[keycloak-user] Keycloak App Logs out in Under 1 Minute

Kevin Berendsen kevin.berendsen at pharmapartners.nl
Fri Apr 14 15:57:38 EDT 2017 

Hi,

I think by setting checkLoginIframe to false in your initialization call that it may solve your problem.

You could also debug the Keycloak adapter in Firefox or Chrome to see whats happening and when.

On 14 Apr 2017 9:15 pm, "Roger Turnau (US - Advisory)" <roger.turnau at pwc.com> wrote:
Kevin,

Thanks for getting back to me. Here are the answers, and a little bit of clarification from further investigations:


  1.  The realms are for two separate codebases with different keycloak configurations, but otherwise identical keycloak code.
  2.  Nothing is showing up in the Keycloak logs. There are no server errors that I can see.
  3.  We are not doing anything with checkLoginIFrame in our initialization code.

Looking under the hood at the Javascript adapter, we found that the token was being revoked by the following code:


if (event.data != "unchanged") {
    kc.clearToken();
}

I notice that that happens in the message callback created when the iframe is set up. I assume that means that setting checkLoginIFrame to false in our configuration will fix the issue. Is that correct?

Thanks again,

Roger Turnau



On Fri, Apr 14, 2017 at 2:01 PM, Kevin Berendsen <kevin.berendsen at pharmapartners.nl<mailto:kevin.berendsen at pharmapartners.nl>> wrote:
Hello Roger,

I have got a few questions to know a little more about your situation:
* Is a single AngularJS app with multi-tenancy support or are there two codebases with identical code but different keycloak.json files?
* Have you checked your loggings of Keycloak already to get to know where it possibly might go wrong? Loggings would be a major help and solve most of your issues.
* Have you set the default checkLoginIframe from true to false in the init() method of the Keycloak JS Adapter?

If you could answer these three questions, that'd be great to help you out further :) I ran into similar problems and hopefully I can solve your's as well.

Kind regards,

Kevin

-----Oorspronkelijk bericht-----
Van: keycloak-user-bounces at lists.jboss.org<mailto:keycloak-user-bounces at lists.jboss.org> [mailto:keycloak-user-bounces at lists.jboss.org<mailto:keycloak-user-bounces at lists.jboss.org>] Namens Roger Turnau (US - Advisory)
Verzonden: vrijdag 14 april 2017 17:42
Aan: keycloak-user <keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>>
Onderwerp: [keycloak-user] Keycloak App Logs out in Under 1 Minute

Hi all,

I am experiencing a weird behavior where Keycloak immediately logs out a user who has just logged in. A few details:

   - The Keycloak server has two realms. The issue only happens on one of
   the realms. The other one works as expected.
   - The configuration of both realms is pretty much identical.
   - The login happens from an AngularJS app. The JS Keycloak code is
   identical to the code that runs in the other realm's app.
   - Keycloak has been working with almost no issues for a few months now.
   This is a new behavior.
   - I have examined the JWT token, and don't see anything unusual. The
   "exp" claims and "iat" claims are giving the correct epoch time.

The app will accept the bearer token, make its back-end REST calls, and then suddenly fall back to the login screen. Any ideas what might cause behavior like this?

Thank you for your help,

--
*Roger Turnau*

PwC | Manager - Advisory Financial Services
Mobile: 850-228-2006<tel:850-228-2006>
Email: roger.turnau at pwc.com<mailto:roger.turnau at pwc.com>
PricewaterhouseCoopers LLP
50 North Laura Street, Suite 3000, Jacksonville FL 32202 http://www.pwc.com/us

Save energy. Save a tree. Save the printing for something really important.

______________________________________________________________________
The information transmitted, including any attachments, is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited, and all liability arising therefrom is disclaimed. If you received this in error, please contact the sender and delete the material from any computer. PricewaterhouseCoopers LLP is a Delaware limited liability partnership.  This communication may come from PricewaterhouseCoopers LLP or one of its subsidiaries.
_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user

_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user



--
Roger Turnau

PwC | Manager - Advisory Financial Services
Mobile: 850-228-2006
Email: roger.turnau at pwc.com<mailto:roger.turnau at pwc.com>
PricewaterhouseCoopers LLP
50 North Laura Street, Suite 3000, Jacksonville FL 32202
http://www.pwc.com/us

Save energy. Save a tree. Save the printing for something really important.
________________________________
The information transmitted, including any attachments, is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited, and all liability arising therefrom is disclaimed. If you received this in error, please contact the sender and delete the material from any computer. PricewaterhouseCoopers LLP is a Delaware limited liability partnership. This communication may come from PricewaterhouseCoopers LLP or one of its subsidiaries.

More information about the keycloak-user mailing list