Keycloak 12.0.3 Javascript Adapter SSO Idle Timeout multiple tabs

[Björn Eickvonder]

Hi,

I use the javascript adapter for my SPA, it works fine until user opens multiple tabs and a SSO Idle Timeout occurs.

Let's assume user has opened two tabs and is idle such that a SSO timeout occurs. Now the following happens:

check-sso+check-login-iframe:

- Click in tab #1 -> user redirected to login page

- User logs in -> tab #1 fine

- Click in tab #2 -> user redirected to login page

- User logs in -> tab #2 fine

- User clicks in tab #1 -> user redirected to login page

- now again tab #2 is broken

And so on, you never get back to a state where both tabs are authenticated

login-required+check-login-iframe:

- Click in tab #1 -> user redirected to login page on both tab #1 and #2

- User logs in tab #1 -> Error Message "Your login attempt timed out. Login will start from the beginning."

- Retry login tab #1 -> tab #1 fine

- User logs in tab #2 -> Error Message "You are already logged in"

- Click "Back to the application" in tab #2 -> tab #2 fine but user will not return to the dialog he started from

Now both tabs are fine but is there a way to prevent the error messages?

login-required/check-sso+check-login-iframe=false:

- Two tabs open

- SSO timeout

- Click in tab #1 -> user redirected to login page

- User logs in tab #1 -> tab #1 fine

- Click in tab #2 -> fine until access token expires, once the token needs to be refreshed user is redirected to login page 

- Now tab #1 is "broken", i.e. once the token needs to be refreshed user is redirected to login

And so on, you never get back to a state where both tabs are authenticated

Any advice how to configure this correctly?