[keycloak-dev] Create "online session" from offline session

[Niels Bertram]

Hi devs,

we are trying to turn an offline session back into an "online session" for
which we can generate cookies and send them to the clients browser.

I tried to create a user session with AuthenticationManager but for some
reason the created session is not showing up as a proper in the user
account management section. Is there anything that needs to happen after
this session is created to make it a normal user session?

AuthenticatedClientSessionModel clientSession =
session.sessions().createClientSession(realm, client, offlineSession);

We have a mobile app that uses offline_access to create an "always logged"
in experience for the app user. However when we open a SSO-enabled website
in the app (WebView), there is no KEYCLOAK_SESSION cookie to allow the web
page to initiate a successful pre-auth check.

We wrote a custom resource which we call in our webview to "redirect" the
user to an SSO enabled site:

1. authenticate the user

AuthResult auth = new AppAuthManager().authenticateBearerToken(session)

2. load a valid userSession

UserSessionModel userSession = session.sessions().getUserSession(realm,
token.getSessionState());

3. create the session cookies

AuthenticationManager.createLoginCookie(session, realm, user, userSession,
ctx.getUri(), ctx.getConnection());

4. forward the user to the SSO enabled website

5. SSO enabled website would do a normal pre-auth check with prompt=none

There was a similar conversation about the "lost" session in KEYCLOAK-4201
<https://issues.jboss.org/browse/KEYCLOAK-420>, but that one did not go as
far as creating a new session.

Anyone of you got any clever idea on how do "preload" a valid SSO session
into a WebView?

Cheers,
Niels

PS. we are on RH-SSO 7.2.4 so roughly Keycloak 3.4.3