Login failed after upgrade to Keycloak 23

thierry_cuba.platfor · December 14, 2023, 8:40pm

Using JMIX 2.1.1,
When using Keyclock 16.1, the authentication works fine. When I upgrade to Keycloak 23.0.1, the authentication fails at first access.
Here are the steps I perform

go to http://loclahost:8080
Redirected to keycloak for login
successful login in keycloak, redirected to http://localhost:8080/login/oauth2/code/keycloak?state=xxx%3D&session_state=xxx&iss=https%3A%2F%2Fkeycloak23%3A8443%2Frealms%2FmyRealm&code=YYY → This result in
" You are offline

PMS requires an internet connection to work. You do not seem to have access to the server right now. Check your internet connection and try reloading the page to use the application."
an the log in vaadin says " [object Event]
Error in WebSocket connection to ws://localhost:8080/VAADIN/push?v-r=push&debug_window"

I suspected that Release Notes was the cause (Changes in validating schemes for valid redirect URIs) as I only had http://localhost:8080/", I added ws://localhost:8080/ just to try even if I do not expect the redirect to ws://.)

If I again go to http://localhost:8080, while the session is still active in Keycloak, the login succeed.

Note that I exported and imported the config from Keycloak 16 (I also recreated it from scratch) and none of them are working.

Did you performed any test on the latest KeyCloak? Any idea what can be wrong?
Thanks!
Thierry

thierry_cuba.platfor · December 15, 2023, 8:57am

oidcDemo.zip (127.4 KB)

Here is a sample demo project, Keycloak 23.0.1, the realm export is in the root of project.

First time the login was successful then it failed.

gorbunkov · December 15, 2023, 2:09pm

Hi,

I downloaded your project and tried to run it. I regenerated the client secret in Keycloak admin panel and defined the new secret in Jmix application.properties file, I could successfully login into the Jmix application.

thierry_cuba.platfor · December 15, 2023, 2:35pm

Thanks!
Did you tried to logout and login again?
Do you have Keycloak on a dedicated server or is it on the same machine (my setup is that I have different machines)?
Keycloak is using https, while my dev environment is using http.
I have a video, but as it shows sone URLs I would prefer to share them directly with you.
Best regards
Thierry

gorbunkov · December 15, 2023, 4:11pm

Okay, I think I know what the problem may be. Spring security should bypass some Vaadin internal requests. I’ve created an issue for this.

thierry_cuba.platfor · December 15, 2023, 5:17pm

Great! Weird the bahaviour has changed since Keycloak 16 (or maybe I miss smtg).

gorbunkov · December 17, 2023, 7:23am

As a workaround you may try doing the following:

Disable standard OIDC add-on configuration by adding the following application property:

jmix.oidc.use-default-ui-configuration=false

Add a slightly modified copy of the OIDC add-on configuration to your project. This configuration additionally adds a request matcher for requestUtil::isFrameworkInternalRequest:

import com.vaadin.flow.spring.security.RequestUtil;
import io.jmix.core.JmixSecurityFilterChainOrder;
import io.jmix.oidc.userinfo.JmixOidcUserService;
import io.jmix.security.SecurityConfigurers;
import io.jmix.security.configurer.SessionManagementConfigurer;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.client.oidc.web.logout.OidcClientInitiatedLogoutSuccessHandler;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;

@Configuration
public class MyOAuthConfiguration {
    public static final String SECURITY_CONFIGURER_QUALIFIER = "oidc-login";

