[keycloak-user] Multiple logins from different IPs

[Dmitry Telegin]

Hi Eric, sorry for not having answered earlier,

AFAIK this hasn't been implemented OOTB, even no relevant and active
JIRA issue for that. So at the moment there's only one option, that is
to implement custom authenticator.

There's the official example of custom authenticator at
examples/providers/authenticator under the source tree. In your
authenticator, you will be able to obtain active user sessions from the
org.keycloak.authentication.AuthenticationFlowContext like this:

context.getSession().sessions().getUserSessions(realm, user);

I'd also suggest that you read the Server Installation Guide [1],
especially the sections related to sticky sessions and Infinispan
caches, for better understanding how sessions work in clustered
environment.

Cheers,
Dmitry Telegin
CTO, Acutus s.r.o.
Keycloak Consulting and Training

Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
+ 42 (022) 888-30-71
E-mail: info at acutus.pro

On Wed, 2018-06-27 at 20:21 -0400, Eric Dill wrote:
> Hi,
> 
> Searching through the mailing list, the docs and JIRA, I've been able
> to
> find some previous conversations on the mailing list
> <http://lists.jboss.org/pipermail/keycloak-user/2017-March/010059.htm
> l> and
> a closed Jira ticket <https://issues.jboss.org/browse/KEYCLOAK-4611>
> around
> the same user being able to simultaneously be logged in from two (or
> more)
> different IP addresses. The comment last year was
> 
> > We don't have this supported OOTB, but likely we should as it's
> > quite
> 
> popular use-case though
> 
> It's been a bit over a year since that was posted to the mailing
> list. I
> wonder if this capability is now supported out of the box?
> 
> The other piece of advice last year was that
> 
> > For now, you will need to implement custom Authenticator
> 
> If this capability does not exist out of the box, are there any
> available
> examples of doing this as a plug-in?
> 
> Thanks for the great project :-D
> 
> Best,
> 
> Eric
>