[keycloak-user] Conflicting logins with admin console

Marek Posolda mposolda at redhat.com
Fri Jun 16 04:58:34 EDT 2017 

On 15/06/17 19:29, Kyle Swensson wrote:
> Hi,
>
> We have set up a user client on a seperate realm that is not master 
> that all users for that realm can access, which is where we have our 
> user application and we have also set up an additional client for a 
> user administration console on that (non-master) realm. However, the 
> problem occurs when we log into the user client on the non-master 
> realm at the same time as we log into the default admin console on the 
> master realm, so our problem involes 2 seperate realms.
>
> The latest Keycloak master is Keycloak 3.10.Final right? I have tried 
> upgrading to that, and the issue was still occurring.
Latest Keycloak master is here: https://github.com/keycloak/keycloak

You would need to checkout it, build manually SNAPSHOT and then test. 
Some notes are here: 
https://github.com/keycloak/keycloak/blob/master/misc/HackingOnKeycloak.md

There are some changes in latest master, which might be related, but TBH 
I didn't ever see the behaviour you described, so hard to predict if it 
helps or not.

Marek
>
> Thanks,
> Kyle
>
> On Thu, Jun 15, 2017 at 12:10 AM, Marek Posolda <mposolda at redhat.com 
> <mailto:mposolda at redhat.com>> wrote:
>
>     Hi,
>
>     I guess you're using same realm 'master' for both your application
>     and admin console. Can you try to use different realm for your
>     application and see if it helps? Also can you try to upgrade to
>     latest Keycloak master and see if it helps?
>
>     Marek
>
>
>     On 14/06/17 01:56, Kyle Swensson wrote:
>
>         Hello,
>
>
>         (I have asked this question before to no avail, but the
>         wording was poor so
>         I want to rephrase it in hopes of getting more help)
>
>         I am having an issue with conflicting logins from a user
>         application and
>         the keycloak admin console
>
>         The issue arises when I authenticate on my user application as
>         a basic
>         user, using Tomcat. Then, I navigate to the Keycloak Admin
>         Console login
>         page on a different window. Despite being logged in as a basic
>         user on my
>         user application, I am still shown the empty login page for
>         the keycloak
>         admin console. After navigating to the Keycloak admin console
>         login page,
>         my session on my user application becomes broken, and I'm not
>         sure why. At
>         this point if I refresh the page containing my application I
>         will find a
>         403 error in my console, however I can still access everything
>         in my user
>         application normally. Additionally, for some reason I can no
>         longer log out
>         from my session like i normally would (by hitting the
>         authorization
>         endpoint), when I try to log out nothing happens. The only way
>         that I can
>         get it out of this permanently logged in state is by going to
>         "account" and
>         manually ending all of the sessions for my user. It may be
>         worth noting
>         that I can also still log in to the admin console with a
>         different user,
>         and use the admin console as normal while this is happening.
>         If I log onto
>         the admin console while this is happening and look at all of
>         the active
>         sessions, I can see that there is indeed still an active
>         session for the
>         basic user using the user application. I assume that is the
>         root of the
>         problem, but I'm not sure what's causing this to happen.
>
>         Setting the "Revoke Refresh Token" option in the keycloak
>         admin console to
>         ON does prevent this from happening, however it also makes the
>         rest of my
>         application become very buggy and slow so leaving that on
>         isn't really a
>         viable option.
>
>         I'm wondering if this might be an actual bug with Keycloak, or
>         if this is
>         just being caused by some configuration error on my side. I am
>         currently
>         using Keycloak 2.3 for my application, but I have tried
>         temporarily
>         upgrading to Keycloak 3.1 and that didn't help the issue.
>         _______________________________________________
>         keycloak-user mailing list
>         keycloak-user at lists.jboss.org
>         <mailto:keycloak-user at lists.jboss.org>
>         https://lists.jboss.org/mailman/listinfo/keycloak-user
>         <https://lists.jboss.org/mailman/listinfo/keycloak-user>
>
>
>
>
>
>
> -- 
>
>

More information about the keycloak-user mailing list