is known issue related to this NoClassDefFoundError . You can workaround it by edit file $KEYCLOAK_HOME/modules/system/layers/base/org/keycloak/keycloak-login-freemarker/main/module.xml and add the line:<br>

<br>

&lt;module name=&quot;org.keycloak.keycloak-broker-core&quot;/&gt;<br>

<br>

into dependencies section. Same for module $KEYCLOAK_HOME/modules/system/layers/base/org/keycloak/keycloak-email-freemarker/main/module.xml<br>

<br>

Marek

<div>

<div><br>

<br>

<br>

On 28/01/16 06:47, Adrian Matei wrote:<br>

</div>

</div>

</div>

<blockquote type="cite">

<div>

<div>

<div dir="ltr">Hi everyone,

<div><br>

</div>

<div>I am experimenting &quot;too many redirects&quot;/infinite loops issues in the browser when I try to connect with social providers. I am also getting internal server error on Chrome via google account (Caused by: java.lang.NoClassDefFoundError: org/keycloak/broker/provider/BrokeredIdentityContext).

 It might be my configuration, but I did everything &quot;by the book&quot;:</div>

<div><br>

</div>

<div># realm Require SSL:none</div>

<div><br>

</div>

<div>#nginx</div>

<div>

<div style="color:rgb(80,0,80);font-size:12.8px">

<div>http {</div>

<div>&nbsp; &nbsp; &nbsp; &nbsp; gzip on;</div>

<div>&nbsp; &nbsp; &nbsp; &nbsp; gzip_proxied any;</div>

<div>&nbsp; &nbsp; &nbsp; &nbsp; #gzip_proxied no-cache no-store private expired auth;</div>

<div>&nbsp; &nbsp; &nbsp; &nbsp; gzip_types text/plain text/html text/css application/json application/x-javascript &nbsp;application/xml application/xml&#43;rss text/javascript application/javascript text/x-js;</div>

<div>&nbsp; &nbsp; &nbsp; &nbsp; #gzip_min_length 1000;</div>

<div><br>

</div>

<div><br>

</div>

<div>&nbsp; &nbsp; &nbsp; &nbsp; server_tokens off; #hides nginx version and OS running on</div>

<div>&nbsp; &nbsp; &nbsp; &nbsp; include /etc/nginx/mime.types;</div>

<div><br>

</div>

<div><br>

</div>

<div>&nbsp; &nbsp; &nbsp; &nbsp; upstream tomcat_server {</div>

<div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; server localhost:8080;</div>

<div>&nbsp; &nbsp; &nbsp; &nbsp; }</div>

<div>&nbsp; &nbsp; &nbsp; &nbsp; upstream keycloak_server {</div>

<div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; server localhost:8180;</div>

<div>&nbsp; &nbsp; &nbsp; &nbsp; }</div>

<div><br>

</div>

<div>&nbsp; &nbsp; &nbsp; &nbsp; server {</div>

<div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; listen 80;</div>

<div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; server_name&nbsp;<a href="http://podcastmania.ro/" target="_blank">podcastmania.ro</a>;</div>

<div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; return 301 <a href="https://$host$request_uri" target="_blank">

</a><a href="https://$host$request_uri" target="_blank">https://$host$request_uri</a>;</div>

<div>&nbsp; &nbsp; &nbsp; &nbsp; }</div>

<div><br>

</div>

<div>&nbsp; &nbsp; &nbsp; &nbsp; server {</div>

<div><br>

</div>

<div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; listen 443 ssl;</div>

<div><br>

</div>

<div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; server_name&nbsp;<a href="http://podcastmania.ro/" target="_blank">podcastmania.ro</a>&nbsp;<a href="http://www.podcastmania.ro" target="_blank"></a><a href="http://www.podcastmania.ro" target="_blank">www.podcastmania.ro</a>;</div>

<div><br>

</div>

<div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;ssl_certificate /etc/nginx/ssl/nginx.crt;</div>

<div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;ssl_certificate_key /etc/nginx/ssl/nginx.key;</div>

</div>

<div style="color:rgb(80,0,80);font-size:12.8px">

<div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;location / {</div>

<div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; root /opt/tomcat/webapps/ROOT;</div>

<div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; try_files $uri /maintenance.html @tomcat;</div>

<div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</div>

<div><br>

</div>

<div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; location @tomcat {</div>

<div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; proxy_pass&nbsp;<a href="http://tomcat_server/" target="_blank"></a><a href="http://tomcat_server" target="_blank">http://tomcat_server</a>;</div>

<div><br>

</div>

<div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; proxy_set_header Host $host; #to change the &quot;Host&quot; header set by default to $proxy_host to $host - the originating host request</div>

<div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; proxy_set_header X-Real-IP &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;$remote_addr;</div>

<div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; proxy_set_header X-Forwarded-For &nbsp; &nbsp;$proxy_add_x_forwarded_for;</div>

<div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; proxy_set_header X-Forwarded-Proto &nbsp;$scheme;</div>

<div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</div>

<div><br>

</div>

<div><br>

</div>

<div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; location /auth/ {</div>

<div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; root &nbsp; /opt/keycloak/standalone/configuration/themes/keycloak/;</div>

<div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; try_files $uri @keycloak;</div>

<div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</div>

<div><br>

</div>

<div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;location @keycloak {</div>

<div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; proxy_pass&nbsp;<a href="http://keycloak_server/" target="_blank"></a><a href="http://keycloak_server" target="_blank">http://keycloak_server</a>;</div>

<div><br>

</div>

<div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; proxy_set_header Host &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; $host;</div>

<div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; proxy_set_header X-Real-IP &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;$remote_addr;</div>

<div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; proxy_set_header X-Forwarded-For &nbsp; &nbsp;$proxy_add_x_forwarded_for;</div>

<div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; proxy_set_header X-Forwarded-Proto &nbsp;$scheme;</div>

<div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; proxy_set_header X-Forwarded-Port &nbsp; 443;</div>

<div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }</div>

<div><br>

</div>

<div><br>

</div>

<div>&nbsp; &nbsp; &nbsp; &nbsp; }</div>

</div>

<div style="color:rgb(80,0,80);font-size:12.8px"><br>

</div>

<div style="color:rgb(80,0,80);font-size:12.8px"><br>

</div>

<div style="color:rgb(80,0,80);font-size:12.8px"># standalone.xml</div>

<div style="color:rgb(80,0,80);font-size:12.8px">

<div>&nbsp; &nbsp; &nbsp; &nbsp; &lt;subsystem xmlns=&quot;urn:jboss:domain:undertow:2.0&quot;&gt;</div>

<div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;buffer-cache name=&quot;default&quot;/&gt;</div>

<div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;server name=&quot;default-server&quot;&gt;</div>

<div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;http-listener name=&quot;default&quot; socket-binding=&quot;http&quot;&nbsp;<b>redirect-socket=&quot;proxy-https&quot; &nbsp;proxy-address-forwarding=&quot;true&quot;</b>/&gt;</div>

<div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;host name=&quot;default-host&quot; alias=&quot;localhost&quot;&gt;</div>

<div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;location name=&quot;/&quot; handler=&quot;welcome-content&quot;/&gt;</div>

<div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;filter-ref name=&quot;server-header&quot;/&gt;</div>

<div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;filter-ref name=&quot;x-powered-by-header&quot;/&gt;</div>

<div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;/host&gt;</div>

<div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;/server&gt;</div>

</div>

<div style="color:rgb(80,0,80);font-size:12.8px"><br>

</div>

<div style="color:rgb(80,0,80);font-size:12.8px">

<div>&nbsp; &nbsp; &lt;socket-binding-group name=&quot;standard-sockets&quot; default-interface=&quot;public&quot; port-offset=&quot;${jboss.socket.binding.port-offset:100}&quot;&gt;</div>

<div>&nbsp; &nbsp; &nbsp; &nbsp; &lt;socket-binding name=&quot;management-http&quot; interface=&quot;management&quot; port=&quot;${jboss.management.http.port:9990}&quot;/&gt;</div>

<div>&nbsp; &nbsp; &nbsp; &nbsp; &lt;socket-binding name=&quot;management-https&quot; interface=&quot;management&quot; port=&quot;${jboss.management.https.port:9993}&quot;/&gt;</div>

<div>&nbsp; &nbsp; &nbsp; &nbsp; &lt;socket-binding name=&quot;ajp&quot; port=&quot;${jboss.ajp.port:8009}&quot;/&gt;</div>

<div>&nbsp; &nbsp; &nbsp; &nbsp; &lt;socket-binding name=&quot;http&quot; port=&quot;${jboss.http.port:8080}&quot;/&gt;</div>

<div>&nbsp; &nbsp; &nbsp; &nbsp; &lt;socket-binding name=&quot;https&quot; port=&quot;${jboss.https.port:8443}&quot;/&gt;</div>

<div>&nbsp; &nbsp; &nbsp; &nbsp; &lt;socket-binding name=&quot;txn-recovery-environment&quot; port=&quot;4712&quot;/&gt;</div>

<div>&nbsp; &nbsp; &nbsp; &nbsp; &lt;socket-binding name=&quot;txn-status-manager&quot; port=&quot;4713&quot;/&gt;</div>

<div><b>&nbsp; &nbsp; &nbsp; &nbsp; &lt;socket-binding name=&quot;proxy-https&quot; port=&quot;443&quot;/&gt;</b></div>

<div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&lt;outbound-socket-binding name=&quot;mail-smtp&quot;&gt;</div>

<div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;remote-destination host=&quot;localhost&quot; port=&quot;25&quot;/&gt;</div>

<div>&nbsp; &nbsp; &nbsp; &nbsp; &lt;/outbound-socket-binding&gt;</div>

<div>&nbsp; &nbsp; &lt;/socket-binding-group&gt;</div>

</div>

<div style="color:rgb(80,0,80);font-size:12.8px"><br>

</div>

</div>

<div style="color:rgb(80,0,80);font-size:12.8px"># <a>app:spring</a> security configuration</div>

<div style="color:rgb(80,0,80);font-size:12.8px">

<pre style="color:rgb(0,0,0);font-family:Menlo;font-size:9pt"><span style="background-color:rgb(239,239,239)">&lt;</span><span style="color:rgb(102,14,122);font-weight:bold;background-color:rgb(239,239,239)">context</span><span style="color:rgb(0,0,128);font-weight:bold;background-color:rgb(239,239,239)">:component-scan </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">base-package</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;org.keycloak.adapters.springsecurity&quot; </span><span style="background-color:rgb(239,239,239)">/&gt;</span><span style="background-color:rgb(239,239,239)">&lt;</span><span style="color:rgb(102,14,122);font-weight:bold;background-color:rgb(239,239,239)">security</span><span style="color:rgb(0,0,128);font-weight:bold;background-color:rgb(239,239,239)">:authentication-manager </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">alias</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;authenticationManager&quot;</span><span style="background-color:rgb(239,239,239)">&gt;</span>

  <span style="background-color:rgb(239,239,239)">&lt;</span><span style="color:rgb(102,14,122);font-weight:bold;background-color:rgb(239,239,239)">security</span><span style="color:rgb(0,0,128);font-weight:bold;background-color:rgb(239,239,239)">:authentication-provider </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">ref</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;keycloakAuthenticationProvider&quot; </span><span style="background-color:rgb(239,239,239)">/&gt;</span><span style="background-color:rgb(239,239,239)">&lt;/</span><span style="color:rgb(102,14,122);font-weight:bold;background-color:rgb(239,239,239)">security</span><span style="color:rgb(0,0,128);font-weight:bold;background-color:rgb(239,239,239)">:authentication-manager</span><span style="background-color:rgb(239,239,239)">&gt;</span><span style="background-color:rgb(239,239,239)">&lt;</span><span style="color:rgb(0,0,128);font-weight:bold;background-color:rgb(239,239,239)">bean </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">id</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;adapterDeploymentContext&quot; </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">class</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;org.keycloak.adapters.springsecurity.AdapterDeploymentContextBean&quot;</span><span style="background-color:rgb(239,239,239)">&gt;</span>

  <span style="background-color:rgb(239,239,239)">&lt;</span><span style="color:rgb(0,0,128);font-weight:bold;background-color:rgb(239,239,239)">constructor-arg </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">value</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;classpath:keycloak.json&quot; </span><span style="background-color:rgb(239,239,239)">/&gt;</span><span style="background-color:rgb(239,239,239)">&lt;/</span><span style="color:rgb(0,0,128);font-weight:bold;background-color:rgb(239,239,239)">bean</span><span style="background-color:rgb(239,239,239)">&gt;</span><span style="background-color:rgb(239,239,239)">&lt;</span><span style="color:rgb(0,0,128);font-weight:bold;background-color:rgb(239,239,239)">bean </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">id</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;keycloakAuthenticationEntryPoint&quot; </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">class</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;org.keycloak.adapters.springsecurity.authentication.KeycloakAuthenticationEntryPoint&quot; </span><span style="background-color:rgb(239,239,239)">/&gt;</span><span style="background-color:rgb(239,239,239)">&lt;</span><span style="color:rgb(0,0,128);font-weight:bold;background-color:rgb(239,239,239)">bean </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">id</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;keycloakAuthenticationProvider&quot; </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">class</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;org.keycloak.adapters.springsecurity.authentication.KeycloakAuthenticationProvider&quot; </span><span style="background-color:rgb(239,239,239)">/&gt;</span><span style="background-color:rgb(239,239,239)">&lt;</span><span style="color:rgb(0,0,128);font-weight:bold;background-color:rgb(239,239,239)">bean </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">id</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;keycloakPreAuthActionsFilter&quot; </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">class</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;org.keycloak.adapters.springsecurity.filter.KeycloakPreAuthActionsFilter&quot; </span><span style="background-color:rgb(239,239,239)">/&gt;</span><span style="background-color:rgb(239,239,239)">&lt;</span><span style="color:rgb(0,0,128);font-weight:bold;background-color:rgb(239,239,239)">bean </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">id</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;keycloakAuthenticationProcessingFilter&quot; </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">class</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;org.keycloak.adapters.springsecurity.filter.KeycloakAuthenticationProcessingFilter&quot;</span><span style="background-color:rgb(239,239,239)">&gt;</span>

  <span style="background-color:rgb(239,239,239)">&lt;</span><span style="color:rgb(0,0,128);font-weight:bold;background-color:rgb(239,239,239)">constructor-arg </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">name</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;authenticationManager&quot; </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">ref</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;authenticationManager&quot; </span><span style="background-color:rgb(239,239,239)">/&gt;</span><span style="background-color:rgb(239,239,239)">&lt;/</span><span style="color:rgb(0,0,128);font-weight:bold;background-color:rgb(239,239,239)">bean</span><span style="background-color:rgb(239,239,239)">&gt;</span><span style="background-color:rgb(239,239,239)">&lt;</span><span style="color:rgb(0,0,128);font-weight:bold;background-color:rgb(239,239,239)">bean </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">id</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;keycloakLogoutHandler&quot; </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">class</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;org.keycloak.adapters.springsecurity.authentication.KeycloakLogoutHandler&quot;</span><span style="background-color:rgb(239,239,239)">&gt;</span>

