[keycloak-dev] Provide a Link to go Back to The Application on a Timeout

Marek Posolda mposolda at redhat.com
Wed May 17 05:36:09 EDT 2017

We have the issue that after session timeout, the page "An error 
occurred, please login again through your application." can be shown. 
This is even worse when there is no link to go back to the application 
as users might be confused what to do. Details in 
https://issues.jboss.org/browse/KEYCLOAK-4016 .

This is already handled in many cases as when authentication session is 
expired, it is always restarted from the KC_RESTART cookie.

However there are still cases when this error is shown, which is when 
the restart from the cookie failed. This can happen when browser history 
(including cookies) was cleared or when user restarted the browser (as 
the KC_RESTART cookie is not persistent).

Some possibilities to solve:
1) Make the KC_RESTART cookie persistent. That will handle browser 
restart, however it won't handle the case when browser history is deleted

2) Add client-id to every link as Stefan Baust suggested. Then we can 
add the link to client base uri on the page. This is more work with the 
possibility of error-prone if we miss to add the client-id to some link. 
Also we will be able to provide the link just if client has "base-uri" 

3) Add the link to the account management application page. After 
successful login will be shown list of applications in account 
management and user can click to his favourite application. Message 
would need to be changed to something like "An error occurred, please 
login again through your application or go to the <link>list of 
applications<link> and select your application after login."

My preference is 3, 2, 1. WDYT? Any other ideas?


More information about the keycloak-dev mailing list