[keycloak-user] IDENTITY and SESSION cookie not getting set (KEYCLOAK-8137)
Stian Thorgersen
sthorger at redhat.com
Fri Sep 6 07:39:16 EDT 2019
The proper solution to this issue is to revert KeycloakInstalled to not use
the text-based authentication flows (see dev mailing I'm proposing we
remove that completely).
Not 100% sure how it decides to use the text-based authentication flow, but
it seems that's the issue as it shouldn't use that flow obvoiusly when it's
login via a web browser.
On Thu, 5 Sep 2019 at 17:40, Boris Matthys <boris.matthys at tvh.com> wrote:
> Hi,
> we have a use-case for the KeycloakInstalled adapter, but this does not
> work as expected; after login in the desktop application, there is no SSO
> to the web-applications.
>
> I have traced this to an open issue created for keycloak 4.x:
> KEYCLOAK_IDENTITY and KEYCLOAK_SESSION cookie not getting set
> (KEYCLOAK-8137
> <https://issues.jboss.org/browse/KEYCLOAK-8137>)
> and a closed pull request https://github.com/keycloak/keycloak/pull/5607
>
> I'm using keycloak version 6.0.1, here is a procedure to reproduce this
> issue:
>
> - use
>
> https://github.com/keycloak/keycloak/tree/master/examples/demo-template/customer-app-cli
> to login to keycloak
> - do not close the browser and open /auth/realms/demo/account/ in a new
> tab
>
> I expect that the account page opens without login, but this is not the
> case, keycloak present the login page.
>
> Is there a reason that the pull request was closed without merging it?
> There is a comment "my vote is to postpone this and merge it in early 5.x,
> so we have time to fix potential regressions/side-effects in 5.x " and "we
> need to understand this a bit better", but no explanation why the cookies
> are (should be) removed by the delegate page.
>
> If this cannot be solved, we'll need a workaround.
> I'm thinking in the direction of creating our own version of the
> KeycloakInstalled adapter and use a simple "login web-application" in front
> of keycloak...
> Is this a good approach or are there better ways to accomplish this?
>
> Kind regards
>
> Boris
>
> --
>
>
> **** DISCLAIMER
> <https://media.tvh.com/content/pdf/various/Email-disclaimer.pdf> ****
>
> This
> message is delivered to all addressees subject to the conditions set forth
> in the attached disclaimer, which is an integral part of this message.
>
>
> When you communicate with us via e-mail, telephone, fax or via our
> website,
> we process your personal data. For more information on how we process your
> personal data, please consult our Privacy Policy
> <https://www.tvh.com/privacy-policy>. By communicating with us, you
> unambiguously consent to our use of your personal data as explained in the
> Privacy Policy.
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list