Comments (6)
it looks like its any request that gets stuck in the endless redirect loop..
from embedded-spring-boot-keycloak-server.
Ive tried both embedded-keycloak-server-custom and embedded-keycloak-server-plain
which does not go into the loop. But I cant login to them, with password admin/admin it just says
2021-12-23 11:40:13.280 WARN 22228 --- [ XNIO-1 task-1] org.keycloak.events : type=LOGIN_ERROR, realmId=master, clientId=security-admin-console, userId=8845bd57-201b-4152-8cf9-79e60776428a, ipAddress=0:0:0:0:0:0:0:1, error=invalid_user_credentials, auth_method=openid-connect, auth_type=code, redirect_uri=http://localhost:8080/auth/admin/master/console/, code_id=d0f3f503-4cba-455a-afb9-53102f91ca68, username=admin, authSessionParentId=d0f3f503-4cba-455a-afb9-53102f91ca68, authSessionTabId=xvP-HGdMKSs
from embedded-spring-boot-keycloak-server.
Could be releated, to the oauth2 spring integration..
specifically redirectUri
Snip of our config
security:
oauth2:
client:
registration:
ccadmin:
client-id: xxx
client-name: xx
client-secret: xx
provider: keycloak
authorization-grant-type: authorization_code
scope: openid, profile
# redirectUri: "{baseUrl}/login/oauth2/code/{registrationId}"
provider:
keycloak:
authorization-uri: ${kc.realm-url}/protocol/openid-connect/auth
jwk-set-uri: ${kc.realm-url}/protocol/openid-connect/certs
token-uri: ${kc.realm-url}/protocol/openid-connect/token
# would be cool if there was a end-session-uri to propagate logouts
# User info endpoint not needed since Keycloak uses self-contained value tokens
# user-info-uri: ${kc.realm-url}/protocol/openid-connect/userinfo
user-name-attribute: preferred_username
from embedded-spring-boot-keycloak-server.
Okay it seems to have something with spring security todo which runs autoconfiguration and protects everything.. However when I get to the admin console it just shows up blank,
With this in dev console in chrome or edge :
chrome-error://chromewebdata/:1
Refused to display 'http://localhost:9999/' in a frame because it set 'X-Frame-Options' to 'deny'
C:/Users/nmw/.m2/repository/org/springframework/boot/spring-boot-autoconfigure/2.5.4/spring-boot-autoconfigure-2.5.4.jar!/org/springframework/boot/autoconfigure/security/servlet/UserDetailsServiceAutoConfiguration.class:52
@Bean
@ConditionalOnMissingBean(
type = {"org.springframework.security.oauth2.client.registration.ClientRegistrationRepository"}
)
@Lazy
public InMemoryUserDetailsManager inMemoryUserDetailsManager(SecurityProperties properties, ObjectProvider<PasswordEncoder> passwordEncoder) {
User user = properties.getUser();
List<String> roles = user.getRoles();
return new InMemoryUserDetailsManager(new UserDetails[]{org.springframework.security.core.userdetails.User.withUsername(user.getName()).password(this.getOrDeducePassword(user, (PasswordEncoder)passwordEncoder.getIfAvailable())).roles(StringUtils.toStringArray(roles)).build()});
}
from embedded-spring-boot-keycloak-server.
I've tried this in my security config, but it does not affect the X-FRAME issue:
http.headers()
.frameOptions()
.sameOrigin().and().cors()
from embedded-spring-boot-keycloak-server.
When I try to access:
http://localhost:9999/auth
I get thrown towards:http://localhost:9999/auth/realms/ccadmin/protocol/openid-connect/auth?response_type=code&client_id=ccadmin-backend&scope=openid%20profile&state=YiYSSxZKTuNByiRRb0WF0ExKsAp_fbSWcOQi6bccG3E%3D&redirect_uri=http://localhost:9999/login/oauth2/code/ccadmin&nonce=Dlsma9mE3foZUseTSua3TLe37IirZkO30Rw2X_wk6U4
Which then redirects towards:http://localhost:9999/oauth2/authorization/ccadmin
So something is off, I have added
web.ignoring().antMatchers("/auth/**","/oauth2/**");
to my WebSecurityConfigurerAdapter as I am running with security on/api/**
I also find it a bit strange that when accessing
http://localhost:9999/auth
it mixes up my product realm (ccadmin) instead of master...I had it working with keycloak 11.
Brother, did you succeed in clustering
from embedded-spring-boot-keycloak-server.
Related Issues (20)
- Unable to add new user HOT 5
- Error on upgrade to 5.0.2 HOT 2
- error ldap test connection
- default import of theme folder is disabled?
- With keycloak >=15.1.x and above resteasy.allowGzip must be "false" HOT 3
- CVE-2021-4133 Security vulnerability
- Could not find unique implementation of liquibase.executor.Executor. Found 0 implementations HOT 1
- How to configure KeyCloak Remote User Storage SPI in Spring Boot Embedded KeyCloak HOT 1
- java.nio.file.NoSuchFileException: myproject-0.0.0.jar!\BOOT-INF\lib\keycloak-model-jpa-18.0.0.jar HOT 1
- How to upgrade embdedded-spring-boot-keycloak-server to Keycloak 19.0.0. HOT 9
- How to use this setup behind a reverse proxy? HOT 1
- java.lang.ClassCastException HOT 1
- Anybody updating this to 19 or 20?
- Persisting the database
- Embed Keycloak in regular spring mvc application (i.e: not spring-boot) HOT 1
- Cluster embbeded keycloak usin Kubernetes, Admin UI is disfigured
- too many redirects
- With embedded keycloak how do you recomend calling the API? Via Rest even though it's on same server?
- Request for Upgrading Keycloak to 22.0.0 and Spring Boot to 3.0.0 HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from embedded-spring-boot-keycloak-server.