New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Redirect URI not using serviceRootUrl
#1717
Comments
That redirect_uri is generated by the Keycloak filter, based on the configuration in |
Thanks for the quick response. We tried using the
The {
"Response Cookies": {
"JSESSIONID": {
"httpOnly": true,
"path": "/FROST-Server", // this should be /<subpath>/FROST-Server doesn't it?
"value": "..."
},
"OAuth_Token_Request_State": {
"httpOnly": true,
"path": "/",
"value": "..."
}
}
} |
Hmm, it seems Tomcat uses the path that Tomcat sees for the session cookie, but this doesn't match the path the client sees. |
We serve the a frost server instance in Kubernetes under a subpath
https://<domain>/path/
theserviceRootUrl
appears to be correct.The Frost instance is also reachable under this path. Unfortunately integrating Keycloak introduces issues with the
redirect_uri
. The auth request to Keycloak ishttp://<daomin>/FROST-Server
(https://<domain>/auth/realms/<redacted>/protocol/openid-connect/auth?response_type=code&client_id=<redacted>&redirect_uri=http://<domain>/FROST-Server/<redacted>&login=true&scope=openid
). Because we don't serve Frost under this path, the authentication fails. As soon as we serve Frost underhttp://<domain>/
the login succeeds.Is there a configuration option for a subpath in the
redirect_uri
that i am missing or is this a bug?The text was updated successfully, but these errors were encountered: