[keycloak-user] Login after registration fails when other user was logged in before
Marek Posolda
mposolda at redhat.com
Wed Dec 5 04:10:56 EST 2018
Hi,
feel free to create JIRA for this (if it doesn't already exists).
Hopefully we can improve this in next versions.
Thanks,
Marek
On 28/11/2018 09:56, Rainer-Harbach Marian wrote:
> Hi,
>
> we encountered a problem in a special use case (Keycloak 4.5.0.Final):
> We'd like to display a registration button in our application even when
> a user (user1) is logged in.
>
> Directly calling the registration form seems to be supported according
> to
> http://lists.jboss.org/pipermail/keycloak-user/2016-August/007473.html
>
> However, the login after the registration (of user2) fails when user1
> was logged in before.
>
> The problem can be reproduced by following these steps:
> 1. Log user1 into the account app
> 2. Open the registration form at https://<host>/auth/realms/<realm>/protocol/openid-connect/registrations?client_id=account&response_type=code&scope=openid+email&redirect_uri=<url_to_account_app>
> 3. Register user2
> 4. After registration, this message is shown: "We're sorry...
> You are already authenticated as different user <user1> in this
> session. Please logout first."
> The message contains a link "Back to Application".
>
> However, user1 is not logged in anymore and the link "Back to
> Application" leads to the login form.
>
> This situation is not straightforward for a user to resolve: user1 has
> to log in again, then log out, and only then is user2 able to log in.
>
> The reason appears to be that opening the registration form in step 2
> deletes the cookies KEYCLOAK_IDENTITY and KEYCLOAK_SESSION. However,
> the cookie AUTH_SESSION_ID remains unchanged.
>
> To me it seems that opening the registration form should cause a new
> AUTH_SESSION_ID to be generated (beside KEYCLOAK_IDENTITY and
> KEYCLOAK_SESSION being cleared).
>
> I'd appreciate any thoughts on that!
>
> Best regards,
> Marian
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list