Reputation: 8323
Keycloak : Redirection loop using javascript adapter behind nginx
I have a Javascript client authenticating using OIDC against keycloak.
The authentication works fine in development environment but end in a redirection loop when using a reverse proxy between the client and the backend (including keycloak)
Looks like the authentication succeed (the /token request end with http 200 and the response include all the tokens) but then the login-status-iframe.html does not detect it as successful and restart an authentication flow again and again
What is the problem here (nginx configuration ?)
Upvotes: 1
Views: 1541
Answers (1)
Reputation: 34
We got a solution. The issue came from our cookies set as HttpOnly : this seems to prevent the iframe to access session data and force the iframe to re-authenticate, hence causing the infinite loop.
The deactivation of HttpOnly flag on this cookie only solved the problem.
Upvotes: 1
Related Questions
- Infinite redirect when logged in my angular keycloak application
- Keycloak Token request rejected because of invalid redirect URI
- Unable to redirect back to application page after keycloak login
- Keycloak / Angular - Always "invalid redirect_uri"
- Keycloak infinite redirect
- keycloak Invalid parameter: redirect_uri behind a reverse proxy
- Redirect after oidc-client login
- Keycloak JS library: iframe redirect when already logged in
- Keycloak Redirect url with nginx is going to http rather than https
- explicitly set redirect_uri in keycloak java adapters for oidc