[keycloak-user] Avoiding creating a new session when doing a prompt=login
Marek Posolda
mposolda at redhat.com
Thu Aug 24 06:14:26 EDT 2017
Ok, that could be it. Could you please create JIRA for it? Or also send
PR with test if possible? Some existing tests for prompt param are in
OIDCAdvancedRequestParamsTest . It may be good to add new test here IMO.
Marek
On 24/08/17 12:05, John D. Ament wrote:
> Hi Marek,
>
> I'm on 3.2.0.
>
> It could be that the actual session id is the same, but other aspects
> of the session are being invalidated in this flow which ma explain
> what I'm seeing. I am seeing a new keycloak session/identity cookie
> coming back, which seems to throw off the javascript adapter.
>
> John
>
> On Thu, Aug 24, 2017 at 5:34 AM Marek Posolda <mposolda at redhat.com
> <mailto:mposolda at redhat.com>> wrote:
>
> Which version are you using? I think that in Keycloak 3.2 it won't
> create new session, but connect to existing one. Feel free to create
> JIRA if it doesn't work in this version.
>
> Marek
>
> On 23/08/17 18:24, John D. Ament wrote:
> > Hi
> >
> > I have a use case where I need to prompt a user to enter
> credentials during
> > a sequence of events. In this case, we're using keycloak's
> login screen to
> > capture the information and triggering it via the javascript
> adapter.
> > Doing a prompt=login has an unfortunate side effect that the
> existing
> > session gets rewritten. This causes the adapter to begin
> failing, the
> > refresh token and access token are no longer valid. It seems
> that there's
> > no way to reinitialize the iframe after this occurs, and I'm not
> sure
> > that's the best way to do it.
> >
> > Is there any way to have keycloak not create a new session in
> this flow?
> >
> > John
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org>
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
More information about the keycloak-user
mailing list