[keycloak-user] chrome on windows
Marek Posolda
mposolda at redhat.com
Tue Dec 13 15:23:28 EST 2016
On 13/12/16 14:42, lists wrote:
> Hi,
>
> Somehow, when using keycloak SAML auth on our application, chrome on
> windows is presenting us a basic http popup logon window.
> In that case, the URL looks like:
>> https://keycloak.company.com/auth/realms/testrealm/protocol/saml?SAMLRequest=fVHJbsIwEP2VyPfEOCk0sUgkIKVC6oJK1UMvlZWYYsmxU8%2B4y9%2FXCUKiPXB9M2%2FeMnMQne...
> We have to cancel that popup, to end up in the regular keycloak login page.
> The URL then becomes:
>> https://keycloak.company.com/auth/realms/testrealm/login-actions/authenticate?code=lmCA9w6F-KuQAefH1Iq5mDpBznYOjP2JE3ZnooeL9Uc.e01284fe-0ad4-4efb-8314-f...
> Since this only happens on chrome on windows, I thought that this
> perhaps was a kerberos-auth going wrong. So i disabled kerberos, but it
> keeps happening.
Depends what exactly means "I disabled kerberos" ? Did you switch the
SPNEGO authenticator in the "Browser" authenticationFlow of your realm
to DISABLED?
Marek
>
> Using other browsers, we end up in the regular second /login-actions/
> logon screen straight away.
>
> The chrome popup is also NOT useable: if we provide a valid
> username/password, we will NOT become authenticated, but we end up in
> the "WE'RE SORRY... Unexpected error when handling authentication
> request to identity provider."
>
> Can anyone explain this? (keycloak 2.3.0)
>
> MJ
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list