8000 Make the checkbox "Sign out from other devices" unchecked by default by rmartinc · Pull Request #40234 · keycloak/keycloak · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Make the checkbox "Sign out from other devices" unchecked by default #40234

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Jun 4, 2025
Merged

Make the checkbox "Sign out from other devices" unchecked by default #40234

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 5 additions & 3 deletions docs/documentation/upgrading/topics/changes/changes-26_3_0.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -100,11 +100,13 @@ Consider one of the following cases and recommended migration steps:
* With the feature `persistent-user-session` feature enabled, the remote store configuration is ignored and {project_name} will print a warning.
====

=== Signing out from other devices will log out offline sessions
=== Signing out from other devices now disabled by default

Previously, when a user updated their credentials, like changing their password or adding another factor like an OTP or Passkey, they had a checkbox *Sign out from other devices* which was checked by default. Since this release, {project_name} displays the checkbox *Sign out from other devices* not checked by default. This checkbox should now be intentionally enabled by the user to logout all the other related sessions associated to the same user.

When a user updates their credentials, like changing their password or adding another factor like an OTP or Passkey, they have a checkbox *Sign out from other devices* which is checked by default.
=== Signing out from other devices will log out offline sessions

In previous versions, this logged out only regular sessions.
Related to the previous point, in previous versions, the *Sign out from other devices* checkbox logged out only regular sessions.
Starting with this release, it logs out also offline sessions as this is what users would expect to happen given the current screen design.

To revert to the old behavior, enable the deprecated feature `logout-all-sessions:v1`.
Expand Down
4 changes: 2 additions & 2 deletions ...ase/src/test/java/org/keycloak/testsuite/actions/AppInitiatedActionResetPasswordTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -421,7 +421,7 @@ public void checkLogoutSessions() {
doAIA();

changePasswordPage.assertCurrent();
assertTrue("Logout sessions is checked by default", changePasswordPage.isLogoutSessionsChecked());
changePasswordPage.checkLogoutSessions();
changePasswordPage.changePassword("All Right Then, Keep Your Secrets", "All Right Then, Keep Your Secrets");
events.expectLogout(event2.getSessionId()).detail(Details.LOGOUT_TRIGGERED_BY_REQUIRED_ACTION, UserModel.RequiredAction.UPDATE_PASSWORD.name()).assertEvent();
events.expectRequiredAction(EventType.UPDATE_PASSWORD).assertEvent();
Expand Down Expand Up @@ -450,7 +450,7 @@ public void uncheckLogoutSessions() {
doAIA();

changePasswordPage.assertCurrent();
changePasswordPage.uncheckLogoutSessions();
assertFalse("Logout other sessions was ticked", changePasswordPage.isLogoutSessionsChecked());
changePasswordPage.changePassword("All Right Then, Keep Your Secrets", "All Right Then, Keep Your Secrets");
events.expectRequiredAction(EventType.UPDATE_PASSWORD).assertEvent();
events.expectRequiredAction(EventType.UPDATE_CREDENTIAL).detail(Details.CREDENTIAL_TYPE, PasswordCredentialModel.TYPE).assertEvent();
Expand Down
6 changes: 3 additions & 3 deletions ...ts/base/src/test/java/org/keycloak/testsuite/actions/RequiredActionResetPasswordTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -164,9 +164,9 @@ private void resetPassword(boolean logoutOtherSessions) {
loginPage.login("test-user@localhost", "password");
changePasswordPage.assertCurrent();
assertTrue(changePasswordPage.isLogoutSessionDisplayed());
assertTrue(changePasswordPage.isLogoutSessionsChecked());
if (!logoutOtherSessions) {
changePasswordPage.uncheckLogoutSessions();
assertFalse(changePasswordPage.isLogoutSessionsChecked());
if (logoutOtherSessions) {
changePasswordPage.checkLogoutSessions();
}
changePasswordPage.changePassword("All Right Then, Keep Your Secrets", "All Right Then, Keep Your Secrets");

Expand Down
4 changes: 2 additions & 2 deletions .../tests/base/src/test/java/org/keycloak/testsuite/actions/RequiredActionTotpSetupTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -707,8 +707,8 @@ private void testTotpLogoutOtherSessions(boolean logoutOtherSessions) {
loginPage.open();
loginPage.login("test-user@localhost", "password");
totpPage.assertCurrent();
if (!logoutOtherSessions) {
totpPage.uncheckLogoutSessions();
if (logoutOtherSessions) {
totpPage.checkLogoutSessions();
}
Assert.assertEquals(logoutOtherSessions, totpPage.isLogoutSessionsChecked());
totpPage.configure(totp.generateTOTP(totpPage.getTotpSecret()));
Expand Down
4 changes: 2 additions & 2 deletions ...ests/base/src/test/java/org/keycloak/testsuite/actions/RequiredActionUpdateEmailTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,8 +43,8 @@ protected void changeEmailUsingRequiredAction(String newEmail, boolean logoutOth

loginPage.login("test-user@localhost", "password");
updateEmailPage.assertCurrent();
if (!logoutOtherSessions) {
updateEmailPage.uncheckLogoutSessions();
if (logoutOtherSessions) {
updateEmailPage.checkLogoutSessions();
}
Assert.assertEquals(logoutOtherSessions, updateEmailPage.isLogoutSessionsChecked());

