[keycloak-user] How to detect if user is already logged in?

[Anthony Fryer]

Hi All,

We're implementing SSO across multiple applications using keycloak.  Some of these applications are traditional java web apps and some are single page javascript apps.   For the java web applications, we're using standard flow and we're using the "Spring Security Adapter" to implement this.

One of the use cases we have to support is, when a user goes to the landing page of a web application, the header should show if the user is already logged in or not.  When a user has logged in from a different application and then navigates to another application using a bookmark, they're accessing a non protected url.  The user wouldn't have an authenticated session with the web application yet, so how can we tell if the user has already logged in from the previous application?  They would already have a session with the keycloak server.

It seems this is possible from single page applications using the keycloak javascript adapter with the "check-sso"  initialization option, but it is not clear how this can be achieved from a traditional web application using the "Spring Security Adapter".  Any suggestions would be appreciated.

Cheers,

Anthony Fryer
The content of this e-mail, including any attachments, is a confidential communication between Virgin Australia Airlines Pty Ltd (Virgin Australia) or its related entities (or the sender if this email is a private communication) and the intended addressee and is for the sole use of that intended addressee. If you are not the intended addressee, any use, interference with, disclosure or copying of this material is unauthorized and prohibited. If you have received this e-mail in error please contact the sender immediately and then delete the message and any attachment(s). There is no warranty that this email is error, virus or defect free. This email is also subject to copyright. No part of it should be reproduced, adapted or communicated without the written consent of the copyright owner. If this is a private communication it does not represent the views of Virgin Australia or its related entities. Please be aware that the contents of any emails sent to or from Virgin Australia or its related entities may be periodically monitored and reviewed. Virgin Australia and its related entities respect your privacy. Our privacy policy can be accessed from our website: www.virginaustralia.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160321/232150fd/attachment.html