3:09 a.m.
Sorry, I am not sure I fully understand the question, if my answer is not
what you expected, please describe your issue properly with some steps to
reproduce and describe what behavior you expect or if you think this is a
bug, feel free to file an issue in our Jira.
If your webpage is configured as check-sso, it means you do not require
authentication (the page is visible also for users which are not
authenticated). If an authenticated user is logged out in a separate tab he
is redirected to keycloak only in case login is required. But since the
webpage is configured as check-sso, keycloak knows it doesn't require
authentication and hence doesn't redirect the user to a login page. The
iframe is used anyway because keycloak adapter is aware of the fact that
user is not logged in (he lost the session), however, it just clears the
tokens and set the adapter to authenticated = false state (in case of
check-sso option). If I understand correctly, you want to reauthenticate
user in case he loses his session. You can do that in two ways. Set the
onLoad option to loginRequired or use onAuthLogout callback as I suggested
in the last response. It could look something like that (I haven't tested
it):
keycloak.onAuthLogout = function() { keycloak.login(); }
On Mon, Aug 26, 2019 at 9:07 PM Mohsin Ilyas <Mohsin_981(a)hotmail.com> wrote:
But don’t you think if the sso session is valid then the user would
continue to use the website so the iframe shouldn’t be connected again if
the connection was broken? As I’ve seen that the check-sso would use iframe
in a hidden request but if it is not working as expected than what is the
use of that.
------------------------------
*From:* Michal Hajas <mhajas(a)redhat.com>
*Sent:* Monday, August 26, 2019 1:21:09 PM
*To:* keycloak-user(a)lists.jboss.org <keycloak-user(a)lists.jboss.org>
*Cc:* Mohsin Ilyas <mohsin_981(a)hotmail.com>
*Subject:* Re: [keycloak-user] check-sso not working as expected with
iframe
Hello Moshin,
this is actually the way check-sso should work. From docs:
check-sso will only authenticate the client if the user is already
logged-in, if the user is not logged-in the browser will be redirected back
to the application and remain unauthenticated.
When you logout in the second tab, the tab with check-sso actually detects
you are logged out, however, it does nothing because it is not supposed to.
You can check it by catching onAuthLogout event. See
https://www.keycloak.org/docs/latest/securing_apps/index.html#callback-ev...
.
Best regards,
Michal
On Wed, Aug 21, 2019 at 8:34 PM Mohsin Ilyas <mohsin_981(a)hotmail.com>
wrote:
> Missed the code in original email
>
>
> const keycloak = Keycloak('/keycloak.json');
> keycloak.init({onLoad: ‘check-sso'})
> .success(authenticated => {
> if (authenticated) {
> //do something
> }
> })
> .error(error => {
> console.log(error)
> });
>
> ________________________________
> From: Mohsin Ilyas
> Sent: Wednesday, August 21, 2019 11:29 PM
> To: keycloak-user(a)lists.jboss.org <keycloak-user(a)lists.jboss.org>
> Subject: check-sso not working as expected with iframe
>
>
> Hi,
>
> Below is my simple logic in my application to re-establish connection
> with keycloak when a page is reloaded. However, the iframe doesn’t seem to
> work well with ‘check-sso’. Because, I have opened the application in one
> tab and in other tab I have opened keycloak but when I logout of keycloak
> my application doesn’t get logout, however, if I use ‘login-required’ the
> application logs out simultaneously with keycloak. Can someone take a look,
> or help me with this? (P.s: I have tried to set checkIframLogin: true in
> the init options but it doesn’t work for me)
>
> Thanks.
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
1948
days inactive
1948
days old
0 comments
1 participants
participants (1)
-
Michal Hajas