Expand Down
4 changes: 2 additions & 2 deletions ...ava/org/keycloak/testsuite/actions/RequiredActionUpdateEmailTestWithVerificationTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -78,8 +78,8 @@ protected void changeEmailUsingRequiredAction(String newEmail, boolean logoutOth
loginPage.login("test-user@localhost", "password");

updateEmailPage.assertCurrent();
if (!logoutOtherSessions) {
updateEmailPage.uncheckLogoutSessions();
if (logoutOtherSessions) {
updateEmailPage.checkLogoutSessions();
}
Assert.assertEquals(logoutOtherSessions, updateEmailPage.isLogoutSessionsChecked());
updateEmailPage.changeEmail(newEmail);
Expand Down
8 changes: 4 additions & 4 deletions ...java/org/keycloak/testsuite/federation/storage/BackwardsCompatibilityUserStorageTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -389,8 +389,8 @@ private String setupOTPForUserWithRequiredAction(String userId, boolean logoutOt
testAppHelper.startLogin("otp1", "pass");

configureTotpRequiredActionPage.assertCurrent();
if (!logoutOtherSessions) {
configureTotpRequiredActionPage.uncheckLogoutSessions();
if (logoutOtherSessions) {
configureTotpRequiredActionPage.checkLogoutSessions();
}
String totpSecret = configureTotpRequiredActionPage.getTotpSecret();
configureTotpRequiredActionPage.configure(totp.generateTOTP(totpSecret));
Expand All @@ -417,8 +417,8 @@ private List<String> setupRecoveryKeysForUserWithRequiredAction(String userId, b
testAppHelper.startLogin("otp1", "pass");

setupRecoveryAuthnCodesPage.assertCurrent();
if (!logoutOtherSessions) {
setupRecoveryAuthnCodesPage.uncheckLogoutSessions();
if (logoutOtherSessions) {
setupRecoveryAuthnCodesPage.checkLogoutSessions();
}
List<String> codes = setupRecoveryAuthnCodesPage.getRecoveryAuthnCodes();
setupRecoveryAuthnCodesPage.clickSaveRecoveryAuthnCodesButton();
Expand Down
4 changes: 2 additions & 2 deletions .../base/src/test/java/org/keycloak/testsuite/forms/RecoveryAuthnCodesAuthenticatorTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -170,8 +170,8 @@ private void testSetupRecoveryAuthnCodesLogoutOtherSessions(boolean logoutOtherS
loginPage.open();
loginPage.login("test-user@localhost", getPassword("test-user@localhost"));
setupRecoveryAuthnCodesPage.assertCurrent();
if (!logoutOtherSessions) {
setupRecoveryAuthnCodesPage.uncheckLogoutSessions();
if (logoutOtherSessions) {
setupRecoveryAuthnCodesPage.checkLogoutSessions();
}
Assert.assertEquals(logoutOtherSessions, setupRecoveryAuthnCodesPage.isLogoutSessionsChecked());
setupRecoveryAuthnCodesPage.clickSaveRecoveryAuthnCodesButton();
Expand Down
4 changes: 3 additions & 1 deletion ...n-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/ResetPasswordTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -248,7 +248,9 @@ private void openResetPasswordUrlAndDoFlow(String resetUri, String expectedClien
updatePasswordPage.assertCurrent();

if(userAuthenticated) {
updatePasswordPage.uncheckLogoutSessions();
assertFalse("Logout other sessions was ticked", updatePasswordPage.isLogoutSessionsChecked());
} else {
updatePasswordPage.checkLogoutSessions();
}

updatePasswordPage.changePassword("resetPassword", "resetPassword");
Expand Down
4 changes: 2 additions & 2 deletions ...ts/base/src/test/java/org/keycloak/testsuite/webauthn/AppInitiatedActionWebAuthnTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -207,8 +207,8 @@ protected void testWebAuthnLogoutOtherSessions(boolean logoutOtherSessions) thro
final int credentialsCount = getCredentialCount.get();

webAuthnRegisterPage.assertCurrent();
if (!logoutOtherSessions) {
webAuthnRegisterPage.uncheckLogoutSessions();
if (logoutOtherSessions) {
webAuthnRegisterPage.checkLogoutSessions();
}
assertThat(webAuthnRegisterPage.isLogoutSessionsChecked(), is(logoutOtherSessions));
webAuthnRegisterPage.clickRegister();
Expand Down
2 changes: 1 addition & 1 deletion themes/src/main/resources/theme/base/login/password-commons.ftl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
<div class="${properties.kcFormOptionsWrapperClass!}">
<div class="checkbox">
<label>
<input type="checkbox" id="logout-sessions" name="logout-sessions" value="on" checked>
<input type="checkbox" id="logout-sessions" name="logout-sessions" value="on">
${msg("logoutOtherSessions")}
</label>
</div>
Expand Down
2 changes: 1 addition & 1 deletion themes/src/main/resources/theme/keycloak.v2/login/password-commons.ftl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
<#macro logoutOtherSessions>
<div id="kc-form-options" class="${properties.kcFormOptionsClass!}">
<div class="${properties.kcFormOptionsWrapperClass!}">
<@field.checkbox name="logout-sessions" label=msg("logoutOtherSessions") value=true />
<@field.checkbox name="logout-sessions" label=msg("logoutOtherSessions") value=false />
</div>
</div>
</#macro>
Loading
0