Hi everyone
We observed an unusual behavior. When a user changes their password in Keycloak, the old password can still be used to log in for exactly one hour. After that, the old password stops working.
We are using Samba Active Directory as a user federation via LDAPS, and the password is correctly updated in Samba. Logging in directly to Samba with the old password does not work.
I have already tried clearing all Keycloak caches and even restarting the container, but the old password still works during that one-hour period.
I am not sure whether the issue is caused by Keycloak or Samba, as there are indications pointing to both. I found a post from 2019 describing the same problem, but the answer refers to IBM, and I do not have access to view it.
Has anyone experienced this issue before or has any idea what might be causing it?
Edit: Keycloak Version 26.6.1
Thanks for any advice!