Can't get identity provider working


Our website is based on Nuxt.js and deployed to Netlify. Netlify domain is We have a couple of services, which are served on the same domain with the static website. We configured redirects in Netlify to the subdomain, where our Nginx routes to those services.

Yesterday we changed the indentity provider behind the website. It is Keycloak which is hosted on an AWS cluster. Login is used to access the Discourse forum. Nginx routes to the forum.

If you click on the login button there is an error

Authorization timed out, or you have switched browsers. Please try again.
The error in console is CSRF detected.

However, the error is not always reproduced. Sometimes login works perfectly fine. Moreover, we tried the forum without Netlify with some rules in Nginx and etc/hosts custom mapping on a computer and it worked as well.

We have 3 other forums which work with the same instance of Keycloak. Netlify is not used on those domains. They work without any errors.

Do you have any ideas how Netlify can cause that error?

Hi there, @cuba-platform-team :wave:

It looks like this thread has been a bit quiet! Sorry about that. Have you encountered this issue again since you posted this? If you have, what additional debugging steps have you taken?

Let us know!

Hi Hillary,

Thank you for your reply. We ended up moving our forum to a subdomain to avoid Netlify routing and it works fine.

We tried to set various Cache-Control headers, checked the logs, tried different Nginx tweaks, but haven’t achieved stable login process.

It looks like the problem is in inability to provide sticky sessions in CDN. It’s only our hypothesis, which we couldn’t confirm. Since the request can reach one node and end up on another one, it resulted in login error. When the first and the second node were the same, login was successful.
Since we don’t have detailed logs from Netlify, we couldn’t confirm it. But looks like a valid one.

Thanks for this context, @cuba-platform-team! I am glad that you found an interim solution. In terms of confirming your theory vs. uncovering a different cause, I will bring this up to my team.

Hey there, @cuba-platform-team

We do not have more information for you at this time. I am going to move this thread to the open talk channel so that other folks can chime in if something similar happens. Should this issue occur again in the future, please do not hesitate to follow up.

Thank you!