Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-1595

Kerberos with IE does not work

    XMLWordPrintable

Details

    • Hide

      Use IE 11 with kerberos.

      Show
      Use IE 11 with kerberos.

    Description

      My kerberos configuration works fine with FireFox and Chrome, but it does not work with IE.
      It shows a prompt where the user has to enter a username and password.

      I can successfully get an access code, but I can not get an access token, because IE overwrites the Authorization header in the AJAX request. (see http://stackoverflow.com/questions/28615850/internet-explorer-11-replaces-authorization-header)

      I can fix this by adding
      document.execCommand('ClearAuthenticationCache', 'false');
      above of
      var req = new XMLHttpRequest();
      approximately at the line 374 in the keycloack.js file.

      keycloak.js
      function processCallback(oauth, promise) {
                  var code = oauth.code;
                  var error = oauth.error;
                  var prompt = oauth.prompt;
      
                  if (code) {
                      var params = 'code=' + code + '&grant_type=authorization_code';
                      var url = getRealmUrl() + '/protocol/openid-connect/token';
      
                      document.execCommand('ClearAuthenticationCache', 'false');
      
                      var req = new XMLHttpRequest();
                      req.open('POST', url, true);
                      req.setRequestHeader('Content-type', 'application/x-www-form-urlencoded');
      
                      if (kc.clientId && kc.clientSecret) {
                          req.setRequestHeader('Authorization', 'Basic ' + btoa(kc.clientId + ':' + kc.clientSecret));
                      }
                      else {
                          params += '&client_id=' + encodeURIComponent(kc.clientId);
                      }
      
                      params += '&redirect_uri=' + oauth.redirectUri;
      
                      req.withCredentials = true;
      
                      req.onreadystatechange = function () {
                          if (req.readyState == 4) {
                              if (req.status == 200) {
                                  var tokenResponse = JSON.parse(req.responseText);
                                  setToken(tokenResponse['access_token'], tokenResponse['refresh_token'], tokenResponse['id_token']);
                                  kc.onAuthSuccess && kc.onAuthSuccess();
                                  promise && promise.setSuccess();
                              }
                              else {
                                  kc.onAuthError && kc.onAuthError();
                                  promise && promise.setError();
                              }
                          }
                      };
      
                      req.send(params);
                  }
                  else if (error) {
                      if (prompt != 'none') {
                          kc.onAuthError && kc.onAuthError();
                          promise && promise.setError();
                      }
                      else {
                          promise && promise.setSuccess();
                      }
                  }
              }
      

      Attachments

        Activity

          People

            mposolda@redhat.com Marek Posolda
            gerbermichi Michael Gerber (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: