Apicurio-studio: Bug : Setup for development environment causes re-login every 5 seconds.

Created on 5 Jan 2021  ·  13Comments  ·  Source: Apicurio/apicurio-studio

After following the URL below, the keycloak server now tries to re-login once every 5 seconds just by accessing it.
This is a lot of development work, so I'm working around it by setting the login retry to 86,400 seconds (it takes about 30 seconds to re-login). What can I do to solve the underlying problem?

https://www.apicur.io/studio/docs/setting-up-a-development-environment

bug

All 13 comments

That's not good. I think we need more information.

  • What OS and browser are you using? Can you try other browser(s)?
  • What is the output to the browser JS console? There may be some useful information there.
  • Is there any useful output on the ng start console when this happens?

@mikisou 追加で情報もらえませんか?

@EricWittmann
Thanks.

This is my environment:
OS: MacOS Catalina / Chrome 87.0.4280.88(Official Build)
Firefox 84.0.1 : Not reproduced this bug
Safari 13.1.3 : Reproduced this bug

There are some issues reported on the Chrome's console about SameSite attribute for a cookie.
It seemed no useful output on the console for the front-end application.

OK so it sounds like this is specific to Safari browser - is that right? I don't have a Mac so I can't test this myself.

@Apicurio/developers - does anyone have a Mac and can try to reproduce this?

@EricWittmann I guess this problem comes from Chrome's change of its default behaviour.

As of version 80, Chrome treats Cookie SameSite=Lax by default.
https://web.dev/samesite-cookies-explained/

As you can see in the following capture, Since SameSite attribute is not specified in KEYCLOAK_SESSION so SameSite=Lax is applied by default, which means that the cookie can not be read in iframe.
Screen Shot 2021-01-15 at 20 14 55

So, Keycloak fails to get KEYCLOAK_SESSION value in cookie.
https://github.com/keycloak/keycloak/blob/3.4.3.Final/adapters/oidc/js/src/main/resources/login-status-iframe.html#L71

As a result, changed message is sent to the main window.
https://github.com/keycloak/keycloak/blob/3.4.3.Final/adapters/oidc/js/src/main/resources/login-status-iframe.html#L27

Then, it falls into logout process in the main window.
https://github.com/keycloak/keycloak/blob/3.4.3.Final/adapters/oidc/js/src/main/resources/keycloak.js#L863

Anyway, It's all happens in Keycloak...

I wonder if this would be resolved simply by upgrading the keycloak.js being used to a newer version. Could you try grabbing a more recent version of that from here:

https://www.npmjs.com/package/keycloak-js

I think the newer versions should work despite the older version of Keycloak we've got running in the cloud.

Since login-status-iframe.html is hosted on https://studio-auth.apicur.io/ , I think replacing only keycloak.js will not work.

It's required to upgrade Keycloak on the server to 8.0.2 or later.

Would you please check:
https://www.keycloak.org/2020/02/keycloak-802-released.html

Thanks for figuring this all out - much appreciated. I'll see what I can do about upgrading the auth server.

@EricWittmann
Do you know if the problem occurs if you use keyckloak 8.0.2 or later?
https://github.com/Apicurio/apicurio-studio/blob/master/distro/docker-compose/keycloak/Dockerfile

Darn I lost track of this activity. I don't think there is any reason to expect a new version of Keycloak to be a problem for us. We'll just have to test it!

@EricWittmann
I tested it with keykloak 12.0.4 and it seems to be working well so far.

I'll need to find time to upgrade studio.apicur.io's auth to KC 12. Thanks for the update.

Was this page helpful?
0 / 5 - 0 ratings