[keycloak-user] Session cookie settings overwritten by undertow keycloak adapter

Goworek Krzysztof INNE Krzysztof.Goworek at ingbank.pl
Thu Dec 22 07:10:23 EST 2016


Hello all,
I am developing a web application using Keycloak on JBoss EAP7 (Wildfly 10, Undertow). We have migrated recently from EAP6.4 and now I’ve got several issues to solve.
One of them is session cookie configuration in web.xml which used to work, but now is completely ignored.
After further investigation it looks that keycloak-undertow-adapter module is overwriting existing settings with uninitialized configuration object (). All of this is done in KeycloakServletExtension class (https://github.com/keycloak/keycloak/blob/master/adapters/oidc/undertow/src/main/java/org/keycloak/adapters/undertow/KeycloakServletExtension.java#L179), lines 177-179 on master.

Can somebody tell me whether this is a bug or maybe this was done on purpose? Can I in any way reconfigure these settings somehow later?
From the code it does not seem to read any configuration values, it just sets cookie path basing on context path and leaves the rest fields uninitialized. I would expect it sets the path and copies the rest from “servletSessionConfig” field.
Am I missing something?

Krzysztof


More information about the keycloak-user mailing list