[keycloak-user] Conflicting logins with admin console
Marek Posolda
mposolda at redhat.com
Tue Jun 20 05:29:50 EDT 2017
I am seeing in your screenshot that you're using custom theme. Does it
happen when you change the theme to the default 'Keycloak' theme?
Marek
On 20/06/17 00:06, Kyle Swensson wrote:
> Hello again,
>
> We realized that we had installed Keycloak 3.1 incorrectly when we
> were trying it out before, so we re-installed keycloak 3.1.0 and
> actually found that it fixed our issue as well, in fact it works
> substantially better than the master build and has totally different
> behavior. in 3.1.0, If we login to the Keycloak admin console while
> logged into a user application, then refresh the user application we
> are just logged out of the user application, and nothing else happens,
> which is exactly what we were looking for, so that's great! We did run
> into a bit of a weird inconsistency on the 3.1.0 build though. We
> found that even though logging into the master realm admin console
> logs someone using the user application out, the user can log back
> into the user application while the admin console is still in use, and
> nothing happens, and users can use both the master realm keycloak
> admin console and the user application simultaneously on the same
> browser while logged into different users. This isn't really a big
> problem, but we were just curious if this is expected behavior, or if
> there may be some easy way to make the behavior more consistent.
>
> Thanks,
> Kyle
>
> On Mon, Jun 19, 2017 at 1:25 PM, Kyle Swensson
> <kyle.swensson at tasktop.com <mailto:kyle.swensson at tasktop.com>> wrote:
>
> Hi Marek,
>
> Fortunately, installing the master keycloak build did actually
> solve the problem, so thank you for that suggestion! When we log
> into the master realm admin console while logged into the user
> application, and then refresh the page on the user application, we
> get a page saying "Unexpected error when handling authentication
> request to identity provider", which is what we want to happen.
> Unfortunately, there is now a new problem, because once we get to
> this error page we continue to get this error page no matter what
> when attempting to access the user application until we delete all
> of our cookies, even closing the browser window doesn't help. When
> this happens it will also sometimes attempt to kick us out of the
> keycloak master realm admin console, but it doesn't do it
> consistently. I have attached a picture of the error page I am
> seeing. Do you know if there is any way that we could make this
> error page stop showing up once the user who logged into the
> keycloak master realm admin console logs out?
>
> Thanks,
> Kyle
>
> On Fri, Jun 16, 2017 at 1:58 AM, Marek Posolda
> <mposolda at redhat.com <mailto:mposolda at redhat.com>> wrote:
>
> On 15/06/17 19:29, Kyle Swensson wrote:
>> Hi,
>>
>> We have set up a user client on a seperate realm that is not
>> master that all users for that realm can access, which is
>> where we have our user application and we have also set up an
>> additional client for a user administration console on that
>> (non-master) realm. However, the problem occurs when we log
>> into the user client on the non-master realm at the same time
>> as we log into the default admin console on the master realm,
>> so our problem involes 2 seperate realms.
>>
>> The latest Keycloak master is Keycloak 3.10.Final right? I
>> have tried upgrading to that, and the issue was still occurring.
> Latest Keycloak master is here:
> https://github.com/keycloak/keycloak
> <https://github.com/keycloak/keycloak>
>
> You would need to checkout it, build manually SNAPSHOT and
> then test. Some notes are here:
> https://github.com/keycloak/keycloak/blob/master/misc/HackingOnKeycloak.md
> <https://github.com/keycloak/keycloak/blob/master/misc/HackingOnKeycloak.md>
>
> There are some changes in latest master, which might be
> related, but TBH I didn't ever see the behaviour you
> described, so hard to predict if it helps or not.
>
> Marek
>
>>
>> Thanks,
>> Kyle
>>
>> On Thu, Jun 15, 2017 at 12:10 AM, Marek Posolda
>> <mposolda at redhat.com <mailto:mposolda at redhat.com>> wrote:
>>
>> Hi,
>>
>> I guess you're using same realm 'master' for both your
>> application and admin console. Can you try to use
>> different realm for your application and see if it helps?
>> Also can you try to upgrade to latest Keycloak master and
>> see if it helps?
>>
>> Marek
>>
>>
>> On 14/06/17 01:56, Kyle Swensson wrote:
>>
>> Hello,
>>
>>
>> (I have asked this question before to no avail, but
>> the wording was poor so
>> I want to rephrase it in hopes of getting more help)
>>
>> I am having an issue with conflicting logins from a
>> user application and
>> the keycloak admin console
>>
>> The issue arises when I authenticate on my user
>> application as a basic
>> user, using Tomcat. Then, I navigate to the Keycloak
>> Admin Console login
>> page on a different window. Despite being logged in
>> as a basic user on my
>> user application, I am still shown the empty login
>> page for the keycloak
>> admin console. After navigating to the Keycloak admin
>> console login page,
>> my session on my user application becomes broken, and
>> I'm not sure why. At
>> this point if I refresh the page containing my
>> application I will find a
>> 403 error in my console, however I can still access
>> everything in my user
>> application normally. Additionally, for some reason I
>> can no longer log out
>> from my session like i normally would (by hitting the
>> authorization
>> endpoint), when I try to log out nothing happens. The
>> only way that I can
>> get it out of this permanently logged in state is by
>> going to "account" and
>> manually ending all of the sessions for my user. It
>> may be worth noting
>> that I can also still log in to the admin console
>> with a different user,
>> and use the admin console as normal while this is
>> happening. If I log onto
>> the admin console while this is happening and look at
>> all of the active
>> sessions, I can see that there is indeed still an
>> active session for the
>> basic user using the user application. I assume that
>> is the root of the
>> problem, but I'm not sure what's causing this to happen.
>>
>> Setting the "Revoke Refresh Token" option in the
>> keycloak admin console to
>> ON does prevent this from happening, however it also
>> makes the rest of my
>> application become very buggy and slow so leaving
>> that on isn't really a
>> viable option.
>>
>> I'm wondering if this might be an actual bug with
>> Keycloak, or if this is
>> just being caused by some configuration error on my
>> side. I am currently
>> using Keycloak 2.3 for my application, but I have
>> tried temporarily
>> upgrading to Keycloak 3.1 and that didn't help the issue.
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> <mailto:keycloak-user at lists.jboss.org>
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>> <https://lists.jboss.org/mailman/listinfo/keycloak-user>
>>
>>
>>
>>
>>
>>
>> --
>>
>>
>
>
>
>
> --
>
>
>
>
More information about the keycloak-user
mailing list