    @Bean("oidc_OAuthLoginSecurityFilterChain")
    @Order(JmixSecurityFilterChainOrder.OIDC_LOGIN)
    public SecurityFilterChain securityFilterChain(HttpSecurity http,
                                                   JmixOidcUserService jmixOidcUserService,
                                                   ClientRegistrationRepository clientRegistrationRepository,
                                                   RequestUtil requestUtil) throws Exception {
        http.authorizeHttpRequests(authorize -> {
                    authorize
                            //if we don't allow /vaadinServlet/PUSH URL the Session Expired toolbox won't
                            //be shown in the web browser
                            .requestMatchers(new AntPathRequestMatcher("/vaadinServlet/PUSH/**"),
                                    requestUtil::isFrameworkInternalRequest).permitAll()
                            .anyRequest().authenticated();
                })
                .oauth2Login(oauth2Login -> {
                    oauth2Login.userInfoEndpoint(userInfoEndpoint -> {
                        userInfoEndpoint.oidcUserService(jmixOidcUserService);
                    });
                })
                .logout(logout -> {
                    logout.logoutSuccessHandler(oidcLogoutSuccessHandler(clientRegistrationRepository));
                })
                .csrf(csrf -> {
                    csrf.disable();
                })
                .headers(headers -> {
                    headers.frameOptions(frameOptions -> {
                        frameOptions.sameOrigin();
                    });
                });
        http.apply(new SessionManagementConfigurer());
        SecurityConfigurers.applySecurityConfigurersWithQualifier(http, SECURITY_CONFIGURER_QUALIFIER);
        return http.build();
    }

    protected OidcClientInitiatedLogoutSuccessHandler oidcLogoutSuccessHandler(ClientRegistrationRepository clientRegistrationRepository) {
        OidcClientInitiatedLogoutSuccessHandler successHandler = new OidcClientInitiatedLogoutSuccessHandler(clientRegistrationRepository);
        successHandler.setPostLogoutRedirectUri("{baseUrl}");
        return successHandler;
    }
}

thierry_cuba.platfor · December 17, 2023, 6:03pm

Hi, Thanks for the effort and the commitment to find a work around.
When I logout and log in again, I have the following error " Could not navigate to ‘login/oauth2/code/keycloak’ Available routes:…’
In the right top corner, the message says “http://localhost:8080/VAADIN/static/push/vaadinPush.js could not be loaded. Push will not work.”

The bottom right exclamation mark shows:
" [object Event]
Error in WebSocket connection to ws://localhost:8080/VAADIN/push?v-r=push&debug_window
http://localhost:8080/VAADIN/static/push/vaadinPush.js could not be loaded. Push will not work."

When I click on the top right box, I get " Login with OAuth 2.0
[authorization_request_not_found]"

Then when I reload, the login succeed.

Best regards

Thierry

thierry_cuba.platfor · December 22, 2023, 7:47am

Hi @gorbunkov , Do you managed to have login working? For me it still does not ;-(

gorbunkov · December 22, 2023, 11:59am

You project worked for me after adding changes described above:

Here is the modified project:
oidcDemo.zip (126.0 KB)

How it works for me:
Screen-Recording-2023-12-22-at-15.52.32.mp4.zip (496.2 KB)

thierry_cuba.platfor · December 22, 2023, 1:36pm

Still no luck for me.
I have deleted and re-imported th realm to ensure it is exactly what you have, created the user, assigned the system-full-access and logged in.
2 main differences I believe between my setup and yours: My Keycloak installation is on another machine (so not localhost but mykeycloak.mydomain.com) and is using “https”.

I have recorded the screen cast - I started at http://localhost:8080 (then I have the login screen you see at the beginning of the video). When I get the error, if I click the < root > link I have the error message "Authentication principal must be in UserDetail. Once the error message is closed, I press “reload” (F5 or CTRL-R), I then get to the application without error…

failedOIDC.mp4.zip (313.6 KB)

gorbunkov · December 22, 2023, 1:52pm

Unfortunately I don’t have a Keycloak on a separate server with https at my fingertips.

Try setting the DEBUG log level to spring security:

logging.level.org.springframework.security=DEBUG

Attach your application log here, maybe we’ll be ably to see anything suspicious.

thierry_cuba.platfor · December 22, 2023, 2:11pm

Here is the log.
failedlogin.log (32.9 KB)

What I see is that while I am doing the authentication, I have a line that says “Saved request http://localhost:8080/VAADIN/push?v-r=push&debug_window&continue to session” Could that overwrite the initial return URL initially set to “Saved request http://localhost:8080/?continue to session” (Is it a timing issue, because I login slower than you? )

This is when I go back to localhost:8080 (while I have a keycloak session opened)

2023-12-22T15:14:45.643+01:00 DEBUG 135356 --- [nio-8080-exec-2] o.s.security.web.FilterChainProxy        : Securing GET /
2023-12-22T15:14:45.643+01:00 DEBUG 135356 --- [nio-8080-exec-2] o.s.s.w.a.AnonymousAuthenticationFilter  : Set SecurityContextHolder to anonymous SecurityContext
2023-12-22T15:14:45.644+01:00 DEBUG 135356 --- [nio-8080-exec-2] o.s.s.w.s.HttpSessionRequestCache        : Saved request http://localhost:8080/?continue to session
2023-12-22T15:14:45.644+01:00 DEBUG 135356 --- [nio-8080-exec-2] s.w.a.DelegatingAuthenticationEntryPoint : Trying to match using And [Not [RequestHeaderRequestMatcher [expectedHeaderName=X-Requested-With, expectedHeaderValue=XMLHttpRequest]], Not [And [Or [Ant [pattern='/login'], Ant [pattern='/favicon.ico']], And [Not [RequestHeaderRequestMatcher [expectedHeaderName=X-Requested-With, expectedHeaderValue=XMLHttpRequest]], MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@3a4be062, matchingMediaTypes=[application/xhtml+xml, image/*, text/html, text/plain], useEquals=false, ignoredMediaTypes=[*/*]]]]], org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer$$Lambda$1364/0x00007febdcb03c88@3b288724]
2023-12-22T15:14:45.644+01:00 DEBUG 135356 --- [nio-8080-exec-2] s.w.a.DelegatingAuthenticationEntryPoint : Match found! Executing org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint@577c9a0e
2023-12-22T15:14:45.644+01:00 DEBUG 135356 --- [nio-8080-exec-2] o.s.s.web.DefaultRedirectStrategy        : Redirecting to http://localhost:8080/oauth2/authorization/keycloak
2023-12-22T15:14:45.652+01:00 DEBUG 135356 --- [io-8080-exec-10] o.s.security.web.FilterChainProxy        : Securing GET /oauth2/authorization/keycloak
2023-12-22T15:14:45.653+01:00 DEBUG 135356 --- [io-8080-exec-10] o.s.s.web.DefaultRedirectStrategy        : Redirecting to https://mykeycloak.mydomain.com:8443/realms/oidcDemo/protocol/openid-connect/auth?response_type=code&client_id=jmix&scope=openid%20profile%20email&state=u0hUpXlWrhlHuz5x-PHmng0zbh3ksm2_KodvRRaHfOM%3D&redirect_uri=http://localhost:8080/login/oauth2/code/keycloak&nonce=WcTrMKu9w09SR4Cxq96tu1fshXd5Ld6ejUUOgWYVJDE
2023-12-22T15:14:45.685+01:00 DEBUG 135356 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy        : Securing GET /login/oauth2/code/keycloak?state=u0hUpXlWrhlHuz5x-PHmng0zbh3ksm2_KodvRRaHfOM%3D&session_state=1aa0b14a-237e-4213-baa5-5c7c5547012e&iss=https%3A%2F%2Fmykeycloak.mydomain.com%3A8443%2Frealms%2FoidcDemo&code=38770c6d-b27e-485b-967c-c38b06759bea.1aa0b14a-237e-4213-baa5-5c7c5547012e.5c8018bf-2430-4bdb-95ba-659185e2fd55
2023-12-22T15:14:45.842+01:00  WARN 135356 --- [nio-8080-exec-1] i.j.o.c.BaseClaimsRolesMapper            : Resource role default-roles-oidcdemo not found
2023-12-22T15:14:45.847+01:00  WARN 135356 --- [nio-8080-exec-1] i.j.o.c.BaseClaimsRolesMapper            : Resource role offline_access not found
2023-12-22T15:14:45.852+01:00  WARN 135356 --- [nio-8080-exec-1] i.j.o.c.BaseClaimsRolesMapper            : Resource role uma_authorization not found
2023-12-22T15:14:45.857+01:00  WARN 135356 --- [nio-8080-exec-1] i.j.o.c.BaseClaimsRolesMapper            : Row-level role system-full-access not found
2023-12-22T15:14:45.861+01:00  WARN 135356 --- [nio-8080-exec-1] i.j.o.c.BaseClaimsRolesMapper            : Row-level role default-roles-oidcdemo not found
