英文:
pac4j raises "State cannot be determined" when trying to get keycloakOidcProfile after OIDC callback and Keycloak provider
问题
I am trying to implement pac4j openid with keycloak in Spring WebFlux project with JAVA 19 and Spring Boot 3.0.3.
I am also facing the same issue while fetching KeycloakOidcProfile after authentication is done in Keycloak.
I notice that when it redirects to the Keycloak login page, it sets a SESSION cookie, and at the end when the callback URL comes, it gets that SESSION cookie. The cookie is not getting changed, but I'm still getting this same error.
I am getting "Referrer-policy" variable as "no-referrer" in the header from Keycloak. Is this causing the problem? Could you please guide me on how to resolve this?
英文:
I am trying to implement pac4j openid with keycloak in Spring webflux project with JAVA 19 and spring boot 3.0.3.
I am also facing same issue while fetching KeycloakOidcProfile after authentication is done in keycloak.
I notice that when it redirect to keycloak login page it sets SESSION cookie and at the end when callback url comes it get that SESSION cookie. cookie is not getting changed than also getting this same error.
public Mono<keycloakOidcProfile> getUserProfile(ServerRequest serverRequest) {
return Mono.just(serverRequest)
.flatMap(serverRequest1 -> {
if (ObjectUtils.isNotEmpty(serverRequest1.queryParams().get("code"))) {
//getting code from url
System.out.println(serverRequest1.queryParam("code").get());
}
final WebContext context = new SpringWebfluxWebContext(serverRequest1.exchange());
final SessionStore sessionStore = new SpringWebfluxSessionStore(serverRequest1.exchange());
final ProfileManager profileManager = new ProfileManager(context,sessionStore);
Optional<Credentials> credentials = config.getClients().findClient("KeycloakOidcClient").get().getCredentials(context,sessionStore);
Optional<UserProfile> userProfile = config.getClients().findClient("KeycloakOidcClient").get().getUserProfile(credentials.get(),context,sessionStore);
KeycloakOidcProfile keycloakOidcProfile = (KeycloakOidcProfile) userProfile.get();
System.out.println(keycloakOidcProfile.getAccessToken());
return keycloakOidcProfile;
});
}
I am getting "Referrer-policy" variable as "no-referrer" in header from keycloak. Is this cause the problem?
could you please guide me how to resolve this?
答案1
得分: 0
如果您在成功登录Keycloak之前和之后具有相同的SESSION cookie,则应该可以正常工作。通常,这种问题是由于不希望的会话续订/丢失引起的。
您能否在org.pac4j.springframework.context.SpringWebfluxSessionStore类(会话存储)上启用DEBUG日志,以查看发生了什么情况?谢谢。
英文:
If you have the same SESSION cookie before and after the successful login at Keycloak, it should work. Generally, this kind of problem comes from an unwanted renewed/lost session.
Can you turn on DEBUG logs on the org.pac4j.springframework.context.SpringWebfluxSessionStore class (the session store) to see what's going on? Thx
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论