4:34 p.m.
Hello,
I've created a template of a Angular based app using keycloak.js lib. After
a successful login the app/page periodically reloads itself. I guess it's
because of the iFrame session check being set to 5sec interval (requesting
url: <base_url>/#state=<hash>&code=<hash>).
This happens in latest Firefox and Edge. Chrome seems to handle these
reloads quietly.
Is this intended?
Thanks
1:19 a.m.
On 01/09/16 23:34, Andy Yar wrote:
Hello,
I've created a template of a Angular based app using keycloak.js lib.
After a successful login the app/page periodically reloads itself. I
guess it's because of the iFrame session check being set to 5sec
interval (requesting url: <base_url>/#state=<hash>&code=<hash>).
That's strange... IFrame is supposed to just check the cookie, not to do
any reload.
Maybe take a look at our angular examples and see if you do something
differently? See
https://github.com/keycloak/keycloak/tree/master/examples/demo-template/a...
. Note the angular.bootstrap called after Keycloak authentication is
fully finished.
Marek
This happens in latest Firefox and Edge. Chrome seems to handle these
reloads quietly.
Is this intended?
Thanks
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
7:43 a.m.
I've spent some time in Firefox's debugger and found out that the redirect
occurs right after the window.postMessage() is called in the
checkLoginFrame function.
The demo project code seems to be in line with my code. Might try it's
runtime behavior later.
On Tue, Sep 6, 2016 at 8:19 AM, Marek Posolda <mposolda(a)redhat.com> wrote:
On 01/09/16 23:34, Andy Yar wrote:
Hello,
I've created a template of a Angular based app using keycloak.js lib.
After a successful login the app/page periodically reloads itself. I guess
it's because of the iFrame session check being set to 5sec interval
(requesting url: <base_url>/#state=<hash>&code=<hash>).
That's strange... IFrame is supposed to just check the cookie, not to do
any reload.
Maybe take a look at our angular examples and see if you do something
differently? See https://github.com/keycloak/
keycloak/tree/master/examples/demo-template/angular-product-app . Note
the angular.bootstrap called after Keycloak authentication is fully
finished.
Marek
This happens in latest Firefox and Edge. Chrome seems to handle these
reloads quietly.
Is this intended?
Thanks
_______________________________________________
keycloak-user mailing
listkeycloak-user@lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-user
9:30 a.m.
Hello,
I've tried running
https://github.com/keycloak/keycloak/tree/master/examples/demo-template/a...
app on localhost against my Keycloak instance. The page reloading issue
caused by iFrame checks was present too.
The only significant change I made to the demo app was replacing the
keycloak.json with mine. The difference is using a non-localhost URL:
"auth-server-url": "http://<serverURL>:8080/sso". CORS comes to
mind.
On Tue, Sep 6, 2016 at 2:43 PM, Andy Yar <andyyar66(a)gmail.com> wrote:
I've spent some time in Firefox's debugger and found out that
the redirect
occurs right after the window.postMessage() is called in the
checkLoginFrame function.
The demo project code seems to be in line with my code. Might try it's
runtime behavior later.
On Tue, Sep 6, 2016 at 8:19 AM, Marek Posolda <mposolda(a)redhat.com> wrote:
> On 01/09/16 23:34, Andy Yar wrote:
>
> Hello,
> I've created a template of a Angular based app using keycloak.js lib.
> After a successful login the app/page periodically reloads itself. I guess
> it's because of the iFrame session check being set to 5sec interval
> (requesting url: <base_url>/#state=<hash>&code=<hash>).
>
> That's strange... IFrame is supposed to just check the cookie, not to do
> any reload.
>
> Maybe take a look at our angular examples and see if you do something
> differently? See https://github.com/keycloak/ke
> ycloak/tree/master/examples/demo-template/angular-product-app . Note the
> angular.bootstrap called after Keycloak authentication is fully finished.
>
> Marek
>
>
> This happens in latest Firefox and Edge. Chrome seems to handle these
> reloads quietly.
>
> Is this intended?
>
> Thanks
>
>
> _______________________________________________
> keycloak-user mailing
listkeycloak-user@lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
12:39 a.m.
Did you add correct origins for your app in the Keycloak admin console?
On 7 September 2016 at 16:30, Andy Yar <andyyar66(a)gmail.com> wrote:
Hello,
I've tried running https://github.com/keycloak/
keycloak/tree/master/examples/demo-template/angular2-product-app app on
localhost against my Keycloak instance. The page reloading issue caused by
iFrame checks was present too.
The only significant change I made to the demo app was replacing the
keycloak.json with mine. The difference is using a non-localhost URL:
"auth-server-url": "http://<serverURL>:8080/sso". CORS comes to
mind.
On Tue, Sep 6, 2016 at 2:43 PM, Andy Yar <andyyar66(a)gmail.com> wrote:
> I've spent some time in Firefox's debugger and found out that the
> redirect occurs right after the window.postMessage() is called in the
> checkLoginFrame function.
>
> The demo project code seems to be in line with my code. Might try it's
> runtime behavior later.
>
> On Tue, Sep 6, 2016 at 8:19 AM, Marek Posolda <mposolda(a)redhat.com>
> wrote:
>
>> On 01/09/16 23:34, Andy Yar wrote:
>>
>> Hello,
>> I've created a template of a Angular based app using keycloak.js lib.
>> After a successful login the app/page periodically reloads itself. I guess
>> it's because of the iFrame session check being set to 5sec interval
>> (requesting url: <base_url>/#state=<hash>&code=<hash>).
>>
>> That's strange... IFrame is supposed to just check the cookie, not to do
>> any reload.
>>
>> Maybe take a look at our angular examples and see if you do something
>> differently? See https://github.com/keycloak/ke
>> ycloak/tree/master/examples/demo-template/angular-product-app . Note
>> the angular.bootstrap called after Keycloak authentication is fully
>> finished.
>>
>> Marek
>>
>>
>> This happens in latest Firefox and Edge. Chrome seems to handle these
>> reloads quietly.
>>
>> Is this intended?
>>
>> Thanks
>>
>>
>> _______________________________________________
>> keycloak-user mailing
listkeycloak-user@lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>>
>>
>
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
7:07 a.m.
Yes, I did - Web Origins: http://localhost:4200. Thats where my dev server
runs. When I change the origin in the Keycloak admin console to something
different I can't even log in due to CORS errors. So I guess this setting
is correct.
Setting a really short max SSO session TTL results in both cookie checks
(quiet Chrome and page reloading Firefox/Edge) detecting the tokens'
validity and redirecting to the login page.
My other observation, when I perform a SSO logout in Keycloak the app
running in Chrome doesn't log me out after its quiet cookie check. In
Firefox/Edge it detects the SSO logout correctly during the horrible cookie
checking page reload.
On Thu, Sep 8, 2016 at 7:39 AM, Stian Thorgersen <sthorger(a)redhat.com>
wrote:
Did you add correct origins for your app in the Keycloak admin
console?
On 7 September 2016 at 16:30, Andy Yar <andyyar66(a)gmail.com> wrote:
> Hello,
> I've tried running https://github.com/keycloak/ke
> ycloak/tree/master/examples/demo-template/angular2-product-app app on
> localhost against my Keycloak instance. The page reloading issue caused by
> iFrame checks was present too.
>
> The only significant change I made to the demo app was replacing the
> keycloak.json with mine. The difference is using a non-localhost URL:
> "auth-server-url": "http://<serverURL>:8080/sso". CORS
comes to mind.
>
>
> On Tue, Sep 6, 2016 at 2:43 PM, Andy Yar <andyyar66(a)gmail.com> wrote:
>
>> I've spent some time in Firefox's debugger and found out that the
>> redirect occurs right after the window.postMessage() is called in the
>> checkLoginFrame function.
>>
>> The demo project code seems to be in line with my code. Might try it's
>> runtime behavior later.
>>
>> On Tue, Sep 6, 2016 at 8:19 AM, Marek Posolda <mposolda(a)redhat.com>
>> wrote:
>>
>>> On 01/09/16 23:34, Andy Yar wrote:
>>>
>>> Hello,
>>> I've created a template of a Angular based app using keycloak.js lib.
>>> After a successful login the app/page periodically reloads itself. I guess
>>> it's because of the iFrame session check being set to 5sec interval
>>> (requesting url:
<base_url>/#state=<hash>&code=<hash>).
>>>
>>> That's strange... IFrame is supposed to just check the cookie, not to
>>> do any reload.
>>>
>>> Maybe take a look at our angular examples and see if you do something
>>> differently? See https://github.com/keycloak/ke
>>> ycloak/tree/master/examples/demo-template/angular-product-app . Note
>>> the angular.bootstrap called after Keycloak authentication is fully
>>> finished.
>>>
>>> Marek
>>>
>>>
>>> This happens in latest Firefox and Edge. Chrome seems to handle these
>>> reloads quietly.
>>>
>>> Is this intended?
>>>
>>> Thanks
>>>
>>>
>>> _______________________________________________
>>> keycloak-user mailing
listkeycloak-user@lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>>
>>>
>>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
7:50 a.m.
Just spotted you're using the Angular2 example. I've got no clue about that
one. It was community contributed and we've not had any experience with
Angular2 ourselves.
Please try if you're getting similar behavior with Angular 1 example.
There should be no page reload on the cookie check. It's just a window
postMessage and it doesn't do anything that should cause the page to reload.
On 8 September 2016 at 14:07, Andy Yar <andyyar66(a)gmail.com> wrote:
Yes, I did - Web Origins: http://localhost:4200. Thats where my dev
server runs. When I change the origin in the Keycloak admin console to
something different I can't even log in due to CORS errors. So I guess this
setting is correct.
Setting a really short max SSO session TTL results in both cookie checks
(quiet Chrome and page reloading Firefox/Edge) detecting the tokens'
validity and redirecting to the login page.
My other observation, when I perform a SSO logout in Keycloak the app
running in Chrome doesn't log me out after its quiet cookie check. In
Firefox/Edge it detects the SSO logout correctly during the horrible cookie
checking page reload.
On Thu, Sep 8, 2016 at 7:39 AM, Stian Thorgersen <sthorger(a)redhat.com>
wrote:
> Did you add correct origins for your app in the Keycloak admin console?
>
> On 7 September 2016 at 16:30, Andy Yar <andyyar66(a)gmail.com> wrote:
>
>> Hello,
>> I've tried running https://github.com/keycloak/ke
>> ycloak/tree/master/examples/demo-template/angular2-product-app app on
>> localhost against my Keycloak instance. The page reloading issue caused by
>> iFrame checks was present too.
>>
>> The only significant change I made to the demo app was replacing the
>> keycloak.json with mine. The difference is using a non-localhost URL:
>> "auth-server-url": "http://<serverURL>:8080/sso". CORS
comes to mind.
>>
>>
>> On Tue, Sep 6, 2016 at 2:43 PM, Andy Yar <andyyar66(a)gmail.com> wrote:
>>
>>> I've spent some time in Firefox's debugger and found out that the
>>> redirect occurs right after the window.postMessage() is called in the
>>> checkLoginFrame function.
>>>
>>> The demo project code seems to be in line with my code. Might try it's
>>> runtime behavior later.
>>>
>>> On Tue, Sep 6, 2016 at 8:19 AM, Marek Posolda <mposolda(a)redhat.com>
>>> wrote:
>>>
>>>> On 01/09/16 23:34, Andy Yar wrote:
>>>>
>>>> Hello,
>>>> I've created a template of a Angular based app using keycloak.js
lib.
>>>> After a successful login the app/page periodically reloads itself. I
guess
>>>> it's because of the iFrame session check being set to 5sec interval
>>>> (requesting url:
<base_url>/#state=<hash>&code=<hash>).
>>>>
>>>> That's strange... IFrame is supposed to just check the cookie, not
to
>>>> do any reload.
>>>>
>>>> Maybe take a look at our angular examples and see if you do something
>>>> differently? See https://github.com/keycloak/ke
>>>> ycloak/tree/master/examples/demo-template/angular-product-app . Note
>>>> the angular.bootstrap called after Keycloak authentication is fully
>>>> finished.
>>>>
>>>> Marek
>>>>
>>>>
>>>> This happens in latest Firefox and Edge. Chrome seems to handle these
>>>> reloads quietly.
>>>>
>>>> Is this intended?
>>>>
>>>> Thanks
>>>>
>>>>
>>>> _______________________________________________
>>>> keycloak-user mailing
listkeycloak-user@lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>
>>>>
>>>>
>>>
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user(a)lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>
8:48 a.m.
Ok, will check the original AngularJS demo for that harmless
window.postMessage().
Thanks for your effort!
On Thu, Sep 8, 2016 at 2:50 PM, Stian Thorgersen <sthorger(a)redhat.com>
wrote:
Just spotted you're using the Angular2 example. I've got no
clue about
that one. It was community contributed and we've not had any experience
with Angular2 ourselves.
Please try if you're getting similar behavior with Angular 1 example.
There should be no page reload on the cookie check. It's just a window
postMessage and it doesn't do anything that should cause the page to reload.
On 8 September 2016 at 14:07, Andy Yar <andyyar66(a)gmail.com> wrote:
> Yes, I did - Web Origins: http://localhost:4200. Thats where my dev
> server runs. When I change the origin in the Keycloak admin console to
> something different I can't even log in due to CORS errors. So I guess this
> setting is correct.
>
> Setting a really short max SSO session TTL results in both cookie checks
> (quiet Chrome and page reloading Firefox/Edge) detecting the tokens'
> validity and redirecting to the login page.
>
> My other observation, when I perform a SSO logout in Keycloak the app
> running in Chrome doesn't log me out after its quiet cookie check. In
> Firefox/Edge it detects the SSO logout correctly during the horrible cookie
> checking page reload.
>
> On Thu, Sep 8, 2016 at 7:39 AM, Stian Thorgersen <sthorger(a)redhat.com>
> wrote:
>
>> Did you add correct origins for your app in the Keycloak admin console?
>>
>> On 7 September 2016 at 16:30, Andy Yar <andyyar66(a)gmail.com> wrote:
>>
>>> Hello,
>>> I've tried running https://github.com/keycloak/ke
>>> ycloak/tree/master/examples/demo-template/angular2-product-app app on
>>> localhost against my Keycloak instance. The page reloading issue caused by
>>> iFrame checks was present too.
>>>
>>> The only significant change I made to the demo app was replacing the
>>> keycloak.json with mine. The difference is using a non-localhost URL:
>>> "auth-server-url": "http://<serverURL>:8080/sso".
CORS comes to mind.
>>>
>>>
>>> On Tue, Sep 6, 2016 at 2:43 PM, Andy Yar <andyyar66(a)gmail.com> wrote:
>>>
>>>> I've spent some time in Firefox's debugger and found out that
the
>>>> redirect occurs right after the window.postMessage() is called in the
>>>> checkLoginFrame function.
>>>>
>>>> The demo project code seems to be in line with my code. Might try
it's
>>>> runtime behavior later.
>>>>
>>>> On Tue, Sep 6, 2016 at 8:19 AM, Marek Posolda
<mposolda(a)redhat.com>
>>>> wrote:
>>>>
>>>>> On 01/09/16 23:34, Andy Yar wrote:
>>>>>
>>>>> Hello,
>>>>> I've created a template of a Angular based app using keycloak.js
lib.
>>>>> After a successful login the app/page periodically reloads itself. I
guess
>>>>> it's because of the iFrame session check being set to 5sec
interval
>>>>> (requesting url:
<base_url>/#state=<hash>&code=<hash>).
>>>>>
>>>>> That's strange... IFrame is supposed to just check the cookie,
not to
>>>>> do any reload.
>>>>>
>>>>> Maybe take a look at our angular examples and see if you do
something
>>>>> differently? See https://github.com/keycloak/ke
>>>>> ycloak/tree/master/examples/demo-template/angular-product-app . Note
>>>>> the angular.bootstrap called after Keycloak authentication is fully
>>>>> finished.
>>>>>
>>>>> Marek
>>>>>
>>>>>
>>>>> This happens in latest Firefox and Edge. Chrome seems to handle
these
>>>>> reloads quietly.
>>>>>
>>>>> Is this intended?
>>>>>
>>>>> Thanks
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> keycloak-user mailing
listkeycloak-user@lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>
>>>>>
>>>>>
>>>>
>>>
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user(a)lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>
>>
>
3:41 a.m.
In my case the original AngularJS demo acts in the same way as the Angular2
one.
On Thu, Sep 8, 2016 at 3:48 PM, Andy Yar <andyyar66(a)gmail.com> wrote:
Ok, will check the original AngularJS demo for that harmless
window.postMessage().
Thanks for your effort!
On Thu, Sep 8, 2016 at 2:50 PM, Stian Thorgersen <sthorger(a)redhat.com>
wrote:
> Just spotted you're using the Angular2 example. I've got no clue about
> that one. It was community contributed and we've not had any experience
> with Angular2 ourselves.
>
> Please try if you're getting similar behavior with Angular 1 example.
>
> There should be no page reload on the cookie check. It's just a window
> postMessage and it doesn't do anything that should cause the page to reload.
>
> On 8 September 2016 at 14:07, Andy Yar <andyyar66(a)gmail.com> wrote:
>
>> Yes, I did - Web Origins: http://localhost:4200. Thats where my dev
>> server runs. When I change the origin in the Keycloak admin console to
>> something different I can't even log in due to CORS errors. So I guess this
>> setting is correct.
>>
>> Setting a really short max SSO session TTL results in both cookie checks
>> (quiet Chrome and page reloading Firefox/Edge) detecting the tokens'
>> validity and redirecting to the login page.
>>
>> My other observation, when I perform a SSO logout in Keycloak the app
>> running in Chrome doesn't log me out after its quiet cookie check. In
>> Firefox/Edge it detects the SSO logout correctly during the horrible cookie
>> checking page reload.
>>
>> On Thu, Sep 8, 2016 at 7:39 AM, Stian Thorgersen <sthorger(a)redhat.com>
>> wrote:
>>
>>> Did you add correct origins for your app in the Keycloak admin console?
>>>
>>> On 7 September 2016 at 16:30, Andy Yar <andyyar66(a)gmail.com> wrote:
>>>
>>>> Hello,
>>>> I've tried running https://github.com/keycloak/ke
>>>> ycloak/tree/master/examples/demo-template/angular2-product-app app on
>>>> localhost against my Keycloak instance. The page reloading issue caused
by
>>>> iFrame checks was present too.