2023-12-22T15:14:45.865+01:00  WARN 135356 --- [nio-8080-exec-1] i.j.o.c.BaseClaimsRolesMapper            : Row-level role offline_access not found
2023-12-22T15:14:45.869+01:00  WARN 135356 --- [nio-8080-exec-1] i.j.o.c.BaseClaimsRolesMapper            : Row-level role uma_authorization not found
2023-12-22T15:14:45.870+01:00 DEBUG 135356 --- [nio-8080-exec-1] o.s.s.core.session.SessionRegistryImpl   : Registering session D9DED300C2910C05F4BC89F87B7CC222, for principal io.jmix.oidc.user.DefaultJmixOidcUser@3b5354c1
2023-12-22T15:14:45.871+01:00 DEBUG 135356 --- [nio-8080-exec-1] o.s.s.core.session.SessionRegistryImpl   : Removing session D9DED300C2910C05F4BC89F87B7CC222 from principal's set of registered sessions
2023-12-22T15:14:45.871+01:00 DEBUG 135356 --- [nio-8080-exec-1] o.s.s.core.session.SessionRegistryImpl   : Removing principal io.jmix.oidc.user.DefaultJmixOidcUser@3b5354c1 from registry
2023-12-22T15:14:45.871+01:00 DEBUG 135356 --- [nio-8080-exec-1] o.s.s.core.session.SessionRegistryImpl   : Registering session D9DED300C2910C05F4BC89F87B7CC222, for principal io.jmix.oidc.user.DefaultJmixOidcUser@3b5354c1
2023-12-22T15:14:45.871+01:00 DEBUG 135356 --- [nio-8080-exec-1] w.c.HttpSessionSecurityContextRepository : Stored SecurityContextImpl [Authentication=OAuth2AuthenticationToken [Principal=io.jmix.oidc.user.DefaultJmixOidcUser@3b5354c1, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=D9DED300C2910C05F4BC89F87B7CC222], Granted Authorities=[ROLE_system-full-access]]] to HttpSession [org.apache.catalina.session.StandardSessionFacade@ed9609d]
2023-12-22T15:14:45.871+01:00 DEBUG 135356 --- [nio-8080-exec-1] .s.o.c.w.OAuth2LoginAuthenticationFilter : Set SecurityContextHolder to OAuth2AuthenticationToken [Principal=io.jmix.oidc.user.DefaultJmixOidcUser@3b5354c1, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=D9DED300C2910C05F4BC89F87B7CC222], Granted Authorities=[ROLE_system-full-access]]
2023-12-22T15:14:45.871+01:00 DEBUG 135356 --- [nio-8080-exec-1] o.s.s.web.DefaultRedirectStrategy        : Redirecting to http://localhost:8080/?continue
2023-12-22T15:14:45.879+01:00 DEBUG 135356 --- [nio-8080-exec-3] o.s.security.web.FilterChainProxy        : Securing GET /?continue
2023-12-22T15:14:45.880+01:00 DEBUG 135356 --- [nio-8080-exec-3] o.s.s.w.s.HttpSessionRequestCache        : Loaded matching saved request http://localhost:8080/?continue
2023-12-22T15:14:45.881+01:00 DEBUG 135356 --- [nio-8080-exec-3] w.c.HttpSessionSecurityContextRepository : Retrieved SecurityContextImpl [Authentication=OAuth2AuthenticationToken [Principal=io.jmix.oidc.user.DefaultJmixOidcUser@3b5354c1, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=D9DED300C2910C05F4BC89F87B7CC222], Granted Authorities=[ROLE_system-full-access]]]
2023-12-22T15:14:45.881+01:00 DEBUG 135356 --- [nio-8080-exec-3] o.s.security.web.FilterChainProxy        : Secured GET /?continue
2023-12-22T15:14:45.924+01:00 DEBUG 135356 --- [nio-8080-exec-4] o.s.security.web.FilterChainProxy        : Securing POST /?v-r=uidl&v-uiId=0
2023-12-22T15:14:45.925+01:00 DEBUG 135356 --- [nio-8080-exec-4] o.s.security.web.FilterChainProxy        : Secured POST /?v-r=uidl&v-uiId=0
