[keycloak-user] Avoiding creating a new session when doing a prompt=login

John D. Ament john.d.ament at gmail.com
Thu Aug 24 06:53:03 EDT 2017 

Done, with possibly some additional info.  I'm going to debug into it a bit
more today to see what's happening.

https://issues.jboss.org/browse/KEYCLOAK-5326

John

On Thu, Aug 24, 2017 at 6:14 AM Marek Posolda <mposolda at redhat.com> wrote:

> Ok, that could be it. Could you please create JIRA for it? Or also send PR
> with test if possible? Some existing tests for prompt param are in
> OIDCAdvancedRequestParamsTest . It may be good to add new test here IMO.
>
>
> Marek
>
>
> On 24/08/17 12:05, John D. Ament wrote:
>
> Hi Marek,
>
> I'm on 3.2.0.
>
> It could be that the actual session id is the same, but other aspects of
> the session are being invalidated in this flow which ma explain what I'm
> seeing.  I am seeing a new keycloak session/identity cookie coming back,
> which seems to throw off the javascript adapter.
>
> John
>
> On Thu, Aug 24, 2017 at 5:34 AM Marek Posolda <mposolda at redhat.com> wrote:
>
>> Which version are you using? I think that in Keycloak 3.2 it won't
>> create new session, but connect to existing one. Feel free to create
>> JIRA if it doesn't work in this version.
>>
>> Marek
>>
>> On 23/08/17 18:24, John D. Ament wrote:
>> > Hi
>> >
>> > I have a use case where I need to prompt a user to enter credentials
>> during
>> > a sequence of events.  In this case, we're using keycloak's login
>> screen to
>> > capture the information and triggering it via the javascript adapter.
>> > Doing a prompt=login has an unfortunate side effect that the existing
>> > session gets rewritten.  This causes the adapter to begin failing, the
>> > refresh token and access token are no longer valid.  It seems that
>> there's
>> > no way to reinitialize the iframe after this occurs, and I'm not sure
>> > that's the best way to do it.
>> >
>> > Is there any way to have keycloak not create a new session in this flow?
>> >
>> > John
>> > _______________________________________________
>> > keycloak-user mailing list
>> > keycloak-user at lists.jboss.org
>> > https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>>
>>
>

More information about the keycloak-user mailing list