Hmm... in your post, I see that cookies KEYCLOAK_IDENTITY and
KEYCLOAK_SESSION are not present in Keycloak 4.X. Those are the cookies,
which are important for the automatic SSO re-authentication.
Those cookies should be added by Keycloak after successful first
authentication. So at the moment, when you first authenticate and the
page "You may close this browser window and go back to your console
application.", the cookies should be there. BTV. Do you have Keycloak
behind some proxy/loadbalancer or are you accessing it directly? If
you're behind proxy/LB, could you try to access KEycloak host directly
without any proxy/LB involved in between?
Marek
On 23/08/18 07:25, keycloak demo wrote:
Thanks Marek for the update,
I understand that
https://issues.jboss.org/browse/KEYCLOAK-5179
mentions the issue pertaining to message: "You are already logged in".
But will the second issue that I reported also be fixed in this bug?
/*Issue summary:*/ When a user logs in he is shown the message: "You
may close this browser window and go back to your console
application.". Now if I open a new tab, the user should be logged in
right? But he is shown the login form again.
This issue was not coming in Keycloak 3.4.3 and session was being
maintained by browser. But I found this issue on 4.1.0 and also on
4.3.0. In the 4.x version I see a cookie *KC_RESTART* cookie instead
of *KC_SESSION* cookie in cookies section which might be the reason.
*Here's the post containing complete details of above issue with
screenshots:*
https://stackoverflow.com/questions/51592647/keycloak-is-not-maintaining-...
On Tue, Aug 21, 2018 at 6:08 PM Marek Posolda <mposolda(a)redhat.com
<mailto:mposolda@redhat.com>> wrote:
We have opened JIRA for this:
https://issues.jboss.org/browse/KEYCLOAK-5179 . Hopefully it's fixed
relatively soon in one of the next releases.
Marek
On 17/08/18 07:47, keycloak demo wrote:
> Update:
>
> Facing the same issue on keycloak 4.3.0.final. I have taken a fresh
> instance of keycloak 4.3.0 and created just 2 users, but still
facing the
> same issue of browser not maintaining session.
>
> On Mon, Aug 13, 2018 at 12:10 PM, keycloak demo
<testoauth55(a)gmail.com <mailto:testoauth55@gmail.com>>
> wrote:
>
>> Can someone please help me on this issue?
>>
>> On Thu, Aug 9, 2018 at 9:51 AM, keycloak demo
<testoauth55(a)gmail.com <mailto:testoauth55@gmail.com>>
>> wrote:
>>
>>> Another update:
>>>
>>> Though the login form appears every time but if i login with a
different
>>> user the second time i.e. launch client app -> login with
user1 -> relaunch
>>> client app (browser shows login form instead of already logged
in message)
>>> -> now login with user2.
>>>
>>> I get following message:
>>> " We're sorry...You are already authenticated as different
user 'user1'
>>> in this session. Please logout first."
>>> If it's able to know another user is logged in, then why the
login form
>>> is appearing?
>>>
>>>
>>> On Tue, Jul 31, 2018 at 4:58 PM, Test Oauth
<testoauth55(a)gmail.com <mailto:testoauth55@gmail.com>>
>>> wrote:
>>>
>>>> An update on my findings: When I checked developer console: I
am getting
>>>> KC_RESTART cookie in cookies section.
>>>>
>>>> On Tue, Jul 31, 2018 at 9:34 AM, Test Oauth
<testoauth55(a)gmail.com <mailto:testoauth55@gmail.com>>
>>>> wrote:
>>>>
>>>>> Yes sir,
>>>>> I followed the doc
https://www.keycloak.org/docs/
>>>>> latest/securing_apps/index.html#_installed_adapter. And am
seeing the
>>>>> same behavior on chrome and firefox.
>>>>>
>>>>> Also regarding the manual mode, I see the same behavior i.e
I have to
>>>>> re-login for each re-run of the client app.
>>>>>
>>>>> But if I do this:
>>>>>
>>>>> System.out.println("Login through manual mode");
>>>>> keycloak.loginManual();
>>>>> System.out.println("Login through browser");
>>>>> keycloak.loginDesktop();
>>>>>
>>>>> i.e. if I call both modes in the same code or even same mode
twice in
>>>>> the same code, then I don't have to re-login for second
call
(in the above
>>>>> example for loginDesktop). However when I re-run the
application, I need to
>>>>> re-login. This might be a stupid guess but could these
sessions be "java
>>>>> object specific"?
>>>>>
>>>>>
>>>>> On Tue, Jul 31, 2018 at 6:14 AM, Dmitry Telegin
<dt(a)acutus.pro <mailto:dt@acutus.pro>> wrote:
>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> Did you do everything in accordance with the docs?
>>>>>>
https://www.keycloak.org/docs/latest/securing_apps/index.htm
>>>>>> l#_installed_adapter
>>>>>>
>>>>>> Do you experience this in "manual" mode too?
>>>>>>
>>>>>> Cheers,
>>>>>> Dmitry Telegin
>>>>>> CTO, Acutus s.r.o.
>>>>>> Keycloak Consulting and Training
>>>>>>
>>>>>> Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
>>>>>> +42 (022) 888-30-71
>>>>>> E-mail: info(a)acutus.pro <mailto:info@acutus.pro>
>>>>>>
>>>>>> On Mon, 2018-07-30 at 16:08 +0530, Test Oauth wrote:
>>>>>>> I am using openid-connect for authenticating users.
After
successful
>>>>>>> authentication, browser windows says:
>>>>>>> "Login Successful
>>>>>>>
>>>>>>> You may close this browser window and go back to your
console
>>>>>> application."
>>>>>>> However, even without closing the window if I relaunch
my
application
>>>>>>> (using keycloak.loginDesktop();) even within 10
seconds,
still the
>>>>>> login
>>>>>>> page appears instead of : you are already logged in.
>>>>>>>
>>>>>>> Browser: Firefox.
>>>>>>> _______________________________________________
>>>>>>> keycloak-user mailing list
>>>>>>> keycloak-user(a)lists.jboss.org
<mailto:keycloak-user@lists.jboss.org>
>>>>>>>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org>
>
https://lists.jboss.org/mailman/listinfo/keycloak-user