[keycloak-dev] why separate cookie for acct svc?
Stian Thorgersen
stian at redhat.com
Thu Nov 28 04:13:31 EST 2013
It needs the separate one, just like the admin console does, as the identity cookie isn't bound to a specific app nor does it contain any roles.
It works with SSO, so you should be redirected to login if not logged-in, if SSO just redirected back.
----- Original Message -----
> From: "Bill Burke" <bburke at redhat.com>
> To: keycloak-dev at lists.jboss.org
> Sent: Wednesday, 27 November, 2013 9:51:34 PM
> Subject: Re: [keycloak-dev] why separate cookie for acct svc?
>
> NVM, some weird gamma ray that I can't reproduce. I'm able to acces the
> accoutn svc page after I'm logged in now. Before it was forcing me to
> log in a second time, not sure why.
>
> On 11/27/2013 4:22 PM, Bill Burke wrote:
> > Why a separate cookies for acct svc? Shouldn't it just use the same
> > identity cookie used by the token service. If an appliation wants to
> > link the acct mgmt page on their application, user has to relog in.
> >
> > Or am I missing something?
> >
>
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
More information about the keycloak-dev
mailing list