<div dir="ltr">Hey Doug,<div><br></div><div>Thanks for the info. Did that too, but I am still getting that infamous invalid <b>redirect_uri</b> which contains <b>http</b> instead of <b>https</b>, though I set up https everywhere - need to look at it with a fresh mind I guess... </div><div><br></div><div>Adrian</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Jan 29, 2016 at 9:07 AM, Doug Szeto <span dir="ltr">&lt;<a href="mailto:DSzeto@investlab.com" target="_blank">DSzeto@investlab.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">

<div style="word-wrap:break-word;color:rgb(0,0,0);font-size:14px;font-family:Calibri,sans-serif">

<div>Ran into your issue, found that securing the channel between nginx and keycloak did the trick.</div>

<div>—Doug</div>

<div><br>

</div>

<span>

<div style="font-family:Calibri;font-size:11pt;text-align:left;color:black;BORDER-BOTTOM:medium none;BORDER-LEFT:medium none;PADDING-BOTTOM:0in;PADDING-LEFT:0in;PADDING-RIGHT:0in;BORDER-TOP:#b5c4df 1pt solid;BORDER-RIGHT:medium none;PADDING-TOP:3pt">

<span style="font-weight:bold">From: </span>&lt;<a href="mailto:keycloak-user-bounces@lists.jboss.org" target="_blank">keycloak-user-bounces@lists.jboss.org</a>&gt; on behalf of Adrian Matei &lt;<a href="mailto:adrianmatei@gmail.com" target="_blank">adrianmatei@gmail.com</a>&gt;<br>

<span style="font-weight:bold">Date: </span>Friday, January 29, 2016 at 4:12 AM<br>

<span style="font-weight:bold">To: </span>Marek Posolda &lt;<a href="mailto:mposolda@redhat.com" target="_blank">mposolda@redhat.com</a>&gt;<br>

<span style="font-weight:bold">Cc: </span>keycloak-user &lt;<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a>&gt;<br>

<span style="font-weight:bold">Subject: </span>Re: [keycloak-user] keycloak + nginx reverse proxy + too many redirects issue<br>

</div><div><div class="h5">

<div><br>

</div>

<div>

<div>

<div dir="ltr">Hi Marek,

<div><br>

</div>

<div>everything works fine with both fb and google logins via nginx as reverse proxy, as long as I do everything over HTTP. Once I switch to HTTPS now I get either &quot;Invalid parameter:redirect_uri&quot; (the redirect_uri query parameter is generated with

<b>http, not https</b> in the navigation bar) before reaching the login form dialog or the redirect loops (fb login) or <span style="margin:0px;padding:0px;font-size:15px;line-height:22px">Error: redirect_uri_mismatch with google<b> </b>login </span>if I manage

 to get passed that... In the realm client configuration I&#39;ve added both <a href="https://podcastmania.ro/*" target="_blank">https://podcastmania.ro/*</a> and <a href="http://podcastmania.ro/*" target="_blank">http://podcastmania.ro/*</a> as valid redirect URIs. </div>

<div><br>

</div>

<div>Note: the builtin account application can be accessed correctly both with fb and google via https too...</div>

<div><br>

</div>

<div>I guess the next step would be to try to secure also the channel between nginx and keycloak, but that shouldn&#39;t be mandatory right?... </div>

<div><br>

</div>

<div>Thanks,</div>

<div>Adrian</div>

<div class="gmail_extra"><br>

<div class="gmail_quote">On Thu, Jan 28, 2016 at 3:35 PM, Marek Posolda <span dir="ltr">

&lt;<a href="mailto:mposolda@redhat.com" target="_blank">mposolda@redhat.com</a>&gt;</span> wrote:<br>

<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">

<div bgcolor="#FFFFFF" text="#000000">

<div>Does login through Google works if you don&#39;t use nginx proxy? Is there anything in the log?<span><font color="#888888"><br>

<br>

Marek</font></span>

<div>

<div><br>

<br>

On 28/01/16 13:23, Adrian Matei wrote:<br>

</div>

</div>

</div>

<div>

<div>

<blockquote type="cite">

<div dir="ltr">Thanks Marek, that fixed the NoClassDefFoundError, but now I am getting the same &quot;This webpage has a redirect loop&quot; message when trying to sign in with Google also...

<div class="gmail_extra"><br>

<div class="gmail_quote">On Thu, Jan 28, 2016 at 12:28 PM, Marek Posolda <span dir="ltr">

&lt;<a href="mailto:mposolda@redhat.com" target="_blank">mposolda@redhat.com</a>&gt;</span> wrote:<br>

<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">

<div bgcolor="#FFFFFF" text="#000000">

<div>I suppose you&#39;re using Keycloak 1.7? There is known issue related to this NoClassDefFoundError . You can workaround it by edit file $KEYCLOAK_HOME/modules/system/layers/base/org/keycloak/keycloak-login-freemarker/main/module.xml and add the line:<br>

<br>

&lt;module name=&quot;org.keycloak.keycloak-broker-core&quot;/&gt;<br>

<br>

into dependencies section. Same for module $KEYCLOAK_HOME/modules/system/layers/base/org/keycloak/keycloak-email-freemarker/main/module.xml<br>

<br>

Marek

<div>

<div><br>

<br>

<br>

On 28/01/16 06:47, Adrian Matei wrote:<br>

</div>

</div>

</div>

<blockquote type="cite">

<div>

<div>

<div dir="ltr">Hi everyone,

<div><br>

</div>

<div>I am experimenting &quot;too many redirects&quot;/infinite loops issues in the browser when I try to connect with social providers. I am also getting internal server error on Chrome via google account (Caused by: java.lang.NoClassDefFoundError: org/keycloak/broker/provider/BrokeredIdentityContext).

 It might be my configuration, but I did everything &quot;by the book&quot;:</div>

<div><br>

</div>

<div># realm Require SSL:none</div>

<div><br>

</div>

<div>#nginx</div>

<div>

<div style="color:rgb(80,0,80);font-size:12.8px">

<div>http {</div>

<div>        gzip on;</div>

<div>        gzip_proxied any;</div>

<div>        #gzip_proxied no-cache no-store private expired auth;</div>

<div>        gzip_types text/plain text/html text/css application/json application/x-javascript  application/xml application/xml+rss text/javascript application/javascript text/x-js;</div>

<div>        #gzip_min_length 1000;</div>

<div><br>

</div>

<div><br>

</div>

<div>        server_tokens off; #hides nginx version and OS running on</div>

<div>        include /etc/nginx/mime.types;</div>

<div><br>

</div>

<div><br>

</div>

<div>        upstream tomcat_server {</div>

<div>                server localhost:8080;</div>

<div>        }</div>

<div>        upstream keycloak_server {</div>

<div>                server localhost:8180;</div>

<div>        }</div>

<div><br>

</div>

<div>        server {</div>

<div>                listen 80;</div>

<div>                server_name <a href="http://podcastmania.ro/" target="_blank">podcastmania.ro</a>;</div>

<div>                return 301 <a href="https://$host$request_uri" target="_blank">

</a><a href="https://$host$request_uri" target="_blank">https://$host$request_uri</a>;</div>

<div>        }</div>

<div><br>

</div>

<div>        server {</div>

<div><br>

</div>

<div>                listen 443 ssl;</div>

<div><br>

</div>

<div>                server_name <a href="http://podcastmania.ro/" target="_blank">podcastmania.ro</a> <a href="http://www.podcastmania.ro" target="_blank"></a><a href="http://www.podcastmania.ro" target="_blank">www.podcastmania.ro</a>;</div>

<div><br>

</div>

<div>           ssl_certificate /etc/nginx/ssl/nginx.crt;</div>

<div>           ssl_certificate_key /etc/nginx/ssl/nginx.key;</div>

</div>

<div style="color:rgb(80,0,80);font-size:12.8px">

<div>         location / {</div>

<div>                root /opt/tomcat/webapps/ROOT;</div>

<div>                try_files $uri /maintenance.html @tomcat;</div>

<div>            }</div>

<div><br>

</div>

<div>            location @tomcat {</div>

<div>                proxy_pass <a href="http://tomcat_server/" target="_blank"></a><a href="http://tomcat_server" target="_blank">http://tomcat_server</a>;</div>

<div><br>

</div>

<div>                proxy_set_header Host $host; #to change the &quot;Host&quot; header set by default to $proxy_host to $host - the originating host request</div>

<div>                proxy_set_header X-Real-IP          $remote_addr;</div>

<div>                proxy_set_header X-Forwarded-For    $proxy_add_x_forwarded_for;</div>

