Re: [keycloak-user] KeyCloak POC with minimal setup, won't work in IE

Local POC: Application is on localhost:8080 while keycloak runs on localhost:5050. That works. The staging area runs the same kind of setup but with the server alias instead of localhost. So both not localhost anymore. All servers: Keycloak Wildfly and JBoss EAP are started with "-b 0.0.0.0 -bmanagement 0.0.0.0" in order to expose the interfaces to the outside. I think the client is configured correctly to accept non local domains. It works in Chrome and Edge. T Van: "Simon Payne" <simonpayne58(a)gmail.com&gt; Aan: "thomas" <thomas.peeters1(a)telenet.be&gt; Cc: "keycloak-user" <keycloak-user(a)lists.jboss.org&gt; Verzonden: Vrijdag 8 december 2017 12:45:52 Onderwerp: Re: [keycloak-user] KeyCloak POC with minimal setup, won't work in IE Hi, is that localhost of your application or localhost of keycloak? and would you already have a single signon session in the browser? is your client setup correctly to accept your non local domain as a valid redirect url etc? Simon. On Fri, Dec 8, 2017 at 11:06 AM, Thomas Peeters < [ mailto:thomas.peeters1@telenet.be | thomas.peeters1(a)telenet.be ] > wrote: I've made a POC to show some required functionality for some of our applications using Keycloak. Mainly, secured URL and SSO. The POC consists of a minimal setup: no SSL, ... We're using JBoss EAP 6.4 as application server, Spring-security (with keycloak adapter), front-end is JSF 2.1 with RichFaces 4. I've rather easily gotten it to work in all browsers except for IE outside of localhost. Meaning, it all seems to work when everything is configured for localhost addresses. Then when I deploy it all to a staging area where I don't use localhost anymore it just won't work in IE (8,9,10). Which is kind of a showstopper because some old (poorly written) applications in the SSO domain ony work in IE. What happens: I enter the application URL in IE, the browser should redirect me to the keycloak login page. However that doesn't happen and I only see my own 'access denied 401' page. Attempting to open the administration console of Keycloak shows me ''{{notification.header}} {{notification.message}} ", with loading... at the left-hand bottom of the screen. This does work when the address used is localhost, in fact, everything works using localhost. It even works in Edge, not that means much. I can't find much about this online, except for a handful pages that don't seem to add much info (to me). KeyCloak 3.4.0.Final Keycloak-spring-security-adapter 3.4.0.Final (Maven) Spring Security (web & config + transitive dependencies) 3.2.0.RELEASE JBoss 6.4 EAP Keycloak.json: { "realm" : "<realmname>" , "auth-server-url" : "<non-localhost - non-https address>" , "ssl-required" : "none" , "resource" : "<client name>" , "public-client" : true } Which was extracted from the keycloak admin console. I'm putting way too much time into this, and I'm not sure anymore where to look. And I find it quite odd that it works with localhost names. Thanks for reading T _______________________________________________ keycloak-user mailing list [ mailto:keycloak-user@lists.jboss.org | keycloak-user(a)lists.jboss.org ] [ https://lists.jboss.org/mailman/listinfo/keycloak-user | https://lists.jboss.org/mailman/listinfo/keycloak-user ]