Skip to content

Keycloak SSO integration logout issue #5

New issue
New issue
Open
Open
Keycloak SSO integration logout issue#5
@shehanab

Description

@shehanab
shehanab
opened on Apr 7, 2021

I have integrated Keycloak for authentication and authorization. I manage to login into the system successfully every time I try to login to the app using http://localhost:9393/dashboard. Upon logout, it takes me to the default login page with the button to login as follows...

image

The problem is upon clicking login button on the page that comes as a logout successful response, it loads http://localhost:9393/login page which leads me to my SSO client selection page as follows...

image

Once I select the client it takes me to the root (http://localhost:9393/). upon successful login. Which just loads a json object with URLs instead of taking me to the dashboard.

image

After this, I have to load the dashboard path (any valid path http://localhost:9393/dashboard/ etc.) manually to load the app.

If you try login into the root URL http://localhost:9393/ for the first time as well you will face the same issue.

I'm customizing the 2.7.1 tag for the local setup.

My Keycloak configs are as follows...

  cloud:
    dataflow:
      security:
        authorization:
          enabled: true
          provider-role-mappings:
            keycloak:
              map-oauth-scopes: true
              role-mappings:
                ROLE_VIEW: dataflow.view
                ROLE_CREATE: dataflow.create
                ROLE_MANAGE: dataflow.manage
                ROLE_DEPLOY: dataflow.deploy
                ROLE_DESTROY: dataflow.destroy
                ROLE_MODIFY: dataflow.modify
                ROLE_SCHEDULE: dataflow.schedule
  security:
    oauth2:
      client:
        registration:
          keycloak:
            redirect-uri: '{baseUrl}/login/oauth2/code/{registrationId}'
            authorization-grant-type: authorization_code
            client-id: COMPANY_CLIENT
            client-name: COMPANY_CLIENT
            client-secret: a0f442f5-8c58-4220-9b48-4174476ba57a
            scope:
              - openid
              - dataflow.view
              - dataflow.deploy
              - dataflow.destroy
              - dataflow.manage
              - dataflow.modify
              - dataflow.schedule
              - dataflow.create
        provider:
          keycloak:
            jwk-set-uri: https://ulogin.company.services/auth/realms/XConnect/protocol/openid-connect/certs
            token-uri: https://ulogin.company.services/auth/realms/XConnect/protocol/openid-connect/token
            user-info-uri: https://ulogin.company.services/auth/realms/XConnect/protocol/openid-connect/userinfo
            user-name-attribute: preferred_username
            user-info-authentication-method: validate_access_token
            authorization-uri: https://ulogin.company.services/auth/realms/XConnect/protocol/openid-connect/auth
      resourceserver:
        opaquetoken:
          introspection-uri: https://ulogin.company.services/auth/realms/XConnect/protocol/openid-connect/token/introspect
          client-id: COMPANY_CLIENT
          client-secret: a0f442f5-8c58-4220-9b48-4174476ba57a
      authorization:
        check-token-access: isAuthenticated()

Appreciate it if anyone could give some clues to resolve this. @jvalkeal @sabbyanandan

Ref: spring-attic/spring-cloud-dataflow#4470

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions