[keycloak-user] Browser not maintaining session for keycloak users

Marek Posolda mposolda at redhat.com
Thu Aug 23 03:34:22 EDT 2018


Hmm... in your post, I see that cookies KEYCLOAK_IDENTITY and 
KEYCLOAK_SESSION are not present in Keycloak 4.X. Those are the cookies, 
which are important for the automatic SSO re-authentication.

Those cookies should be added by Keycloak after successful first 
authentication. So at the moment, when you first authenticate and the 
page "You may close this browser window and go back to your console 
application.", the cookies should be there. BTV. Do you have Keycloak 
behind some proxy/loadbalancer or are you accessing it directly? If 
you're behind proxy/LB, could you try to access KEycloak host directly 
without any proxy/LB involved in between?

Marek

On 23/08/18 07:25, keycloak demo wrote:
> Thanks Marek for the update,
>
> I understand that https://issues.jboss.org/browse/KEYCLOAK-5179 
> mentions the issue pertaining to message: "You are already logged in". 
> But will the second issue that I reported also be fixed in this bug?
>
> /*Issue summary:*/  When a user logs in he is shown the message: "You 
> may close this browser window and go back to your console 
> application.". Now if I open a new tab, the user should be logged in 
> right? But he is shown the login form again.
>
> This issue was not coming in Keycloak 3.4.3 and session was being 
> maintained by browser. But I found this issue on 4.1.0 and also on 
> 4.3.0. In the 4.x version I see a cookie *KC_RESTART* cookie instead 
> of *KC_SESSION* cookie in cookies section which might be the reason.
>
> *Here's the post containing complete details of above issue with 
> screenshots:* 
> https://stackoverflow.com/questions/51592647/keycloak-is-not-maintaining-session-in-browser 
>
>
>
> On Tue, Aug 21, 2018 at 6:08 PM Marek Posolda <mposolda at redhat.com 
> <mailto:mposolda at redhat.com>> wrote:
>
>     We have opened JIRA for this:
>     https://issues.jboss.org/browse/KEYCLOAK-5179 . Hopefully it's fixed
>     relatively soon in one of the next releases.
>
>     Marek
>
>     On 17/08/18 07:47, keycloak demo wrote:
>     > Update:
>     >
>     > Facing the same issue on keycloak 4.3.0.final. I have taken a fresh
>     > instance of keycloak 4.3.0 and created just 2 users, but still
>     facing the
>     > same issue of browser not maintaining session.
>     >
>     > On Mon, Aug 13, 2018 at 12:10 PM, keycloak demo
>     <testoauth55 at gmail.com <mailto:testoauth55 at gmail.com>>
>     > wrote:
>     >
>     >> Can someone please help me on this issue?
>     >>
>     >> On Thu, Aug 9, 2018 at 9:51 AM, keycloak demo
>     <testoauth55 at gmail.com <mailto:testoauth55 at gmail.com>>
>     >> wrote:
>     >>
>     >>> Another update:
>     >>>
>     >>> Though the login form appears every time but if i login with a
>     different
>     >>> user the second time i.e. launch client app -> login with
>     user1 -> relaunch
>     >>> client app (browser shows login form instead of already logged
>     in message)
>     >>> -> now login with user2.
>     >>>
>     >>> I get following message:
>     >>> " We're sorry...You are already authenticated as different
>     user 'user1'
>     >>> in this session. Please logout first."
>     >>> If it's able to know another user is logged in, then why the
>     login form
>     >>> is appearing?
>     >>>
>     >>>
>     >>> On Tue, Jul 31, 2018 at 4:58 PM, Test Oauth
>     <testoauth55 at gmail.com <mailto:testoauth55 at gmail.com>>
>     >>> wrote:
>     >>>
>     >>>> An update on my findings: When I checked developer console: I
>     am getting
>     >>>> KC_RESTART cookie in cookies section.
>     >>>>
>     >>>> On Tue, Jul 31, 2018 at 9:34 AM, Test Oauth
>     <testoauth55 at gmail.com <mailto:testoauth55 at gmail.com>>
>     >>>> wrote:
>     >>>>
>     >>>>> Yes sir,
>     >>>>> I followed the doc https://www.keycloak.org/docs/
>     >>>>> latest/securing_apps/index.html#_installed_adapter. And am
>     seeing the
>     >>>>> same behavior on chrome and firefox.
>     >>>>>
>     >>>>> Also regarding the manual mode, I see the same behavior i.e
>     I have to
>     >>>>> re-login for each re-run of the client app.
>     >>>>>
>     >>>>> But if I do this:
>     >>>>>
>     >>>>> System.out.println("Login through manual mode");
>     >>>>> keycloak.loginManual();
>     >>>>> System.out.println("Login through browser");
>     >>>>> keycloak.loginDesktop();
>     >>>>>
>     >>>>> i.e. if I call both modes in the same code or even same mode
>     twice in
>     >>>>> the same code, then I don't have to re-login for second call
>     (in the above
>     >>>>> example for loginDesktop). However when I re-run the
>     application, I need to
>     >>>>> re-login. This might be a stupid guess but could these
>     sessions be "java
>     >>>>> object specific"?
>     >>>>>
>     >>>>>
>     >>>>> On Tue, Jul 31, 2018 at 6:14 AM, Dmitry Telegin
>     <dt at acutus.pro <mailto:dt at acutus.pro>> wrote:
>     >>>>>
>     >>>>>> Hi,
>     >>>>>>
>     >>>>>> Did you do everything in accordance with the docs?
>     >>>>>> https://www.keycloak.org/docs/latest/securing_apps/index.htm
>     >>>>>> l#_installed_adapter
>     >>>>>>
>     >>>>>> Do you experience this in "manual" mode too?
>     >>>>>>
>     >>>>>> Cheers,
>     >>>>>> Dmitry Telegin
>     >>>>>> CTO, Acutus s.r.o.
>     >>>>>> Keycloak Consulting and Training
>     >>>>>>
>     >>>>>> Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
>     >>>>>> +42 (022) 888-30-71
>     >>>>>> E-mail: info at acutus.pro <mailto:info at acutus.pro>
>     >>>>>>
>     >>>>>> On Mon, 2018-07-30 at 16:08 +0530, Test Oauth wrote:
>     >>>>>>> I am using openid-connect for authenticating users. After
>     successful
>     >>>>>>> authentication, browser windows says:
>     >>>>>>> "Login Successful
>     >>>>>>>
>     >>>>>>> You may close this browser window and go back to your console
>     >>>>>> application."
>     >>>>>>> However, even without closing the window if I relaunch my
>     application
>     >>>>>>> (using keycloak.loginDesktop();) even within 10 seconds,
>     still the
>     >>>>>> login
>     >>>>>>> page appears instead of : you are already logged in.
>     >>>>>>>
>     >>>>>>> Browser: Firefox.
>     >>>>>>> _______________________________________________
>     >>>>>>> keycloak-user mailing list
>     >>>>>>> keycloak-user at lists.jboss.org
>     <mailto:keycloak-user at lists.jboss.org>
>     >>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>     >>>>>
>     > _______________________________________________
>     > keycloak-user mailing list
>     > keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org>
>     > https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>



More information about the keycloak-user mailing list