OIDCPreservePost response is incorrect when there is a claim authorization condition #1173
yagiaoskyworker
started this conversation in
General
Replies: 1 comment 1 reply
-
this is indeed a limitation caused by the way the Apache internals work (redirecting in the authorization handler phase comes with restrictions); I have just added a section to the Known Limitations, thanks for reporting; from our tests it appears that a workaround would be to run over HTTPs rather than plain HTTP as Apache seems to apply some correctional measures wrt. the extra content added at the end of the reponse |
Beta Was this translation helpful? Give feedback.
1 reply
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
There seem to be two problems when OIDCPreservePost is ON.
I think these are probably bugs, could you give me a comment?
Problems
My environments
OS: CentOS Linux release 7.9.2009 (Core)
OP: Keycloak 14.0.0
Apache: 2.4.6-99.el7.centos.1.x86_64
mod_auth_openidc: 2.4.15.1-1.el7.x86_64
Configuration
How to reproduce
2.1 curl --request POST http://service.example.com/ -d "param1=value1¶m2=value2"
2.2. response and content-length are correct
3.1. curl --request POST http://service.example.com/secure/ -d "param1=value1¶m2=value2"
3.2. response and content-length are incorrect
access_log
OK pattern:
=> status code and content-length are correct
NG pattern:
=> status code and content-length are not correct
Network capture
OK pattern:
NG pattern:
Beta Was this translation helpful? Give feedback.
All reactions