I'm currently facing an infinite redirect loop issue when integrating Keycloak for OpenID Connect (OIDC) authentication in my ASP.NET Core Blazor Server application using Radzen.
Technologies Involved:
- Keycloak (24.0.4) as the Identity Provider (IDP)
- ASP.NET Core 8.0 for the Backend
- Blazor Server for the Frontend
- Radzen Components for UI
- OpenID Connect (OIDC) for authentication
- HTTPS environment on both the app and the Keycloak Server
Problem Overview:
I have configured Keycloak as the Identity Provider using OIDC in my Blazor Server application. After being redirected to Keycloak for authentication and logging in successfully, I get stuck in an infinite redirect loop between the application and Keycloak.
So:
- I get redirected to Keycloak for login
- After successful login in Keycloak, it redirects me back to my app (/signin-oidc)
- The app gets stuck in a loop and keeps redirecting between Keycloak and the app's login URL.
Looks like this in the Docker Desktop Logs:
Configuration Details:
The Keycloak configuration should be okay, as i copied it out of the client adapter config.
My Authentication Setup in Program.cs:
builder.Services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme) .AddKeycloakWebApp(builder.Configuration.GetSection("Keycloak"), configureOpenIdConnectOptions: options => { options.SaveTokens = true; options.ResponseType = OpenIdConnectResponseType.Code; options.Events = new OpenIdConnectEvents { OnSignedOutCallbackRedirect = context => { context.Response.Redirect("/Account/Logout"); context.HandleResponse(); return Task.CompletedTask; }, OnAuthenticationFailed = context => { Console.WriteLine($"Authentication failed: {context.Exception.Message}"); return Task.CompletedTask; }, OnRemoteFailure = context => { Console.WriteLine($"Remote failure: {context.Failure.Message}"); context.Response.Redirect("/Account/Error"); context.HandleResponse(); return Task.CompletedTask; } }; });Login Action in my AccountController:
public IActionResult Login(string redirectUri) { Console.WriteLine($"Login action called. RedirectUri: {redirectUri}"); var redirectUrl = redirectUri ?? Url.Content("~/"); return Challenge(new AuthenticationProperties { RedirectUri = redirectUrl }, OpenIdConnectDefaults.AuthenticationScheme); }Troubleshooting So far:
- Basically tried everything i found related to this topic
- I've checked the Keycloak client configuration to ensure that theredirect URI matches exactly (
https://testapp.mkw.at/signin-oidc). - The OpenID Connect middleware is configured in Program.cs, and theCallbackPath is correctly set to
/signin-oidc. - Deleting cookies as some people suggested didn’t solve the issue.
- There are no specific errors in the application logs, but the browserjust keeps redirecting back and forth between the application andKeycloak.
Tried every possible order here but also did nothing.:
app.UseStaticFiles();app.UseRouting();app.UseAuthentication();app.UseAuthorization();//app.UseHttpsRedirection();app.MapControllers();app.UseHeaderPropagation();app.UseSession();app.UseAntiforgery();app.MapRazorPages();app.MapRazorComponents<App>().AddInteractiveWebAssemblyRenderMode().AddAdditionalAssemblies(typeof(SimpleKeycloakAuthServerSample.Client._Imports).Assembly);app.Run();When logging the URL in Keycloak, I can see that the state and nonce values are changing with every redirect, but it keeps going in circles.
Question:
- What could be causing this infinite redirect loop between Keycloakand the Blazor application?
- Is there any additional configuration I might be missing, either onKeycloak or in the Blazor app, that could prevent this loop?
Could this be related to how Radzen components interact with the authentication flow?
Any help or pointers would be greatly appreciated!
Thanks in advance!