Infinite Redirect Login Loop with Keycloak OIDC in ASP.NET Core 8.0 Blazor (Radzen) Application

Julian M 0 Reputation points
2024-09-25T13:39:57.89+00:00

Hello everyone,

I'm currently facing an infinite redirect loop issue when integrating Keycloak for OpenID Connect (OIDC) authentication in my ASP.NET Core Blazor Server application using Radzen.

Technologies Involved:

  • Keycloak (24.0.4) as the Identity Provider (IDP)
  • ASP.NET Core 8.0 for the Backend
  • Blazor Server for the Frontend
  • Radzen Components for UI
  • OpenID Connect (OIDC) for authentication
  • HTTPS environment on both the app and the Keycloak Server

Problem Overview:

I have configured Keycloak as the Identity Provider using OIDC in my Blazor Server application. After being redirected to Keycloak for authentication and logging in successfully, I get stuck in an infinite redirect loop between the application and Keycloak.

So:

  1. I get redirected to Keycloak for login
  2. After successful login in Keycloak, it redirects me back to my app (/signin-oidc)
  3. The app gets stuck in a loop and keeps redirecting between Keycloak and the app's login URL.

Looks like this in the Docker Desktop Logs:
User's image

Configuration Details:

The Keycloak configuration should be okay, as i copied it out of the client adapter config.

My Authentication Setup in Program.cs:

builder.Services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
    .AddKeycloakWebApp(builder.Configuration.GetSection("Keycloak"), configureOpenIdConnectOptions: options =>
    {
        options.SaveTokens = true;
        options.ResponseType = OpenIdConnectResponseType.Code;
        
        options.Events = new OpenIdConnectEvents
        {
            OnSignedOutCallbackRedirect = context =>
            {
                context.Response.Redirect("/Account/Logout");
                context.HandleResponse();
                return Task.CompletedTask;
            },
            OnAuthenticationFailed = context =>
            {
                Console.WriteLine($"Authentication failed: {context.Exception.Message}");
                return Task.CompletedTask;
            },
            OnRemoteFailure = context =>
            {
                Console.WriteLine($"Remote failure: {context.Failure.Message}");
                context.Response.Redirect("/Account/Error");
                context.HandleResponse();
                return Task.CompletedTask;
            }
        };
    });


Login Action in my AccountController:

        public IActionResult Login(string redirectUri)
        {
            Console.WriteLine($"Login action called. RedirectUri: {redirectUri}");
            var redirectUrl = redirectUri ?? Url.Content("~/");
            return Challenge(new AuthenticationProperties { RedirectUri = redirectUrl }, 			 OpenIdConnectDefaults.AuthenticationScheme);
        }


Troubleshooting So far:

  • Basically tried everything i found related to this topic
  • I've checked the Keycloak client configuration to ensure that the redirect URI matches exactly (https://testapp.mkw.at/signin-oidc).
  • The OpenID Connect middleware is configured in Program.cs, and the CallbackPath is correctly set to /signin-oidc.
  • Deleting cookies as some people suggested didn’t solve the issue.
  • There are no specific errors in the application logs, but the browser just keeps redirecting back and forth between the application and Keycloak.
app.UseStaticFiles();
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
//app.UseHttpsRedirection();
app.MapControllers();
app.UseHeaderPropagation();
app.UseSession();
app.UseAntiforgery();
app.MapRazorPages();
app.MapRazorComponents<App>().AddInteractiveWebAssemblyRenderMode().AddAdditionalAssemblies(typeof(SimpleKeycloakAuthServerSample.Client._Imports).Assembly);
app.Run();


tried every order possible here but also did nothing.

When logging the URL in Keycloak, I can see that the state and nonce values are changing with every redirect, but it keeps going in circles.

Question:

  1. What could be causing this infinite redirect loop between Keycloak and the Blazor application?
  2. Is there any additional configuration I might be missing, either on Keycloak or in the Blazor app, that could prevent this loop?

Could this be related to how Radzen components interact with the authentication flow?

Any help or pointers would be greatly appreciated!

Thanks in advance!

Developer technologies ASP.NET ASP.NET Core
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Bruce (SqlWork.com) 77,686 Reputation points Volunteer Moderator
    2024-09-25T16:39:21.11+00:00

    I'd check the authentication cookie is being properly created. oauth flow:

    • blazor site reads authentication cookie and validates, if invalid or missing, redirects to oauth server passing reply url and return url
    • oauth server validates user
    • if valid oauth server redirects to blazor site reply url with token
    • blazor site validates token, creates authentication cookie and redirects to return url
    • blazor site reads authentication cookie and validates, if invalid or missing, redirects to oauth server passing reply url and return url

    also if the return url is the login page, you would also be in a loop.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.