/pvkeycloakdemo is my webapp root context
When you access a protected resource, you get redirected to keycloak authentication server, and another 2 cookies appear: a OAuth_Token_Request_State (Path=/pvkeycloakdemo) and a AUTH_SESSION_ID (Path=/auth/realms/demo)
After authenticating in Keycloak, I get a KC_RESTART, a KEYCLOAK_IDENTITY and a KEYCLOAK_SESSION (Path=/auth/realms/demo)
KEYCLOAK_SESSION is a special one: it's the only one with a 12 hour expiration time (all others expire at end of session) and the value specifies the realm name : demo/34f600e7-bfd6-475c-9596-72491b9455fa/fa9c5c6b-5e70-43ce-aeb8-34b2188e3c7f (demo in this case)
If you choose the option "remember me", you get also a cookie KEYCLOAK_REMEMBER_ME
When you do a request.getPrincipal(), the java.security.Principal is a org.keycloak.KeycloakPrincipal, and the principal Name is the ID that you see in the Keycloak console, not the Name:
No comments:
Post a Comment