[keycloak-user] Conflicting logins with admin console

Kyle Swensson kyle.swensson at tasktop.com
Thu Jun 15 13:29:00 EDT 2017


Hi,

We have set up a user client on a seperate realm that is not master that
all users for that realm can access, which is where we have our user
application and we have also set up an additional client for a user
administration console on that (non-master) realm. However, the problem
occurs when we log into the user client on the non-master realm at the same
time as we log into the default admin console on the master realm, so our
problem involes 2 seperate realms.

The latest Keycloak master is Keycloak 3.10.Final right? I have tried
upgrading to that, and the issue was still occurring.

Thanks,
Kyle

On Thu, Jun 15, 2017 at 12:10 AM, Marek Posolda <mposolda at redhat.com> wrote:

> Hi,
>
> I guess you're using same realm 'master' for both your application and
> admin console. Can you try to use different realm for your application and
> see if it helps? Also can you try to upgrade to latest Keycloak master and
> see if it helps?
>
> Marek
>
>
> On 14/06/17 01:56, Kyle Swensson wrote:
>
>> Hello,
>>
>>
>> (I have asked this question before to no avail, but the wording was poor
>> so
>> I want to rephrase it in hopes of getting more help)
>>
>> I am having an issue with conflicting logins from a user application and
>> the keycloak admin console
>>
>> The issue arises when I authenticate on my user application as a basic
>> user, using Tomcat. Then, I navigate to the Keycloak Admin Console login
>> page on a different window. Despite being logged in as a basic user on my
>> user application, I am still shown the empty login page for the keycloak
>> admin console. After navigating to the Keycloak admin console login page,
>> my session on my user application becomes broken, and I'm not sure why. At
>> this point if I refresh the page containing my application I will find a
>> 403 error in my console, however I can still access everything in my user
>> application normally. Additionally, for some reason I can no longer log
>> out
>> from my session like i normally would (by hitting the authorization
>> endpoint), when I try to log out nothing happens. The only way that I can
>> get it out of this permanently logged in state is by going to "account"
>> and
>> manually ending all of the sessions for my user. It may be worth noting
>> that I can also still log in to the admin console with a different user,
>> and use the admin console as normal while this is happening. If I log onto
>> the admin console while this is happening and look at all of the active
>> sessions, I can see that there is indeed still an active session for the
>> basic user using the user application. I assume that is the root of the
>> problem, but I'm not sure what's causing this to happen.
>>
>> Setting the "Revoke Refresh Token" option in the keycloak admin console to
>> ON does prevent this from happening, however it also makes the rest of my
>> application become very buggy and slow so leaving that on isn't really a
>> viable option.
>>
>> I'm wondering if this might be an actual bug with Keycloak, or if this is
>> just being caused by some configuration error on my side. I am currently
>> using Keycloak 2.3 for my application, but I have tried temporarily
>> upgrading to Keycloak 3.1 and that didn't help the issue.
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>
>


--


More information about the keycloak-user mailing list