Getting logged out after Keycloak login

[aflorj]

Plugin version: 0.9.4 Redmine version: 5.0.5.stable

Hello.

I am having issues with this plugin. Everything seems to work fine until the moment I am logged in (a new user is successfully created in Redmine, the newly created used receives admin role, authentication in successful). After a successful login I am immediately redirected to logout. My Keycloak session is still active, I am only getting logged out from Redmine.

Plugin settings:

I would appreciate any input on this issue.

Logs:

redmine_1   | I, [2023-05-17T07:28:46.533244 #1]  INFO -- : Processing by AccountController#login as HTML
redmine_1   | I, [2023-05-17T07:28:46.560194 #1]  INFO -- :   Current user: anonymous
redmine_1   | I, [2023-05-17T07:28:46.560714 #1]  INFO -- : Redirected to http://localhost:3000/oic/login
redmine_1   | I, [2023-05-17T07:28:46.560921 #1]  INFO -- : Completed 302 Found in 28ms (ActiveRecord: 6.5ms | Allocations: 4283)
redmine_1   | I, [2023-05-17T07:28:46.567223 #1]  INFO -- : Started GET "/oic/login" for 10.10.22.1 at 2023-05-17 07:28:46 +0000
redmine_1   | I, [2023-05-17T07:28:46.567704 #1]  INFO -- : Processing by AccountController#oic_login as HTML
redmine_1   | I, [2023-05-17T07:28:46.570586 #1]  INFO -- :   Current user: anonymous
redmine_1   | I, [2023-05-17T07:28:46.573902 #1]  INFO -- : Redirected to https://our-keycloak-url.com/auth/realms/applications/protocol/openid-connect/auth?client_id=redmine&nonce=e83ef31b-f7d1-4d4d-b4dc-407de45be58e&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Foic%2Flocal_login&response_type=code&scope=openid&state=9bf42a76-9e73-45d2-8ffa-65119b914506
redmine_1   | I, [2023-05-17T07:28:46.574044 #1]  INFO -- : Completed 302 Found in 6ms (ActiveRecord: 2.7ms | Allocations: 1080)
redmine_1   | I, [2023-05-17T07:28:46.595016 #1]  INFO -- : Started GET "/oic/local_login?state=9bf42a76-9e73-45d2-8ffa-65119b914506&session_state=7409ed4f-fcce-4b13-a992-92ba859c3cab&code=9c04bba5-3653-416f-99e1-c683261bd8da.7409ed4f-fcce-4b13-a992-92ba859c3cab.882cb313-ebd8-44ba-b152-bee176ea923e" for 10.10.22.1 at 2023-05-17 07:28:46 +0000
redmine_1   | I, [2023-05-17T07:28:46.595948 #1]  INFO -- : Processing by AccountController#oic_local_login as HTML
redmine_1   | I, [2023-05-17T07:28:46.596038 #1]  INFO -- :   Parameters: {"state"=>"9bf42a76-9e73-45d2-8ffa-65119b914506", "session_state"=>"7409ed4f-fcce-4b13-a992-92ba859c3cab", "code"=>"9c04bba5-3653-416f-99e1-c683261bd8da.7409ed4f-fcce-4b13-a992-92ba859c3cab.882cb313-ebd8-44ba-b152-bee176ea923e"}
redmine_1   | I, [2023-05-17T07:28:46.599480 #1]  INFO -- :   Current user: anonymous
redmine_1   | I, [2023-05-17T07:28:46.681695 #1]  INFO -- : Successful authentication for 'redmineadmin' from 10.10.22.1 at 2023-05-17 07:28:46 UTC
redmine_1   | I, [2023-05-17T07:28:46.689111 #1]  INFO -- : Redirected to http://localhost:3000/my/page
redmine_1   | I, [2023-05-17T07:28:46.689325 #1]  INFO -- : Completed 302 Found in 93ms (ActiveRecord: 13.0ms | Allocations: 5912)
redmine_1   | I, [2023-05-17T07:28:46.694437 #1]  INFO -- : Started GET "/my/page" for 10.10.22.1 at 2023-05-17 07:28:46 +0000
redmine_1   | I, [2023-05-17T07:28:46.694972 #1]  INFO -- : Processing by MyController#page as HTML
redmine_1   | I, [2023-05-17T07:28:46.699302 #1]  INFO -- :   Current user: redmineadmin (id=5)
redmine_1   | I, [2023-05-17T07:28:46.739078 #1]  INFO -- :   Rendered my/page.html.erb within layouts/base (Duration: 37.5ms | Allocations: 17113)
redmine_1   | I, [2023-05-17T07:28:46.746544 #1]  INFO -- :   Rendered layout layouts/base.html.erb (Duration: 45.0ms | Allocations: 21100)
redmine_1   | I, [2023-05-17T07:28:46.746740 #1]  INFO -- : Completed 200 OK in 52ms (Views: 32.4ms | ActiveRecord: 14.6ms | Allocations: 22648)
redmine_1   | I, [2023-05-17T07:28:46.821913 #1]  INFO -- : Started GET "/oic/rpiframe" for 10.10.22.1 at 2023-05-17 07:28:46 +0000
redmine_1   | I, [2023-05-17T07:28:46.822500 #1]  INFO -- : Processing by AccountController#rpiframe as HTML
redmine_1   | I, [2023-05-17T07:28:46.829316 #1]  INFO -- :   Current user: redmineadmin (id=5)
redmine_1   | I, [2023-05-17T07:28:46.831790 #1]  INFO -- :   Rendered plugins/redmine_openid_connect/app/views/account/rpiframe.html.erb (Duration: 0.2ms | Allocations: 43)
redmine_1   | I, [2023-05-17T07:28:46.832225 #1]  INFO -- : Completed 200 OK in 10ms (Views: 1.0ms | ActiveRecord: 2.9ms | Allocations: 1298)
redmine_1   | I, [2023-05-17T07:28:46.889662 #1]  INFO -- : Started GET "/oic/local_logout" for 10.10.22.1 at 2023-05-17 07:28:46 +0000
redmine_1   | I, [2023-05-17T07:28:46.890141 #1]  INFO -- : Processing by AccountController#oic_local_logout as HTML
redmine_1   | I, [2023-05-17T07:28:46.896210 #1]  INFO -- :   Current user: redmineadmin (id=5)
redmine_1   | I, [2023-05-17T07:28:46.910221 #1]  INFO -- :   Rendered plugins/redmine_openid_connect/app/views/account/oic_local_logout.html.erb within layouts/base (Duration: 0.3ms | Allocations: 67)
redmine_1   | I, [2023-05-17T07:28:46.920746 #1]  INFO -- :   Rendered layout layouts/base.html.erb (Duration: 10.8ms | Allocations: 4608)
redmine_1   | I, [2023-05-17T07:28:46.920965 #1]  INFO -- : Completed 200 OK in 31ms (Views: 9.2ms | ActiveRecord: 15.3ms | Allocations: 6188)```

[aflorj]

Update: The issue seems to be related to my environment (browser) and has nothing to do with this plugin. I will leave this ticket open for now, to update it when I find the solution and close it at that time.

[hogger0]

Update: The issue seems to be related to my environment (browser) and has nothing to do with this plugin. I will leave this ticket open for now, to update it when I find the solution and close it at that time.

Hi,I am having same issues with this plugin. How to solution？

[aflorj]

Unfortunately I wasn't able to debug it so I can't provide any useful information, sorry.

[natsutteatsuiyone]

I had the same issue. The cause was that the cookie couldn't be retrieved in keycloak's login-status-iframe.html. https://github.com/keycloak/keycloak/blob/release/22.0/services/src/main/resources/org/keycloak/protocol/oidc/endpoints/login-status-iframe.html#L33 https://github.com/keycloak/keycloak/blob/release/22.0/services/src/main/resources/org/keycloak/protocol/oidc/endpoints/login-status-iframe.html#L53

Because stat is always changed, it triggers logout. https://github.com/devopskube/redmine_openid_connect/blob/0.9.4/app/views/account/rpiframe.html.erb#L29

[khiemnh-htv]

We have the same issue, it's just working with FireFox. . . :((. If you have solution (or work around) please share to us, otherwise this plugin is almost useless. Thanks