6:24 p.m.
Hi,
I noticed in OAuthRequestAuthenticator that the cookie path being set is to
null. From what I can tell, this means in most containers if my first
release is to /foo/bar/baz/bar that the path saved to the cookie is
"/foo/bar/baz". This is typically not an issue, however I have a legacy
app I'm trying to integrate with Keycloak, so the cookie state is very
important. By setting the path to a low level when I later access
/foo/home.xhtml it causes the cookie to not get populated (which causes a
400 bad request later on).
I'm wondering, does it make sense to add something to KeycloakDeployment
that lists the cookie path, defaulting to null if its not set.
John
8:48 a.m.
Ping? I've written up some thoughts, and willing to raise a PR against
https://issues.jboss.org/browse/KEYCLOAK-5582
John
On Wed, Sep 6, 2017 at 7:24 PM John D. Ament <john.d.ament(a)gmail.com> wrote:
Hi,
I noticed in OAuthRequestAuthenticator that the cookie path being set is
to null. From what I can tell, this means in most containers if my first
release is to /foo/bar/baz/bar that the path saved to the cookie is
"/foo/bar/baz". This is typically not an issue, however I have a legacy
app I'm trying to integrate with Keycloak, so the cookie state is very
important. By setting the path to a low level when I later access
/foo/home.xhtml it causes the cookie to not get populated (which causes a
400 bad request later on).
I'm wondering, does it make sense to add something to KeycloakDeployment
that lists the cookie path, defaulting to null if its not set.
John
2643
days inactive
2668
days old
1 comments
1 participants
participants (1)
-
John D. Ament