[keycloak-user] How explicitly enable session management in Keycloak?
Stian Thorgersen
sthorger at redhat.com
Fri Feb 3 03:47:29 EST 2017
There's some fixes to the RP iframe coming in 2.5.4 which will be out in a
week or two. There was an issue with it expecting a "session_state" value
that wasn't equal to the value from the tokens.
You can try building master if you'd like to try it out in advance.
On 1 February 2017 at 16:59, Known Michael <known.michael at gmail.com> wrote:
> Hey,
>
> I use mod_auth_openidc version "2.1.2", Keycloak version “2.4.0”
>
> I was not able to implement the session management using OP and RP frames
> as described here:
>
> https://github.com/pingidentity/mod_auth_openidc/wiki/Session-Management
>
> I see in mod_auth_openidc logs the following:
>
> [Wed Feb 01 14:12:54 2017] [debug] src/mod_auth_openidc.c(1556): [client
> 192.168.111.33] oidc_save_in_session: session management disabled:
> session_state ((null)) and/or check_session_iframe (
> https://localhost/auth/realms/realm/protocol/openid-connect/
> login-status-iframe.html)
> is not provided, referer:
> https://192.168.110.2/auth/realms/realm/protocol/openid-
> connect/auth?response_type=code&scope=openid&client_id=
> httpd_192.168.110.2&state=i1YQ39FbBLSCTRyIgEN-F9CdDH4&
> redirect_uri=https%3A%2F%2F192.168.110.2%2Fprotected%
> 2Fredirect_uri&nonce=0VJ7AO-QBaxVaUBL9goen7muN4Oka1dP_1iPEQ43o-M
>
> It looks like the session management is disabled because the Provider did
> not return a session_state parameter in the authentication response (which
> in its turn can be verified via the referer URL in the same log entry) as
> the spec dictates:
> https://openid.net/specs/openid-connect-session-1_0.
> html#CreatingUpdatingSessions
>
> How should I configure explicitly enable session management in Keycloak?
> It should starts returning session_state in the authentication responses.
>
> I see that it is implemented already
> https://issues.jboss.org/browse/KEYCLOAK-451 but probably I miss
> something.
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list