[keycloak-user] Facebook Indentity provider cause error: different_user_authenticated

[Mariusz Chruscielewski - INFO]

Hi, we have an error on website that is secured by Keycloak Tomcat adapter,

Prerequsites:
- 2 facebook accounts, both linked to website

Steps:

- Remove all cookies for website – start as clean new user
- Login to facebook
- Login to website using facebook identity provider
- All works fine
- Logout from facebook (Don't logout from website)
- Close browser tab with website and do not reopen for at least 1 hour
- Wait some time (above 1 hour) so browser session is gone, and only Keycloak remembers that you were logged
- go back to website
- you will be redirected to facebook login page
- login with ANOTHER Account
- BANG ! 500 error
- Keycloak logs:

2019-10-16 10:43:12,214 WARN [org.keycloak.events] (default task-1441) type=IDENTITY_PROVIDER_LOGIN_ERROR, realmId=vi, clientId=vinl, userId=9c865fb5-531a-4bec-9589-254c89234b8f, ipAddress=88.88.888.8, error=different_user_authenticated, identity_provider=facebook, consent=no_consent_required, previous_user=7e516fef-7d06-4f74-8816-b6519eb86b75, identity_provider_identity=tomlxxxxxx at xxxxxx.xx, code_id=39284d1d-1ad8-4710-bb8e-520dace03a7e

Looks like Keycloak has problem because of not logged out session before, and changed account of identity provider. Can we do anything about it? We have set “remember me” to true, and made a redirect filter so if user has remember me set and should be logged into keycloak, website will redirect him to place where adapter can perform login. Apparently at that step, Keycloak detects that FB session has been terminated, so redirects you to login screen. I also got information that this might happen for the same FB account, when user doesn’t use PC for few days and then tries to visit our website. Is that anything we can fix in Keycloak configuration?

Kind regards
Mariusz Chruścielewski