5:45 a.m.
Hi, is that localhost of your application or localhost of keycloak? and
would you already have a single signon session in the browser?
is your client setup correctly to accept your non local domain as a valid
redirect url etc?
Simon.
On Fri, Dec 8, 2017 at 11:06 AM, Thomas Peeters <thomas.peeters1(a)telenet.be>
wrote:
I've made a POC to show some required functionality for some of our
applications using Keycloak. Mainly, secured URL and SSO.
The POC consists of a minimal setup: no SSL, ...
We're using JBoss EAP 6.4 as application server, Spring-security (with
keycloak adapter), front-end is JSF 2.1 with RichFaces 4.
I've rather easily gotten it to work in all browsers except for IE outside
of localhost. Meaning, it all seems to work when everything is configured
for localhost addresses.
Then when I deploy it all to a staging area where I don't use localhost
anymore it just won't work in IE (8,9,10). Which is kind of a showstopper
because some old (poorly written) applications in the SSO domain ony work
in IE.
What happens:
I enter the application URL in IE, the browser should redirect me to the
keycloak login page. However that doesn't happen and I only see my own
'access denied 401' page.
Attempting to open the administration console of Keycloak shows me
''{{notification.header}} {{notification.message}} ", with loading... at
the left-hand bottom of the screen. This does work when the address used is
localhost, in fact, everything works using localhost.
It even works in Edge, not that means much.
I can't find much about this online, except for a handful pages that don't
seem to add much info (to me).
KeyCloak 3.4.0.Final
Keycloak-spring-security-adapter 3.4.0.Final (Maven)
Spring Security (web & config + transitive dependencies) 3.2.0.RELEASE
JBoss 6.4 EAP
Keycloak.json:
{
"realm" : "<realmname>" ,
"auth-server-url" : "<non-localhost - non-https address>" ,
"ssl-required" : "none" ,
"resource" : "<client name>" ,
"public-client" : true
}
Which was extracted from the keycloak admin console.
I'm putting way too much time into this, and I'm not sure anymore where to
look. And I find it quite odd that it works with localhost names.
Thanks for reading
T
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user