[keycloak-user] How explicitly enable session management in Keycloak?
Known Michael
known.michael at gmail.com
Wed Feb 1 10:59:51 EST 2017
Hey,
I use mod_auth_openidc version "2.1.2", Keycloak version “2.4.0”
I was not able to implement the session management using OP and RP frames
as described here:
https://github.com/pingidentity/mod_auth_openidc/wiki/Session-Management
I see in mod_auth_openidc logs the following:
[Wed Feb 01 14:12:54 2017] [debug] src/mod_auth_openidc.c(1556): [client
192.168.111.33] oidc_save_in_session: session management disabled:
session_state ((null)) and/or check_session_iframe (
https://localhost/auth/realms/realm/protocol/openid-connect/login-status-iframe.html)
is not provided, referer:
https://192.168.110.2/auth/realms/realm/protocol/openid-connect/auth?response_type=code&scope=openid&client_id=httpd_192.168.110.2&state=i1YQ39FbBLSCTRyIgEN-F9CdDH4&redirect_uri=https%3A%2F%2F192.168.110.2%2Fprotected%2Fredirect_uri&nonce=0VJ7AO-QBaxVaUBL9goen7muN4Oka1dP_1iPEQ43o-M
It looks like the session management is disabled because the Provider did
not return a session_state parameter in the authentication response (which
in its turn can be verified via the referer URL in the same log entry) as
the spec dictates:
https://openid.net/specs/openid-connect-session-1_0.html#CreatingUpdatingSessions
How should I configure explicitly enable session management in Keycloak?
It should starts returning session_state in the authentication responses.
I see that it is implemented already
https://issues.jboss.org/browse/KEYCLOAK-451 but probably I miss something.
More information about the keycloak-user
mailing list