Search code examples
springspring-bootkotlinoauthkeycloak

Too many redirects using oauth, spring boot and keycloak

I am migrating my Spring Application from Spring 2 to 3 and due to the update from Spring Security I need to update my Keycloak Integration. To do this, I've followed this tutorial: https://www.baeldung.com/spring-boot-keycloak - with the difference, that the example in the tutorial has a public and a private site. My application should be completely private and I'm afraid this could be where my problem comes from. When I open my application I am redirected to the keycloak login form, and upon submitting I get redirected a bunch of times between my application (at :8080) and keycloak (at :8088), then for a short moment see chromes error message too many redirects and finally a Spring Login Error Message Login with OAuth 2.0 [authorization_request_not_found]

How do I need to adapt my Security Configuration to avoid this and have a completely private application? Thank you. I'm happy to provide more information / code if required.

@Configuration
@EnableWebSecurity
internal class SecurityConfig {
    @Bean
    protected fun sessionAuthenticationStrategy(): SessionAuthenticationStrategy {
        return RegisterSessionAuthenticationStrategy(SessionRegistryImpl())
    }


    @Order(1)
    @Bean
    @Throws(Exception::class)
    fun clientFilterChain(http: HttpSecurity): SecurityFilterChain {
        http.authorizeRequests()
                .requestMatchers(AntPathRequestMatcher("/"))
                .permitAll()
                .anyRequest()
                .authenticated();
        http.oauth2Login()
            .and()
            .logout() 
             // .addLogoutHandler(keycloakLogoutHandler)
            .logoutSuccessUrl("/logout-success")
        return http.build()
    }

    @Order(2)
    @Bean
    @Throws(Exception::class)
    fun resourceServerFilterChain(http: HttpSecurity): SecurityFilterChain {
        http.authorizeRequests()
            .requestMatchers(AntPathRequestMatcher("*"))
            .hasRole("USER")
            .anyRequest()
            .authenticated()
        http.oauth2ResourceServer { oauth2: OAuth2ResourceServerConfigurer<HttpSecurity?> ->
            oauth2.jwt(
                Customizer.withDefaults()
            )
        }
        return http.build()
    }

    @Bean
    @Throws(Exception::class)
    fun authenticationManager(http: HttpSecurity): AuthenticationManager {
        return http.getSharedObject(AuthenticationManagerBuilder::class.java)
            .build()
    }
}

I changed the url in the in the resourceSeverFilterChain since all of my application is protected, not only a certain part (like /customers* in the example)

Solution

  • First check Keycloak and application logs, if there are any exceptions. It may be due to several reasons. I faced this issue when I was getting UnknownHostException in the application which was related to DNS resolution. If it is so, then this error is not related to the configuration of Keycloak. It is related to DNS configuration.