[keycloak-user] keep login state after closing browser
Ori Doolman
Ori.Doolman at amdocs.com
Mon Feb 5 05:48:08 EST 2018
Marek,
Thank you very much for that answer.
Seems that 'remember me' feature was exactly what I needed. So simple... :)
Thanks,
Ori Doolman
Lead Software Architect
Amdocs Optima
+972 9 778 6914 (office)
+972 50 9111442 (mobile)
[cid:image001.png at 01D2C8DE.BFF33E10]
From: Marek Posolda [mailto:mposolda at redhat.com]
Sent: Monday, February 5, 2018 10:19
To: Ori Doolman <Ori.Doolman at Amdocs.com>; keycloak-user at lists.jboss.org
Subject: Re: [keycloak-user] keep login state after closing browser
Dne 5.2.2018 v 09:18 Marek Posolda napsal(a):
Few tips:
- If you enable "Remember me" for the realm, the KEYCLOAK_IDENTITY cookie won't be cleared at the end of browser session.
- There is callback "onTokenExpired", which you can use in keycloak.js adapter when the accessToken is expired. You will be redirected back to Keycloak server and re-logged with SSO (as long as KEYCLOAK_IDENTITY is still valid).
The approach with "token" may work, but I would personally use the approach with shorter token timeouts and redirect to the SSO, assuming that rememberMe will work. This has some downsides (redirect to the Keycloak needed periodically, rememberMe available), so not sure if it works for you. If you want the approach with "token", you may need to disable session iframe in that case (as the SSO session on Keycloak side may not be longer valid after browser restart).
One thing, I am not 100% sure if you need to disable session iframe if you want to use "token" approach. Just a tip, that it's maybe a reason why it doesn't work for you, but don't know for sure.
Marek
Marek
Dne 4.2.2018 v 14:48 Ori Doolman napsal(a):
Hi,
My web application is using the Keycloak JS adapter, and I'm using the 'implicit' flow for getting the access token.
I have a requirement to prevent the user from keying again passwords for 24 hours (assuming the token is expired after 24 hours), even after browser is closed and re-opened.
There is a cookie called 'KEYCLOAK_IDENTITY', which I assume preserve the login state, but it is a session cookie and it is deleted after closing the browser window.
I also see that in the initOptions of the adapter, I can pass an existing access token by the 'token' property. Hence, I was thinking to persist the 24hours access token into localStorage and then read it and pass as part of initOptions to the adapter when my application starts.
However, I cannot make it work and I'm not even sure this is possible to do so.
Is it possible to use the 'token' initOption like that?
If not, is there a recommended approach for implementing such requirement ?
Thanks,
Ori Doolman
Lead Software Architect
Amdocs Optima
+972 9 778 6914 (office)
+972 50 9111442 (mobile)
[cid:image001.png at 01D2C8DE.BFF33E10]
This message and the information contained herein is proprietary and confidential and subject to the Amdocs policy statement,
you may review at https://www.amdocs.com/about/email-disclaimer <https://www.amdocs.com/about/email-disclaimer><https://www.amdocs.com/about/email-disclaimer>
_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user
This message and the information contained herein is proprietary and confidential and subject to the Amdocs policy statement,
you may review at https://www.amdocs.com/about/email-disclaimer <https://www.amdocs.com/about/email-disclaimer>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 3506 bytes
Desc: image001.png
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20180205/c9adadaa/attachment.png
More information about the keycloak-user
mailing list