>>>>
>>>> The only significant change I made to the demo app was replacing the
>>>> keycloak.json with mine. The difference is using a non-localhost URL:
>>>> "auth-server-url":
"http://<serverURL>:8080/sso". CORS comes to mind.
>>>>
>>>>
>>>> On Tue, Sep 6, 2016 at 2:43 PM, Andy Yar <andyyar66(a)gmail.com>
wrote:
>>>>
>>>>> I've spent some time in Firefox's debugger and found out that
the
>>>>> redirect occurs right after the window.postMessage() is called in
the
>>>>> checkLoginFrame function.
>>>>>
>>>>> The demo project code seems to be in line with my code. Might try
>>>>> it's runtime behavior later.
>>>>>
>>>>> On Tue, Sep 6, 2016 at 8:19 AM, Marek Posolda
<mposolda(a)redhat.com>
>>>>> wrote:
>>>>>
>>>>>> On 01/09/16 23:34, Andy Yar wrote:
>>>>>>
>>>>>> Hello,
>>>>>> I've created a template of a Angular based app using
keycloak.js
>>>>>> lib. After a successful login the app/page periodically reloads
itself. I
>>>>>> guess it's because of the iFrame session check being set to
5sec interval
>>>>>> (requesting url:
<base_url>/#state=<hash>&code=<hash>).
>>>>>>
>>>>>> That's strange... IFrame is supposed to just check the
cookie, not
>>>>>> to do any reload.
>>>>>>
>>>>>> Maybe take a look at our angular examples and see if you do
>>>>>> something differently? See https://github.com/keycloak/ke
>>>>>> ycloak/tree/master/examples/demo-template/angular-product-app .
>>>>>> Note the angular.bootstrap called after Keycloak authentication
is fully
>>>>>> finished.
>>>>>>
>>>>>> Marek
>>>>>>
>>>>>>
>>>>>> This happens in latest Firefox and Edge. Chrome seems to handle
>>>>>> these reloads quietly.
>>>>>>
>>>>>> Is this intended?
>>>>>>
>>>>>> Thanks
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> keycloak-user mailing
listkeycloak-user@lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>
>>>> _______________________________________________
>>>> keycloak-user mailing list
>>>> keycloak-user(a)lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>
>>>
>>>
>>
>
4:04 a.m.
Are you getting the same behavior from the admin console? It's Angular and
uses keycloak.js.
On 9 September 2016 at 10:41, Andy Yar <andyyar66(a)gmail.com> wrote:
In my case the original AngularJS demo acts in the same way as the
Angular2 one.
On Thu, Sep 8, 2016 at 3:48 PM, Andy Yar <andyyar66(a)gmail.com> wrote:
> Ok, will check the original AngularJS demo for that harmless
> window.postMessage().
>
> Thanks for your effort!
>
> On Thu, Sep 8, 2016 at 2:50 PM, Stian Thorgersen <sthorger(a)redhat.com>
> wrote:
>
>> Just spotted you're using the Angular2 example. I've got no clue about
>> that one. It was community contributed and we've not had any experience
>> with Angular2 ourselves.
>>
>> Please try if you're getting similar behavior with Angular 1 example.
>>
>> There should be no page reload on the cookie check. It's just a window
>> postMessage and it doesn't do anything that should cause the page to reload.
>>
>> On 8 September 2016 at 14:07, Andy Yar <andyyar66(a)gmail.com> wrote:
>>
>>> Yes, I did - Web Origins: http://localhost:4200. Thats where my dev
>>> server runs. When I change the origin in the Keycloak admin console to
>>> something different I can't even log in due to CORS errors. So I guess
this
>>> setting is correct.
>>>
>>> Setting a really short max SSO session TTL results in both cookie
>>> checks (quiet Chrome and page reloading Firefox/Edge) detecting the
tokens'
>>> validity and redirecting to the login page.
>>>
>>> My other observation, when I perform a SSO logout in Keycloak the app
>>> running in Chrome doesn't log me out after its quiet cookie check. In
>>> Firefox/Edge it detects the SSO logout correctly during the horrible cookie
>>> checking page reload.
>>>
>>> On Thu, Sep 8, 2016 at 7:39 AM, Stian Thorgersen <sthorger(a)redhat.com>
>>> wrote:
>>>
>>>> Did you add correct origins for your app in the Keycloak admin console?
>>>>
>>>> On 7 September 2016 at 16:30, Andy Yar <andyyar66(a)gmail.com>
wrote:
>>>>
>>>>> Hello,
>>>>> I've tried running https://github.com/keycloak/ke
>>>>> ycloak/tree/master/examples/demo-template/angular2-product-app app
>>>>> on localhost against my Keycloak instance. The page reloading issue
caused
>>>>> by iFrame checks was present too.
