8000 Fix account console for usage with secure-session client-policy (#37447) by thomasdarimont · Pull Request #38476 · keycloak/keycloak · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Fix account console for usage with secure-session client-policy (#37447) #38476

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Fix account console for usage with secure-session client-policy (#37447) #38476

wants to merge 1 commit into from

Conversation

thomasdarimont
Copy link
Contributor

Previously the missing state parameter caused issues when the client policy secure-session was enabled for the realm.

This adds a dummy state parameter for the initial server-side auth redirect when we check for an authenticated user in the account-console backend.

If the user is successfully authenticated the account-console backend will bootstrap the actual account-console frontend, which will then
perform the actual auth code flow with a proper state handling.

Fixes #37447

@thomasdarimont thomasdarimont requested a review from a team as a code owner March 26, 2025 23:27
@thomasdarimont thomasdarimont mentioned this pull request Mar 26, 2025
Closed
2 tasks
@mposolda mposolda self-assigned this Apr 29, 2025
@thomasdarimont @mposolda
Fix account console for usage with secure-session client-policy (keyc…
a465416 
…loak#37447)

Previously the missing state parameter caused issues when the client policy `secure-session` was enabled for the realm.

This adds a dummy state parameter for the initial server-side auth redirect when we check for an authenticated user in the account-console backend.

If the user is successfully authenticated the account-console backend will bootstrap the
actual account-console frontend, which will then
perform the actual auth code flow with a proper state handling.

Fixes keycloak#37447

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
@mposolda mposolda force-pushed the issue/gh-37447-fix-account-console-for-secure-session-policy branch from b31094e to a465416 Compare April 29, 2025 07:36
mposolda
mposolda approved these changes Apr 29, 2025
View reviewed changes
Copy link
Contributor
@mposolda mposolda left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@thomasdarimont Thanks!

I think test failures are unrelated to your changes. I hope that after rebase (which I did), the PR can be merged.

@keycloak-github-bot
Copy link

Unreported flaky test detected

If the flaky tests below are affected by the changes, please review and update the changes accordingly. Otherwise, a maintainer should report the flaky tests prior to merging the PR.

org.keycloak.testsuite.webauthn.account.WebAuthnSigningInTest#categoriesTest

Keycloak CI - WebAuthn IT (firefox)

java.lang.AssertionError: 

Expected: is <2>
     but: was <0>
	at org.hamcrest.MatcherAssert.assertThat(MatcherAssert.java:20)
...

Report flaky test

keycloak-github-bot[bot]
keycloak-github-bot bot reviewed Apr 29, 2025
View reviewed changes
Copy link
@keycloak-github-bot keycloak-github-bot bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unreported flaky test detected, please review

keycloak-github-bot[bot]
keycloak-github-bot bot reviewed Apr 29, 2025
View reviewed changes
Copy link
@keycloak-github-bot keycloak-github-bot bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unreported flaky test detected, please review

@keycloak-github-bot
Copy link

Unreported flaky test detected

If the flaky tests below are affected by the changes, please review and update the changes accordingly. Otherwise, a maintainer should report the flaky tests prior to merging the PR.

org.keycloak.testsuite.webauthn.account.WebAuthnSigningInTest#categoriesTest

Keycloak CI - WebAuthn IT (firefox)

java.lang.AssertionError: 

Expected: is <2>
     but: was <0>
	at org.hamcrest.MatcherAssert.assertThat(MatcherAssert.java:20)
...

Report flaky test

@mposolda
Copy link
Contributor
mposolda commented May 7, 2025

@thomasdarimont I've sent another PR #39539 , which fixes the test and also adds an automated test. Can you please review the other PR? If you agree, we can close this PR then.

@mposolda mposolda mentioned this pull request May 7, 2025
Merged
@mposolda
Copy link
Contributor

Closing as this was replaced by #39539 , which was merged already.

@mposolda mposolda closed this May 15, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@keycloak-github-bot keycloak-github-bot[bot] keycloak-github-bot[bot] left review comments

@jonkoops jonkoops jonkoops approved these changes

@mposolda mposolda mposolda approved these changes

Assignees

@mposolda mposolda

Labels
flaky-test
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

account-console no longer provides nonce/state parameter
3 participants
@thomasdarimont @mposolda @jonkoops
0