3:58 a.m.
On 15/06/17 19:29, Kyle Swensson wrote:
Hi,
We have set up a user client on a seperate realm that is not master
that all users for that realm can access, which is where we have our
user application and we have also set up an additional client for a
user administration console on that (non-master) realm. However, the
problem occurs when we log into the user client on the non-master
realm at the same time as we log into the default admin console on the
master realm, so our problem involes 2 seperate realms.
The latest Keycloak master is Keycloak 3.10.Final right? I have tried
upgrading to that, and the issue was still occurring.
Latest Keycloak master is
here: https://github.com/keycloak/keycloak
You would need to checkout it, build manually SNAPSHOT and then test.
Some notes are here:
https://github.com/keycloak/keycloak/blob/master/misc/HackingOnKeycloak.md
There are some changes in latest master, which might be related, but TBH
I didn't ever see the behaviour you described, so hard to predict if it
helps or not.
Marek
Thanks,
Kyle
On Thu, Jun 15, 2017 at 12:10 AM, Marek Posolda <mposolda(a)redhat.com
<mailto:mposolda@redhat.com>> wrote:
Hi,
I guess you're using same realm 'master' for both your application
and admin console. Can you try to use different realm for your
application and see if it helps? Also can you try to upgrade to
latest Keycloak master and see if it helps?
Marek
On 14/06/17 01:56, Kyle Swensson wrote:
Hello,
(I have asked this question before to no avail, but the
wording was poor so
I want to rephrase it in hopes of getting more help)
I am having an issue with conflicting logins from a user
application and
the keycloak admin console
The issue arises when I authenticate on my user application as
a basic
user, using Tomcat. Then, I navigate to the Keycloak Admin
Console login
page on a different window. Despite being logged in as a basic
user on my
user application, I am still shown the empty login page for
the keycloak
admin console. After navigating to the Keycloak admin console
login page,
my session on my user application becomes broken, and I'm not
sure why. At
this point if I refresh the page containing my application I
will find a
403 error in my console, however I can still access everything
in my user
application normally. Additionally, for some reason I can no
longer log out
from my session like i normally would (by hitting the
authorization
endpoint), when I try to log out nothing happens. The only way
that I can
get it out of this permanently logged in state is by going to
"account" and
manually ending all of the sessions for my user. It may be
worth noting
that I can also still log in to the admin console with a
different user,
and use the admin console as normal while this is happening.
If I log onto
the admin console while this is happening and look at all of
the active
sessions, I can see that there is indeed still an active
session for the
basic user using the user application. I assume that is the
root of the
problem, but I'm not sure what's causing this to happen.
Setting the "Revoke Refresh Token" option in the keycloak
admin console to
ON does prevent this from happening, however it also makes the
rest of my
application become very buggy and slow so leaving that on
isn't really a
viable option.
I'm wondering if this might be an actual bug with Keycloak, or
if this is
just being caused by some configuration error on my side. I am
currently
using Keycloak 2.3 for my application, but I have tried
temporarily
upgrading to Keycloak 3.1 and that didn't help the issue.
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
<mailto:keycloak-user@lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user
<https://lists.jboss.org/mailman/listinfo/keycloak-user>
--