Hi Everyone,
I am using keycloak as server side Authenticator. I need to achieve auto logout feature i.e show a pop-up to the user when his session is about to expire.
I know for client side we have a javascript adapter.
But since we are doing a server side authentication I am following the below approach
→ I am using a check_session_iframe url shared by keycloak. As per the doc this is the url
/auth/realms/{myRealm}/protocol/openid-connect/login-status-iframe.html/
→ This is the content inside login-status-iframe.html https://github.com/keycloak/keycloak/blob/master/adapters/oidc/js/src/main/resources/login-status-iframe.html
→ I am able to post a message to the Iframe but when I debugged the isssue I found that the below url
https://{MyClient.com}/auth/realms/dev/protocol/openid-connect/login-status-iframe.html/init?client_id={MyClientId}&origin={MyClient.com}
is giving a 403 Forbidden Error
Below is a part of the code from the Iframe (http://Login-Status-Iframe-Url)
if (!init) {
var req = new XMLHttpRequest();var url = location.href.split("?")[0] + "/init"; url += "?client_id=" + encodeURIComponent(clientId); url += "&origin=" + encodeURIComponent(origin); req.open('GET', url, true); req.onreadystatechange = function () { if (req.readyState === 4) {
==>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>It’s failing here, status is 403
if (req.status === 204 || req.status === 1223) {
init = {
clientId: clientId,
origin: origin
}
Any help is deeply appreciated. Thanks In advance
Regards
Anubhav