Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-5082

Unable to access webapp which URL being rewritten

    Details

      Description

      When accessing the protected resource which URL is rewritten in some way (rewrite rule or proxy or etc), Keyclloak auth redirect_uri parameter is always constructed from actual servlet request, i.e. what it resulted after rewriting.

      Given , we have an webapp named 'foo'. And using url rewrite, it's path somehow rewritten to /bar.
      If we accessing http://localhost/bar, actual Keyclloak login url will contain redirect_uri=http://localhost/foo, so after login you will be redirected back to /foo, and cookie with auth info will not be send and result is 400 code.

      Attaching 2 simple tomcat web apps to reproduce the problem.

      • ROOT.war is only contain rewrite rule (/api to /wsmaster/api).
      • wsmaster.war is the app with test page requires authentication.

      So when trying to access http://localhost:8080/wsmaster/api/index.jsp (not using rewrite) it works just fine.
      When trying http://localhost:8080/api/index.jsp (with rewrite) it resulted in 400 page after authentication.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  sebastienblanc Sebastien Blanc
                  Reporter:
                  mshaposhnyk Max Shaposhnyk
                  Tester:
                  Ilya Rum
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  2 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: