micronaut-security icon indicating copy to clipboard operation
micronaut-security copied to clipboard

Published 20 hours ago verified publisher icon micronaut-projects

Support for Keycloak v17+ in AuthorizationServer::infer

Open adamkobor opened this issue 2 years ago • 4 comments

Keycloak 17+ doesn't have the /auth/ fragment in its pre-set URLs, therefore the original logic in AuthorizationServer is outdated, and it's not possible to infer the right type of newer Keycloak instances based on the URL of the issuer. The biggest consequence of this is that EndSessionEndpointResolver is not able to register the right end session endpoint for Keycloak.

adamkobor avatar Oct 04 '22 11:10 adamkobor

CLA assistant check
All committers have signed the CLA.

CLAassistant avatar Oct 04 '22 11:10 CLAassistant

@sdelamo could you let the GitHub Actions run, please? In this case I could see if the build pass, at least, and fix the necessary stuff until the review starts. Thanks 🙏

adamkobor avatar Oct 11 '22 05:10 adamkobor

I will check this pr soon.

sdelamo avatar Oct 13 '22 05:10 sdelamo

Just a side note: this one alone won't solve the issue with Keycloak and RP initiated logouts, https://github.com/micronaut-projects/micronaut-security/pull/1049 should solve the latter one

adamkobor avatar Nov 17 '22 08:11 adamkobor