fix: handle azure incomplete logged out sessions

Author: NithinKuruba

docker/keycloak/extensions-26/services/src/main/java/com/github/bcgov/keycloak/authenticators/CookieStopAuthenticator.java

@@ -71,14 +71,29 @@ public void authenticate(AuthenticationFlowContext context) {
     AuthenticatedClientSessionModel clientSessionModel = authResult.getSession()
         .getAuthenticatedClientSessionByClient(clientUUID);
 
-    // 4. If no Cookie session with the authenticating client, proceed to login
+    // 4. If the authenticating user has a session with other client in the same
+    // realm then remove it
+    if (authResult != null) {
+      if (authResult.getSession() != null) {
+        authResult.getSession().getAuthenticatedClientSessions().forEach((k, v) -> {
+          if (!k.equals(clientUUID)) {
+            UserSessionProvider userSessionProvider = context.getSession().sessions();
+            userSessionProvider.removeUserSession(context.getRealm(), authResult.getSession());
+          }
+        });
+        context.attempted();
+        return;
+      }
+    }
+
+    // 5. If no Cookie session with the authenticating client, proceed to login
     // process
     if (clientSessionModel == null) {
       context.attempted();
       return;
     }
 
-    // 5. Otherwise, attach the exisiting session to the user
+    // 6. Otherwise, attach the exisiting session to the user
     context.getAuthenticationSession().setAuthNote(AuthenticationManager.SSO_AUTH, "true");
     context.setUser(authResult.getUser());
     context.attachUserSession(authResult.getSession());

localdev/macs/Dockerfile

@@ -4,7 +4,7 @@ COPY ./docker/keycloak/extensions-26 /tmp/
 WORKDIR /tmp/
 RUN mvn -B clean package --file pom.xml -Dmaven.test.skip=true
 
-FROM registry.redhat.io/rhbk/keycloak-rhel9:26.0-3 AS builder
+FROM registry.redhat.io/rhbk/keycloak-rhel9:26.2-4 AS builder
 
 # Enable health and metrics support
 ENV KC_HEALTH_ENABLED=true