What's Actually Happening
Users get stuck in an infinite authentication loop when trying to log in to Keycloak. The browser keeps redirecting between Keycloak and the application.
The Error You'll See
```bash # Browser shows: Too many redirects (ERR_TOO_MANY_REDIRECTS)
# Or: Infinite redirect loop between /auth and /callback ```
Why This Happens
- 1.Cookie not set - SameSite or domain issue
- 2.Proxy misconfiguration - Wrong X-Forwarded headers
- 3.Redirect URI mismatch - Valid redirect URIs wrong
- 4.HTTPS mismatch - HTTP/HTTPS conflict
- 5.Session issue - Session not persisting
Step 1: Check Cookie Settings
```bash # In Keycloak admin console: # Realm Settings > Tokens > SSO Session Cookie
# Check cookie domain: # Set to parent domain: .example.com ```
Step 2: Fix Proxy Headers
```bash # In standalone.xml or domain.xml: <http-listener name="default" proxy-address-forwarding="true" />
# Or set environment: PROXY_ADDRESS_FORWARDING=true ```
Step 3: Check Redirect URIs
bash
# In client settings:
# Valid Redirect URIs: https://app.example.com/*
# Web Origins: https://app.example.comKeycloak Authentication Checklist
| Check | Setting | Expected |
|---|---|---|
| Cookie domain | .domain.com | Parent domain |
| Proxy headers | X-Forwarded-* | Correct |
| Redirect URIs | Valid URIs | Matching |
Verify the Fix
bash
# Login successfully
# No redirect loop
# Session persistsRelated Issues
- [Fix Keycloak Token Refresh Failed](/articles/fix-keycloak-token-refresh-failed)
- [Fix Keycloak Client Not Found](/articles/fix-keycloak-client-not-found)