[keycloak-user] Detect existing IdP session
Stian Thorgersen
sthorger at redhat.com
Wed Aug 30 02:34:55 EDT 2017
We don't support this at the moment, but could possibly be added at least
for OIDC. OIDC has prompt=none which allows checking if a user is
authenticated without displaying login form if they are not. Would need to
be a community contribution though if you expect it to be added anytime
soon.
On 30 August 2017 at 03:17, Adam Keily <adam.keily at adelaide.edu.au> wrote:
> Hi,
>
> Forgive me if this is a dumb question. I'm just wondering if it's possible
> for keycloak to detect that a user has already authenticated to a
> configured IDP before being presented the the login page. E.g.
>
> We have multiple IDP's configured in Keycloak. Facebook, Google, corporate
> ADFS. If they have an existing session, can that be detected e.g.
>
>
> 1. User is already authenticated to ADFS
> 2. They attempt to access a KC protected application.
> 3. Instead of having to click the IDP link on the KC login screen to be
> redirected to ADFS and back again, they are instead just authenticated
> using their existing ADFS session.
>
> I know about kc_idp_hint and default IdP but this is more a case where a
> user might be already authenticated to one of multiple IDP's. Something
> like "Detected ADFS session. Continue as ADFS userA?". I guess if you've
> authed to more than one IDP it could be a problem.
>
> Thanks
> Adam
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
More information about the keycloak-user
mailing list