Reputation: 648
WebSessions not displaying replicating behaviour with Spring Session and Keycloak
I have created an API gateway using Spring Cloud Gateway. The Gateway is using Spring OAuth2 Client to connect to Keycloak. Spring Session is present, configured to work with Redis (@EnableRedisWebSession). After being redirected to the Keycloak login page and successfully authenticating, I see the Sessions saved in Redis.
A single instance of a Gateway works, but I experience failures when:
Running a single instance of the Gateway. I restart the Gateway, and try to continue the web session. In this situation there is a redirection loop for requests to Keycloak (until maximum is reached).
Running multiple instances of the Gateway in Kubernetes. The UI code fails on some requests (HTTP 302 redirect to Keycloak login).
It appears the Session is not being replicated correctly, or something else that is transient in my setup is causing this failure.
I see dozens of requests in the browser network tab, such as:
Request URL: http://localhost:4200/auth/realms/aaa/protocol/openid-connect/auth?response_type=code&client_id=web&scope=openid&state=y_01vqws_irgZnJUflotT-RUQFMmWm7k215AZzPj9rU%3D&redirect_uri=http://localhost:4200/login/oauth2/code/web&code_challenge_method=S256&nonce=4qEqUZrMhyND3hvOIUfGepBJVGfGgXG_8dv6SLCKZ8M&code_challenge=ZCdyxrjbTC2b3zcI1bQA7s6xbOJCNjyFRk6tegP00vo
Response is 302 with:
Location: http://localhost:4200/auth/realms/aaa/protocol/openid-connect/auth?response_type=code&client_id=web&scope=openid&state=_J4fIzQTDL_ACzDjyLoyPT2CVlvhX7u9fHG0Aa3I5Og%3D&redirect_uri=http://localhost:4200/login/oauth2/code/web&code_challenge_method=S256&nonce=DA-BVAeav9yisT4v1JjZCgrhH286fKCYO6BEAgptTWI&code_challenge=aRIB_A9BHdaySrFCftYbns-wn42Gy8urX-dXcaTwb04
Upvotes: 0
Views: 540
Answers (1)
Reputation: 648
The problem was the OAuth2 client wasn't setup for replication. The solution is discussed here OAuth 2.0 Client supports application clustering
Adding the following bean to the configuration fixed the problem:
@Bean
public ServerOAuth2AuthorizedClientRepository authorizedClientRepository() {
return new WebSessionServerOAuth2AuthorizedClientRepository();
}
Upvotes: 0
Related Questions
- Authentication Principal is empty while using Spring Session Redis
- Spring Session (Redis) + Oauth2 + Spring Cloud Gateway fails when restarting application if session already exists
- Spring Session not using custom RedisTemplate bean
- Spring Security recreates HttpSession
- OAuth2ClientContext (spring-security-oauth2) not persisted in Redis when using spring-session and spring-cloud-security
- Springsession and redis mixing up sessions
- keycloak redirect_uri is not forming correctly when called from Spring boot application
- Http Session is Null in AuthenticatedWebSession Wicket And Spring Security
- Session not replicated on session creation with Spring Boot, Session, and Redis
- spring-session-data-redis not working