  <span style="background-color:rgb(239,239,239)">&lt;</span><span style="color:rgb(0,0,128);font-weight:bold;background-color:rgb(239,239,239)">constructor-arg </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">ref</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;adapterDeploymentContext&quot; </span><span style="background-color:rgb(239,239,239)">/&gt;</span><span style="background-color:rgb(239,239,239)">&lt;/</span><span style="color:rgb(0,0,128);font-weight:bold;background-color:rgb(239,239,239)">bean</span><span style="background-color:rgb(239,239,239)">&gt;</span><span style="background-color:rgb(239,239,239)">&lt;</span><span style="color:rgb(0,0,128);font-weight:bold;background-color:rgb(239,239,239)">bean </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">id</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;logoutFilter&quot; </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">class</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;org.springframework.security.web.authentication.logout.LogoutFilter&quot;</span><span style="background-color:rgb(239,239,239)">&gt;</span>

  <span style="background-color:rgb(239,239,239)">&lt;</span><span style="color:rgb(0,0,128);font-weight:bold;background-color:rgb(239,239,239)">constructor-arg </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">name</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;logoutSuccessUrl&quot; </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">value</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;/&quot; </span><span style="background-color:rgb(239,239,239)">/&gt;</span>

  <span style="background-color:rgb(239,239,239)">&lt;</span><span style="color:rgb(0,0,128);font-weight:bold;background-color:rgb(239,239,239)">constructor-arg </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">name</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;handlers&quot;</span><span style="background-color:rgb(239,239,239)">&gt;</span>

    <span style="background-color:rgb(239,239,239)">&lt;</span><span style="color:rgb(0,0,128);font-weight:bold;background-color:rgb(239,239,239)">list</span><span style="background-color:rgb(239,239,239)">&gt;</span>

      <span style="background-color:rgb(239,239,239)">&lt;</span><span style="color:rgb(0,0,128);font-weight:bold;background-color:rgb(239,239,239)">ref </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">bean</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;keycloakLogoutHandler&quot; </span><span style="background-color:rgb(239,239,239)">/&gt;</span>

      <span style="background-color:rgb(239,239,239)">&lt;</span><span style="color:rgb(0,0,128);font-weight:bold;background-color:rgb(239,239,239)">bean </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">class</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler&quot; </span><span style="background-color:rgb(239,239,239)">/&gt;</span>

    <span style="background-color:rgb(239,239,239)">&lt;/</span><span style="color:rgb(0,0,128);font-weight:bold;background-color:rgb(239,239,239)">list</span><span style="background-color:rgb(239,239,239)">&gt;</span>

  <span style="background-color:rgb(239,239,239)">&lt;/</span><span style="color:rgb(0,0,128);font-weight:bold;background-color:rgb(239,239,239)">constructor-arg</span><span style="background-color:rgb(239,239,239)">&gt;</span>

  <span style="background-color:rgb(239,239,239)">&lt;</span><span style="color:rgb(0,0,128);font-weight:bold;background-color:rgb(239,239,239)">property </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">name</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;logoutRequestMatcher&quot;</span><span style="background-color:rgb(239,239,239)">&gt;</span>

    <span style="background-color:rgb(239,239,239)">&lt;</span><span style="color:rgb(0,0,128);font-weight:bold;background-color:rgb(239,239,239)">bean </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">class</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;org.springframework.security.web.util.matcher.AntPathRequestMatcher&quot;</span><span style="background-color:rgb(239,239,239)">&gt;</span>

      <span style="background-color:rgb(239,239,239)">&lt;</span><span style="color:rgb(0,0,128);font-weight:bold;background-color:rgb(239,239,239)">constructor-arg </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">name</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;pattern&quot; </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">value</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;/sso/logout**&quot; </span><span style="background-color:rgb(239,239,239)">/&gt;</span>

      <span style="background-color:rgb(239,239,239)">&lt;</span><span style="color:rgb(0,0,128);font-weight:bold;background-color:rgb(239,239,239)">constructor-arg </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">name</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;httpMethod&quot; </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">value</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;GET&quot; </span><span style="background-color:rgb(239,239,239)">/&gt;</span>

    <span style="background-color:rgb(239,239,239)">&lt;/</span><span style="color:rgb(0,0,128);font-weight:bold;background-color:rgb(239,239,239)">bean</span><span style="background-color:rgb(239,239,239)">&gt;</span>

  <span style="background-color:rgb(239,239,239)">&lt;/</span><span style="color:rgb(0,0,128);font-weight:bold;background-color:rgb(239,239,239)">property</span><span style="background-color:rgb(239,239,239)">&gt;</span><span style="background-color:rgb(239,239,239)">&lt;/</span><span style="color:rgb(0,0,128);font-weight:bold;background-color:rgb(239,239,239)">bean</span><span style="background-color:rgb(239,239,239)">&gt;</span><span style="background-color:rgb(239,239,239)">&lt;</span><span style="color:rgb(102,14,122);font-weight:bold;background-color:rgb(239,239,239)">security</span><span style="color:rgb(0,0,128);font-weight:bold;background-color:rgb(239,239,239)">:http </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">auto-config</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;false&quot; </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">use-expressions</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;true&quot; </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">entry-point-ref</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;keycloakAuthenticationEntryPoint&quot;</span><span style="background-color:rgb(239,239,239)">&gt;</span>

  <span style="background-color:rgb(239,239,239)">&lt;</span><span style="color:rgb(102,14,122);font-weight:bold;background-color:rgb(239,239,239)">security</span><span style="color:rgb(0,0,128);font-weight:bold;background-color:rgb(239,239,239)">:custom-filter </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">ref</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;keycloakPreAuthActionsFilter&quot; </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">before</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;LOGOUT_FILTER&quot; </span><span style="background-color:rgb(239,239,239)">/&gt;</span>

  <span style="background-color:rgb(239,239,239)">&lt;</span><span style="color:rgb(102,14,122);font-weight:bold;background-color:rgb(239,239,239)">security</span><span style="color:rgb(0,0,128);font-weight:bold;background-color:rgb(239,239,239)">:custom-filter </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">ref</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;keycloakAuthenticationProcessingFilter&quot; </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">before</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;FORM_LOGIN_FILTER&quot; </span><span style="background-color:rgb(239,239,239)">/&gt;</span>

  <span style="background-color:rgb(239,239,239)">&lt;</span><span style="color:rgb(102,14,122);font-weight:bold;background-color:rgb(239,239,239)">security</span><span style="color:rgb(0,0,128);font-weight:bold;background-color:rgb(239,239,239)">:intercept-url </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">pattern</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;/users/registration&quot; </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">access</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;permitAll&quot;</span><span style="background-color:rgb(239,239,239)">/&gt;</span>

  <span style="background-color:rgb(239,239,239)">&lt;</span><span style="color:rgb(102,14,122);font-weight:bold;background-color:rgb(239,239,239)">security</span><span style="color:rgb(0,0,128);font-weight:bold;background-color:rgb(239,239,239)">:intercept-url </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">pattern</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;/users/registration/confirm-email&quot; </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">access</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;permitAll&quot;</span><span style="background-color:rgb(239,239,239)">/&gt;</span>

  <span style="background-color:rgb(239,239,239)">&lt;</span><span style="color:rgb(102,14,122);font-weight:bold;background-color:rgb(239,239,239)">security</span><span style="color:rgb(0,0,128);font-weight:bold;background-color:rgb(239,239,239)">:intercept-url </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">pattern</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;/users/registration/confirmed&quot; </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">access</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;permitAll&quot;</span><span style="background-color:rgb(239,239,239)">/&gt;</span>

