[keycloak-user] Keycloak App Logs out in Under 1 Minute

Roger Turnau (US - Advisory) roger.turnau at pwc.com
Fri Apr 14 15:14:59 EDT 2017 

Kevin,

Thanks for getting back to me. Here are the answers, and a little bit of
clarification from further investigations:


   1. The realms are for two separate codebases with different keycloak
   configurations, but otherwise identical keycloak code.
   2. Nothing is showing up in the Keycloak logs. There are no server
   errors that I can see.
   3. We are not doing anything with checkLoginIFrame in our initialization
   code.

Looking under the hood at the Javascript adapter, we found that the token
was being revoked by the following code:

if (event.data != "unchanged") {
    kc.clearToken();
}

I notice that that happens in the message callback created when the
iframe is set up. I assume that means that setting checkLoginIFrame to
false in our configuration will fix the issue. Is that correct?

Thanks again,

Roger Turnau




On Fri, Apr 14, 2017 at 2:01 PM, Kevin Berendsen <
kevin.berendsen at pharmapartners.nl> wrote:

> Hello Roger,
>
> I have got a few questions to know a little more about your situation:
> * Is a single AngularJS app with multi-tenancy support or are there two
> codebases with identical code but different keycloak.json files?
> * Have you checked your loggings of Keycloak already to get to know where
> it possibly might go wrong? Loggings would be a major help and solve most
> of your issues.
> * Have you set the default checkLoginIframe from true to false in the
> init() method of the Keycloak JS Adapter?
>
> If you could answer these three questions, that'd be great to help you out
> further :) I ran into similar problems and hopefully I can solve your's as
> well.
>
> Kind regards,
>
> Kevin
>
> -----Oorspronkelijk bericht-----
> Van: keycloak-user-bounces at lists.jboss.org [mailto:keycloak-user-bounces@
> lists.jboss.org] Namens Roger Turnau (US - Advisory)
> Verzonden: vrijdag 14 april 2017 17:42
> Aan: keycloak-user <keycloak-user at lists.jboss.org>
> Onderwerp: [keycloak-user] Keycloak App Logs out in Under 1 Minute
>
> Hi all,
>
> I am experiencing a weird behavior where Keycloak immediately logs out a
> user who has just logged in. A few details:
>
>    - The Keycloak server has two realms. The issue only happens on one of
>    the realms. The other one works as expected.
>    - The configuration of both realms is pretty much identical.
>    - The login happens from an AngularJS app. The JS Keycloak code is
>    identical to the code that runs in the other realm's app.
>    - Keycloak has been working with almost no issues for a few months now.
>    This is a new behavior.
>    - I have examined the JWT token, and don't see anything unusual. The
>    "exp" claims and "iat" claims are giving the correct epoch time.
>
> The app will accept the bearer token, make its back-end REST calls, and
> then suddenly fall back to the login screen. Any ideas what might cause
> behavior like this?
>
> Thank you for your help,
>
> --
> *Roger Turnau*
>
> PwC | Manager - Advisory Financial Services
> Mobile: 850-228-2006
> Email: roger.turnau at pwc.com
> PricewaterhouseCoopers LLP
> 50 North Laura Street, Suite 3000, Jacksonville FL 32202
> http://www.pwc.com/us
>
> Save energy. Save a tree. Save the printing for something really important.
>
> ______________________________________________________________________
> The information transmitted, including any attachments, is intended only
> for the person or entity to which it is addressed and may contain
> confidential and/or privileged material. Any review, retransmission,
> dissemination or other use of, or taking of any action in reliance upon,
> this information by persons or entities other than the intended recipient
> is prohibited, and all liability arising therefrom is disclaimed. If you
> received this in error, please contact the sender and delete the material
> from any computer. PricewaterhouseCoopers LLP is a Delaware limited
> liability partnership.  This communication may come from
> PricewaterhouseCoopers LLP or one of its subsidiaries.
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>



-- 
*Roger Turnau*

PwC | Manager - Advisory Financial Services
Mobile: 850-228-2006
Email: roger.turnau at pwc.com
PricewaterhouseCoopers LLP
50 North Laura Street, Suite 3000, Jacksonville FL 32202
http://www.pwc.com/us

Save energy. Save a tree. Save the printing for something really important.

______________________________________________________________________
The information transmitted, including any attachments, is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited, and all liability arising therefrom is disclaimed. If you received this in error, please contact the sender and delete the material from any computer. PricewaterhouseCoopers LLP is a Delaware limited liability partnership.  This communication may come from PricewaterhouseCoopers LLP or one of its subsidiaries.

More information about the keycloak-user mailing list