Folks,
We're currently developing a Spring Boot [1] application that uses Keycloak &
Spring Security [2] for authentication and authorization. Everything fine so far, the
Keycloak login page is displayed when the user accesses the application. I feel a bit
ashamed, but it had to happen at some point: We need to support the beloved IE11, yay!
What happens with IE is that the login page is not displayed as a HTTP 401 is returned to
the browser instead of a HTTP 302. I tracked it down to
"org.keycloak.adapters.springsecurity.authentication.HttpHeaderInspectingApiRequestMatcher"
checking for the MIME type "text/html" in the HTTP Accept header. Unfortunately,
my IE sends something like this in the request:
Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif,
image/pjpeg, application/x-ms-xbap,*/*
According to the Mozilla Docs [3], MIME type "*/*" matches everything including
"text/html" required by the request matcher.
My question is the following as it is easy to work around and fix: Is it worth filing an
issue with Keycloak? I also feel confident enough to provide a pull request.
Regards,
-- Thomas
[1]
http://www.keycloak.org/docs/latest/securing_apps/topics/oidc/java/spring...
[2]
http://www.keycloak.org/docs/latest/securing_apps/topics/oidc/java/spring...
[3]
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Accept