Description
I'm working on adding single-sign-on (spring-boot-starter-oauth2-client) to a Spring Boot (3.4.5) and kept getting stuck. I could narrow down to problem to problem-spring-web-starter (0.29.1).
Expected Behavior
The usual SSO flow works as intended. Unauthenticated requests are redirected to the SSO login mask.
Actual Behavior
User sees an empty page (Status 200). The log shows an AuthorizationDeniedException.
Full log: scratch.txt
Similar behavior has been observed when attempting SAML2 instead of OAuth2 using spring-security-saml2-service-provider.
Possible Fix
n/a
Steps to Reproduce
Minimal example: https://github.com/deskjet/spring-boot-keycloak-oauth2-zalando-problem
- start the pre-configured Keycloak server using the included docker-compose file
- run the example project using
./gradlew bootRun or using your IDE
- go to
http://localhost:8080/private
If you remove problem-spring-web-starter, you can use this to login:
- Username:
john.doe
- Password:
password
Context
As stated in the description, the plan is to have users authenticate using SSO while also getting the benefits of problem-spring-web. It appears that I'm missing something but I'm out of ideas. Following the steps from the installation guide also didn't help.
Your Environment
- problem-spring-web-starter: 0.29.1
- Kotlin: 1.9.25
- org.springframework.boot: 3.4.5
- JVM: 21
Description
I'm working on adding single-sign-on (
spring-boot-starter-oauth2-client) to a Spring Boot (3.4.5) and kept getting stuck. I could narrow down to problem toproblem-spring-web-starter(0.29.1).Expected Behavior
The usual SSO flow works as intended. Unauthenticated requests are redirected to the SSO login mask.
Actual Behavior
User sees an empty page (Status 200). The log shows an
AuthorizationDeniedException.Full log: scratch.txt
Similar behavior has been observed when attempting SAML2 instead of OAuth2 using
spring-security-saml2-service-provider.Possible Fix
n/a
Steps to Reproduce
Minimal example: https://github.com/deskjet/spring-boot-keycloak-oauth2-zalando-problem
./gradlew bootRunor using your IDEhttp://localhost:8080/privateIf you remove
problem-spring-web-starter, you can use this to login:john.doepasswordContext
As stated in the description, the plan is to have users authenticate using SSO while also getting the benefits of problem-spring-web. It appears that I'm missing something but I'm out of ideas. Following the steps from the installation guide also didn't help.
Your Environment