2023-12-22T15:14:45.925+01:00 DEBUG 135356 --- [nio-8080-exec-4] w.c.HttpSessionSecurityContextRepository : Retrieved SecurityContextImpl [Authentication=OAuth2AuthenticationToken [Principal=io.jmix.oidc.user.DefaultJmixOidcUser@3b5354c1, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=D9DED300C2910C05F4BC89F87B7CC222], Granted Authorities=[ROLE_system-full-access]]]
2023-12-22T15:14:45.947+01:00 DEBUG 135356 --- [nio-8080-exec-6] o.s.security.web.FilterChainProxy        : Securing GET /VAADIN/push?v-r=push&debug_window
2023-12-22T15:14:45.948+01:00 DEBUG 135356 --- [nio-8080-exec-6] w.c.HttpSessionSecurityContextRepository : Retrieved SecurityContextImpl [Authentication=OAuth2AuthenticationToken [Principal=io.jmix.oidc.user.DefaultJmixOidcUser@3b5354c1, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=D9DED300C2910C05F4BC89F87B7CC222], Granted Authorities=[ROLE_system-full-access]]]
2023-12-22T15:14:45.948+01:00 DEBUG 135356 --- [nio-8080-exec-6] o.s.security.web.FilterChainProxy        : Secured GET /VAADIN/push?v-r=push&debug_window
2023-12-22T15:14:45.954+01:00 DEBUG 135356 --- [nio-8080-exec-5] o.s.security.web.FilterChainProxy        : Securing GET /?v-r=init&location=&query=continue
2023-12-22T15:14:45.954+01:00 DEBUG 135356 --- [nio-8080-exec-5] o.s.security.web.FilterChainProxy        : Secured GET /?v-r=init&location=&query=continue
2023-12-22T15:14:45.954+01:00 DEBUG 135356 --- [nio-8080-exec-5] w.c.HttpSessionSecurityContextRepository : Retrieved SecurityContextImpl [Authentication=OAuth2AuthenticationToken [Principal=io.jmix.oidc.user.DefaultJmixOidcUser@3b5354c1, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=D9DED300C2910C05F4BC89F87B7CC222], Granted Authorities=[ROLE_system-full-access]]]
2023-12-22T15:14:46.043+01:00 DEBUG 135356 --- [nio-8080-exec-3] o.s.security.web.FilterChainProxy        : Securing GET /VAADIN/static/push/vaadinPush.js?v=24.1.12
2023-12-22T15:14:46.043+01:00 DEBUG 135356 --- [nio-8080-exec-3] w.c.HttpSessionSecurityContextRepository : Retrieved SecurityContextImpl [Authentication=OAuth2AuthenticationToken [Principal=io.jmix.oidc.user.DefaultJmixOidcUser@3b5354c1, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=D9DED300C2910C05F4BC89F87B7CC222], Granted Authorities=[ROLE_system-full-access]]]
2023-12-22T15:14:46.043+01:00 DEBUG 135356 --- [nio-8080-exec-3] o.s.security.web.FilterChainProxy        : Secured GET /VAADIN/static/push/vaadinPush.js?v=24.1.12
2023-12-22T15:14:46.302+01:00 DEBUG 135356 --- [nio-8080-exec-4] o.s.security.web.FilterChainProxy        : Securing POST /?v-r=uidl&v-uiId=1
2023-12-22T15:14:46.302+01:00 DEBUG 135356 --- [nio-8080-exec-5] o.s.security.web.FilterChainProxy        : Securing GET /VAADIN/push?v-r=push&v-uiId=1&v-pushId=569a2206-649b-4531-b0fd-6c00ff39f041&X-Atmosphere-tracking-id=0&X-Atmosphere-Framework=3.1.2-javascript&X-Atmosphere-Transport=websocket&X-Atmosphere-TrackMessageSize=true&Content-Type=application/json;%20charset=UTF-8&X-atmo-protocol=true&X-Vaadin-LastSeenServerSyncId=0
2023-12-22T15:14:46.303+01:00 DEBUG 135356 --- [nio-8080-exec-4] o.s.security.web.FilterChainProxy        : Secured POST /?v-r=uidl&v-uiId=1
2023-12-22T15:14:46.303+01:00 DEBUG 135356 --- [nio-8080-exec-5] w.c.HttpSessionSecurityContextRepository : Retrieved SecurityContextImpl [Authentication=OAuth2AuthenticationToken [Principal=io.jmix.oidc.user.DefaultJmixOidcUser@3b5354c1, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=D9DED300C2910C05F4BC89F87B7CC222], Granted Authorities=[ROLE_system-full-access]]]
2023-12-22T15:14:46.303+01:00 DEBUG 135356 --- [nio-8080-exec-4] w.c.HttpSessionSecurityContextRepository : Retrieved SecurityContextImpl [Authentication=OAuth2AuthenticationToken [Principal=io.jmix.oidc.user.DefaultJmixOidcUser@3b5354c1, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=D9DED300C2910C05F4BC89F87B7CC222], Granted Authorities=[ROLE_system-full-access]]]
2023-12-22T15:14:46.303+01:00 DEBUG 135356 --- [nio-8080-exec-5] o.s.security.web.FilterChainProxy        : Secured GET /VAADIN/push?v-r=push&v-uiId=1&v-pushId=569a2206-649b-4531-b0fd-6c00ff39f041&X-Atmosphere-tracking-id=0&X-Atmosphere-Framework=3.1.2-javascript&X-Atmosphere-Transport=websocket&X-Atmosphere-TrackMessageSize=true&Content-Type=application/json;%20charset=UTF-8&X-atmo-protocol=true&X-Vaadin-LastSeenServerSyncId=0
2023-12-22T15:14:46.320+01:00 DEBUG 135356 --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy        : Securing POST /?v-r=uidl&v-uiId=1
2023-12-22T15:14:46.320+01:00 DEBUG 135356 --- [nio-8080-exec-8] o.s.security.web.FilterChainProxy        : Secured POST /?v-r=uidl&v-uiId=1
2023-12-22T15:14:46.320+01:00 DEBUG 135356 --- [nio-8080-exec-8] w.c.HttpSessionSecurityContextRepository : Retrieved SecurityContextImpl [Authentication=OAuth2AuthenticationToken [Principal=io.jmix.oidc.user.DefaultJmixOidcUser@3b5354c1, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=D9DED300C2910C05F4BC89F87B7CC222], Granted Authorities=[ROLE_system-full-access]]]
2023-12-22T15:14:46.554+01:00 DEBUG 135356 --- [io-8080-exec-10] o.s.security.web.FilterChainProxy        : Securing POST /?v-r=uidl&v-uiId=1
2023-12-22T15:14:46.555+01:00 DEBUG 135356 --- [io-8080-exec-10] o.s.security.web.FilterChainProxy        : Secured POST /?v-r=uidl&v-uiId=1
2023-12-22T15:14:46.555+01:00 DEBUG 135356 --- [io-8080-exec-10] w.c.HttpSessionSecurityContextRepository : Retrieved SecurityContextImpl [Authentication=OAuth2AuthenticationToken [Principal=io.jmix.oidc.user.DefaultJmixOidcUser@3b5354c1, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=0:0:0:0:0:0:0:1, SessionId=D9DED300C2910C05F4BC89F87B7CC222], Granted Authorities=[ROLE_system-full-access]]]

thierry_cuba.platfor · December 22, 2023, 2:29pm

When login fails I also do not see
Loaded matching saved request http://localhost:8080/?continue

And a BIG THANK YOU for your precious help on this.

gorbunkov · December 26, 2023, 6:08am

I don’t see these Authentication principal must be in UserDetail errors in the log. Is this the log for the case when authentication fails (recorded on your screencast)?

thierry_cuba.platfor · January 2, 2024, 2:04pm

Hi Maxim,
I wish you a Happy New Year 2024 first!

I will expose you a remote Keycloak - I will pass you the details in a private message.
Thanks a lot!

thierry_cuba.platfor · January 10, 2024, 10:46am

What happen is very weird. I only have this issue with Brave Linux when I access localhost, if I use another browser, or even the same browser using my IP address (not localhost) then it works fine. I tried disabling all add-ons and Brave shields, even in private mode to ensure there is no “pollution” in the session, I still have the same issue. As this is only in that condition, obviously this is a specific “local” problem only.
Thanks a lot for the great support !