[keycloak-user] Conflicting logins with admin console
Kyle Swensson
kyle.swensson at tasktop.com
Tue Jun 13 19:56:30 EDT 2017
Hello,
(I have asked this question before to no avail, but the wording was poor so
I want to rephrase it in hopes of getting more help)
I am having an issue with conflicting logins from a user application and
the keycloak admin console
The issue arises when I authenticate on my user application as a basic
user, using Tomcat. Then, I navigate to the Keycloak Admin Console login
page on a different window. Despite being logged in as a basic user on my
user application, I am still shown the empty login page for the keycloak
admin console. After navigating to the Keycloak admin console login page,
my session on my user application becomes broken, and I'm not sure why. At
this point if I refresh the page containing my application I will find a
403 error in my console, however I can still access everything in my user
application normally. Additionally, for some reason I can no longer log out
from my session like i normally would (by hitting the authorization
endpoint), when I try to log out nothing happens. The only way that I can
get it out of this permanently logged in state is by going to "account" and
manually ending all of the sessions for my user. It may be worth noting
that I can also still log in to the admin console with a different user,
and use the admin console as normal while this is happening. If I log onto
the admin console while this is happening and look at all of the active
sessions, I can see that there is indeed still an active session for the
basic user using the user application. I assume that is the root of the
problem, but I'm not sure what's causing this to happen.
Setting the "Revoke Refresh Token" option in the keycloak admin console to
ON does prevent this from happening, however it also makes the rest of my
application become very buggy and slow so leaving that on isn't really a
viable option.
I'm wondering if this might be an actual bug with Keycloak, or if this is
just being caused by some configuration error on my side. I am currently
using Keycloak 2.3 for my application, but I have tried temporarily
upgrading to Keycloak 3.1 and that didn't help the issue.
More information about the keycloak-user
mailing list