[keycloak-user] KeyCloak POC with minimal setup, won't work in IE

Thomas Peeters thomas.peeters1 at telenet.be
Fri Dec 8 09:50:44 EST 2017


Old opportunistic me just installed Keycloak 3.4.1.Final. I did the exact same setup, now it seems to work in IE as well. 


Van: "Simon Payne" <simonpayne58 at gmail.com> 
Aan: "thomas" <thomas.peeters1 at telenet.be> 
Cc: "keycloak-user" <keycloak-user at lists.jboss.org> 
Verzonden: Vrijdag 8 december 2017 12:45:52 
Onderwerp: Re: [keycloak-user] KeyCloak POC with minimal setup, won't work in IE 

Hi, is that localhost of your application or localhost of keycloak? and would you already have a single signon session in the browser? 
is your client setup correctly to accept your non local domain as a valid redirect url etc? 

Simon. 



On Fri, Dec 8, 2017 at 11:06 AM, Thomas Peeters < [ mailto:thomas.peeters1 at telenet.be | thomas.peeters1 at telenet.be ] > wrote: 



I've made a POC to show some required functionality for some of our applications using Keycloak. Mainly, secured URL and SSO. 
The POC consists of a minimal setup: no SSL, ... 

We're using JBoss EAP 6.4 as application server, Spring-security (with keycloak adapter), front-end is JSF 2.1 with RichFaces 4. 

I've rather easily gotten it to work in all browsers except for IE outside of localhost. Meaning, it all seems to work when everything is configured for localhost addresses. 

Then when I deploy it all to a staging area where I don't use localhost anymore it just won't work in IE (8,9,10). Which is kind of a showstopper because some old (poorly written) applications in the SSO domain ony work in IE. 


What happens: 

I enter the application URL in IE, the browser should redirect me to the keycloak login page. However that doesn't happen and I only see my own 'access denied 401' page. 
Attempting to open the administration console of Keycloak shows me ''{{notification.header}} {{notification.message}} ", with loading... at the left-hand bottom of the screen. This does work when the address used is localhost, in fact, everything works using localhost. 
It even works in Edge, not that means much. 

I can't find much about this online, except for a handful pages that don't seem to add much info (to me). 

KeyCloak 3.4.0.Final 
Keycloak-spring-security-adapter 3.4.0.Final (Maven) 
Spring Security (web & config + transitive dependencies) 3.2.0.RELEASE 
JBoss 6.4 EAP 


Keycloak.json: 

{ 
"realm" : "<realmname>" , 
"auth-server-url" : "<non-localhost - non-https address>" , 
"ssl-required" : "none" , 
"resource" : "<client name>" , 
"public-client" : true 
} 

Which was extracted from the keycloak admin console. 

I'm putting way too much time into this, and I'm not sure anymore where to look. And I find it quite odd that it works with localhost names. 

Thanks for reading 
T 
_______________________________________________ 
keycloak-user mailing list 
[ mailto:keycloak-user at lists.jboss.org | keycloak-user at lists.jboss.org ] 
[ https://lists.jboss.org/mailman/listinfo/keycloak-user | https://lists.jboss.org/mailman/listinfo/keycloak-user ] 






More information about the keycloak-user mailing list