When using the OIDC Authorization Code Flow for a server-side web application, logging in from Safari on macOS results in a timeout. There are no issues when using Chrome or Firefox on Windows.
We are using Keycloak 26.0.7, and the web application uses the keycloak-connect library version 26.0.7 for Node.js. Both Keycloak and the web application are running on AWS EC2 instances, and an ALB (Application Load Balancer) with an ACM SSL certificate is being used.
The steps to reproduce the issue are as follows:
When entering a username and password on the Keycloak realm’s login page, a 504 Gateway Timeout occurs upon redirection back to the web application’s URL.
I expect the web application’s page to open.
Keycloak running on an EC2 VM is deployed using docker-compose. The compose.yml configuration file is as follows:
services:
keycloak:
image: keycloak/keycloak:26.0.7
restart: always
environment:
- KC_DB=mariadb
- KC_DB_URL_HOST=mariadb
- KC_DB_URL_PORT=3306
- KC_DB_URL_DATABASE=keycloak
- KC_DB_USERNAME=keycloak
- KC_DB_PASSWORD=xxxxxxxxxxxxxxxxxxxxxxx
- KEYCLOAK_ADMIN=keycloak
- KEYCLOAK_ADMIN_PASSWORD=xxxxxxxxxxxxxxxxxxxxxxx
- KC_HTTP_ENABLED=true
- KC_PROXY_HEADERS=xforwarded
- KC_HOSTNAME=https://auth.example.com
command: start
ports:
- "80:8080"
logging:
options:
max-size: "5m"
max-file: "10"
depends_on:
- mariadb
mariadb:
image: mariadb:10.5.2
restart: always
environment:
- MYSQL_ROOT_PASSWORD=xxxxxxxxxxxxxxxxxxxxxxx
- MYSQL_DATABASE=keycloak
- MYSQL_USER=keycloak
- MYSQL_PASSWORD=xxxxxxxxxxxxxxxxxxxxxxx
ports:
- 3306:3306
volumes:
- mariadb-data:/var/lib/mysql
logging:
options:
max-size: "5m"
max-file: "10"
volumes:
mariadb-data:
The Node.js web application is using express and keycloak-connect to protect index.html. Below is the sample code:
import express from "express";
import session from "express-session";
import Keycloak from "keycloak-connect";
const app = express();
app.set("view engine", "ejs");
app.use("/public", express.static("./public"));
const memoryStore = new session.MemoryStore();
const keycloak = new Keycloak({ store: memoryStore });
app.use(
session({
secret: process.env.COOKIE_SECRET || "this is default session secret",
resave: false,
saveUninitialized: true,
store: memoryStore,
}),
);
app.use(keycloak.middleware());
app.use(keycloak.protect());
app.get("/", (req, res) => {
res.render("./index");
});
Keycloak is listening at https://auth.example.com, and the Node.js web application is listening at https://app.example.com.
When accessing https://app.example.com, the web application’s Keycloak protect process is triggered, and the user is redirected to the Keycloak login page. While the login page is accessible, after entering the username and password, the Authorization Code Flow execution times out.
hiroya is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.