Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-4097

Better session sharing / handling of multiple logins

    Details

    • Type: Enhancement
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Done
    • Affects Version/s: 2.3.0.Final
    • Fix Version/s: 3.2.0.CR1
    • Component/s: None
    • Labels:
      None
    • QE Status:
      VERIFIED

      Description

      When working in multiple browser tabs, with a system that supports SSO, users expect that there really is a "single sign-on session". The current Keycloak implementation has a limitation in that logging in twice will replace the previous SSO session - thus invalidating all existing tokens. The other tabs would then seemingly be "logged out".

      The thing is, that it's possible (and sometimes likely) to have multiple browser tabs showing the login screen for the same realm. This could for example happen after working with different systems in different tabs, and then timing out the whole SSO session.

      It'd be natural for a user to assume that although he/she enters credentials one more time, everything would be merged into the same SSO session, keeping the illusion of "single sign-on". Maybe there's some security concern regarding this, but Google and others seem to work this way.

      One suggestion for improving this issue is according to Stian Thorgersen: "To create a separate login session that is used during authentication. This would be backed by a cookie that would make sure the current flow would be shared cross multiple tabs."

      See mailing list: http://lists.jboss.org/pipermail/keycloak-user/2016-December/008720.html

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  mposolda Marek Posolda
                  Reporter:
                  rendan Dan Østerberg
                  Tester:
                  Vlasta Ramik
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  4 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: