8:08 a.m.
Hi all,
It seems that "token-store: cookie" is not implemented for the Spring
Security adapter. I would be happy to have a go at it, if nobody objects.
One thing I'm wondering is why the cookie path for the adapter state cookie
is always set to the context root in CookieTokenStore. In particular, it
would seem that if I change the Spring Security adapter in a
straightforward way to store the cookies, the cookie would always be set on
"/sso", which would not be very useful.
A second question I had is about the redirect after login. Currently the
redirect location is stored in the HTTP session. Since you would typically
enable "token-store: cookie" to get rid of HTTP sessions, that would also
have to change. I couldn't really figure out how other adapters were doing
this, and I don't have the time at the moment to experiment with the other
adapters to see what happens; if someone could give me some pointers then
that would be very helpful.
Best regards,
Sjoerd Cranen
11:08 a.m.
On Fri, Jun 23, 2017 at 4:46 PM Sjoerd Cranen <sjoerd.cranen(a)teampicnic.com>
wrote:
One thing I'm wondering is why the cookie path for the adapter
state cookie
is always set to the context root in CookieTokenStore. In particular, it
would seem that if I change the Spring Security adapter in a
straightforward way to store the cookies, the cookie would always be set on
"/sso", which would not be very useful.
Same applies for Jetty adapter. But it doesn't work now (see KEYCLOAK-2514).
--
Best regards,
Konstantin Gribov
10:44 a.m.
I've submitted https://issues.jboss.org/browse/KEYCLOAK-5130 for this. If
the bug report is accepted, I'll be happy to open a PR with a solution.
Answering one of my own questions: the peculiar cookie path I mentioned in
my original post is already described in KEYCLOAK-4342.
On Fri, Jun 23, 2017 at 6:08 PM, Konstantin Gribov <grossws(a)gmail.com>
wrote:
On Fri, Jun 23, 2017 at 4:46 PM Sjoerd Cranen <
sjoerd.cranen(a)teampicnic.com> wrote:
> One thing I'm wondering is why the cookie path for the adapter state
> cookie
> is always set to the context root in CookieTokenStore. In particular, it
> would seem that if I change the Spring Security adapter in a
> straightforward way to store the cookies, the cookie would always be set
> on
> "/sso", which would not be very useful.
>
Same applies for Jetty adapter. But it doesn't work now (see
KEYCLOAK-2514).
--
Best regards,
Konstantin Gribov
1:29 a.m.
Hi Sjoerd,
You don't to wait for the ticket to be accepted, just send your PR ;)
Is KEYCLOAK-4342 blocking you KEYCLOAK-5130 ? If you know how to fix it you
can also send a PR for this one.
Seb
On Sun, Jul 2, 2017 at 5:44 PM, Sjoerd Cranen <sjoerd.cranen(a)teampicnic.com>
wrote:
I've submitted https://issues.jboss.org/browse/KEYCLOAK-5130 for
this. If
the bug report is accepted, I'll be happy to open a PR with a solution.
Answering one of my own questions: the peculiar cookie path I mentioned in
my original post is already described in KEYCLOAK-4342.
On Fri, Jun 23, 2017 at 6:08 PM, Konstantin Gribov <grossws(a)gmail.com>
wrote:
> On Fri, Jun 23, 2017 at 4:46 PM Sjoerd Cranen <
> sjoerd.cranen(a)teampicnic.com> wrote:
>
>> One thing I'm wondering is why the cookie path for the adapter state
>> cookie
>> is always set to the context root in CookieTokenStore. In particular, it
>> would seem that if I change the Spring Security adapter in a
>> straightforward way to store the cookies, the cookie would always be set
>> on
>> "/sso", which would not be very useful.
>>
> Same applies for Jetty adapter. But it doesn't work now (see
> KEYCLOAK-2514).
>
> --
>
> Best regards,
> Konstantin Gribov
>
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev
3:43 a.m.
Confirmation per e-mail is enough, just following the dev guidelines from
the readme ;-) I've opened a PR. It includes a workaround for KEYCLOAK-4342
so the solution can at least be tested. If the workaround is considered
good enough I'll open a separate PR for it.
Cheers,
Sjoerd
On Mon, Jul 3, 2017 at 8:29 AM, Sebastien Blanc <sblanc(a)redhat.com> wrote:
Hi Sjoerd,
You don't to wait for the ticket to be accepted, just send your PR ;)
Is KEYCLOAK-4342 blocking you KEYCLOAK-5130 ? If you know how to fix it
you can also send a PR for this one.
Seb
On Sun, Jul 2, 2017 at 5:44 PM, Sjoerd Cranen <
sjoerd.cranen(a)teampicnic.com> wrote:
> I've submitted https://issues.jboss.org/browse/KEYCLOAK-5130 for this. If
> the bug report is accepted, I'll be happy to open a PR with a solution.
>
> Answering one of my own questions: the peculiar cookie path I mentioned in
> my original post is already described in KEYCLOAK-4342.
>
> On Fri, Jun 23, 2017 at 6:08 PM, Konstantin Gribov <grossws(a)gmail.com>
> wrote:
>
> > On Fri, Jun 23, 2017 at 4:46 PM Sjoerd Cranen <
> > sjoerd.cranen(a)teampicnic.com> wrote:
> >
> >> One thing I'm wondering is why the cookie path for the adapter state
> >> cookie
> >> is always set to the context root in CookieTokenStore. In particular,
> it
> >> would seem that if I change the Spring Security adapter in a
> >> straightforward way to store the cookies, the cookie would always be
> set
> >> on
> >> "/sso", which would not be very useful.
> >>
> > Same applies for Jetty adapter. But it doesn't work now (see
> > KEYCLOAK-2514).
> >
> > --
> >
> > Best regards,
> > Konstantin Gribov
> >
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
2733
days inactive
2743
days old
4 comments
3 participants
participants (3)
-
Konstantin Gribov -
Sebastien Blanc -
Sjoerd Cranen