  <span style="background-color:rgb(239,239,239)">&lt;</span><span style="color:rgb(102,14,122);font-weight:bold;background-color:rgb(239,239,239)">security</span><span style="color:rgb(0,0,128);font-weight:bold;background-color:rgb(239,239,239)">:intercept-url </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">pattern</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;/users/password-forgotten&quot; </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">access</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;permitAll&quot;</span><span style="background-color:rgb(239,239,239)">/&gt;</span>

  <span style="background-color:rgb(239,239,239)">&lt;</span><span style="color:rgb(102,14,122);font-weight:bold;background-color:rgb(239,239,239)">security</span><span style="color:rgb(0,0,128);font-weight:bold;background-color:rgb(239,239,239)">:intercept-url </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">pattern</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;/users/password-forgotten/confirm-email&quot; </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">access</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;permitAll&quot;</span><span style="background-color:rgb(239,239,239)">/&gt;</span>

  <span style="background-color:rgb(239,239,239)">&lt;</span><span style="color:rgb(102,14,122);font-weight:bold;background-color:rgb(239,239,239)">security</span><span style="color:rgb(0,0,128);font-weight:bold;background-color:rgb(239,239,239)">:intercept-url </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">pattern</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;/users/password-forgotten/confirmed&quot; </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">access</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;permitAll&quot;</span><span style="background-color:rgb(239,239,239)">/&gt;</span>

  <span style="background-color:rgb(239,239,239)">&lt;</span><span style="color:rgb(102,14,122);font-weight:bold;background-color:rgb(239,239,239)">security</span><span style="color:rgb(0,0,128);font-weight:bold;background-color:rgb(239,239,239)">:intercept-url </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">pattern</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;/users/**/*&quot; </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">access</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;hasRole('ROLE_USER')&quot;</span><span style="background-color:rgb(239,239,239)">/&gt;</span>

  <span style="background-color:rgb(239,239,239)">&lt;</span><span style="color:rgb(102,14,122);font-weight:bold;background-color:rgb(239,239,239)">security</span><span style="color:rgb(0,0,128);font-weight:bold;background-color:rgb(239,239,239)">:intercept-url </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">pattern</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;/**&quot; </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">access</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;permitAll&quot;</span><span style="background-color:rgb(239,239,239)">/&gt;</span>

  <span style="background-color:rgb(239,239,239)">&lt;</span><span style="color:rgb(102,14,122);font-weight:bold;background-color:rgb(239,239,239)">security</span><span style="color:rgb(0,0,128);font-weight:bold;background-color:rgb(239,239,239)">:custom-filter </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">ref</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;logoutFilter&quot; </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">position</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;LOGOUT_FILTER&quot; </span><span style="background-color:rgb(239,239,239)">/&gt;</span><span style="background-color:rgb(239,239,239)">&lt;/</span><span style="color:rgb(102,14,122);font-weight:bold;background-color:rgb(239,239,239)">security</span><span style="color:rgb(0,0,128);font-weight:bold;background-color:rgb(239,239,239)">:http</span><span style="background-color:rgb(239,239,239)">&gt;</span></pre>

</div>

<div style="color:rgb(80,0,80);font-size:12.8px"><br>

</div>

<div style="color:rgb(80,0,80);font-size:12.8px">Has anyone faced similar issues?</div>

<div style="color:rgb(80,0,80);font-size:12.8px"><br>

</div>

<div style="color:rgb(80,0,80);font-size:12.8px">Thanks,</div>

<div style="color:rgb(80,0,80);font-size:12.8px">Adrian</div>

</div>

<br>

<fieldset></fieldset> <br>

</div>

</div>

<pre>_______________________________________________

keycloak-user mailing list

<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>

</blockquote>

<br>

</div>

</blockquote>

</div>

<br>

</div>

</div>

</blockquote>

<br>

</div>

</div>

</div>

</blockquote>

</div>

<br>

</div>

</div>

</div>

</div>

</span>

</body>

</html>