Problem/Motivation

If you have "Replace Drupal login with Keycloak single sign-on (SSO)" enabled, and the authentication fails for some reason (e.g. from logic in hook_openid_connect_pre_authorize()), the user will get stuck in a infinite redirect loop until the state token gets invalid and the user is rendered a access result forbidden.

So what happens is:

I enter /user/login
Gets redirected to keycloak base URL
I authenticate, get redirected to redirect URL (/openid-connect/keycloak)
hook_openid_connect_pre_authorize fails the authorization
I get redirect to /user, and as I'm not authenticated, I get redirected back to /user/login

and it repeats until the state token gets invalidated.

Steps to reproduce

Proposed resolution

Remaining tasks

User interface changes

API changes

Data model changes

Comments

johnwebdev created an issue. See original summary.

hemant kumar’s picture

hemant kumar commented

Is there any update on this issue? I am getting the exact same issue.

bramdriesen’s picture

bramdriesen
he/him
Primary language Dutch
Location Belgium 🇧🇪🇪🇺
commented
Category: Bug report » Support request
Status: Active » Postponed (maintainer needs more info)
Issue tags: +Needs steps to reproduce

I never encountered this, so I would need exact steps to reproduce.

Does this also happen on the 2.2.x version?

chrisck’s picture

chrisck
he/him
Location BC, Canada
commented

@BramDriesen this does not happen on the 2.2.x version

bramdriesen’s picture

bramdriesen
he/him
Primary language Dutch
Location Belgium 🇧🇪🇪🇺
commented

Thanks for checking @chrisck !

Let's wait a bit and see if we can get steps to reproduce or not. Otherwise I'll close it as outdated :)