After following the URL below, the keycloak server now tries to re-login once every 5 seconds just by accessing it.
This is a lot of development work, so I'm working around it by setting the login retry to 86,400 seconds (it takes about 30 seconds to re-login). What can I do to solve the underlying problem?
https://www.apicur.io/studio/docs/setting-up-a-development-environment
Here is the video recorded in this situation:
That's not good. I think we need more information.
ng start console when this happens?@mikisou 追加で情報もらえませんか?
@EricWittmann
Thanks.
This is my environment:
OS: MacOS Catalina / Chrome 87.0.4280.88(Official Build)
Firefox 84.0.1 : Not reproduced this bug
Safari 13.1.3 : Reproduced this bug
There are some issues reported on the Chrome's console about SameSite attribute for a cookie.
It seemed no useful output on the console for the front-end application.
OK so it sounds like this is specific to Safari browser - is that right? I don't have a Mac so I can't test this myself.
@Apicurio/developers - does anyone have a Mac and can try to reproduce this?
@EricWittmann I guess this problem comes from Chrome's change of its default behaviour.
As of version 80, Chrome treats Cookie SameSite=Lax by default.
https://web.dev/samesite-cookies-explained/
As you can see in the following capture, Since SameSite attribute is not specified in KEYCLOAK_SESSION so SameSite=Lax is applied by default, which means that the cookie can not be read in iframe.

So, Keycloak fails to get KEYCLOAK_SESSION value in cookie.
https://github.com/keycloak/keycloak/blob/3.4.3.Final/adapters/oidc/js/src/main/resources/login-status-iframe.html#L71
As a result, changed message is sent to the main window.
https://github.com/keycloak/keycloak/blob/3.4.3.Final/adapters/oidc/js/src/main/resources/login-status-iframe.html#L27
Then, it falls into logout process in the main window.
https://github.com/keycloak/keycloak/blob/3.4.3.Final/adapters/oidc/js/src/main/resources/keycloak.js#L863
Anyway, It's all happens in Keycloak...
I wonder if this would be resolved simply by upgrading the keycloak.js being used to a newer version. Could you try grabbing a more recent version of that from here:
https://www.npmjs.com/package/keycloak-js
I think the newer versions should work despite the older version of Keycloak we've got running in the cloud.
Since login-status-iframe.html is hosted on https://studio-auth.apicur.io/ , I think replacing only keycloak.js will not work.
It's required to upgrade Keycloak on the server to 8.0.2 or later.
Would you please check:
https://www.keycloak.org/2020/02/keycloak-802-released.html
Thanks for figuring this all out - much appreciated. I'll see what I can do about upgrading the auth server.
@EricWittmann
Do you know if the problem occurs if you use keyckloak 8.0.2 or later?
https://github.com/Apicurio/apicurio-studio/blob/master/distro/docker-compose/keycloak/Dockerfile
Darn I lost track of this activity. I don't think there is any reason to expect a new version of Keycloak to be a problem for us. We'll just have to test it!
@EricWittmann
I tested it with keykloak 12.0.4 and it seems to be working well so far.
I'll need to find time to upgrade studio.apicur.io's auth to KC 12. Thanks for the update.