[keycloak-user] Keycloak 2.1.0 infinite redirection after login

Sarp Kaya akaya at expedia.com
Thu Aug 18 01:30:23 EDT 2016


Hello,

I’m using Tomcat adapter (keycloak-tomcat8-adapter).

The issue is that once you login in keycloak, then it redirects you back to the application with state and code query parameter. So far no issue, but this then gives you a KEYCLOAK_ADAPTER_STATE cookie and redirects you back to the application. Then something happens (which I could not figure out what) and browser decides not to send KEYCLOAK_ADAPTER_STATE cookie back to the application.
At first I thought this was an application issue rather than keycloak, but after reverting my changes the problem still persisted. Then I went back to Keycloak 2.0.0 from 2.1.0 and problem was solved.

So the flow is like this:


1)       Request: Address/app | Response: 302 to Keycloak login page

2)       Request: Keycloak/auth | Response: 200 expects you to login

3)       (After logging in) Request: Keycloak/authenticate | Response 302 to application with state

4)       Request: Address/app/?state=…&code=… | Response 302 to application page (with KEYCLOAK_ADAPTER_STATE cookie)

5)       Request: Address/app (this request does not contain KEYCLOAK_ADAPTER_STATE for an unknown reason) | Response 302 to Keycloak login page (instead of actually letting through)

6)       Request: Keycloak/auth | Response: 302 to application with state

7)       Go to step 4

So it’s infinitely redirecting. I have tried this with both tomcat adapter version 2.1.0 and 2.0.0 both behaves the same. I have also inspected the response headers and don’t really see any difference

Just wondering if someone had a similar issue? If so how did you fix it?

Thanks,
Sarp
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160818/971f0ca9/attachment.html 


More information about the keycloak-user mailing list