Details
-
Bug
-
Resolution: Not an issue
-
Neutral
-
None
-
3.1.3
-
None
-
PAAS - Magnolia 6.2.29? with sso
Keycloak
FF browser
Description
SSO is working, but when deployed to PaaS, Firefox Login ends up in Timeout/Looping on "/.auth=state=" with a 302, complaining that the "Login expired". Other browsers (ie. chrome) are working.
This problem does not occur on local builds.
We can reproduce a slightly different behaviour between Chrome (Spinning Wheel during login) and Firefox (see screenshot), but finally always ended up successfully in Magnolia UI. Before Firefox displayed this status for ~1-2s:
![]()
Magnolia SSO Module 3.1.2 was tested so far.
Timeout shouldn't be an issue on Keycloak side, response is quite fast with less than 200ms in most tested cases
- It does work on LOCAL instances.
- It does NOT work when deployed on our PaaS.
- It “never” worked with Firefox
Cookie “JSESSIONID” with the “SameSite” attribute value “Lax” or “Strict” was omitted because of a cross-site redirect.
https://stackoverflow.com/questions/75553931/samesite-lax-on-jsessionid-not-working-with-firefox-after-redirect
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#samesitesamesite-value

LAX - Means that the cookie is not sent on cross-site requests, such as on requests to load images or...
CHROME:

Mozzila:

Checklists
Attachments
1.
|
Documentation |
|
Closed | Julie Legendre |