[keycloak-user] Logged out of admin console after a short period of time
Bill Burke
bburke at redhat.com
Thu Sep 11 09:13:07 EDT 2014
Have you run on an earlier version of Keycloak before installing
1.0-final? The automatic logout was a problem that stian put some fixes
in before the 1.0-final release...
...So maybe clearing your browser cache might help?
On 9/11/2014 3:58 AM, Stian Thorgersen wrote:
> I've tried to replicate this without luck.
>
> The default timeouts are:
>
> * SSO Session Idle Timeout: 5 min
> * SSO Session Max Lifespan: 10 hours
> * Access Token Lifespan: 1 min
>
> Are these the numbers you are using? With these numbers the access token expires after 1 min. When the access token has expired it will try to retrieve a new token using the refresh token. If there are no requests to refresh the token for that session within 5 min the session will expire. Basically there's the minimum time you can get logged out after is 4 min (SSO Session Idle Timeout - Access Token Lifespan).
>
> ----- Original Message -----
>> From: "Joshua Bellamy-Henn" <josh at psidox.com>
>> To: keycloak-user at lists.jboss.org
>> Sent: Thursday, 11 September, 2014 7:22:44 AM
>> Subject: [keycloak-user] Logged out of admin console after a short period of time
>>
>> Version: 1.0-final
>> Setup: Keycloak behind a reverse proxy
>>
>> Currently after logging in to the Admin Console it seems that after 1-2
>> minute I am getting booted back to the login page. I am using default
>> timeout settings so it's odd that I am getting kicked out before the 10
>> minute session timeout.
>>
>> Checking the logs after this occurs, I am seeing the following warn:
>>
>>
>>
>> 2014-09-11 05:20:05,025 WARN [org.jboss.resteasy.core.ExceptionHandler]
>> (default task-123) Failed executing GET
>> /admin/realms/abc/applications/website/session-count:
>> org.jboss.resteasy.spi.UnauthorizedException: Bearer
>>
>> at
>> org.keycloak.services.resources.admin.AdminRoot.authenticateRealmAdminRequest(AdminRoot.java:153)
>> [keycloak-services-1.0-final.jar:]
>>
>> at
>> org.keycloak.services.resources.admin.AdminRoot.getRealmsAdmin(AdminRoot.java:184)
>> [keycloak-services-1.0-final.jar:]
>>
>> at sun.reflect.GeneratedMethodAccessor24.invoke(Unknown Source) [:1.7.0_60]
>>
>> at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>> [rt.jar:1.7.0_60]
>>
>> at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_60]
>>
>> at
>> org.jboss.resteasy.core.ResourceLocatorInvoker.createResource(ResourceLocatorInvoker.java:81)
>> [resteasy-jaxrs-3.0.8.Final.jar:]
>>
>> at
>> org.jboss.resteasy.core.ResourceLocatorInvoker.createResource(ResourceLocatorInvoker.java:60)
>> [resteasy-jaxrs-3.0.8.Final.jar:]
>>
>> at
>> org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:102)
>> [resteasy-jaxrs-3.0.8.Final.jar:]
>>
>> at
>> org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:356)
>> [resteasy-jaxrs-3.0.8.Final.jar:]
>>
>> at
>> org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)
>> [resteasy-jaxrs-3.0.8.Final.jar:]
>>
>> at
>> org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)
>> [resteasy-jaxrs-3.0.8.Final.jar:]
>>
>> at
>> org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
>> [resteasy-jaxrs-3.0.8.Final.jar:]
>>
>> at
>> org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
>> [resteasy-jaxrs-3.0.8.Final.jar:]
>>
>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
>> [jboss-servlet-api_3.1_spec-1.0.0.Final.jar:1.0.0.Final]
>>
>> at
>> io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
>> [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
>>
>> at
>> io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:130)
>> [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
>>
>> at
>> org.keycloak.services.filters.ClientConnectionFilter.doFilter(ClientConnectionFilter.java:41)
>> [keycloak-services-1.0-final.jar:]
>>
>> at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)
>> [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
>>
>> at
>> io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132)
>> [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
>>
>> at
>> org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:40)
>> [keycloak-services-1.0-final.jar:]
>>
>> at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)
>> [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
>>
>> at
>> io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132)
>> [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
>>
>> at
>> io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:85)
>> [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
>>
>> at
>> io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:61)
>> [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
>>
>> at
>> io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
>> [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
>>
>> at
>> org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
>>
>> at
>> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25)
>> [undertow-core-1.0.15.Final.jar:1.0.15.Final]
>>
>> at
>> io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:113)
>> [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
>>
>> at
>> io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:56)
>> [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
>>
>> at
>> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25)
>> [undertow-core-1.0.15.Final.jar:1.0.15.Final]
>>
>> at
>> io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:45)
>> [undertow-core-1.0.15.Final.jar:1.0.15.Final]
>>
>> at
>> io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:61)
>> [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
>>
>> at
>> io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58)
>> [undertow-core-1.0.15.Final.jar:1.0.15.Final]
>>
>> at
>> io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:70)
>> [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
>>
>> at
>> io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76)
>> [undertow-core-1.0.15.Final.jar:1.0.15.Final]
>>
>> at
>> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25)
>> [undertow-core-1.0.15.Final.jar:1.0.15.Final]
>>
>> at
>> org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
>>
>> at
>> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25)
>> [undertow-core-1.0.15.Final.jar:1.0.15.Final]
>>
>> at
>> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25)
>> [undertow-core-1.0.15.Final.jar:1.0.15.Final]
>>
>> at
>> io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:240)
>> [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
>>
>> at
>> io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:227)
>> [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
>>
>> at
>> io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:73)
>> [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
>>
>> at
>> io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:146)
>> [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
>>
>> at io.undertow.server.Connectors.executeRootHandler(Connectors.java:177)
>> [undertow-core-1.0.15.Final.jar:1.0.15.Final]
>>
>> at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:727)
>> [undertow-core-1.0.15.Final.jar:1.0.15.Final]
>>
>> at
>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
>> [rt.jar:1.7.0_60]
>>
>> at
>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
>> [rt.jar:1.7.0_60]
>>
>> at java.lang.Thread.run(Thread.java:745) [rt.jar:1.7.0_60]
>>
>>
>>
>>
>> Any ideas what's going wrong?
>>
>> Thanks,
>>
>> Josh
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-user
mailing list