[keycloak-user] Browser not maintaining session for keycloak users

keycloak demo testoauth55 at gmail.com
Fri Aug 24 03:04:31 EDT 2018 

Marek,

I tried one more thing today. Exported entire realm from Keycloak 3.4
server and imported it in 4.3 server *and I still see the same behavior
i.e. even with same realm , session is being maintained in keycloak 3.4,
whereas with same realm/config the keycloak 4.3 installation is not
maintaining session* (due to absence of KEYCLOAK_IDENTITY and
KEYCLOAK_SESSION cookie in case of 4.x)

(Again, both the keycloak 3.4.3 and 4.3.0 are on same machine. Client app
is also on same machine. Accessed from same browser. Realm + client is also
same in above test and yet the 2 installations show different behavior)

On Thu, Aug 23, 2018 at 3:34 PM keycloak demo <testoauth55 at gmail.com> wrote:

> Marek,
>
> Proxy/Load balancer are not being used and I am accessing keycloak
> directly. In fact both 3.4.3 version and 4.X version are running on same
> machine and are accessed through same browser locally via http://localhost:<port>/auth
> by apps.
>
> So the only difference the 2 instance(3.x and 4.x) have are different port
> numbers(which won't make any difference anyway.) and yet they show
> different behavior in terms of setting cookies.
>
> I assume the absence of KEYCLOAK_IDENTITY and KEYCLOAK_SESSION cookie
> would be the reason for session not getting maintained.
>
>
> On Thu, Aug 23, 2018 at 1:04 PM Marek Posolda <mposolda at redhat.com> wrote:
>
>> Hmm... in your post, I see that cookies KEYCLOAK_IDENTITY and
>> KEYCLOAK_SESSION are not present in Keycloak 4.X. Those are the cookies,
>> which are important for the automatic SSO re-authentication.
>>
>> Those cookies should be added by Keycloak after successful first
>> authentication. So at the moment, when you first authenticate and the page
>> "You may close this browser window and go back to your console
>> application.", the cookies should be there. BTV. Do you have Keycloak
>> behind some proxy/loadbalancer or are you accessing it directly? If you're
>> behind proxy/LB, could you try to access KEycloak host directly without any
>> proxy/LB involved in between?
>>
>> Marek
>>
>> On 23/08/18 07:25, keycloak demo wrote:
>>
>> Thanks Marek for the update,
>>
>> I understand that https://issues.jboss.org/browse/KEYCLOAK-5179
>> mentions the issue pertaining to message: "You are already logged in". But
>> will the second issue that I reported also be fixed in this bug?
>>
>> *Issue summary:*  When a user logs in he is shown the message: "You may
>> close this browser window and go back to your console application.". Now if
>> I open a new tab, the user should be logged in right? But he is shown the
>> login form again.
>>
>> This issue was not coming in Keycloak 3.4.3 and session was being
>> maintained by browser. But I found this issue on 4.1.0 and also on 4.3.0.
>> In the 4.x version I see a cookie *KC_RESTART* cookie instead of
>> *KC_SESSION* cookie in cookies section which might be the reason.
>>
>> *Here's the post containing complete details of above issue with
>> screenshots:*
>> https://stackoverflow.com/questions/51592647/keycloak-is-not-maintaining-session-in-browser
>>
>>
>>
>> On Tue, Aug 21, 2018 at 6:08 PM Marek Posolda <mposolda at redhat.com>
>> wrote:
>>
>>> We have opened JIRA for this:
>>> https://issues.jboss.org/browse/KEYCLOAK-5179 . Hopefully it's fixed
>>> relatively soon in one of the next releases.
>>>
>>> Marek
>>>
>>> On 17/08/18 07:47, keycloak demo wrote:
>>> > Update:
>>> >
>>> > Facing the same issue on keycloak 4.3.0.final. I have taken a fresh
>>> > instance of keycloak 4.3.0 and created just 2 users, but still facing
>>> the
>>> > same issue of browser not maintaining session.
>>> >
>>> > On Mon, Aug 13, 2018 at 12:10 PM, keycloak demo <testoauth55 at gmail.com
>>> >
>>> > wrote:
>>> >
>>> >> Can someone please help me on this issue?
>>> >>
>>> >> On Thu, Aug 9, 2018 at 9:51 AM, keycloak demo <testoauth55 at gmail.com>
>>> >> wrote:
>>> >>
>>> >>> Another update:
>>> >>>
>>> >>> Though the login form appears every time but if i login with a
>>> different
>>> >>> user the second time i.e. launch client app -> login with user1 ->
>>> relaunch
>>> >>> client app (browser shows login form instead of already logged in
>>> message)
>>> >>> -> now login with user2.
>>> >>>
>>> >>> I get following message:
>>> >>> " We're sorry...You are already authenticated as different user
>>> 'user1'
>>> >>> in this session. Please logout first."
>>> >>> If it's able to know another user is logged in, then why the login
>>> form
>>> >>> is appearing?
>>> >>>
>>> >>>
>>> >>> On Tue, Jul 31, 2018 at 4:58 PM, Test Oauth <testoauth55 at gmail.com>
>>> >>> wrote:
>>> >>>
>>> >>>> An update on my findings: When I checked developer console: I am
>>> getting
>>> >>>> KC_RESTART cookie in cookies section.
>>> >>>>
>>> >>>> On Tue, Jul 31, 2018 at 9:34 AM, Test Oauth <testoauth55 at gmail.com>
>>> >>>> wrote:
>>> >>>>
>>> >>>>> Yes sir,
>>> >>>>> I followed the doc  https://www.keycloak.org/docs/
>>> >>>>> latest/securing_apps/index.html#_installed_adapter. And am seeing
>>> the
>>> >>>>> same behavior on chrome and firefox.
>>> >>>>>
>>> >>>>> Also regarding the manual mode, I see the same behavior i.e I have
>>> to
>>> >>>>> re-login for each re-run of the client app.
>>> >>>>>
>>> >>>>> But if I do this:
>>> >>>>>
>>> >>>>> System.out.println("Login through manual mode");
>>> >>>>> keycloak.loginManual();
>>> >>>>> System.out.println("Login through browser");
>>> >>>>> keycloak.loginDesktop();
>>> >>>>>
>>> >>>>> i.e. if I call both modes in the same code or even same mode twice
>>> in
>>> >>>>> the same code, then I don't have to re-login for second call (in
>>> the above
>>> >>>>> example for loginDesktop). However when I re-run the application,
>>> I need to
>>> >>>>> re-login. This might be a stupid guess but could these sessions be
>>> "java
>>> >>>>> object specific"?
>>> >>>>>
>>> >>>>>
>>> >>>>> On Tue, Jul 31, 2018 at 6:14 AM, Dmitry Telegin <dt at acutus.pro>
>>> wrote:
>>> >>>>>
>>> >>>>>> Hi,
>>> >>>>>>
>>> >>>>>> Did you do everything in accordance with the docs?
>>> >>>>>> https://www.keycloak.org/docs/latest/securing_apps/index.htm
>>> >>>>>> l#_installed_adapter
>>> >>>>>>
>>> >>>>>> Do you experience this in "manual" mode too?
>>> >>>>>>
>>> >>>>>> Cheers,
>>> >>>>>> Dmitry Telegin
>>> >>>>>> CTO, Acutus s.r.o.
>>> >>>>>> Keycloak Consulting and Training
>>> >>>>>>
>>> >>>>>> Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
>>> >>>>>> +42 (022) 888-30-71
>>> >>>>>> E-mail: info at acutus.pro
>>> >>>>>>
>>> >>>>>> On Mon, 2018-07-30 at 16:08 +0530, Test Oauth wrote:
>>> >>>>>>> I am using openid-connect for authenticating users. After
>>> successful
>>> >>>>>>> authentication, browser windows says:
>>> >>>>>>> "Login Successful
>>> >>>>>>>
>>> >>>>>>> You may close this browser window and go back to your console
>>> >>>>>> application."
>>> >>>>>>> However, even without closing the window if I relaunch my
>>> application
>>> >>>>>>> (using keycloak.loginDesktop();) even within 10 seconds, still
>>> the
>>> >>>>>> login
>>> >>>>>>> page appears instead of : you are already logged in.
>>> >>>>>>>
>>> >>>>>>> Browser: Firefox.
>>> >>>>>>> _______________________________________________
>>> >>>>>>> keycloak-user mailing list
>>> >>>>>>> keycloak-user at lists.jboss.org
>>> >>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>> >>>>>
>>> > _______________________________________________
>>> > keycloak-user mailing list
>>> > keycloak-user at lists.jboss.org
>>> > https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>>
>>>
>>

More information about the keycloak-user mailing list