[keycloak-user] KeyCloak integrate with external Idp get an infinity loop.

Lap Tran lapth82 at gmail.com
Sat May 5 04:50:24 EDT 2018


 Hi,

I am integrating OpenAM 10.1 vs KeyCloak 3.4.3.
I used SAML v2 for this integration.
My application and KeyCloak SAML Adapter are deployed on WildFly 11.

The intergration does not work as my expectation, please see below steps:
1) When I access to my application first time, KeyCloak SAML Adapter is
triggered and bring me to OpenAM Login page
2) I complete my login from OpenAM Login page
3) Browser bring me back to my application after login, I see the saml
response sent back to my application (I debug KeyCloak 3.4.3 code for this)
4) KeyCloak analyzes that saml response and then redirect to the first link
(in step 1#)

As my expectation, after step 4, the Browser has to bring me back to the
first link with authenticated status, then I can access my application from
now. But it does not work like that.

5) Browser bring me to the OpenAM Idp link again, but the login page is not
displayed
6) Browser bring me back to the application link again ... then I have a
infinity loop of step 5 - 6 from this time

It seems we have a bug in KeyCloak for SAML integration.

Any idea, please share me a work around to fix this bug ?


Regards,

Lap Tran
mailto:lapth82 at gmail.com


More information about the keycloak-user mailing list