我在keycloak v1.5.0.Final/Internet Explorer 11上遇到了同样的问题，最后弄清楚了发生了什么.

I had the same problem with keycloak v1.5.0.Final / Internet Explorer 11, and finally figured out what is going on.

在Keycloak的init方法中使用需要登录"或"check-sso"模式时，

When using modes 'login-required' or 'check-sso' in Keycloak's init method, Keycloak Javascript Adapter sets an iframe that checks at timed intervals that user is authenticated.

此iframe是从keycloak的服务器中检索的(假设为http(s)://yourkeycloakhost:port):

This iframe is retrieved from keycloak's server (let's say http(s)://yourkeycloakhost:port):

http(s)://yourkeycloakhost:port/auth/realms/yourrealm/protocol/openid-connect/login-status-iframe.html?client_id=yourclientid&origin=http(s)://yourorigin

及其内容是一个Javascript脚本，应该能够访问先前由keycloak进行身份验证时设置的KEYCLOAK_SESSION cookie(在同一域，即http(s)://yourkeycloakhost:port).

and its content is a javascript script which should be able to access KEYCLOAK_SESSION cookie previously set by keycloak on authentication (on the same domain ie http(s)://yourkeycloakhost:port).

是的！这是Internet Explorer的问题，Internet Explorer对iframe和Cookie具有严格的政策.实际上，由于其

Yes! Here is the problem with Internet Explorer, which has a strict policy with iframes and cookies. Actually, the keycloak iframe does NOT have access to the yourkeycloakhost domain cookies due to its P3P policy (Microsoft Internet Explorer is the only major browser to support P3P).

此问题已在此***问题中得到很好的描述

解决方案是使Internet Explorer信任使用cookie的密钥斗篷域(yourkeycloakhost)，以便iframe能够读取KEYCLOAK_SESSION cookie值并将其注册到其数据中.

The solution is to make Internet Explorer trust our keycloak's domain (yourkeycloakhost) for using cookies, so that the iframe is able to read the KEYCLOAK_SESSION cookie value, and register it in its data.

为此，您的密钥隐藏服务器必须在HTTP响应标头后附加P3P信息.您可以使用始终设置适当标头的apache或nginx代理来做到这一点.我是用apache做的，它是mod_headers模块:

To do that, your keycloak server must append HTTP response header with P3P information. You can do that with an apache or nginx proxy that will always set proper headers. I did that with apache and it's mod_headers module:

Header always set P3P "CP=ALL DSP COR CUR ADM PSA CONi OUR SAM OTR UNR LEG"

您可以通过 W3C 了解更多有关P3P的信息，并/或通过验证您的P3P政策href ="http://p3pvalidatortool.com" rel ="noreferrer"> P3P验证器.

You can learn more on P3P with W3C and/or validate your P3P Policy with this P3P validator.

您可以查看keycloak的iframe代码:

You can have a look at keycloak's iframe code :

var cookie = getCookie('KEYCLOAK_SESSION');
if (cookie) {
    data.loggedIn = true;
    data.session = cookie;
}

现在，Internet Explorer可以正确检索域yourkeycloakhost上的cookie，并且此问题已解决！

Now the cookie on domain yourkeycloakhost is retrieved correctly by Internet Explorer, and the problem is fixed!