[keycloak-user] Browser not maintaining session for keycloak users

keycloak demo testoauth55 at gmail.com
Fri Aug 24 04:05:54 EDT 2018


Thanks Marek,

Raised the following issue: https://issues.jboss.org/browse/KEYCLOAK-8137


On Fri, Aug 24, 2018 at 12:53 PM Marek Posolda <mposolda at redhat.com> wrote:

> Hi,
>
> it seems this may be a bug. Please create JIRA, ideally with reliable
> steps to reproduce and your application attached.
>
> Marek
>
> On 24/08/18 09:04, keycloak demo wrote:
>
> Marek,
>
> I tried one more thing today. Exported entire realm from Keycloak 3.4
> server and imported it in 4.3 server *and I still see the same behavior
> i.e. even with same realm , session is being maintained in keycloak 3.4,
> whereas with same realm/config the keycloak 4.3 installation is not
> maintaining session* (due to absence of KEYCLOAK_IDENTITY and
> KEYCLOAK_SESSION cookie in case of 4.x)
>
> (Again, both the keycloak 3.4.3 and 4.3.0 are on same machine. Client app
> is also on same machine. Accessed from same browser. Realm + client is also
> same in above test and yet the 2 installations show different behavior)
>
> On Thu, Aug 23, 2018 at 3:34 PM keycloak demo <testoauth55 at gmail.com>
> wrote:
>
>> Marek,
>>
>> Proxy/Load balancer are not being used and I am accessing keycloak
>> directly. In fact both 3.4.3 version and 4.X version are running on same
>> machine and are accessed through same browser locally via
>> http://localhost:<port>/auth  by apps.
>>
>> So the only difference the 2 instance(3.x and 4.x) have are different
>> port numbers(which won't make any difference anyway.) and yet they show
>> different behavior in terms of setting cookies.
>>
>> I assume the absence of KEYCLOAK_IDENTITY and KEYCLOAK_SESSION cookie
>> would be the reason for session not getting maintained.
>>
>>
>> On Thu, Aug 23, 2018 at 1:04 PM Marek Posolda <mposolda at redhat.com>
>> wrote:
>>
>>> Hmm... in your post, I see that cookies KEYCLOAK_IDENTITY and
>>> KEYCLOAK_SESSION are not present in Keycloak 4.X. Those are the cookies,
>>> which are important for the automatic SSO re-authentication.
>>>
>>> Those cookies should be added by Keycloak after successful first
>>> authentication. So at the moment, when you first authenticate and the page
>>> "You may close this browser window and go back to your console
>>> application.", the cookies should be there. BTV. Do you have Keycloak
>>> behind some proxy/loadbalancer or are you accessing it directly? If you're
>>> behind proxy/LB, could you try to access KEycloak host directly without any
>>> proxy/LB involved in between?
>>>
>>> Marek
>>>
>>> On 23/08/18 07:25, keycloak demo wrote:
>>>
>>> Thanks Marek for the update,
>>>
>>> I understand that https://issues.jboss.org/browse/KEYCLOAK-5179
>>> mentions the issue pertaining to message: "You are already logged in". But
>>> will the second issue that I reported also be fixed in this bug?
>>>
>>> *Issue summary:*  When a user logs in he is shown the message: "You may
>>> close this browser window and go back to your console application.". Now if
>>> I open a new tab, the user should be logged in right? But he is shown the
>>> login form again.
>>>
>>> This issue was not coming in Keycloak 3.4.3 and session was being
>>> maintained by browser. But I found this issue on 4.1.0 and also on 4.3.0.
>>> In the 4.x version I see a cookie *KC_RESTART* cookie instead of
>>> *KC_SESSION* cookie in cookies section which might be the reason.
>>>
>>> *Here's the post containing complete details of above issue with
>>> screenshots:*
>>> https://stackoverflow.com/questions/51592647/keycloak-is-not-maintaining-session-in-browser
>>>
>>>
>>>
>>> On Tue, Aug 21, 2018 at 6:08 PM Marek Posolda <mposolda at redhat.com>
>>> wrote:
>>>
>>>> We have opened JIRA for this:
>>>> https://issues.jboss.org/browse/KEYCLOAK-5179 . Hopefully it's fixed
>>>> relatively soon in one of the next releases.
>>>>
>>>> Marek
>>>>
>>>> On 17/08/18 07:47, keycloak demo wrote:
>>>> > Update:
>>>> >
>>>> > Facing the same issue on keycloak 4.3.0.final. I have taken a fresh
>>>> > instance of keycloak 4.3.0 and created just 2 users, but still facing
>>>> the
>>>> > same issue of browser not maintaining session.
>>>> >
>>>> > On Mon, Aug 13, 2018 at 12:10 PM, keycloak demo <
>>>> testoauth55 at gmail.com>
>>>> > wrote:
>>>> >
>>>> >> Can someone please help me on this issue?
>>>> >>
>>>> >> On Thu, Aug 9, 2018 at 9:51 AM, keycloak demo <testoauth55 at gmail.com
>>>> >
>>>> >> wrote:
>>>> >>
>>>> >>> Another update:
>>>> >>>
>>>> >>> Though the login form appears every time but if i login with a
>>>> different
>>>> >>> user the second time i.e. launch client app -> login with user1 ->
>>>> relaunch
>>>> >>> client app (browser shows login form instead of already logged in
>>>> message)
>>>> >>> -> now login with user2.
>>>> >>>
>>>> >>> I get following message:
>>>> >>> " We're sorry...You are already authenticated as different user
>>>> 'user1'
>>>> >>> in this session. Please logout first."
>>>> >>> If it's able to know another user is logged in, then why the login
>>>> form
>>>> >>> is appearing?
>>>> >>>
>>>> >>>
>>>> >>> On Tue, Jul 31, 2018 at 4:58 PM, Test Oauth <testoauth55 at gmail.com>
>>>> >>> wrote:
>>>> >>>
>>>> >>>> An update on my findings: When I checked developer console: I am
>>>> getting
>>>> >>>> KC_RESTART cookie in cookies section.
>>>> >>>>
>>>> >>>> On Tue, Jul 31, 2018 at 9:34 AM, Test Oauth <testoauth55 at gmail.com
>>>> >
>>>> >>>> wrote:
>>>> >>>>
>>>> >>>>> Yes sir,
>>>> >>>>> I followed the doc  https://www.keycloak.org/docs/
>>>> >>>>> latest/securing_apps/index.html#_installed_adapter. And am seeing
>>>> the
>>>> >>>>> same behavior on chrome and firefox.
>>>> >>>>>
>>>> >>>>> Also regarding the manual mode, I see the same behavior i.e I
>>>> have to
>>>> >>>>> re-login for each re-run of the client app.
>>>> >>>>>
>>>> >>>>> But if I do this:
>>>> >>>>>
>>>> >>>>> System.out.println("Login through manual mode");
>>>> >>>>> keycloak.loginManual();
>>>> >>>>> System.out.println("Login through browser");
>>>> >>>>> keycloak.loginDesktop();
>>>> >>>>>
>>>> >>>>> i.e. if I call both modes in the same code or even same mode
>>>> twice in
>>>> >>>>> the same code, then I don't have to re-login for second call (in
>>>> the above
>>>> >>>>> example for loginDesktop). However when I re-run the application,
>>>> I need to
>>>> >>>>> re-login. This might be a stupid guess but could these sessions
>>>> be "java
>>>> >>>>> object specific"?
>>>> >>>>>
>>>> >>>>>
>>>> >>>>> On Tue, Jul 31, 2018 at 6:14 AM, Dmitry Telegin <dt at acutus.pro>
>>>> wrote:
>>>> >>>>>
>>>> >>>>>> Hi,
>>>> >>>>>>
>>>> >>>>>> Did you do everything in accordance with the docs?
>>>> >>>>>> https://www.keycloak.org/docs/latest/securing_apps/index.htm
>>>> >>>>>> l#_installed_adapter
>>>> >>>>>>
>>>> >>>>>> Do you experience this in "manual" mode too?
>>>> >>>>>>
>>>> >>>>>> Cheers,
>>>> >>>>>> Dmitry Telegin
>>>> >>>>>> CTO, Acutus s.r.o.
>>>> >>>>>> Keycloak Consulting and Training
>>>> >>>>>>
>>>> >>>>>> Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
>>>> >>>>>> +42 (022) 888-30-71
>>>> >>>>>> E-mail: info at acutus.pro
>>>> >>>>>>
>>>> >>>>>> On Mon, 2018-07-30 at 16:08 +0530, Test Oauth wrote:
>>>> >>>>>>> I am using openid-connect for authenticating users. After
>>>> successful
>>>> >>>>>>> authentication, browser windows says:
>>>> >>>>>>> "Login Successful
>>>> >>>>>>>
>>>> >>>>>>> You may close this browser window and go back to your console
>>>> >>>>>> application."
>>>> >>>>>>> However, even without closing the window if I relaunch my
>>>> application
>>>> >>>>>>> (using keycloak.loginDesktop();) even within 10 seconds, still
>>>> the
>>>> >>>>>> login
>>>> >>>>>>> page appears instead of : you are already logged in.
>>>> >>>>>>>
>>>> >>>>>>> Browser: Firefox.
>>>> >>>>>>> _______________________________________________
>>>> >>>>>>> keycloak-user mailing list
>>>> >>>>>>> keycloak-user at lists.jboss.org
>>>> >>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>> >>>>>
>>>> > _______________________________________________
>>>> > keycloak-user mailing list
>>>> > keycloak-user at lists.jboss.org
>>>> > https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>
>>>>
>>>>
>>>
>


More information about the keycloak-user mailing list