[keycloak-user] RV: How to force login (¿best practice?)

[Pablo Bravo]

Hi all,

We are currently implementing keycloak and we are facing an issue that we are not sure what's the best way to solve it.

We have different webapps making use of the sso and that's working fine. The problem we have is when we make log in using the sso in one webapp and then we do the same in a different webapp.

Initially this second webapp does not know which user is coming (and it's not necessary to be logged in to make use of it). When clicking on "login", it automatically logs in the user (by making a redirection to keycloak and automatically logging the already logged user in the other webapp). This second logging happens "transparently" to the user, since the redirection to keycloak is very fast and it's not noticeable. This behaviour is not very user friendly.

The question is: Taking into account that this second webapp can't know upfront which user is accessing the site (unless actively redirecting to keycloak), is it possible to force always the users to log in for a specific keycloak client? By this I mean actually ask the visitor for user/pw even if keycloak knows already them from other keycloak clients.

What's the best practice for this use case?

Thanks in advance!

Pablo