[keycloak-user] Problem with Spring WEB application using Keycloak + Spring Security Adapter in Multi Tenancy mode

Mattia Bello Mattia.Bello at horsa.it
Thu Sep 27 08:20:50 EDT 2018 

Hello,
I am trying to configure a Spring WEB application using Keycloak + Spring Security Adapter in  Multi Tenancy mode but i encountered some problems.
I followed the instuctions of the Keycloak documentation (https://www.keycloak.org/docs/latest/securing_apps/index.html#_spring_security_adapter and https://www.keycloak.org/docs/latest/securing_apps/index.html#_multi_tenancy)
I created a simple web application (SpringSecurity_HelloWorld) with two pages, one public page (hello.jsp) and a protected one (admin.jsp).

To implementy the Multi tenancy, I created the PathBasedKeycloakConfigResolver java class and I changed the spring-security.xml file as requested to link this class to the Spring context.
The .zip from follow Google Drive Link contains a copy of the test project:
https://drive.google.com/file/d/1YH2phrXlx9yc1vexXkNCMKoOnDBEmBI2/view?usp=sharing

This is what happens when the app is running:

Accessing url localhost:8080/SpringSecurity_HelloWorld/{realm}/admin, (i.e. the protected page) the following steps are executed:

1 As expected, the method resolve(..) of my PathBasedKeycloakConfigResolver class is called, and my code correctly extracts the {realm} from the url, creates the corresponding KeycloakDeployment
object, returning it to the caller

2 The browser receives a redirect (HTTP 302) to the location localhost:8080/SpringSecurity_HelloWorld/sso/login and executes the redirect

3 The method resolve(..) of  PathBasedKeycloakConfigResolve is called again with the url localhost:8080/SpringSecurity_HelloWorld/sso/login as argument. This is very surprising to me because
this url doesn't contains the {realm} part and I am wondering how the method resolve() could cope with this. It is supposed to return the KeycloakDeployment object corresponding to the requast realm
but this is not possible now.

For what I understand from documentation the second call to the resolve() method is just wrong .... why the the {realm} is missing ?
I suspect there is some configuratione error in my project but I can't find anything wrong.


Thanks to all


Mattia Bello
Developer

[Descrizione: cid:image001.jpg at 01CEB308.188717E0]
Horsa S.p.A.
Via Cadorna, 67
Vimodrone (MI)
Mobile  (+39) 347 37 64 875
www.horsa.it<http://www.horsa.it/>

More information about the keycloak-user mailing list