[keycloak-user] Authentication broken after 3.0.0 -> 3.4.0 upgrade

Dmitry Korchemkin moon3854 at gmail.com
Tue Dec 5 07:48:49 EST 2017


Hello,

I'm looking into upgrading from 3.0.0.Final to 3.4.0.Final and my REST
endpoints work fine, tokens are issued, validated, etc, no regression
there. Login functionality, however, is broken due to missing
AUTH_SESSION_ID cookie.

Here's how my auth request looks like:
http://gateway-my-app.com/auth/realms/myRealm/login-
actions/authenticate?code=ys5CKFbsTfM1ab2L6cZ3xqx0lTCwv3
gJvoEcdsbIoSM.c5a89496-8b6c-4ca2-a188-b7a075d8957b&
execution=50a77434-5243-44df-84c4-cc3ff4be2ac6&kc_locale=en
Cookie:69d2fc8ce07e4c342f8d612131c6fdd7=2c5f013d0341025df301bde47ce2c80a
Host:http://gateway-my-app.com
Origin:http://gateway-my-app.com
Referer:
http://gateway-my-app.com/api/v1/identity-provider/auth/
realms/myRealm/protocol/openid-connect/auth?response_
type=token&client_id=myClient&redirect_uri=http%3A%2F%2Fmy-
app-interface.com%2Floginpages%2Fclose.html&nonce=1150678440871.8186&kc_
locale=en-US

Gateway doesn't do much in terms of cookies replacement, it only ensures
that things like host and origin are correct.
I run it on openshift based on keycloak-ha-postgres dockerfile. Login pages
for microservices are rendered as iframes.

Might there be something specific to OpenShift (maybe its router?) or
rendering login page in iframe that might prevent AUTH_SESSION_ID cookie
from appearing?

Best regards,
Dmitry


More information about the keycloak-user mailing list