Getting 419 after KK OIDC #2901

New Issue

OVERLORD · 2026-02-05T05:40:06+03:00

OVERLORD commented

2026-02-05 05:40:06 +03:00

Originally created by @mv-yurchenko on GitHub (Jul 12, 2022).

Describe the Bug

After deploying to k8s getting 419 error from url https://wiki/oidc/login when returns from OIDC.

Steps to Reproduce

Connect KK to BS with OIDC
Deploy to k8s with deployment
Try to login

Expected Behaviour

Successful logic

Screenshots or Additional Context

No response

Browser Details

No response

Exact BookStack Version

22.06.2

PHP Version

No response

Hosting Environment

Kubernetes (docker)

Originally created by @mv-yurchenko on GitHub (Jul 12, 2022). ### Describe the Bug After deploying to k8s getting 419 error from url `https://wiki/oidc/login` when returns from OIDC. ### Steps to Reproduce 1. Connect KK to BS with OIDC 2. Deploy to k8s with deployment 3. Try to login ### Expected Behaviour Successful logic ### Screenshots or Additional Context _No response_ ### Browser Details _No response_ ### Exact BookStack Version 22.06.2 ### PHP Version _No response_ ### Hosting Environment Kubernetes (docker)

OVERLORD added the 🐛 Bug label 2026-02-05 05:40:06 +03:00

OVERLORD closed this issue

2026-02-05 05:40:08 +03:00

OVERLORD commented

2026-02-05 05:40:11 +03:00

@ssddanbrown commented on GitHub (Jul 12, 2022):

Such an error will usually indicate loss of cookies leading to a loss of session management.
Are you doing anything at any of the networking layers (Especially reverse proxy if involved) to alter HTTP headers or add security controls?

@ssddanbrown commented on GitHub (Jul 12, 2022): Such an error will usually indicate loss of cookies leading to a loss of session management. Are you doing anything at any of the networking layers (Especially reverse proxy if involved) to alter HTTP headers or add security controls?

OVERLORD commented

2026-02-05 05:40:18 +03:00

@mv-yurchenko commented on GitHub (Jul 14, 2022):

I am not editing headers just using application load balancer (just route traffic on L3)

@mv-yurchenko commented on GitHub (Jul 14, 2022): I am not editing headers just using application load balancer (just route traffic on L3)

OVERLORD commented

2026-02-05 05:40:25 +03:00

@ssddanbrown commented on GitHub (Jul 14, 2022):

Okay, thinking further, I can only assume some misconfiguration is at play somewhere, likely on the keycloak side?
A 419 response would only generally occur on a POST request, not a GET request like what would be expected on the redirect back to BookStack. Is the BookStack client definitely set to use OIDC in keycloak? I'd expect a POST request if SAML2 was in use.

@ssddanbrown commented on GitHub (Jul 14, 2022): Okay, thinking further, I can only assume some misconfiguration is at play somewhere, likely on the keycloak side? A 419 response would only generally occur on a POST request, not a GET request like what would be expected on the redirect back to BookStack. Is the BookStack client definitely set to use OIDC in keycloak? I'd expect a POST request if SAML2 was in use.

OVERLORD commented

2026-02-05 05:40:28 +03:00

@ssddanbrown commented on GitHub (Jul 23, 2022):

Since there's been no follow-up I'm going to close this. If the issue remains and is something you still require to be fixed respond to my previous comment and this can then be re-opened.

@ssddanbrown commented on GitHub (Jul 23, 2022): Since there's been no follow-up I'm going to close this. If the issue remains and is something you still require to be fixed respond to my previous comment and this can then be re-opened.

Sign in to join this conversation.

Branches Tags

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#2901