>>>>>
>>>>> The only significant change I made to the demo app was replacing the
>>>>> keycloak.json with mine. The difference is using a non-localhost
URL:
>>>>> "auth-server-url":
"http://<serverURL>:8080/sso". CORS comes to mind.
>>>>>
>>>>>
>>>>> On Tue, Sep 6, 2016 at 2:43 PM, Andy Yar <andyyar66(a)gmail.com>
wrote:
>>>>>
>>>>>> I've spent some time in Firefox's debugger and found out
that the
>>>>>> redirect occurs right after the window.postMessage() is called in
the
>>>>>> checkLoginFrame function.
>>>>>>
>>>>>> The demo project code seems to be in line with my code. Might
try
>>>>>> it's runtime behavior later.
>>>>>>
>>>>>> On Tue, Sep 6, 2016 at 8:19 AM, Marek Posolda
<mposolda(a)redhat.com>
>>>>>> wrote:
>>>>>>
>>>>>>> On 01/09/16 23:34, Andy Yar wrote:
>>>>>>>
>>>>>>> Hello,
>>>>>>> I've created a template of a Angular based app using
keycloak.js
>>>>>>> lib. After a successful login the app/page periodically
reloads itself. I
>>>>>>> guess it's because of the iFrame session check being set
to 5sec interval
>>>>>>> (requesting url:
<base_url>/#state=<hash>&code=<hash>).
>>>>>>>
>>>>>>> That's strange... IFrame is supposed to just check the
cookie, not
>>>>>>> to do any reload.
>>>>>>>
>>>>>>> Maybe take a look at our angular examples and see if you do
>>>>>>> something differently? See https://github.com/keycloak/ke
>>>>>>> ycloak/tree/master/examples/demo-template/angular-product-app
.
>>>>>>> Note the angular.bootstrap called after Keycloak
authentication is fully
>>>>>>> finished.
>>>>>>>
>>>>>>> Marek
>>>>>>>
>>>>>>>
>>>>>>> This happens in latest Firefox and Edge. Chrome seems to
handle
>>>>>>> these reloads quietly.
>>>>>>>
>>>>>>> Is this intended?
>>>>>>>
>>>>>>> Thanks
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> keycloak-user mailing
listkeycloak-user@lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> keycloak-user mailing list
>>>>> keycloak-user(a)lists.jboss.org
>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>
>>>>
>>>>
>>>
>>
>
8:39 a.m.
By the way I just tried the angular product example here and it works just
fine in Chrome and Firefox.
On 9 September 2016 at 11:04, Stian Thorgersen <sthorger(a)redhat.com> wrote:
Are you getting the same behavior from the admin console? It's
Angular and
uses keycloak.js.
On 9 September 2016 at 10:41, Andy Yar <andyyar66(a)gmail.com> wrote:
> In my case the original AngularJS demo acts in the same way as the
> Angular2 one.
>
> On Thu, Sep 8, 2016 at 3:48 PM, Andy Yar <andyyar66(a)gmail.com> wrote:
>
>> Ok, will check the original AngularJS demo for that harmless
>> window.postMessage().
>>
>> Thanks for your effort!
>>
>> On Thu, Sep 8, 2016 at 2:50 PM, Stian Thorgersen <sthorger(a)redhat.com>
>> wrote:
>>
>>> Just spotted you're using the Angular2 example. I've got no clue
about
>>> that one. It was community contributed and we've not had any experience
>>> with Angular2 ourselves.
>>>
>>> Please try if you're getting similar behavior with Angular 1 example.
>>>
>>> There should be no page reload on the cookie check. It's just a window
>>> postMessage and it doesn't do anything that should cause the page to
reload.
>>>
>>> On 8 September 2016 at 14:07, Andy Yar <andyyar66(a)gmail.com> wrote:
>>>
>>>> Yes, I did - Web Origins: http://localhost:4200. Thats where my dev
>>>> server runs. When I change the origin in the Keycloak admin console to
>>>> something different I can't even log in due to CORS errors. So I
guess this
>>>> setting is correct.
>>>>
>>>> Setting a really short max SSO session TTL results in both cookie
>>>> checks (quiet Chrome and page reloading Firefox/Edge) detecting the
tokens'
>>>> validity and redirecting to the login page.
>>>>
>>>> My other observation, when I perform a SSO logout in Keycloak the app
>>>> running in Chrome doesn't log me out after its quiet cookie check.
In
>>>> Firefox/Edge it detects the SSO logout correctly during the horrible
cookie
>>>> checking page reload.
