When new tokens are get in Keycloak, previous sessions are not closed
A new session is created every time I get tokens from Keycloak. Every time I get a token, I want the previous sessions to be closed. I have not seen such a service on the Keycloak side. What method can be developed for this?
Keycloak version: 19.0.0
I get the token in this way;
URL: http://keycloak_url/realms/{realm}/protocol/openid-connect/token
body
username:{username}
password:{password}
client_id:{client}
grant_type:password
Solution
The problem was fixed by adding the "User Session count limiter" step to the "direct grant" flow on the authentication page in the Keycloak interface.
- Custom method in @PreAuthorize
- Spring Security oauth2Login OAuth2UserService not executed after authentication
- OAuth2 with Discord: OAuth2AuthorizationRequestRedirectFilter and OAuth2LoginAuthenticationFilter are stuck in a loop. requiresAuthentication is false
- Spring Webflux Security not attaching CSRF cookie after logging in via Google Oauth2
- Spring Security 5.2 Password Flow
- Using SpringBoot, thymeleaf and htmx specifically with hx-put in a html form th:object not being passed in request
- Unsatisfied Dependency / Circular Reference Error in Spring Boot Security Configuration
- Configuring SAML2: Bypassing 'InResponseTo' Validation While Retaining Default Settings in OpenSaml4AuthenticationProvider
- problem trying to follow spring security tutorial on spring.io
- Grails 6 on Tomcat 9 gives "The response object has been recycled and is no longer associated with this facade" after running fine for 2-3 hours
- Spring Security 5 Replacement for OAuth2RestTemplate
- Is it possible to have more than 1 @WithMockUser in one test method?
- Migrating from OAuth2RestTemplate in Spring Boot 3 - what are the alternatives?
- Redirect Loop Issue with OpenID Authentication in Spring Boot 3.3
- Spring Security Virtual Threads and ThreadLocal
- AnnotationConfigurationException since upgrade to Spring Boot 3/JDK 17
- Still receiving 403 error after Spring Security login
- Why is Spring Security setting CSRF cookie with SameSite=None attribute?
- How to display images and link CSS files to JSP pages
- 403 Forbidden when introducing authorization on spring boot rest
- How to fix Hibernate LazyInitializationException: failed to lazily initialize a collection of roles, could not initialize proxy - no Session
- Session timeout leads to Access Denied in Spring MVC when CSRF integration with Spring Security
- Best way to automatically add CSRF Token to Spring Boot JTE main template
- Springboot not triggering custom authentication for my loaduserbyusername method
- Spring Boot ConflictingBeanDefinitionException: Annotation-specified bean name for @Controller class
- Securing Spring Boot API with API key and secret
- How to prevent AuthenticationEntryPoint being invoked after AccessDeniedHandler?
- CSRF and JWT With Sping Security 6 Stateless REST
- How to use path variable in @Preauthorize
- Return HTTP Error 401 Code & Skip Filter Chains