CODEWITHSUNDEEP
wildflykeycloakopenid-connect
TorstenK
TorstenK

Reputation: 33

Secure WebApp in Wildfly 25 using OpenID Connect (OIDC) without installing a Keycloak client adapter

My Webapp is deployed in Wildfly 25.0.1.Final and is secured using OpenID Connect (OIDC). WildFly 25 enables you to secure deployments using OpenID Connect (OIDC) without installing a Keycloak client adapter.

It is configured like this:

web.xml

<login-config>
     <auth-method>OIDC</auth-method>
</login-config>

OIDC.json

{  
   "provider-url": "${auth.server.url}",
   "ssl-required": "external",
   "client-id": "myClient",
   "public-client": true,
   "confidential-port": 0
}

described here: http://www.mastertheboss.com/jbossas/jboss-security/secure-wildfly-applications-with-openid-connect/

Everything works fine. My WebApp is secured, it redirects to keycloak for authorization and keycloak sends the tokens to my webapp. But, on each request in my Webapp the Wildflyserver sends about 100 requests to the keycloak Server for loading metadata from OpenID provider.

13:33:38,405 INFO  [org.wildfly.security.http.oidc] (default task-3) ELY23004: Loaded OpenID provider metadata from 'http://keycloakserver:8180/auth/realms/myRealm/.well-known/openid-configuration'
...
...
13:33:39,480 INFO  [org.wildfly.security.http.oidc] (default task-3) ELY23004: Loaded OpenID provider metadata from 'http://keycloakserver:8180/auth/realms/myRealm/.well-known/openid-configuration'

This coudn't be correct, the performance couldn't be sufficient.

In Wildfly 23 (with Keycloak adapter) I didn't see this messages!

Anyone with same experience? Thanks!

Upvotes: 3

Views: 1712

Answers (1)

Ryan
Ryan

Reputation: 7951

This is a known issue and documented here: https://issues.redhat.com/browse/ELY-2284

If you upgrade to wildfly 26.0.1 it should be resolved.

Upvotes: 1

Related Questions