>>>>
>>>> On Thu, Sep 8, 2016 at 7:39 AM, Stian Thorgersen
<sthorger(a)redhat.com>
>>>> wrote:
>>>>
>>>>> Did you add correct origins for your app in the Keycloak admin
>>>>> console?
>>>>>
>>>>> On 7 September 2016 at 16:30, Andy Yar <andyyar66(a)gmail.com>
wrote:
>>>>>
>>>>>> Hello,
>>>>>> I've tried running https://github.com/keycloak/ke
>>>>>> ycloak/tree/master/examples/demo-template/angular2-product-app
app
>>>>>> on localhost against my Keycloak instance. The page reloading
issue caused
>>>>>> by iFrame checks was present too.
>>>>>>
>>>>>> The only significant change I made to the demo app was replacing
the
>>>>>> keycloak.json with mine. The difference is using a non-localhost
URL:
>>>>>> "auth-server-url":
"http://<serverURL>:8080/sso". CORS comes to
>>>>>> mind.
>>>>>>
>>>>>>
>>>>>> On Tue, Sep 6, 2016 at 2:43 PM, Andy Yar
<andyyar66(a)gmail.com>
>>>>>> wrote:
>>>>>>
>>>>>>> I've spent some time in Firefox's debugger and found
out that the
>>>>>>> redirect occurs right after the window.postMessage() is
called in the
>>>>>>> checkLoginFrame function.
>>>>>>>
>>>>>>> The demo project code seems to be in line with my code. Might
try
>>>>>>> it's runtime behavior later.
>>>>>>>
>>>>>>> On Tue, Sep 6, 2016 at 8:19 AM, Marek Posolda
<mposolda(a)redhat.com>
>>>>>>> wrote:
>>>>>>>
>>>>>>>> On 01/09/16 23:34, Andy Yar wrote:
>>>>>>>>
>>>>>>>> Hello,
>>>>>>>> I've created a template of a Angular based app using
keycloak.js
>>>>>>>> lib. After a successful login the app/page periodically
reloads itself. I
>>>>>>>> guess it's because of the iFrame session check being
set to 5sec interval
>>>>>>>> (requesting url:
<base_url>/#state=<hash>&code=<hash>).
>>>>>>>>
>>>>>>>> That's strange... IFrame is supposed to just check
the cookie, not
>>>>>>>> to do any reload.
>>>>>>>>
>>>>>>>> Maybe take a look at our angular examples and see if you
do
>>>>>>>> something differently? See
https://github.com/keycloak/ke
>>>>>>>>
ycloak/tree/master/examples/demo-template/angular-product-app .
>>>>>>>> Note the angular.bootstrap called after Keycloak
authentication is fully
>>>>>>>> finished.
>>>>>>>>
>>>>>>>> Marek
>>>>>>>>
>>>>>>>>
>>>>>>>> This happens in latest Firefox and Edge. Chrome seems to
handle
>>>>>>>> these reloads quietly.
>>>>>>>>
>>>>>>>> Is this intended?
>>>>>>>>
>>>>>>>> Thanks
>>>>>>>>
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> keycloak-user mailing
listkeycloak-user@lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> keycloak-user mailing list
>>>>>> keycloak-user(a)lists.jboss.org
>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>
>>>>>
>>>>>
>>>>
>>>
>>
>
9:26 a.m.
Ok, so it must be related to my usage scenario.
I don't use keycloak.js served from the Keycloak server but as a local node
module instead. Then again I run my Angular app on localhost and I auth it
against a Keycloak which runs on a dedicated server/domain.
FYI my Keyclok admin console works normally - no refreshes.
On Fri, Sep 9, 2016 at 3:39 PM, Stian Thorgersen <sthorger(a)redhat.com>
wrote:
By the way I just tried the angular product example here and it works
just
fine in Chrome and Firefox.
On 9 September 2016 at 11:04, Stian Thorgersen <sthorger(a)redhat.com>
wrote:
> Are you getting the same behavior from the admin console? It's Angular
> and uses keycloak.js.
>
> On 9 September 2016 at 10:41, Andy Yar <andyyar66(a)gmail.com> wrote:
>
>> In my case the original AngularJS demo acts in the same way as the
>> Angular2 one.
>>
>> On Thu, Sep 8, 2016 at 3:48 PM, Andy Yar <andyyar66(a)gmail.com> wrote:
>>
>>> Ok, will check the original AngularJS demo for that harmless
>>> window.postMessage().
>>>
>>> Thanks for your effort!
>>>
>>> On Thu, Sep 8, 2016 at 2:50 PM, Stian Thorgersen <sthorger(a)redhat.com>
>>> wrote:
>>>
>>>> Just spotted you're using the Angular2 example. I've got no clue
about
>>>> that one. It was community contributed and we've not had any
experience
>>>> with Angular2 ourselves.