<div>                proxy_set_header X-Forwarded-Proto  $scheme;</div>

<div>            }</div>

<div><br>

</div>

<div><br>

</div>

<div>            location /auth/ {</div>

<div>                root   /opt/keycloak/standalone/configuration/themes/keycloak/;</div>

<div>                try_files $uri @keycloak;</div>

<div>            }</div>

<div><br>

</div>

<div>             location @keycloak {</div>

<div>                proxy_pass <a href="http://keycloak_server/" target="_blank"></a><a href="http://keycloak_server" target="_blank">http://keycloak_server</a>;</div>

<div><br>

</div>

<div>                proxy_set_header Host               $host;</div>

<div>                proxy_set_header X-Real-IP          $remote_addr;</div>

<div>                proxy_set_header X-Forwarded-For    $proxy_add_x_forwarded_for;</div>

<div>                proxy_set_header X-Forwarded-Proto  $scheme;</div>

<div>                proxy_set_header X-Forwarded-Port   443;</div>

<div>            }</div>

<div><br>

</div>

<div><br>

</div>

<div>        }</div>

</div>

<div style="color:rgb(80,0,80);font-size:12.8px"><br>

</div>

<div style="color:rgb(80,0,80);font-size:12.8px"><br>

</div>

<div style="color:rgb(80,0,80);font-size:12.8px"># standalone.xml</div>

<div style="color:rgb(80,0,80);font-size:12.8px">

<div>        &lt;subsystem xmlns=&quot;urn:jboss:domain:undertow:2.0&quot;&gt;</div>

<div>            &lt;buffer-cache name=&quot;default&quot;/&gt;</div>

<div>            &lt;server name=&quot;default-server&quot;&gt;</div>

<div>                &lt;http-listener name=&quot;default&quot; socket-binding=&quot;http&quot; <b>redirect-socket=&quot;proxy-https&quot;  proxy-address-forwarding=&quot;true&quot;</b>/&gt;</div>

<div>                &lt;host name=&quot;default-host&quot; alias=&quot;localhost&quot;&gt;</div>

<div>                    &lt;location name=&quot;/&quot; handler=&quot;welcome-content&quot;/&gt;</div>

<div>                    &lt;filter-ref name=&quot;server-header&quot;/&gt;</div>

<div>                    &lt;filter-ref name=&quot;x-powered-by-header&quot;/&gt;</div>

<div>                &lt;/host&gt;</div>

<div>            &lt;/server&gt;</div>

</div>

<div style="color:rgb(80,0,80);font-size:12.8px"><br>

</div>

<div style="color:rgb(80,0,80);font-size:12.8px">

<div>    &lt;socket-binding-group name=&quot;standard-sockets&quot; default-interface=&quot;public&quot; port-offset=&quot;${jboss.socket.binding.port-offset:100}&quot;&gt;</div>

<div>        &lt;socket-binding name=&quot;management-http&quot; interface=&quot;management&quot; port=&quot;${jboss.management.http.port:9990}&quot;/&gt;</div>

<div>        &lt;socket-binding name=&quot;management-https&quot; interface=&quot;management&quot; port=&quot;${jboss.management.https.port:9993}&quot;/&gt;</div>

<div>        &lt;socket-binding name=&quot;ajp&quot; port=&quot;${jboss.ajp.port:8009}&quot;/&gt;</div>

<div>        &lt;socket-binding name=&quot;http&quot; port=&quot;${jboss.http.port:8080}&quot;/&gt;</div>

<div>        &lt;socket-binding name=&quot;https&quot; port=&quot;${jboss.https.port:8443}&quot;/&gt;</div>

<div>        &lt;socket-binding name=&quot;txn-recovery-environment&quot; port=&quot;4712&quot;/&gt;</div>

<div>        &lt;socket-binding name=&quot;txn-status-manager&quot; port=&quot;4713&quot;/&gt;</div>

<div><b>        &lt;socket-binding name=&quot;proxy-https&quot; port=&quot;443&quot;/&gt;</b></div>

<div>         &lt;outbound-socket-binding name=&quot;mail-smtp&quot;&gt;</div>

<div>            &lt;remote-destination host=&quot;localhost&quot; port=&quot;25&quot;/&gt;</div>

<div>        &lt;/outbound-socket-binding&gt;</div>

<div>    &lt;/socket-binding-group&gt;</div>

</div>

<div style="color:rgb(80,0,80);font-size:12.8px"><br>

</div>

</div>

<div style="color:rgb(80,0,80);font-size:12.8px"># <a>app:spring</a> security configuration</div>

<div style="color:rgb(80,0,80);font-size:12.8px">

<pre style="color:rgb(0,0,0);font-family:Menlo;font-size:9pt"><span style="background-color:rgb(239,239,239)">&lt;</span><span style="color:rgb(102,14,122);font-weight:bold;background-color:rgb(239,239,239)">context</span><span style="color:rgb(0,0,128);font-weight:bold;background-color:rgb(239,239,239)">:component-scan </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">base-package</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;org.keycloak.adapters.springsecurity&quot; </span><span style="background-color:rgb(239,239,239)">/&gt;</span><span style="background-color:rgb(239,239,239)">&lt;</span><span style="color:rgb(102,14,122);font-weight:bold;background-color:rgb(239,239,239)">security</span><span style="color:rgb(0,0,128);font-weight:bold;background-color:rgb(239,239,239)">:authentication-manager </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">alias</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;authenticationManager&quot;</span><span style="background-color:rgb(239,239,239)">&gt;</span>

  <span style="background-color:rgb(239,239,239)">&lt;</span><span style="color:rgb(102,14,122);font-weight:bold;background-color:rgb(239,239,239)">security</span><span style="color:rgb(0,0,128);font-weight:bold;background-color:rgb(239,239,239)">:authentication-provider </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">ref</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;keycloakAuthenticationProvider&quot; </span><span style="background-color:rgb(239,239,239)">/&gt;</span><span style="background-color:rgb(239,239,239)">&lt;/</span><span style="color:rgb(102,14,122);font-weight:bold;background-color:rgb(239,239,239)">security</span><span style="color:rgb(0,0,128);font-weight:bold;background-color:rgb(239,239,239)">:authentication-manager</span><span style="background-color:rgb(239,239,239)">&gt;</span><span style="background-color:rgb(239,239,239)">&lt;</span><span style="color:rgb(0,0,128);font-weight:bold;background-color:rgb(239,239,239)">bean </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">id</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;adapterDeploymentContext&quot; </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">class</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;org.keycloak.adapters.springsecurity.AdapterDeploymentContextBean&quot;</span><span style="background-color:rgb(239,239,239)">&gt;</span>

  <span style="background-color:rgb(239,239,239)">&lt;</span><span style="color:rgb(0,0,128);font-weight:bold;background-color:rgb(239,239,239)">constructor-arg </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">value</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;classpath:keycloak.json&quot; </span><span style="background-color:rgb(239,239,239)">/&gt;</span><span style="background-color:rgb(239,239,239)">&lt;/</span><span style="color:rgb(0,0,128);font-weight:bold;background-color:rgb(239,239,239)">bean</span><span style="background-color:rgb(239,239,239)">&gt;</span><span style="background-color:rgb(239,239,239)">&lt;</span><span style="color:rgb(0,0,128);font-weight:bold;background-color:rgb(239,239,239)">bean </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">id</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;keycloakAuthenticationEntryPoint&quot; </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">class</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;org.keycloak.adapters.springsecurity.authentication.KeycloakAuthenticationEntryPoint&quot; </span><span style="background-color:rgb(239,239,239)">/&gt;</span><span style="background-color:rgb(239,239,239)">&lt;</span><span style="color:rgb(0,0,128);font-weight:bold;background-color:rgb(239,239,239)">bean </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">id</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;keycloakAuthenticationProvider&quot; </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">class</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;org.keycloak.adapters.springsecurity.authentication.KeycloakAuthenticationProvider&quot; </span><span style="background-color:rgb(239,239,239)">/&gt;</span><span style="background-color:rgb(239,239,239)">&lt;</span><span style="color:rgb(0,0,128);font-weight:bold;background-color:rgb(239,239,239)">bean </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">id</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;keycloakPreAuthActionsFilter&quot; </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">class</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;org.keycloak.adapters.springsecurity.filter.KeycloakPreAuthActionsFilter&quot; </span><span style="background-color:rgb(239,239,239)">/&gt;</span><span style="background-color:rgb(239,239,239)">&lt;</span><span style="color:rgb(0,0,128);font-weight:bold;background-color:rgb(239,239,239)">bean </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">id</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;keycloakAuthenticationProcessingFilter&quot; </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">class</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;org.keycloak.adapters.springsecurity.filter.KeycloakAuthenticationProcessingFilter&quot;</span><span style="background-color:rgb(239,239,239)">&gt;</span>

  <span style="background-color:rgb(239,239,239)">&lt;</span><span style="color:rgb(0,0,128);font-weight:bold;background-color:rgb(239,239,239)">constructor-arg </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">name</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;authenticationManager&quot; </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">ref</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;authenticationManager&quot; </span><span style="background-color:rgb(239,239,239)">/&gt;</span><span style="background-color:rgb(239,239,239)">&lt;/</span><span style="color:rgb(0,0,128);font-weight:bold;background-color:rgb(239,239,239)">bean</span><span style="background-color:rgb(239,239,239)">&gt;</span><span style="background-color:rgb(239,239,239)">&lt;</span><span style="color:rgb(0,0,128);font-weight:bold;background-color:rgb(239,239,239)">bean </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">id</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;keycloakLogoutHandler&quot; </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">class</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;org.keycloak.adapters.springsecurity.authentication.KeycloakLogoutHandler&quot;</span><span style="background-color:rgb(239,239,239)">&gt;</span>

  <span style="background-color:rgb(239,239,239)">&lt;</span><span style="color:rgb(0,0,128);font-weight:bold;background-color:rgb(239,239,239)">constructor-arg </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">ref</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;adapterDeploymentContext&quot; </span><span style="background-color:rgb(239,239,239)">/&gt;</span><span style="background-color:rgb(239,239,239)">&lt;/</span><span style="color:rgb(0,0,128);font-weight:bold;background-color:rgb(239,239,239)">bean</span><span style="background-color:rgb(239,239,239)">&gt;</span><span style="background-color:rgb(239,239,239)">&lt;</span><span style="color:rgb(0,0,128);font-weight:bold;background-color:rgb(239,239,239)">bean </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">id</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;logoutFilter&quot; </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">class</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;org.springframework.security.web.authentication.logout.LogoutFilter&quot;</span><span style="background-color:rgb(239,239,239)">&gt;</span>

  <span style="background-color:rgb(239,239,239)">&lt;</span><span style="color:rgb(0,0,128);font-weight:bold;background-color:rgb(239,239,239)">constructor-arg </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">name</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;logoutSuccessUrl&quot; </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">value</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;/&quot; </span><span style="background-color:rgb(239,239,239)">/&gt;</span>

  <span style="background-color:rgb(239,239,239)">&lt;</span><span style="color:rgb(0,0,128);font-weight:bold;background-color:rgb(239,239,239)">constructor-arg </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">name</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;handlers&quot;</span><span style="background-color:rgb(239,239,239)">&gt;</span>

    <span style="background-color:rgb(239,239,239)">&lt;</span><span style="color:rgb(0,0,128);font-weight:bold;background-color:rgb(239,239,239)">list</span><span style="background-color:rgb(239,239,239)">&gt;</span>

      <span style="background-color:rgb(239,239,239)">&lt;</span><span style="color:rgb(0,0,128);font-weight:bold;background-color:rgb(239,239,239)">ref </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">bean</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;keycloakLogoutHandler&quot; </span><span style="background-color:rgb(239,239,239)">/&gt;</span>

      <span style="background-color:rgb(239,239,239)">&lt;</span><span style="color:rgb(0,0,128);font-weight:bold;background-color:rgb(239,239,239)">bean </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">class</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler&quot; </span><span style="background-color:rgb(239,239,239)">/&gt;</span>

    <span style="background-color:rgb(239,239,239)">&lt;/</span><span style="color:rgb(0,0,128);font-weight:bold;background-color:rgb(239,239,239)">list</span><span style="background-color:rgb(239,239,239)">&gt;</span>

  <span style="background-color:rgb(239,239,239)">&lt;/</span><span style="color:rgb(0,0,128);font-weight:bold;background-color:rgb(239,239,239)">constructor-arg</span><span style="background-color:rgb(239,239,239)">&gt;</span>

  <span style="background-color:rgb(239,239,239)">&lt;</span><span style="color:rgb(0,0,128);font-weight:bold;background-color:rgb(239,239,239)">property </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">name</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;logoutRequestMatcher&quot;</span><span style="background-color:rgb(239,239,239)">&gt;</span>

    <span style="background-color:rgb(239,239,239)">&lt;</span><span style="color:rgb(0,0,128);font-weight:bold;background-color:rgb(239,239,239)">bean </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">class</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;org.springframework.security.web.util.matcher.AntPathRequestMatcher&quot;</span><span style="background-color:rgb(239,239,239)">&gt;</span>

      <span style="background-color:rgb(239,239,239)">&lt;</span><span style="color:rgb(0,0,128);font-weight:bold;background-color:rgb(239,239,239)">constructor-arg </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">name</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;pattern&quot; </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">value</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;/sso/logout**&quot; </span><span style="background-color:rgb(239,239,239)">/&gt;</span>

      <span style="background-color:rgb(239,239,239)">&lt;</span><span style="color:rgb(0,0,128);font-weight:bold;background-color:rgb(239,239,239)">constructor-arg </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">name</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;httpMethod&quot; </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">value</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;GET&quot; </span><span style="background-color:rgb(239,239,239)">/&gt;</span>

    <span style="background-color:rgb(239,239,239)">&lt;/</span><span style="color:rgb(0,0,128);font-weight:bold;background-color:rgb(239,239,239)">bean</span><span style="background-color:rgb(239,239,239)">&gt;</span>

  <span style="background-color:rgb(239,239,239)">&lt;/</span><span style="color:rgb(0,0,128);font-weight:bold;background-color:rgb(239,239,239)">property</span><span style="background-color:rgb(239,239,239)">&gt;</span><span style="background-color:rgb(239,239,239)">&lt;/</span><span style="color:rgb(0,0,128);font-weight:bold;background-color:rgb(239,239,239)">bean</span><span style="background-color:rgb(239,239,239)">&gt;</span><span style="background-color:rgb(239,239,239)">&lt;</span><span style="color:rgb(102,14,122);font-weight:bold;background-color:rgb(239,239,239)">security</span><span style="color:rgb(0,0,128);font-weight:bold;background-color:rgb(239,239,239)">:http </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">auto-config</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;false&quot; </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">use-expressions</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;true&quot; </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">entry-point-ref</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;keycloakAuthenticationEntryPoint&quot;</span><span style="background-color:rgb(239,239,239)">&gt;</span>

  <span style="background-color:rgb(239,239,239)">&lt;</span><span style="color:rgb(102,14,122);font-weight:bold;background-color:rgb(239,239,239)">security</span><span style="color:rgb(0,0,128);font-weight:bold;background-color:rgb(239,239,239)">:custom-filter </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">ref</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;keycloakPreAuthActionsFilter&quot; </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">before</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;LOGOUT_FILTER&quot; </span><span style="background-color:rgb(239,239,239)">/&gt;</span>

  <span style="background-color:rgb(239,239,239)">&lt;</span><span style="color:rgb(102,14,122);font-weight:bold;background-color:rgb(239,239,239)">security</span><span style="color:rgb(0,0,128);font-weight:bold;background-color:rgb(239,239,239)">:custom-filter </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">ref</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;keycloakAuthenticationProcessingFilter&quot; </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">before</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;FORM_LOGIN_FILTER&quot; </span><span style="background-color:rgb(239,239,239)">/&gt;</span>

  <span style="background-color:rgb(239,239,239)">&lt;</span><span style="color:rgb(102,14,122);font-weight:bold;background-color:rgb(239,239,239)">security</span><span style="color:rgb(0,0,128);font-weight:bold;background-color:rgb(239,239,239)">:intercept-url </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">pattern</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;/users/registration&quot; </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">access</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;permitAll&quot;</span><span style="background-color:rgb(239,239,239)">/&gt;</span>

  <span style="background-color:rgb(239,239,239)">&lt;</span><span style="color:rgb(102,14,122);font-weight:bold;background-color:rgb(239,239,239)">security</span><span style="color:rgb(0,0,128);font-weight:bold;background-color:rgb(239,239,239)">:intercept-url </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">pattern</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;/users/registration/confirm-email&quot; </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">access</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;permitAll&quot;</span><span style="background-color:rgb(239,239,239)">/&gt;</span>

  <span style="background-color:rgb(239,239,239)">&lt;</span><span style="color:rgb(102,14,122);font-weight:bold;background-color:rgb(239,239,239)">security</span><span style="color:rgb(0,0,128);font-weight:bold;background-color:rgb(239,239,239)">:intercept-url </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">pattern</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;/users/registration/confirmed&quot; </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">access</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;permitAll&quot;</span><span style="background-color:rgb(239,239,239)">/&gt;</span>

  <span style="background-color:rgb(239,239,239)">&lt;</span><span style="color:rgb(102,14,122);font-weight:bold;background-color:rgb(239,239,239)">security</span><span style="color:rgb(0,0,128);font-weight:bold;background-color:rgb(239,239,239)">:intercept-url </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">pattern</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;/users/password-forgotten&quot; </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">access</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;permitAll&quot;</span><span style="background-color:rgb(239,239,239)">/&gt;</span>

  <span style="background-color:rgb(239,239,239)">&lt;</span><span style="color:rgb(102,14,122);font-weight:bold;background-color:rgb(239,239,239)">security</span><span style="color:rgb(0,0,128);font-weight:bold;background-color:rgb(239,239,239)">:intercept-url </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">pattern</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;/users/password-forgotten/confirm-email&quot; </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">access</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;permitAll&quot;</span><span style="background-color:rgb(239,239,239)">/&gt;</span>

  <span style="background-color:rgb(239,239,239)">&lt;</span><span style="color:rgb(102,14,122);font-weight:bold;background-color:rgb(239,239,239)">security</span><span style="color:rgb(0,0,128);font-weight:bold;background-color:rgb(239,239,239)">:intercept-url </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">pattern</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;/users/password-forgotten/confirmed&quot; </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">access</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;permitAll&quot;</span><span style="background-color:rgb(239,239,239)">/&gt;</span>

  <span style="background-color:rgb(239,239,239)">&lt;</span><span style="color:rgb(102,14,122);font-weight:bold;background-color:rgb(239,239,239)">security</span><span style="color:rgb(0,0,128);font-weight:bold;background-color:rgb(239,239,239)">:intercept-url </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">pattern</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;/users/**/*&quot; </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">access</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;hasRole(&#39;ROLE_USER&#39;)&quot;</span><span style="background-color:rgb(239,239,239)">/&gt;</span>

  <span style="background-color:rgb(239,239,239)">&lt;</span><span style="color:rgb(102,14,122);font-weight:bold;background-color:rgb(239,239,239)">security</span><span style="color:rgb(0,0,128);font-weight:bold;background-color:rgb(239,239,239)">:intercept-url </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">pattern</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;/**&quot; </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">access</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;permitAll&quot;</span><span style="background-color:rgb(239,239,239)">/&gt;</span>

  <span style="background-color:rgb(239,239,239)">&lt;</span><span style="color:rgb(102,14,122);font-weight:bold;background-color:rgb(239,239,239)">security</span><span style="color:rgb(0,0,128);font-weight:bold;background-color:rgb(239,239,239)">:custom-filter </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">ref</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;logoutFilter&quot; </span><span style="color:rgb(0,0,255);font-weight:bold;background-color:rgb(239,239,239)">position</span><span style="color:rgb(0,128,0);font-weight:bold;background-color:rgb(239,239,239)">=&quot;LOGOUT_FILTER&quot; </span><span style="background-color:rgb(239,239,239)">/&gt;</span><span style="background-color:rgb(239,239,239)">&lt;/</span><span style="color:rgb(102,14,122);font-weight:bold;background-color:rgb(239,239,239)">security</span><span style="color:rgb(0,0,128);font-weight:bold;background-color:rgb(239,239,239)">:http</span><span style="background-color:rgb(239,239,239)">&gt;</span></pre>

</div>

<div style="color:rgb(80,0,80);font-size:12.8px"><br>

</div>

<div style="color:rgb(80,0,80);font-size:12.8px">Has anyone faced similar issues?</div>

<div style="color:rgb(80,0,80);font-size:12.8px"><br>

</div>

<div style="color:rgb(80,0,80);font-size:12.8px">Thanks,</div>

<div style="color:rgb(80,0,80);font-size:12.8px">Adrian</div>

</div>

<br>

<fieldset></fieldset> <br>

</div>

</div>

<pre>_______________________________________________

keycloak-user mailing list

<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>

</blockquote>

<br>

</div>

</blockquote>

</div>

<br>

</div>

</div>

</blockquote>

<br>

</div>

</div>

</div>

</blockquote>

</div>

<br>

</div>

</div>

</div>

</div>

</div></div></span>

</div>

</blockquote></div><br></div>