Login/Register
Keycloak infinite redirect
Asked Answered
javascriptreactjsopenidhttp-status-code-403keycloak
H

5

10

We are using Keycloak 2.3.0.Final and we are using the Javascript adapter that is available at /auth/js/keycloak.js. The application that is using this adapter is an React+Redux application but that would not matter.

When we go through the auth process described in the docs the initial authentication is a success however when the login-status-iframe.html tries to refresh the token we get a 403 Forbidden. The exact URL it's using to refresh the token /auth/realms/<customer-realm>/protocol/openid-c…id=web-portal&origin=http%3A%2F%2Flocalhost%3A8080&session_state=undefined. Which causes a redirect again, again and again.

I'm assuming that this breaks because session_state param is undefined but sadly I can not find any documentation on this subject.

How do I resolve this?

Hierolatry answered 23/11, 2016 at 9:31 Comment(2)
Have you found the answer?Ammonic
No not really an answer, check if all the versions match. Because each version of keycloak comes with it's own keycloak.js.Hierolatry
M
10

I don't know if you ever found a solution, but I recently ran into this issue as well. In this issue thread, user djmason9's solution worked for me. Just add checkLoginIframe: false for the initOptions parameter.

Michelmichelangelo answered 26/3, 2020 at 19:59 Comment(1)
This fixed a problem for me, where I'm using onLoad: 'check-sso' in the init options. Init was failing until I added the checkLoginIframe: false option.Bloomers
F
6

This almost certainly is happening because your router is in "hash" mode and using hashes for the routes. I haven't figured out how to get the keycloak javascript adapter to work properly with hash-mode based routing, but at least you should know that's the issue you are up against. In Vue, you can set the router to "history" mode where it works without hashes, and that solves the problem. I am betting React has the same capability, as a work around.

(I realize this question is old, but it is surfacing at the top of duckduckgo searches and the problem still exists in current versions of the javascript adapter, so I felt like it could use an answer)

Forestaysail answered 13/3, 2019 at 16:31 Comment(1)
I have this same problem, I'm using Vue with vue-router. I added mode: 'history', but this solution not help me.Fastening
G
0

I had a similar problem with keycloak, but your solution might not be same.

The root cause was, I had spin up multiple instances of keycloak, but the loadbalancer didn't have sticky session. So every time the request was going on different instance, the cookie was invalid on that instance, it would redirect to login, and since it is logged in the process would repeat again.

For the solution, I have brought keycloak down to one instance, and I am looking at keycloak documentation on how to run a keycloak cluster.

Greenebaum answered 6/7, 2018 at 5:51 Comment(0)
P
0

Ensure that the Web Origins in Keycloak configuration has no trailing slash.

Have a look at the URL which returns 403, particularly the origin parameter. The value should contain the value defined in the Web Origin in the respective client.

I faced this issue and then solved it

Posthorse answered 22/10, 2021 at 1:53 Comment(0)
M
-2

I had the same issue, and I solved it adding the web origin on my keycloak client to "*"

Monobasic answered 21/7, 2021 at 6:49 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.