I’d like to display a registration button in our application even when a user (user1) is logged in.
Directly calling the registration form seems to be supported according to http://lists.jboss.org/pipermail/keycloak-user/2016-August/007473.html
However, the login after the registration (of user2) fails when user1 was logged in before.
The problem can be reproduced by following these steps:
- Log user1 into the account app
- Open the registration form at https://<host>/auth/realms//protocol/openid-connect/registrations?client_id=account&response_type=code&scope=openid+email&redirect_uri=<url_to_account_app>
- Register user2
- After registration, this message is shown: “We’re sorry… You are already authenticated as different user in this session. Please logout first.” The message contains a link “Back to Application”.
However, user1 is not logged in anymore and the link “Back to Application” leads to the login form.
This situation is not straightforward for a user to resolve: user1 has to log in again, then log out, and only then is user2 able to log in.
The reason appears to be that opening the registration form in step 2 deletes the cookies KEYCLOAK_IDENTITY and KEYCLOAK_SESSION. However, the cookie AUTH_SESSION_ID remains unchanged. To me it seems that opening the registration form should cause a new AUTH_SESSION_ID to be generated (beside KEYCLOAK_IDENTITY and KEYCLOAK_SESSION being cleared). I’d appreciate any thoughts on that!