Search code examples
asp.netasp.net-mvckeycloakowinopenid

OpenID with keycloak, infinite redirect loop after successful login ASP.NET MVC 4.7


I have setup my ASP.NET MVC 4.7 application like this.

Aside from the files bello, nothing has been changed from the original generated project.

The thing is, I can successfuly redirect to my Keycloak login page, but when it redirects to the url specified after successful login, it reroutes back to the Identity server (which is keycloak) and the identity server reroutes back to the reroute URL.

Here is the dev tools log, it does look like the cookies and sessions are passed properly

After successful login in Keycloak page, it redirects to /home which is correct as that is what I set

enter image description here

It does looks like cookies are passed properly:

enter image description here

enter image description here

However, it does seem that after calling /home (redirect) it calls the authentication again in Keycloak

enter image description here

This is causing an infinite loop. As authentication will then call /home and home calls the authentication again and again.

I already tried the approaches I found in the internet including using UseKentorOwinCookieSaver, using SystemWebCookieManager, and anything I tried online with no luck.

What am I missing here? Help help, I've been stuck on this issue for days now.

Here is the code

Startup.cs

using Microsoft.Owin;
using Owin;
using System;
using System.Threading.Tasks;

using Microsoft.Owin.Security;
using Microsoft.Owin.Security.Cookies;
using Owin.Security.Keycloak;
using Microsoft.Owin.Security.OpenIdConnect;
using Microsoft.IdentityModel.Protocols.OpenIdConnect;
using System.IdentityModel.Tokens;
using Microsoft.Owin.Host.SystemWeb;

[assembly: OwinStartup(typeof(AspNetMVC4.Startup))]

namespace AspNetMVC4
{
    public class Startup
    {
        public void Configuration(IAppBuilder app)
        {
            app.UseKentorOwinCookieSaver();

            const string persistentAuthType = "keycloak_auth";
            app.SetDefaultSignInAsAuthenticationType(persistentAuthType);

            app.UseCookieAuthentication(new CookieAuthenticationOptions
            {
                AuthenticationType = persistentAuthType,
                AuthenticationMode = AuthenticationMode.Active,
                CookieManager = new Microsoft.Owin.Host.SystemWeb.SystemWebCookieManager()
            });

            var desc = new AuthenticationDescription();
            desc.AuthenticationType = "keycloak_auth";
            desc.Caption = "keycloak_auth";

             app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
            {
                AuthenticationType = "Auth0",

                Authority = "http://localhost:8080/auth/realms/master",

                ClientId = "keycloakdemo",
                ClientSecret = "tUM2gZiW5H3Lx2DQ4b5t4x5FzzrmADGi",

                // RedirectUri = "http://localhost:44337/",
                //PostLogoutRedirectUri = auth0PostLogoutRedirectUri,
                RedirectUri = "https://localhost:44337/home",

                ResponseType = OpenIdConnectResponseType.Code,
                Scope = "openid profile email",
                
                CookieManager = new Microsoft.Owin.Host.SystemWeb.SystemWebCookieManager(),
            });
        }
    }
}

HomeController.cs

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Mvc;

namespace AspNetMVC4.Controllers
{
   public class HomeController : Controller
    {
        [Authorize]
        public ActionResult Index()
        {         
            return View();
        }

        public ActionResult About()
        {
            bool flag = User.Identity.IsAuthenticated;
            ViewBag.Message = "Your application description page.";

            return View();
        }

        public ActionResult Contact()
        {
            ViewBag.Message = "Your contact page.";

            return View();
        }
    }
}

Solution

  • I finally figured it out and sucesfuly integrated Keycloak to ASP.NET MVC 4.7, I am posting my solution here to help those who will have the same set of issues i had. The thing is, Keycloak and OWIN/OpenID is not integrated seemless in ASP.NET MVC frameworks libraries so what i dis is to manualy process everything including the User Identity, process the tokens and identity and use the tokens to retrieve the informations i need thru Keycloak own Rest API. I have made a quick and dirty demo here:

    https://github.com/ruellm/ASPNetMVC4-Keycloak

    Hopefuly it can help a soul someboday, as I was stuck for almost 2 weeks and finally solved it.