[keycloak-user] keycloak 5.0 integration with FranceConnect (IDP provider) no longer working

Olivier Rivat orivat at janua.fr
Fri Apr 12 11:16:45 EDT 2019


Hi,

I am testing the integration of keycloak  to   FranceConnect (French IDP 
provider).
It is working fine with keycloak 4.81 (I have just tested it today), but 
it is failing with keycloak 5.0.

The difference between the both is that keycloak 5.0 is adding 
internally client_session_state on the idp request.
But FranceConnect idp is not recognizing client_session_state.

What could be done to overcome this issue, as the IDP has not changed.
Is it possibel to disbale this flag (client_session_state) so it does 
not appear in the log of KC 5.0 ?

Please advise what could be done to have it working again.


Regards,

Olivier Rivat



==============================================================================






Traces are as follows between the both:

Keycloak 4.83 trace (OK)


2019-04-12 17:06:04,250 DEBUG [org.apache.http.wire] (default task-11) 
http-outgoing-3 >> "[\r][\n]"
2019-04-12 17:06:04,250 DEBUG [org.apache.http.wire] (default task-11) 
http-outgoing-3 >>
code=de5db40072c4d4a146f46330e7f85e38610d0943e95e9cb6ac73d66bd672205a&
grant_type=authorization_code&
client_secret=f6495844366b0a6c44fb2fffb4764ee732d134f4a7a8321863983473801c26db&
redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Fauth%2Frealms%2Fdemo%2Fbroker%2FFranceConnect%2Fendpoint&
client_id=db14bd4bf83bf764076a25f664ca6750a32c2cd18be6ba43806d80cb2a3745b6
2019-04-12 17:06:04,308 DEBUG [org.apache.http.wire] (default task-11) 
http-outgoing-3 << "HTTP/1.1 200 OK[\r][\n]"
2019-04-12 17:06:04,308 DEBUG [org.apache.http.wire] (default task-11) 
http-outgoing-3 << "Server: nginx[\r][\n]"
2019-04-12 17:06:04,309 DEBUG [org.apache.http.wire] (default task-11) 
http-outgoing-3 << "Date: Fri, 12 Apr 2019 15:05:57 GMT[\r][\n]"
2019-04




Keycloak 5.00 trace (Not working)

6:01:00,889 DEBUG [org.apache.http.wire] (default task-10) 
http-outgoing-0 >> "
code=326df10aabf29c322ca83a2a20b7ffc8c3dcab1ce150b62e99433b3a11e78e81&
grant_type=authorization_code&
client_session_state=n%2Fa&
client_secret=f6495844366b0a6c44fb2fffb4764ee732d134f4a7a8321863983473801c26db&
redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Fauth%2Frealms%2Fdemo%2Fbroker%2FFranceConnect%2Fendpoint&
client_id=db14bd4bf83bf764076a25f664ca6750a32c2cd18be6ba43806d80cb2a3745b6"
16:01:00,966 DEBUG [org.apache.http.wire] (default task-10) 
http-outgoing-0 << "HTTP/1.1 400 Bad Request[\r][\n]"
16:01:00,967 DEBUG [org.apache.http.wire] (default task-10) 
http-outgoing-0 << "Server: nginx[\r][\n]"
16:01:00,967 DEBUG [org.apache.http.wire] (default task-10) 
http-outgoing-0 << "Date: Fri, 12 Apr 2019 14:00:53 GMT[\r][\n]"
16:01:00,967 DEBUG [org.apache.http.wire] (default task-10) 
http-outgoing-0 << "Content-Type: application/json; charset=utf-8[\r][\n]"
16:01:00,967 DEBUG [org.apache.http.wire] (default task-10) 
http-outgoing-0 << "Content-Length: 104[\r][\n]"
16:01:00,967 DEBUG [org.apache.http.wire] (default task-10) 
http-outgoing-0 << "Connection: keep-alive[\r][\n]"
16:01:00,967 DEBUG [org.apache.http.wire] (default task-10) 
http-outgoing-0 << "ETag: W/"68-1YcGPHfKrHgT2FZkgQmpNQ"[\r][\n]"
16:01:00,967 DEBUG [org.apache.http.wire] (default task-10) 
http-outgoing-0 << "Vary: Accept-Encoding[\r][\n]"
16:01:00,967 DEBUG [org.apache.http.wire] (default task-10) 
http-outgoing-0 << "[\r][\n]"
16:01:00,967 DEBUG [org.apache.http.wire] (default task-10) 
http-outgoing-0 << "{"status":"fail","message":"The following fields are 
not supposed to be present : client_session_state"}"
1








-- 


<http://www.janua.fr/images/logo-big-sans.png><http://www.janua.fr/images/LogoSignature.gif>

	<http://www.janua.fr/images/6g_top.gif>
	
Olivier Rivat
CTO
orivat at janua.fr <mailto:dchikhaoui at janua.fr>
Gsm: +33(0)682 801 609
Tél: +33(0)489 829 238
Fax: +33(0)955 260 370
http://www.janua.fr <http://www.janua.fr/>
	<http://www.janua.fr/images/6g_top.gif>




More information about the keycloak-user mailing list