I should authenticate a PHP website created with the Symfony framework (V5.4) with Keycloak.
On the PHP side I use the library Drenso/symfony-oidc for the OIDC authentication.
If I run both the PHP website and the Keycloak server locally in a Docker container, the authentication via the code flow workflow works without any problems.
Successful flow in Chrome DevTools
However, as soon as the Keycloak server is hosted in the Azure cloud, the authentication is canceled most of the time (in about 1 out of 15 login attempts it still works). The Google Chrome development console shows a ‘Canceled’ status when redirecting from Keycloak back to the PHP server. Instead of landing on the PHP server with the client, a 404 error is displayed by Keycloak.
Failed flow in Chrome DevTools
However, the redirect from the Keycloak has correctly triggered the request process on the PHP server and this also runs correctly and authenticates the user with the code provided by the Keycloak at the corresponding Keycloak endpoint and then receives the ODIC tokens. However, since the client has registered the termination, it does not wait for the response from the PHP server and therefore does not switch to the homepage after successful authentication.
Is it possible for someone to give me a hint where I should look?
I have tested the whole thing on different browsers (Chrome, Edge, Firefox) with the same errors.
I also set different parameters for the oidc configuration within the security.yaml settings. Currently it looks this way
`
security:
enable_authenticator_manager: true
providers:
dm_user_provider:
id: AppManagementBundleSecurityDmUserProvider
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
lazy: true
provider: dm_user_provider
logout: true
pattern: '^/'
oidc:
user_identifier_property: email
enable_end_session_listener: true
use_logout_target_path: false
enable_remember_me: true
use_referer: true
# always_use_default_target_path: true
access_control:
# Allow login page to everyone
- { path: '^/login$', roles: IS_AUTHENTICATED_ANONYMOUSLY }
# Deny all other sites
- { path: '^/', role: ROLE_USER }
role_hierarchy:
ROLE_ManagementUser: [ROLE_USER]
`
Philippe Suter is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.