>>>>
>>>> Please try if you're getting similar behavior with Angular 1
example.
>>>>
>>>> There should be no page reload on the cookie check. It's just a
window
>>>> postMessage and it doesn't do anything that should cause the page to
reload.
>>>>
>>>> On 8 September 2016 at 14:07, Andy Yar <andyyar66(a)gmail.com>
wrote:
>>>>
>>>>> Yes, I did - Web Origins: http://localhost:4200. Thats where my dev
>>>>> server runs. When I change the origin in the Keycloak admin console
to
>>>>> something different I can't even log in due to CORS errors. So I
guess this
>>>>> setting is correct.
>>>>>
>>>>> Setting a really short max SSO session TTL results in both cookie
>>>>> checks (quiet Chrome and page reloading Firefox/Edge) detecting the
tokens'
>>>>> validity and redirecting to the login page.
>>>>>
>>>>> My other observation, when I perform a SSO logout in Keycloak the
app
>>>>> running in Chrome doesn't log me out after its quiet cookie
check. In
>>>>> Firefox/Edge it detects the SSO logout correctly during the horrible
cookie
>>>>> checking page reload.
>>>>>
>>>>> On Thu, Sep 8, 2016 at 7:39 AM, Stian Thorgersen
<sthorger(a)redhat.com
>>>>> > wrote:
>>>>>
>>>>>> Did you add correct origins for your app in the Keycloak admin
>>>>>> console?
>>>>>>
>>>>>> On 7 September 2016 at 16:30, Andy Yar
<andyyar66(a)gmail.com> wrote:
>>>>>>
>>>>>>> Hello,
>>>>>>> I've tried running https://github.com/keycloak/ke
>>>>>>>
ycloak/tree/master/examples/demo-template/angular2-product-app app
>>>>>>> on localhost against my Keycloak instance. The page reloading
issue caused
>>>>>>> by iFrame checks was present too.
>>>>>>>
>>>>>>> The only significant change I made to the demo app was
replacing
>>>>>>> the keycloak.json with mine. The difference is using a
non-localhost URL:
>>>>>>> "auth-server-url":
"http://<serverURL>:8080/sso". CORS comes to
>>>>>>> mind.
>>>>>>>
>>>>>>>
>>>>>>> On Tue, Sep 6, 2016 at 2:43 PM, Andy Yar
<andyyar66(a)gmail.com>
>>>>>>> wrote:
>>>>>>>
>>>>>>>> I've spent some time in Firefox's debugger and
found out that the
>>>>>>>> redirect occurs right after the window.postMessage() is
called in the
>>>>>>>> checkLoginFrame function.
>>>>>>>>
>>>>>>>> The demo project code seems to be in line with my code.
Might try
>>>>>>>> it's runtime behavior later.
>>>>>>>>
>>>>>>>> On Tue, Sep 6, 2016 at 8:19 AM, Marek Posolda
<mposolda(a)redhat.com
>>>>>>>> > wrote:
>>>>>>>>
>>>>>>>>> On 01/09/16 23:34, Andy Yar wrote:
>>>>>>>>>
>>>>>>>>> Hello,
>>>>>>>>> I've created a template of a Angular based app
using keycloak.js
>>>>>>>>> lib. After a successful login the app/page
periodically reloads itself. I
>>>>>>>>> guess it's because of the iFrame session check
being set to 5sec interval
>>>>>>>>> (requesting url:
<base_url>/#state=<hash>&code=<hash>).
>>>>>>>>>
>>>>>>>>> That's strange... IFrame is supposed to just
check the cookie,
>>>>>>>>> not to do any reload.
>>>>>>>>>
>>>>>>>>> Maybe take a look at our angular examples and see if
you do
>>>>>>>>> something differently? See
https://github.com/keycloak/ke
>>>>>>>>>
ycloak/tree/master/examples/demo-template/angular-product-app .
>>>>>>>>> Note the angular.bootstrap called after Keycloak
authentication is fully
>>>>>>>>> finished.
>>>>>>>>>
>>>>>>>>> Marek
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> This happens in latest Firefox and Edge. Chrome seems
to handle
>>>>>>>>> these reloads quietly.
>>>>>>>>>
>>>>>>>>> Is this intended?
>>>>>>>>>
>>>>>>>>> Thanks
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> _______________________________________________
>>>>>>>>> keycloak-user mailing
listkeycloak-user@lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> keycloak-user mailing list
>>>>>>> keycloak-user(a)lists.jboss.org
>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>
3043
days inactive
3051
days old
11 comments
3 participants
participants (3)
-
Andy Yar -
Marek Posolda -
Stian Thorgersen