Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-17900

Ajax call is redirected to keycloak page instead of returning patrial-response redirect first

    XMLWordPrintable

Details

    • Bug
    • Resolution: Won't Do
    • Major
    • None
    • None
    • JSF, Security, Server
    • None
    • ---
    • ---

    Description

      I am trying to build web application with latest possible technologies Jakarta Faces 4.0, OIDC Jakarta security, Elytron Oidc Client, Wildfly 27.0.1, Keycloak 21.0.2 (without adapter on wildfly).   

      Page works great, when i click on a secured link it redirects me to KeyCloak server loginpage for my realm, there i login and i am redirected back to the link i clicked.

      Problem is when I login, then open two tabs(with secure url) and then logout in first one. In the second one all ajax click don't work anymore.

      I am using omnifaces AjaxExceptionHandler.

      <factory> <exception-handler-factory>org.omnifaces.exceptionhandler.FullAjaxExceptionHandlerFactory</exception-handler-factory> <exception-handler-factory>org.omnifaces.exceptionhandler.ViewExpiredExceptionHandlerFactory</exception-handler-factory></factory>
       

      In a picture "Screenshot from 2023-04-16 21-45-22" is shown how request looks like when ajax button is pressed.

      On a picture "Screenshot from 2023-04-16 21-45-43" we can se a response. But because it is on ajax call I cannot use it.

      If i click on a new Location from header (Picture "Screenshot from 2023-04-16 21-45-22") authentication page is loaded and after successful login I get response:

      <partial-response>
        <redirect url="/marketing_view/app/customers/index.xhtml"/>
      </partial-response>
      On Wildfly I am using reverse proxy, so that I dont have problem with cross site scripting, when I am redirected to auth login page from ajax button and i dont want to change url when redirecting to login.

      What I am thinking is that if my session is expired and I am clicking ajax button I should get <partial-response><redirect before redirect. Redirect should not happen on ajax.

      Can you tell me which component in Wildfly is making the response 302? I my project I have only <login-config><auth-method>OIDC</auth-method></login-config> and I am using Jakarta 10.

       

      All files to setup environment:

      https://drive.google.com/drive/folders/1zZjTLJCBpb2xSGEzxdeYsytav_X_BCEi?usp=sharing

       

      Attachments

        Issue Links

          incorporates

          Feature Request - Feature requests from customers and/or users WFLY-18889 org.wildfly.security.http.oidc.OidcRequestAuthenticator#loginRedirect() does not check for ajax request

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Activity

            People

              jaslee@redhat.com Jason Lee
              janez.puntar Janez Puntar
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: