Done, with possibly some additional info. I'm going to debug into it a bit
more today to see what's happening.
John
On Thu, Aug 24, 2017 at 6:14 AM Marek Posolda <mposolda(a)redhat.com> wrote:
Ok, that could be it. Could you please create JIRA for it? Or also
send PR
with test if possible? Some existing tests for prompt param are in
OIDCAdvancedRequestParamsTest . It may be good to add new test here IMO.
Marek
On 24/08/17 12:05, John D. Ament wrote:
Hi Marek,
I'm on 3.2.0.
It could be that the actual session id is the same, but other aspects of
the session are being invalidated in this flow which ma explain what I'm
seeing. I am seeing a new keycloak session/identity cookie coming back,
which seems to throw off the javascript adapter.
John
On Thu, Aug 24, 2017 at 5:34 AM Marek Posolda <mposolda(a)redhat.com> wrote:
> Which version are you using? I think that in Keycloak 3.2 it won't
> create new session, but connect to existing one. Feel free to create
> JIRA if it doesn't work in this version.
>
> Marek
>
> On 23/08/17 18:24, John D. Ament wrote:
> > Hi
> >
> > I have a use case where I need to prompt a user to enter credentials
> during
> > a sequence of events. In this case, we're using keycloak's login
> screen to
> > capture the information and triggering it via the javascript adapter.
> > Doing a prompt=login has an unfortunate side effect that the existing
> > session gets rewritten. This causes the adapter to begin failing, the
> > refresh token and access token are no longer valid. It seems that
> there's
> > no way to reinitialize the iframe after this occurs, and I'm not sure
> > that's the best way to do it.
> >
> > Is there any way to have keycloak not create a new session in this flow?
> >
> > John
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user(a)lists.jboss.org
> >
https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>