Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-5082

Unable to access webapp which URL being rewritten

    Details

    • Type: Feature Request
    • Status: Closed (View Workflow)
    • Priority: Critical
    • Resolution: Done
    • Affects Version/s: 3.1.0.Final
    • Fix Version/s: 3.2.0.CR1
    • Component/s: Adapter - Java
    • Labels:
      None

      Description

      When accessing the protected resource which URL is rewritten in some way (rewrite rule or proxy or etc), Keyclloak auth redirect_uri parameter is always constructed from actual servlet request, i.e. what it resulted after rewriting.

      Given , we have an webapp named 'foo'. And using url rewrite, it's path somehow rewritten to /bar.
      If we accessing http://localhost/bar, actual Keyclloak login url will contain redirect_uri=http://localhost/foo, so after login you will be redirected back to /foo, and cookie with auth info will not be send and result is 400 code.

      Attaching 2 simple tomcat web apps to reproduce the problem.

      • ROOT.war is only contain rewrite rule (/api to /wsmaster/api).
      • wsmaster.war is the app with test page requires authentication.

      So when trying to access http://localhost:8080/wsmaster/api/index.jsp (not using rewrite) it works just fine.
      When trying http://localhost:8080/api/index.jsp (with rewrite) it resulted in 400 page after authentication.

        Gliffy Diagrams

          Attachments

          1. ROOT.war
            87 kB
          2. wsmaster.war
            12.87 MB

            Issue Links

              Activity

                People

                • Assignee:
                  sebastienblanc Sebastien Blanc
                  Reporter:
                  mshaposhnyk Max Shaposhnyk
                  Tester:
                  Alice Rum
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  2 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: