[keycloak-user] Overriding Cookie Paths

John D. Ament john.d.ament at gmail.com
Wed Sep 6 19:24:24 EDT 2017


Hi,

I noticed in OAuthRequestAuthenticator that the cookie path being set is to
null.  From what I can tell, this means in most containers if my first
release is to /foo/bar/baz/bar that the path saved to the cookie is
"/foo/bar/baz".  This is typically not an issue, however I have a legacy
app I'm trying to integrate with Keycloak, so the cookie state is very
important.  By setting the path to a low level when I later access
/foo/home.xhtml it causes the cookie to not get populated (which causes a
400 bad request later on).

I'm wondering, does it make sense to add something to KeycloakDeployment
that lists the cookie path, defaulting to null if its not set.

John


More information about the keycloak-user mailing list