oidc-client behavior change from wildfly 35 -> 36
109 views
Skip to first unread message
Stephen Sill II
Apr 21, 2025, 10:29:56 AMApr 21
to WildFly
Hi,
I've been using the oidc-client since it was introduced and it has worked great. With wildfly 36 however I've got a new behavior that does not happen in 35.
I have a Vaadin application that has web.xml configured with
<login-config>
<auth-method>OIDC</auth-method>
</login-config>
<login-config>
<auth-method>OIDC</auth-method>
</login-config>
I've always configured the oidc.json file like this when container is deployed
cat << EOF > /opt/bitnami/wildfly/stage/oidc.json
{
"client-id": "${OIDC_CLIENT_ID}",
"provider-url": "${OIDC_PROVIDER_URL}",
"ssl-required": "${OIDC_SSL_REQ}",
"public-client": ${OIDC_PUBLIC_CLIENT},
${TRUST_MANAGER_SNIPPET}
"confidential-port": 443
}
EOF
cat << EOF > /opt/bitnami/wildfly/stage/oidc.json
{
"client-id": "${OIDC_CLIENT_ID}",
"provider-url": "${OIDC_PROVIDER_URL}",
"ssl-required": "${OIDC_SSL_REQ}",
"public-client": ${OIDC_PUBLIC_CLIENT},
${TRUST_MANAGER_SNIPPET}
"confidential-port": 443
}
EOF
This has always worked great, and does in wildfly 35. With wildfly 36, I can log in to my application just fine and if I continue to click around everything works fine. However, if I stop on a particular screen for greater than 60s to read an email, whatever, the next click on something sends it back to the app's home screen(like my token timed out) but it doesn't make me login again, meaning the keycloak token is still valid.
I was particularly interested in wildfly 36 to see if this issue I had opened had been resolved
https://issues.redhat.com/browse/ELY-2753
I don't see any exceptions in the logs when this happens, I just see a message that acts as if I had logged in again
https://issues.redhat.com/browse/ELY-2753
I don't see any exceptions in the logs when this happens, I just see a message that acts as if I had logged in again
Any thoughts?
Stephen Sill II
Apr 21, 2025, 12:14:22 PMApr 21
to WildFly
just to add on
This is all I see in the app log. Vaadin app goes to refresh and it's suddenly not logged in, even after only a minute or so idle. However the session on keycloak is still active and when it gets booted back to landing page I don't have to login again, it picks up the session. This is completely new behavior from wildfly 35 to 36.
2025-04-21 16:07:49,350 WARNING [com.foo.bar.web.ui.MainLayout] (default task-2) Not logged in!
2025-04-21 16:07:49,351 WARNING [com.foo.bar.web.ui.views.AbstractLogiView] (default task-2) Not logged in!
2025-04-21 16:07:50,481 INFO [com.foo.bar.web.ui.MainLayout] (default task-1) stephen.sill just logged in
This is all I see in the app log. Vaadin app goes to refresh and it's suddenly not logged in, even after only a minute or so idle. However the session on keycloak is still active and when it gets booted back to landing page I don't have to login again, it picks up the session. This is completely new behavior from wildfly 35 to 36.
2025-04-21 16:07:49,350 WARNING [com.foo.bar.web.ui.MainLayout] (default task-2) Not logged in!
2025-04-21 16:07:49,351 WARNING [com.foo.bar.web.ui.views.AbstractLogiView] (default task-2) Not logged in!
2025-04-21 16:07:50,481 INFO [com.foo.bar.web.ui.MainLayout] (default task-1) stephen.sill just logged in
Brian Stansberry
Apr 23, 2025, 4:56:53 PMApr 23
to WildFly
Hi Stephen,
I'm a noob about this stuff but perhaps you are encountering the problem discussed at #wildfly-elytron > Fix for CVE-2024-12369/ELY-2887 breaks OIDC with AWS Cognito?
Best regards,
Brian
Message has been deleted
Stephen Sill II
May 15, 2025, 3:36:35 PMMay 15
to WildFly
I'm happy to report that installing wildfly 36.0.1 fixes this! Thanks!
Reply all
Reply to author
Forward
0 new messages