Hi,
it seems this may be a bug. Please create JIRA, ideally with reliable
steps to reproduce and your application attached.
Marek
On 24/08/18 09:04, keycloak demo wrote:
Marek,
I tried one more thing today. Exported entire realm from Keycloak 3.4
server and imported it in 4.3 server *and I still see the same
behavior i.e. even with same realm , session is being maintained in
keycloak 3.4, whereas with same realm/config the keycloak 4.3
installation is not maintaining session* (due to absence of
KEYCLOAK_IDENTITY and KEYCLOAK_SESSION cookie in case of 4.x)
(Again, both the keycloak 3.4.3 and 4.3.0 are on same machine. Client
app is also on same machine. Accessed from same browser. Realm +
client is also same in above test and yet the 2 installations show
different behavior)
On Thu, Aug 23, 2018 at 3:34 PM keycloak demo <testoauth55(a)gmail.com
<mailto:testoauth55@gmail.com>> wrote:
Marek,
Proxy/Load balancer are not being used and I am accessing keycloak
directly. In fact both 3.4.3 version and 4.X version are running
on same machine and are accessed through same browser locally via
http://localhost:<port>/auth by apps.
So the only difference the 2 instance(3.x and 4.x) have are
different port numbers(which won't make any difference anyway.)
and yet they show different behavior in terms of setting cookies.
I assume the absence of KEYCLOAK_IDENTITY and KEYCLOAK_SESSION
cookie would be the reason for session not getting maintained.
On Thu, Aug 23, 2018 at 1:04 PM Marek Posolda <mposolda(a)redhat.com
<mailto:mposolda@redhat.com>> wrote:
Hmm... in your post, I see that cookies KEYCLOAK_IDENTITY and
KEYCLOAK_SESSION are not present in Keycloak 4.X. Those are
the cookies, which are important for the automatic SSO
re-authentication.
Those cookies should be added by Keycloak after successful
first authentication. So at the moment, when you first
authenticate and the page "You may close this browser window
and go back to your console application.", the cookies should
be there. BTV. Do you have Keycloak behind some
proxy/loadbalancer or are you accessing it directly? If you're
behind proxy/LB, could you try to access KEycloak host
directly without any proxy/LB involved in between?
Marek
On 23/08/18 07:25, keycloak demo wrote:
> Thanks Marek for the update,
>
> I understand that
>
https://issues.jboss.org/browse/KEYCLOAK-5179 mentions the
> issue pertaining to message: "You are already logged in". But
> will the second issue that I reported also be fixed in this bug?
>
> /*Issue summary:*/ When a user logs in he is shown the
> message: "You may close this browser window and go back to
> your console application.". Now if I open a new tab, the user
> should be logged in right? But he is shown the login form again.
>
> This issue was not coming in Keycloak 3.4.3 and session was
> being maintained by browser. But I found this issue on 4.1.0
> and also on 4.3.0. In the 4.x version I see a cookie
> *KC_RESTART* cookie instead of *KC_SESSION* cookie in cookies
> section which might be the reason.
>
> *Here's the post containing complete details of above issue
> with screenshots:*
>
https://stackoverflow.com/questions/51592647/keycloak-is-not-maintaining-...
>
>
>
> On Tue, Aug 21, 2018 at 6:08 PM Marek Posolda
> <mposolda(a)redhat.com <mailto:mposolda@redhat.com>> wrote:
>
> We have opened JIRA for this:
>
https://issues.jboss.org/browse/KEYCLOAK-5179 . Hopefully
> it's fixed
> relatively soon in one of the next releases.
>
> Marek
>
> On 17/08/18 07:47, keycloak demo wrote:
> > Update:
> >
> > Facing the same issue on keycloak 4.3.0.final. I have
> taken a fresh
> > instance of keycloak 4.3.0 and created just 2 users,
> but still facing the
> > same issue of browser not maintaining session.
> >
> > On Mon, Aug 13, 2018 at 12:10 PM, keycloak demo
> <testoauth55(a)gmail.com <mailto:testoauth55@gmail.com>>
> > wrote:
> >
> >> Can someone please help me on this issue?
> >>
> >> On Thu, Aug 9, 2018 at 9:51 AM, keycloak demo
> <testoauth55(a)gmail.com <mailto:testoauth55@gmail.com>>
> >> wrote:
> >>
> >>> Another update:
> >>>
> >>> Though the login form appears every time but if i
> login with a different
> >>> user the second time i.e. launch client app -> login
> with user1 -> relaunch
> >>> client app (browser shows login form instead of
> already logged in message)
> >>> -> now login with user2.
> >>>
> >>> I get following message:
> >>> " We're sorry...You are already authenticated as
> different user 'user1'
> >>> in this session. Please logout first."
> >>> If it's able to know another user is logged in, then
> why the login form
> >>> is appearing?
> >>>
> >>>
> >>> On Tue, Jul 31, 2018 at 4:58 PM, Test Oauth
> <testoauth55(a)gmail.com <mailto:testoauth55@gmail.com>>
> >>> wrote:
> >>>
> >>>> An update on my findings: When I checked developer
> console: I am getting
> >>>> KC_RESTART cookie in cookies section.
> >>>>
> >>>> On Tue, Jul 31, 2018 at 9:34 AM, Test Oauth
> <testoauth55(a)gmail.com <mailto:testoauth55@gmail.com>>
> >>>> wrote:
> >>>>
> >>>>> Yes sir,
> >>>>> I followed the doc
https://www.keycloak.org/docs/
> >>>>> latest/securing_apps/index.html#_installed_adapter.
> And am seeing the
> >>>>> same behavior on chrome and firefox.
> >>>>>
> >>>>> Also regarding the manual mode, I see the same
> behavior i.e I have to
> >>>>> re-login for each re-run of the client app.
> >>>>>
> >>>>> But if I do this:
> >>>>>
> >>>>> System.out.println("Login through manual
mode");
> >>>>> keycloak.loginManual();
> >>>>> System.out.println("Login through
browser");
> >>>>> keycloak.loginDesktop();
> >>>>>
> >>>>> i.e. if I call both modes in the same code or even
> same mode twice in
> >>>>> the same code, then I don't have to re-login
for
> second call (in the above
> >>>>> example for loginDesktop). However when I re-run
> the application, I need to
> >>>>> re-login. This might be a stupid guess but could
> these sessions be "java
> >>>>> object specific"?
> >>>>>
> >>>>>
> >>>>> On Tue, Jul 31, 2018 at 6:14 AM, Dmitry Telegin
> <dt(a)acutus.pro <mailto:dt@acutus.pro>> wrote:
> >>>>>
> >>>>>> Hi,
> >>>>>>
> >>>>>> Did you do everything in accordance with the
docs?
> >>>>>>
>
https://www.keycloak.org/docs/latest/securing_apps/index.htm
> >>>>>> l#_installed_adapter
> >>>>>>
> >>>>>> Do you experience this in "manual"
mode too?
> >>>>>>
> >>>>>> Cheers,
> >>>>>> Dmitry Telegin
> >>>>>> CTO, Acutus s.r.o.
> >>>>>> Keycloak Consulting and Training
> >>>>>>
> >>>>>> Pod lipami street 339/52, 130 00 Prague 3,
Czech
> Republic
> >>>>>> +42 (022) 888-30-71
> >>>>>> E-mail: info(a)acutus.pro
<mailto:info@acutus.pro>
> >>>>>>
> >>>>>> On Mon, 2018-07-30 at 16:08 +0530, Test Oauth
wrote:
> >>>>>>> I am using openid-connect for
authenticating
> users. After successful
> >>>>>>> authentication, browser windows says:
> >>>>>>> "Login Successful
> >>>>>>>
> >>>>>>> You may close this browser window and go
back to
> your console
> >>>>>> application."
> >>>>>>> However, even without closing the window if
I
> relaunch my application
> >>>>>>> (using keycloak.loginDesktop();) even within
10
> seconds, still the
> >>>>>> login
> >>>>>>> page appears instead of : you are already
logged in.
> >>>>>>>
> >>>>>>> Browser: Firefox.
> >>>>>>>
_______________________________________________
> >>>>>>> keycloak-user mailing list
> >>>>>>> keycloak-user(a)lists.jboss.org
> <mailto:keycloak-user@lists.jboss.org>
> >>>>>>>
>
https://lists.jboss.org/mailman/listinfo/keycloak-user
> >>>>>
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user(a)lists.jboss.org
> <mailto:keycloak-user@lists.jboss.org>
> >
https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>