Marek,
Proxy/Load balancer are not being used and I am accessing keycloak
directly. In fact both 3.4.3 version and 4.X version are running on same
machine and are accessed through same browser locally via
by apps.
So the only difference the 2 instance(3.x and 4.x) have are different port
numbers(which won't make any difference anyway.) and yet they show
different behavior in terms of setting cookies.
I assume the absence of KEYCLOAK_IDENTITY and KEYCLOAK_SESSION cookie would
be the reason for session not getting maintained.
On Thu, Aug 23, 2018 at 1:04 PM Marek Posolda <mposolda(a)redhat.com> wrote:
Hmm... in your post, I see that cookies KEYCLOAK_IDENTITY and
KEYCLOAK_SESSION are not present in Keycloak 4.X. Those are the cookies,
which are important for the automatic SSO re-authentication.
Those cookies should be added by Keycloak after successful first
authentication. So at the moment, when you first authenticate and the page
"You may close this browser window and go back to your console
application.", the cookies should be there. BTV. Do you have Keycloak
behind some proxy/loadbalancer or are you accessing it directly? If you're
behind proxy/LB, could you try to access KEycloak host directly without any
proxy/LB involved in between?
Marek
On 23/08/18 07:25, keycloak demo wrote:
Thanks Marek for the update,
I understand that
https://issues.jboss.org/browse/KEYCLOAK-5179
mentions the issue pertaining to message: "You are already logged in". But
will the second issue that I reported also be fixed in this bug?
*Issue summary:* When a user logs in he is shown the message: "You may
close this browser window and go back to your console application.". Now if
I open a new tab, the user should be logged in right? But he is shown the
login form again.
This issue was not coming in Keycloak 3.4.3 and session was being
maintained by browser. But I found this issue on 4.1.0 and also on 4.3.0.
In the 4.x version I see a cookie *KC_RESTART* cookie instead of
*KC_SESSION* cookie in cookies section which might be the reason.
*Here's the post containing complete details of above issue with
screenshots:*
https://stackoverflow.com/questions/51592647/keycloak-is-not-maintaining-...
On Tue, Aug 21, 2018 at 6:08 PM Marek Posolda <mposolda(a)redhat.com> wrote:
> We have opened JIRA for this:
>
https://issues.jboss.org/browse/KEYCLOAK-5179 . Hopefully it's fixed
> relatively soon in one of the next releases.
>
> Marek
>
> On 17/08/18 07:47, keycloak demo wrote:
> > Update:
> >
> > Facing the same issue on keycloak 4.3.0.final. I have taken a fresh
> > instance of keycloak 4.3.0 and created just 2 users, but still facing
> the
> > same issue of browser not maintaining session.
> >
> > On Mon, Aug 13, 2018 at 12:10 PM, keycloak demo <testoauth55(a)gmail.com>
> > wrote:
> >
> >> Can someone please help me on this issue?
> >>
> >> On Thu, Aug 9, 2018 at 9:51 AM, keycloak demo <testoauth55(a)gmail.com>
> >> wrote:
> >>
> >>> Another update:
> >>>
> >>> Though the login form appears every time but if i login with a
> different
> >>> user the second time i.e. launch client app -> login with user1
->
> relaunch
> >>> client app (browser shows login form instead of already logged in
> message)
> >>> -> now login with user2.
> >>>
> >>> I get following message:
> >>> " We're sorry...You are already authenticated as different
user
> 'user1'
> >>> in this session. Please logout first."
> >>> If it's able to know another user is logged in, then why the login
> form
> >>> is appearing?
> >>>
> >>>
> >>> On Tue, Jul 31, 2018 at 4:58 PM, Test Oauth
<testoauth55(a)gmail.com>
> >>> wrote:
> >>>
> >>>> An update on my findings: When I checked developer console: I am
> getting
> >>>> KC_RESTART cookie in cookies section.
> >>>>
> >>>> On Tue, Jul 31, 2018 at 9:34 AM, Test Oauth
<testoauth55(a)gmail.com>
> >>>> wrote:
> >>>>
> >>>>> Yes sir,
> >>>>> I followed the doc
https://www.keycloak.org/docs/
> >>>>> latest/securing_apps/index.html#_installed_adapter. And am
seeing
> the
> >>>>> same behavior on chrome and firefox.
> >>>>>
> >>>>> Also regarding the manual mode, I see the same behavior i.e I
have
> to
> >>>>> re-login for each re-run of the client app.
> >>>>>
> >>>>> But if I do this:
> >>>>>
> >>>>> System.out.println("Login through manual mode");
> >>>>> keycloak.loginManual();
> >>>>> System.out.println("Login through browser");
> >>>>> keycloak.loginDesktop();
> >>>>>
> >>>>> i.e. if I call both modes in the same code or even same mode
twice
> in
> >>>>> the same code, then I don't have to re-login for second call
(in
> the above
> >>>>> example for loginDesktop). However when I re-run the
application, I
> need to
> >>>>> re-login. This might be a stupid guess but could these sessions
be
> "java
> >>>>> object specific"?
> >>>>>
> >>>>>
> >>>>> On Tue, Jul 31, 2018 at 6:14 AM, Dmitry Telegin
<dt(a)acutus.pro>
> wrote:
> >>>>>
> >>>>>> Hi,
> >>>>>>
> >>>>>> Did you do everything in accordance with the docs?
> >>>>>>
https://www.keycloak.org/docs/latest/securing_apps/index.htm
> >>>>>> l#_installed_adapter
> >>>>>>
> >>>>>> Do you experience this in "manual" mode too?
> >>>>>>
> >>>>>> Cheers,
> >>>>>> Dmitry Telegin
> >>>>>> CTO, Acutus s.r.o.
> >>>>>> Keycloak Consulting and Training
> >>>>>>
> >>>>>> Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
> >>>>>> +42 (022) 888-30-71
> >>>>>> E-mail: info(a)acutus.pro
> >>>>>>
> >>>>>> On Mon, 2018-07-30 at 16:08 +0530, Test Oauth wrote:
> >>>>>>> I am using openid-connect for authenticating users.
After
> successful
> >>>>>>> authentication, browser windows says:
> >>>>>>> "Login Successful
> >>>>>>>
> >>>>>>> You may close this browser window and go back to your
console
> >>>>>> application."
> >>>>>>> However, even without closing the window if I relaunch
my
> application
> >>>>>>> (using keycloak.loginDesktop();) even within 10 seconds,
still the
> >>>>>> login
> >>>>>>> page appears instead of : you are already logged in.
> >>>>>>>
> >>>>>>> Browser: Firefox.
> >>>>>>> _______________________________________________
> >>>>>>> keycloak-user mailing list
> >>>>>>> keycloak-user(a)lists.jboss.org
> >>>>>>>
https://lists.jboss.org/mailman/listinfo/keycloak-user
> >>>>>
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user(a)lists.jboss.org
> >
https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>