Upgraded from 24.0.2 to 25.0.5 suddenly a lot of errors returned
328 views
Skip to first unread message
Maarten Albers
Sep 30, 2024, 5:15:23 AM9/30/24
to Keycloak User
After the upgrade I had a significant increase on the callback of the client: (approx 10% of our login attempts)
error=temporarily_unavailable&error_description=authentication_expired&state...&iss...
I didn't change anything to
Session > login settings (30/5 minutes)
I have turned on:
--spi-brute-force-protector-default-brute-force-detector-allow-concurrent-requests=true (I thought this would only apply to users logging in not to clients logging in) And this doesn't make any difference.
error=temporarily_unavailable&error_description=authentication_expired&state...&iss...
What could be the cause?
I didn't change anything to
Session > login settings (30/5 minutes)
I have turned on:
--spi-brute-force-protector-default-brute-force-detector-allow-concurrent-requests=true (I thought this would only apply to users logging in not to clients logging in) And this doesn't make any difference.
Stian Thorgersen
Sep 30, 2024, 7:43:50 AM9/30/24
to Maarten Albers, Keycloak User
Anything in server logs?
--
You received this message because you are subscribed to the Google Groups "Keycloak User" group.
To unsubscribe from this group and stop receiving emails from it, send an email to keycloak-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/keycloak-user/c83f1687-fa2b-41d2-badf-ad383d4097a9n%40googlegroups.com.
Maarten Albers
Sep 30, 2024, 8:51:51 AM9/30/24
to Keycloak User
I find it hard to say whether the logs say something useful, because it could be unrelated, but I do have several of these error messages in the logs: (restart_authentication or login errors)
but with different fillings for the "error" field: already_logged_in (I didn't get that one before the upgrade, or not with this frequency), invalid_user_credentials (the latter, sure, but that won't get back to the client.)
but with different fillings for the "error" field: already_logged_in (I didn't get that one before the upgrade, or not with this frequency), invalid_user_credentials (the latter, sure, but that won't get back to the client.)
2024-09-26 21:58:51,313 WARN [org.keycloak.events] (executor-thread-1168) type="RESTART_AUTHENTICATION_ERROR", realmId="xx", realmName="xx", clientId="xx", userId="null", ipAddress="xx", error="already_logged_in", response_type="code", redirect_uri="xx", redirected_to_client="true", response_mode="query"
2024-09-26 21:56:10,949 WARN [org.keycloak.events] (executor-thread-1079) type="LOGIN_ERROR", realmId="xx", realmName="xx", clientId="x", userId="null", ipAddress="xx", error="already_logged_in", response_type="code", redirect_uri="xx", redirected_to_client="true", response_mode="query"
Maarten Albers
Oct 2, 2024, 3:23:05 AM10/2/24
to Keycloak User
Problem seems related to https://github.com/keycloak/keycloak/issues/33071
Reply all
Reply to author
Forward
0 new messages