Spring Boot with Keycloak and Cookie Token Store end in /sso/login

[Alexander Muthmann]

Hey all,

I'm trying to get my head around using Keycloak with "token-store: cookie" instead of sessions in Spring Boot. 

I was not able to find a complete documentation so far but could figure out, how this should work (theoretically...).

First of all, I pushed a complete example to github (including a docker-compose to get keycloak up):

https://github.com/deveth0/keycloak-spring-stateless

If you open the application on localhost:8000/api you'll be redirected to keycloak and can login with "testuser001:password123". Afterwards you'll be redirected back to /api but then a redirect to "/sso/login" kicks in and this results in a 404 as this page does not exist.

As far as I understand the code, this is the point, where  KeycloakAuthenticationSuccessHandler  should come and redirect the user back to /api as the authentication was successfull and access is permitted. But weird enough this only happens for the first redirect back to /api but not for the next one.

I tracked this down to KeycloackAuthenticationProcessingFilter::successfulAuthentication (https://github.com/keycloak/keycloak/blob/ae98d8ea286c4f507beeb1a91f3c298966f11fd6/adapters/oidc/spring-security/src/main/java/org/keycloak/adapters/springsecurity/filter/KeycloakAuthenticationProcessingFilter.java#L196) where it's also verified, that the authenticaion is interactive (spoiler: it's no longer...). 

I'm not sure, if I miss something here or if this a bug and would appreciate any helpful input!

Cheers

Alex