There's some fixes to the RP iframe coming in 2.5.4 which will be out in a
week or two. There was an issue with it expecting a "session_state" value
that wasn't equal to the value from the tokens.
You can try building master if you'd like to try it out in advance.
On 1 February 2017 at 16:59, Known Michael <known.michael(a)gmail.com> wrote:
I use mod_auth_openidc version "2.1.2", Keycloak version “2.4.0”
I was not able to implement the session management using OP and RP frames
as described here:
I see in mod_auth_openidc logs the following:
[Wed Feb 01 14:12:54 2017] [debug] src/mod_auth_openidc.c(1556): [client
192.168.111.33] oidc_save_in_session: session management disabled:
session_state ((null)) and/or check_session_iframe (
is not provided, referer:
It looks like the session management is disabled because the Provider did
not return a session_state parameter in the authentication response (which
in its turn can be verified via the referer URL in the same log entry) as
the spec dictates:
How should I configure explicitly enable session management in Keycloak?
It should starts returning session_state in the authentication responses.
I see that it is implemented already
but probably I miss
keycloak-user mailing list