[keycloak-user] Need help to properly use the prompt=none option to check if a user has an active session or not

Fri Oct 18 08:00:35 EDT 2019

Hello to All

I have a little problem crafting a JMeter to make a call to the authorization endpoint in order to use the prompt=none option.

I have set up a Keycloak.
With one realm and one client.
Client is set as public, direct grants enabled, implicit flow on, standard flow enabled

In Keycloak I go into the client -> sessions and Logout everyone
0 sessions, 0 offlines
First JMeter scripts does a complete connection :

1. Call to /auth
2. Sends me a web page with form
3. I extract the "action" from the HTML form 4. I go a POST on the action URL + insert login and password 5. Keycloak does the 302 Redirect with code in URL 6. I call the token endpoint with the code and get the JWT Json Back

If I check in Keycloak, the session appears.
it is set to last 30 days.

Now comes my problem : I want to check if the user is connected, or not, using the prompt=none option.

So I create a second JMX script that does a GET on /auth/realms/${realm}/protocol/openid-connect/auth
(realm is replaced by the realm I use which is test ; my client is also called test)

I inject the following fields :

response_type = code
client_id = test
redirect_url = www.google.fr (I only care about what KC adds to the URL) scope = openid state = ebd16dfa-dc7e-4524-a87c-fcb138d2af8b
prompt = none
id_token_hint = id token contents found in the JWT

The ebd16dfa-dc7e-4524-a87c-fcb138d2af8b is the value I found in the JWT token in the field session_state I pasted into the id_token_hint the contents of the id_token from the JWT in its URLEncoded form

If the user is not connected and if the user is connected I always get the same answer :

Response code: 302
Response message: Found
Location: http://www.google.fr?error=login_required&state=ebd16dfa-dc7e-4524-a87c-fcb138d2af8b

I get the login_required all the time.

I have tried after doing a Logout all
And after connecting myself and checking I have an active session for the client in the realm in the web console

Tried to search online
Tried various response_type codes I could see (with Keycloak saying they are invalid) I tried token_id%20 for example, no change

I don’t know what I'm doing wrong.

I only work on the back part of it and I have to check what happens when the front people use the prompt=none And I'm then doing JMeter scripts to emulate what they do But this is the first time I'm trying to use prompt=none And I'm failing miserably at it ☹

--
Gilbert

----------------------------- Disclaimer ------------------------------ --- Ce message ainsi que les éventuelles pièces jointes constituent une correspondance privée et confidentielle à l'attention exclusive du destinataire désigné ci-dessus. Si vous n'êtes pas le destinataire du présent message ou une personne susceptible de pouvoir le lui délivrer, il vous est signifié que toute divulgation, distribution ou copie, totale ou partielle, sur un quelconque support de cette transmission est strictement interdite. Si vous avez recu ce message par erreur, nous vous remercions d'en informer l'expéditeur par téléphone ou de lui retourner le présent message, puis d'effacer immédiatement ce message de votre systeme. Tout message électronique est susceptible d'altération. Le "groupement des Mousquetaires" décline toute responsabilité au titre de ce message s'il a été altéré, déformé ou falsifié.--- --- This e-mail and any attachments is a confidential correspondence intended only for use of the individual or entity named above. If you are not the intended recipient or the agent responsible for delivering the message to the intended recipient, you are hereby notified that any disclosure, distribution or copying, either whole or partial, in any medium of this communication is strictly prohibited. If you have received this communication by mistake, please notify the sender by phone or by replying this message, and then delete this message from your system. E-mails are susceptible of alteration. The "Mousquetaires' group" shall not therefore be liable for the message if altered, changed or falsified.--- -----------------------------------------------------------------------