I’m using Keycloak Spring Security Adapter, version 9.0.3.
There is a method there org.keycloak.adapters.springsecurity.token.SpringSecurityTokenStore#saveAccountInfo that ocasionally throws exeption like this: Went to save Keycloak account %s, but already have %s.
I have no idea what causes that exception - I’ve tried many different things to make it happen but I couldn’t. Users of our application are getting it quite regularly and that annoys them.
Can you help me with that? I would like to know what may cause it, how to defend against it, can I safely override the code that throws it? Any kind of help would be much appreciated.
In my case I discovered that the SSO Session Idle, SSO Session Max and Access Token Lifespan was really differing a lot from one and each other. So the Access Token was expiring but the Session was still valid.
So during ‘re-logins’ the it tries to saveAccountInfo but obviously it still exists, because the earlier check of the Access Token leads to a false on the tokenStore.isCached
I’m using Keycloak Adapter 15.0.2 and I’m getting the same IllegalStateException generated by the SpringSecurityTokenStore.saveAccountInfo method.
If the user is already authenticated in the context why the exception is necessary?
Or should the context authentication invalidated and that way redirect to the login page instead?
I don’t think that it is a problem with the settings since their value are the default ones.
