3:13 a.m.
Hi,
I am using keycloak as a broker where the user in a browser can choose
which identity provider to use for authentication and this works just
fine.
We have also set up a "headless flow" where an application using the
kc_idp_hint can preselect a special identity provider which can
authenticate the user (with a special authenticator) without user
interaction. This used to work fine, but with Keycloak 3.2.x this
breaks, since now Keycloak requires cookies to be enabled. As far as I
can tell this is because theĀ AUTH_SESSION_ID cookie used for "Sticky
sessions" is now a hard requirement.
Is there a way to disable this hard requirement on cookies?
I know that enabling cookies will fix this for the application, but my
problem is that there is multiple implementation of this application,
and I don't control any of them.
Best regards,
Tomas
7:37 a.m.
On 09/08/17 10:13, Tomas Groth Christensen wrote:
Hi,
I am using keycloak as a broker where the user in a browser can choose
which identity provider to use for authentication and this works just
fine.
We have also set up a "headless flow" where an application using the
kc_idp_hint can preselect a special identity provider which can
authenticate the user (with a special authenticator) without user
interaction. This used to work fine, but with Keycloak 3.2.x this
breaks, since now Keycloak requires cookies to be enabled. As far as I
can tell this is because the AUTH_SESSION_ID cookie used for "Sticky
sessions" is now a hard requirement.
Is there a way to disable this hard requirement on cookies?
Am I understand
correctly that you're using browser flow from the
non-browser applications?
ATM it's not possible to disable this.
Marek
I know that enabling cookies will fix this for the application, but my
problem is that there is multiple implementation of this application,
and I don't control any of them.
Best regards,
Tomas
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
2 a.m.
ons, 09 08 2017 kl. 14:37 +0200, skrev Marek Posolda:
ATM it's not possible to disable this.
That was what I feared - but thank you for your answer.
Best regards,
Tomas
On 09/08/17 10:13, Tomas Groth Christensen wrote:
> Hi,
> I am using keycloak as a broker where the user in a
browser can
> choose
> which identity provider to use for authentication and this works
> just
> fine.
> We have also set up a "headless flow" where an
application using
> the
> kc_idp_hint can preselect a special identity provider which can
> authenticate the user (with a special authenticator) without user
> interaction. This used to work fine, but with Keycloak 3.2.x this
> breaks, since now Keycloak requires cookies to be enabled. As far
> as I
> can tell this is because the AUTH_SESSION_ID cookie used for
> "Sticky
> sessions" is now a hard requirement.
> Is there a way to disable this hard requirement on
cookies?
Am I understand correctly that you're using browser flow from theĀ
non-browser applications?
Yes, that is correct. I know it is not the "right" way of doing things,
but until this hard dependency on cookies was introduces, it actually
worked without issues. And it will continue to work if we enable
cookies.
2768
days inactive
2770
days old
2 comments
2 participants
participants (2)
-
Marek Posolda -
Tomas Groth Christensen