finalist / liferay-oidc-plugin

Plugin for Liferay, enabling OpenID Connect authentication
Apache License 2.0
21 stars 31 forks source link

Can´t open/show keycloak login page #46

Open ehds2018 opened 4 years ago

ehds2018 commented 4 years ago

Hello I'm using the OpenId connector in Liferay 6.2 CE, to sign in with keycloak. The question is when I click the SignIn button the behavior is different depending on the location / url of the Liferay and keycloack. I guve you 2 Scenarios example:

Scenario 1: Different domains Url Liferay is http://work_domain_and_port/liferay and keycloak url is http://other_domain_and_port/auth. The result is the expected, opens keycloak login page on the same browser tab.

Scenario 2: Same domain but different access url Url Liferay is http://work_domain_and_port/liferay and keyclocak url is http://other_domain_and_port/auth. The result is the expected, opens keycloak login page on the same browser tab.

Scenario 3: Same domain and url’s Both are in the same domain (say in a cluster environment), for example http/docker.localhost/liferay and http://docker.localhost/auth. The result is not expected. When you click the SignIn button, the Liferay window is "disabled", but does not open the keycloak login.

Note: In developer tools from browser, when I inspect signIn button we can see < a class="" data-redirect="false" href="http://docker.localhost/liferay/c/portal/login?p_l_id=20185" id="" role="menuitem" title="Sign In" >

If I replace href with onclick="location.href = the expected result is obtained.

Can you help me with this? Have you ever encountered this problem?

Thank you in advance Eunice da Silva

gvanderploeg commented 4 years ago

Hi,

There's a few things that come to my mind when reading your scenarios:

Hope this helps.

ehds2018 commented 4 years ago

Thanks for the reply

“as far as I know, Liferay does something weird with the login button in cases where the login portlet is present on that page; in that case the login button does not redirect to /c/portal/login but it puts the browser focus on the login portlet on that page.”

“running two applications (Liferay and Keycloak) on the same domain and port makes the application effectively share their cookies. Especially the cookie JSESSIONID is an interesting one. Have you taken this into account?”

But for this change I need to change themes already created and take into account all the Liferay themes that will be created. And not all themes I'me able to make this change.

Regardless, I don't think it's the best solution, the one with the themes, but I don't remember anything else anymore. That's why I’me asking for help.

Eunice da Silva

ehds2018 commented 4 years ago

Hi,

It's the same in liferay 7

Eunice da Silva