Webpage not available in Cordova Android app

Question

EDIT: I have been progressing through this problem and retracing all of my steps. I am happy to reduce the size of this question and get more to the exact details if it is confusing. Currently I am at the point where it seems like Keycloak only intends to redirect me to https://, which should be a Wildfly server configuration issue, as far as I can tell.

EDIT: I reduced my question, but this introduced confusion, so I rollbacked the question to what it was originally, the most relevant parts are at the bottom though, where I will note this

I am tearing my hair out trying to figure out what might be causing this problem.

I've got the following error message on a simulator in Android studio:

I am using the identity management system Keycloak - I'll get back to that in a bit.

I have tried changing my CSP to be very permissive:

  <meta http-equiv="Content-Security-Policy" content="default-src *; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-eval' 'unsafe-inline'; media-src *; img-src 'self' * data:"
  />

I have installed inappbrowser, I have set my intents and allow-navigations pretty liberally in my config.xml:

<allow-intent href="http://*/*" />
<allow-intent href="https://*/*" />
<allow-intent href="tel:*" />
<allow-intent href="sms:*" />
<allow-intent href="mailto:*" />
<allow-intent href="geo:*" />
<allow-intent href="gap://*" />
<allow-intent href="APPNAMEHERE://*/*" />
<allow-intent href="fb://*/*" />
<allow-intent href="http://stage.APPNAMEHERE.com://*/*" />
<allow-intent href="https://stage.APPNAMEHERE.com://*/*" />
<allow-navigation href="https://localhost/*"/>
<allow-navigation href="http://localhost/*"/>
<preference name="Hostname" value="localhost" />
<preference name="Scheme" value="https" />
<preference name="MixedContentMode" value="0" />
<access origin="*" />
<allow-navigation href="*" />
<allow-navigation href="localhost://*/*" />
<allow-navigation href="APPNAME://*/*" />
<allow-navigation href="fb://*/*" />
<allow-intent href="*" />
<allow-navigation href="*" />
<allow-intent href="http://*/*" />
<allow-intent href="https://*/*" />
<allow-intent href="*" />

Basically I have tried to make this app as permissive as possible, and still no luck authenticating.

But there's something weirder.

I have another, completely unrelated app, but which also uses this same identity management system. I decided, on a lark, because I was desperate to try connecting against that service here, and it works flawlessly - no issues.

I tried exporting the client from the other Keycloak (a bunch of configuration settings) and using them with minor changes, and no dice. Still the same error.

I am just about tearing my hair out at this point, I've been continuously trying different things and clicking "login" for hours with the exact same result.

What could possibly be preventing me from logging in?

Note, there's an iOS app that works perfectly on this same setup, so it's not the setup.

I'm connecting via OIDC, if that helps anyone.

I'm sorry I can't provide more information, I wish I could find something, anything to grasp at, but I'm completely lost here, it just seems to not be able to find localhost, no matter what I try.

Android console (there is nothing special I am seeing in the Chrome inspector):

2019-08-31 10:56:42.002 12062-12191/com.companyname.appname D/InAppBrowser: target = _blank
2019-08-31 10:56:42.003 12062-12062/com.companyname.appname D/InAppBrowser: in blank
2019-08-31 10:56:42.054 12062-12164/com.companyname.appname E/eglCodecCommon: glUtilsParamSize: unknow param 0x000088ef
2019-08-31 10:56:42.054 12062-12164/com.companyname.appname E/eglCodecCommon: glUtilsParamSize: unknow param 0x000088ef
2019-08-31 10:56:42.168 12062-12170/com.companyname.appname D/EGL_emulation: eglMakeCurrent: 0xf0677ba0: ver 3 0 (tinfo 0xd6778770)
2019-08-31 10:56:42.325 12062-12170/com.companyname.appname D/EGL_emulation: eglMakeCurrent: 0xf0677ba0: ver 3 0 (tinfo 0xd6778770)
2019-08-31 10:56:42.501 12062-12170/com.companyname.appname D/EGL_emulation: eglMakeCurrent: 0xf0677ba0: ver 3 0 (tinfo 0xd6778770)

Note, I have replaced the company name of the company this is for with "companyname" and the app name with "appname"

EDIT:

I am also noticing this error when trying a very basic keycloak implementation (the toy example here: https://github.com/keycloak/keycloak/blob/master/examples/cordova/www/index.html ) on my front end:

keycloak.js:1000 Uncaught (in promise) undefined
setError    @   keycloak.js:1000
(anonymous) @   keycloak.js:1261
Channel.fire    @   cordova.js:840
_eventHandler   @   inappbrowser.js:53
cb  @   inappbrowser.js:118
callbackFromNative  @   cordova.js:290
(anonymous) @   VM68:1

The code in question, in keycloak.js, pertains to creating a native promise:

function createNativePromise() {
    // Need to create a native Promise which also preserves the
    // interface of the custom promise type previously used by the API
    var p = {
        setSuccess: function(result) {
            p.success = true;
            p.resolve(result);
        },

        setError: function(result) {
            p.success = false;
            p.reject(result);
        }
    };

Could it possibly be related to inappbrowser?

ACTUAL RELEVANT PART OF THE QUESTION

EDIT 2: Digging deeper down...

The error is getting thrown here.

So my guess is that it's due to my redirect url somehow being https://localhost rather than http://localhost , as this is what my redirect URI is.

                ref.addEventListener('loaderror', function(event) {
                    if (!completed) {
                        if (event.url.indexOf('http://localhost') == 0) {
                            var callback = parseCallback(event.url);
                            processCallback(callback, promise);
                            closeBrowser();
                            completed = true;
                        } else {
                            promise.setError();
                            closeBrowser();
                        }
                    }
                });

https://localhost/#state=3bc5b8e8-ee17-4c78-861c-6fa62f5e353b&session_state=43d5518d-c278-4245-b181-899783fd2c6b&code=8e50a9c0-d1a6-4ecd-8e91-e85d92350900.43d5518d-c278-4245-b181-899783fd2c6b.863570ca-9c62-41a5-97bb-33880fe6c62d

Even when trying:

keycloak.init({ onLoad: "check-sso", redirectUri: "http://localhost" })

I am still getting the redirect uri of https:// above, which I am strongly thinking is responsible for my error.

My strong guess at this point is that this may be related to a Keycloak (which uses Wildfly) configuration setting.

Here is my server setup in Wildfly:

        <server name="default-server">
            <http-listener name="default" socket-binding="http" redirect-socket="http" proxy-address-forwarding="true" enable-http2="true"/>
            <https-listener name="https" socket-binding="https" security-realm="ApplicationRealm" enable-http2="true"/>
            <host name="default-host" alias="localhost">
                <location name="/" handler="welcome-content"/>
                <http-invoker security-realm="ApplicationRealm"/>
            </host>
        </server>

Answer 1

I don't understand why do you think that could be due to a wildfly configuration...

Check please and provide more info:

• Trace your request from Cordova to Keycloak
• What redirect_uri parameter is sent/requested?
• You can try enabling audit like this audit configuration to check the "redirect_uri" parameter.

Keycloak receives a request with a valid redirect uri and then if you are a valid user and the redirect uri received matches with your client configuration... your app will be redirected to your requested redirect_uri.

• Check your client and realm configuration ( example realm configuration for cordova apps )

Edited 1: about your wildfly standalone.xml : As I said before in comments, your http-listener attribute reditect-socket=“http” is a mistake. If you want to enable redirection to https replace “http” by “https”. Otherwise remove it.

Attribute “proxy-address-forwarding” must to be used only when your keycloak are behind a reverse proxy (use of x-forwarded-* headers).

---

I tested with Keycloak v6.0.1 and it works. It redirect to ' http://localhost '.

Some points to take in mind:

• don't work with platform 'browser' (use 'android')
• adding 'inappbrowser' and 'whitelist' plugins
• try with a new emulator/runtime instance.
• don't tried with an external identity provider

Tested with Keycloak v6.0.1

Steps that I followed to do a test with sample project:

1. Download Keycloak source from github source
2. Install last version of Android Studio and Gradle (add to PATH)
3. Go to directory 'keycloak/examples/cordova'
4. Download 'keycloak.js' from your Keycloak instance (eg. ' https://yourdomain:port/auth/js/keycloak.js ') and put in directory 'keycloak/examples/cordova/www'
5. Open your emulator from Android Studio (install your runtime eg. 'Pixel 2 Api 29').
6. Configure your realm 'example' (import new realm from file: 'keycloak/examples/cordova/example-realm.json')
7. Run commands:

mkdir platforms plugins
cordova plugin add cordova-plugin-inappbrowser
cordova plugin add cordova-plugin-whitelist
cordova platform add android
cordova build android
cordova run android

PS: If you have some public test instance to check with it or

Answer 2

You'd likely need cordova-plugin-http2 or Cordova Advanced HTTP 2 , because of enable-http2="true" , the server wants to negotiate HTTP2 . Setting enable-http2="false" would possibly circumvent the problem.