[keycloak-user] IDENTITY and SESSION cookie not getting set (KEYCLOAK-8137)
Boris Matthys
boris.matthys at tvh.com
Thu Sep 5 11:38:18 EDT 2019
Hi,
we have a use-case for the KeycloakInstalled adapter, but this does not
work as expected; after login in the desktop application, there is no SSO
to the web-applications.
I have traced this to an open issue created for keycloak 4.x:
KEYCLOAK_IDENTITY and KEYCLOAK_SESSION cookie not getting set (KEYCLOAK-8137
<https://issues.jboss.org/browse/KEYCLOAK-8137>)
and a closed pull request https://github.com/keycloak/keycloak/pull/5607
I'm using keycloak version 6.0.1, here is a procedure to reproduce this
issue:
- use
https://github.com/keycloak/keycloak/tree/master/examples/demo-template/customer-app-cli
to login to keycloak
- do not close the browser and open /auth/realms/demo/account/ in a new
tab
I expect that the account page opens without login, but this is not the
case, keycloak present the login page.
Is there a reason that the pull request was closed without merging it?
There is a comment "my vote is to postpone this and merge it in early 5.x,
so we have time to fix potential regressions/side-effects in 5.x " and "we
need to understand this a bit better", but no explanation why the cookies
are (should be) removed by the delegate page.
If this cannot be solved, we'll need a workaround.
I'm thinking in the direction of creating our own version of the
KeycloakInstalled adapter and use a simple "login web-application" in front
of keycloak...
Is this a good approach or are there better ways to accomplish this?
Kind regards
Boris
--
**** DISCLAIMER
<https://media.tvh.com/content/pdf/various/Email-disclaimer.pdf> ****
This
message is delivered to all addressees subject to the conditions set forth
in the attached disclaimer, which is an integral part of this message.
When you communicate with us via e-mail, telephone, fax or via our website,
we process your personal data. For more information on how we process your
personal data, please consult our Privacy Policy
<https://www.tvh.com/privacy-policy>. By communicating with us, you
unambiguously consent to our use of your personal data as explained in the
Privacy Policy.
More information about the keycloak-user
mailing list