[keycloak-dev] Oidc bug?
Raghu Prabhala
prabhalar at yahoo.com
Mon Apr 27 10:09:53 EDT 2015
We are not using KC adapters. We typically provide all our clients with our libraries which will be used in their client applications and their requirements vary. Some of them do not use sessions in their applications. So, in those cases, each request to their application will trigger an authentication request to KC. Even though that is not ideal, we have to support them.
Sent from my iPhone
> On Apr 27, 2015, at 9:54 AM, Bill Burke <bburke at redhat.com> wrote:
>
> I don't understand why Keycloak would even be accessed after the first
> login. For a servlet app with our adapter, when you open the 2nd tab,
> cookies are already set in the client app and you are already logged in.
>
>> On 4/27/2015 9:48 AM, Bill Burke wrote:
>> What kind of web app is it? Is it a servlet app using our adapter?
>>
>>> On 4/27/2015 5:52 AM, Raghu Prabhala wrote:
>>> It is a Client application (confidential) running on a different host.
>>> Was trying out the basic flow using the same id multiple times. Opened
>>> up IE browser, accessed the client application which invoked the OIDC
>>> basic flow, retrieving auth code, followed by tokens and finally user
>>> info. On successful retrieval of all that information, opened another
>>> tab instance of the browser and once again accessed the web application
>>> and the oidc flow followed. Did that with a few tab instances. Finally
>>> closed all the instances of the browser (didn't logoff from KC in any
>>> instance).
>>>
>>> Then started another cycle of the same process and then ran into that
>>> issue. It appears that when you login multiple times (around 8-10) to KC
>>> using the same user id in quick intervals without logging off, the issue
>>> occurs. Will continue to do some more testing today and hopefully can
>>> nail the behavior.
>>>
>>> Is there any configuration that will help me gather detailed logs?
>>>
>>>
>>>
>>> ------------------------------------------------------------------------
>>> *From:* Bill Burke <bburke at redhat.com>
>>> *To:* keycloak-dev at lists.jboss.org
>>> *Sent:* Friday, April 24, 2015 6:40 PM
>>> *Subject:* Re: [keycloak-dev] Oidc bug?
>>>
>>> What kind of app? Login and logout 3 or 4 times? Same user or
>>> different users?
>>>
>>>
>>>
>>>> On 4/24/2015 4:44 PM, Raghu Prabhala wrote:
>>>> Bill,
>>>>
>>>> Sometime back I mentioned to you that I used to get a "connect
>>> refused" from KC when I tried the token end point.
>>>>
>>>> I think I am able to simulate it more often using 1.2 beta release -
>>> it happens randomly if you follow the below steps
>>>> 1) open up browser and try the basic flow 3 or 4 times. Then close
>>> the browser
>>>> 2) repeat the above 3 or 4 times and you may see the issue
>>>>
>>>> I believe it is due to the sessions KC creates. Clearing the session
>>> from admin gui will address the issue.
>>>>
>>>> Unfortunately the logs do not show anything - is there any
>>> configuration that will help me gather more info?
>>>>
>>>> Thanks
>>>> Raghu
>>>>
>>>> Sent from my iPhone
>>>
>>>> _______________________________________________
>>>> keycloak-dev mailing list
>>>> keycloak-dev at lists.jboss.org <mailto:keycloak-dev at lists.jboss.org>
>>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>>
>>> --
>>> Bill Burke
>>> JBoss, a division of Red Hat
>>> http://bill.burkecentral.com <http://bill.burkecentral.com/>
>>> _______________________________________________
>>> keycloak-dev mailing list
>>> keycloak-dev at lists.jboss.org <mailto:keycloak-dev at lists.jboss.org>
>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
More information about the keycloak-dev
mailing list