ThalesGroup
Keycloak 22 integration with Kong (2.8.3) oidcrp plugin having issue with Integration tests using groovy code.
Issue - redirect to oidcrp plugin not successful.
Kong (version 2.8.3) returns status code 400 with {"error":"invalid_grant","error_description":"Incorrect redirect_uri"} and
Keyclaok ( version 22.0.4) errors - "error":"invalid_code","grant_type":"authorization_code","code_id":"xxx","client_auth_method":"client-secret"},"name":"CODE_TO_TOKEN_ERROR"}
Steps: 1-Navigating initial UI page : https://api-gateway:443/oidcrp-to-https. status - 302 Found.
2- RedirectToKeyCloak with https://id-provider:443/auth/realms/realmTestOidcrpPlugin1/protocol/openid-connect/auth?response_type=code&client_id=testKong&scope=openid%20profile&redirect_uri=https%3A%2F%2Fapi-gateway%3A443%2Foidcrp-to-https%2Fsecure&state=xxx&nonce=yyy returns status 200
3- PostLoginAndPassword with -> https://id-provider:443/auth/realms/realmTestOidcrpPlugin1/login-actions/authenticate?session_code=xxx&execution=yyy&client_id=testKong&tab_id=zzz returns- status 302
4- RedirectToOidcRP fails and redirect to logout with https://api-gateway/oidcrp-to-https/secure?state=aaa&session_state=xxx&code=ccc returns 302 Found redirecting to /oidcrp-to-https/logout. At 4th step kong errors 400 with "error":"invalid_grant","error_description":"Incorrect redirect_uri" and keycloak returns CODE_TO_TOKEN_ERROR.
Pls note - this works fine if using keycloak version 17
Any suggestions or help will be highly appreciated.
Thanks - Alok
