----- Original Message -----
From: "Bill Burke" <bburke(a)redhat.com>
To: keycloak-dev(a)lists.jboss.org
Sent: Thursday, 18 June, 2015 5:54:02 PM
Subject: [keycloak-dev] kerberos retry issue we talked about
Hitting the cancel button works. Hitting the cancel button sends you
back to the app, which sends you back to keycloak and starts a new
client session. So that would work fine.
What doesn't work is refreshing the page. Kerberos won't be attempted
again. Would it be ok that any browser page refresh might completely
reset the authentication flow and the user has to re login? If so, I
think I have a solution to the problem, but it would take quite a bit of
refactoring of the auth spi...Not another two months of work :) But
probably another few days or a week.
As long as the user is actively refreshing the page that works, but I wonder if
there's cases where it could break things. For example if there's high load on the
system and some requests time out, then when user retries the request they end up in the
beginning of the login flow again.
Why could it not just continue the flow at the step it's on? Basically a challenge
wouldn't count as moving on. So when password authenticator sends the challenge for
the first request, you'd still be on stage 0 when the user refreshes the page.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev