search

bitnami / charts

Bitnami Helm Charts
https://bitnami.com
Other
8.98k stars 9.2k forks source link

[bitnami/keycloak] following up #29499 Web Application hit too many redirects issue after upgrade from bitnami/keycloak 21.0.0 to 22.2.5 #29988

Open weim3ng opened 1 week ago

weim3ng commented 1 week ago

Name and Version

bitnami/keycloak 22.2.5

What architecture are you using?

amd64

What steps will reproduce the bug?

  1. Upgrade from bitnami/keycloak 21.0.0 to 22.2.5

  2. Environment - azure aks with Kubernetes version v 1.28.5

  3. Run - Login with Angular Web Application which is using keycloak-angular package with keycloak.js v 25.0.6

  4. Web Application hit too many redirect issue image

  5. Found that is related to duplicate Cookies AUTH_SESSION_ID

image

  1. how do I get rid of the duplicate cookies in client browser without the need of users to manually clear their browser cookies?

Are you using any custom parameters or values?

No response

What is the expected behavior?

Able to login successfully as in bitnami/keycloak 21.0.0 version

What do you see instead?

Angular Web Application hit too many redirect issue.

image

Additional information

yaml file

image:
  debug: true

auth:
  adminUser: ${KEYCLOAK_ADMIN_USER}
  adminPassword: ${KEYCLOAK_ADMIN_PASSWORD}

postgresql:
  enabled: false

externalDatabase:
  host: ${DB_HOST}
  port: 1433
  database: ${DB_NAME}
  user: ${DB_USER}
  password: ${DB_PASSWORD}

cache:
  enabled: true

production: true

proxy: edge

extraStartupArgs: "--spi-login-protocol-openid-connect-legacy-logout-redirect-uri=true --spi-sticky-session-encoder-infinispan-should-attach-route=true"

extraEnvVars:
  - name: KEYCLOAK_LOG_LEVEL
    value: DEBUG
  - name: QUARKUS_TRANSACTION_MANAGER_ENABLE_RECOVERY
    value: "true"
  - name: QUARKUS_TRANSACTION_MANAGER_OBJECT_STORE_DIRECTORY
    value: "/opt/bitnami/keycloak/objectstore"
  - name: PROXY_ADDRESS_FORWARDING
    value: "true"
  - name: KC_DB
    value: "mssql"
  - name: KC_DB_URL
    value: "jdbc:sqlserver://${DB_HOST}:1433;databaseName=${DB_NAME};encrypt=true;trustServerCertificate=false;loginTimeout=30;sendStringParametersAsUnicode=false;"
  - name: KC_TRANSACTION_XA_ENABLED
    value: "false"

replicaCount: 2

resources:
  requests:
    cpu: 384m
    memory: 1536Mi
  limits:
    cpu: 500m
    memory: 2048Mi

livenessProbe:
  enabled: true
  initialDelaySeconds: 300
  periodSeconds: 1
  timeoutSeconds: 5
  failureThreshold: 3
  successThreshold: 1

readinessProbe:
  enabled: true
  initialDelaySeconds: 30
  periodSeconds: 10
  timeoutSeconds: 1
  failureThreshold: 3
  successThreshold: 1

startupProbe:
  enabled: false
  initialDelaySeconds: 30
  periodSeconds: 5
  timeoutSeconds: 1
  failureThreshold: 60
  successThreshold: 1

nodeSelector:
  application: "yes"

extraVolumeMounts:
  - mountPath: /opt/bitnami/keycloak/themes/dms
    name: theme
  - mountPath: /opt/bitnami/keycloak/objectstore
    name: objectstore

extraVolumes:
  - name: theme
  - name: objectstore

service:
  type: ClusterIP
  sessionAffinity: ClientIP
  sessionAffinityConfig:
    clientIP:
      timeoutSeconds: 10800

ingress:
  annotations:
    nginx.ingress.kubernetes.io/cors-allow-credentials: "true"
    nginx.ingress.kubernetes.io/cors-allow-methods: "*"
    nginx.ingress.kubernetes.io/cors-allow-origin: "https://*.xxx.xxxxxxxx.com, http://localhost:4200" 
    nginx.ingress.kubernetes.io/enable-cors: "true"
    nginx.ingress.kubernetes.io/proxy-buffer-size: 12k
  hostname: ${KEYCLOAK_INGRESS_HOST}
  ingressClassName: nginx-internal
  tls: true

pdb:
  create: true
  minAvailable: 1

logging:
  output: default
  level: INFO
javsalgar commented 5 days ago

Hi!

Adding a reference to my previous comment https://github.com/bitnami/charts/issues/29499#issuecomment-2367426840