<html>
  <head>
    <meta content="text/html; charset=windows-1252"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <div class="moz-cite-prefix">Yes, It might be a bug. <br>
      <br>
      It seems that when you click to second tab with application and
      you are already authenticated, keycloak should automatically
      authenticate you through SSO cookie. However it looks that
      keycloak is instead redirecting to Identity provider (even if user
      is already authenticated). <br>
      <br>
      It seems that "authenticateByDefault" logic for redirecting to
      identityProvider is implemented in AuthorizationEndpointBase.<span
        style="background-color:#e4e4ff;">handleBrowserAuthenticationRequest
        , which is always triggered earlier than authentication flows
        (which checks SSO cookie). It looks that "authenticateByDefault"
        should be rather moved to UsernamePasswordAuthenticator and done
        before the username-password form is going to be shown. <br>
        <br>
        So feel free to create JIRA.<br>
        Marek</span>
      <meta http-equiv="content-type" content="text/html;
        charset=windows-1252">
      <br>
      <br>
      On 20/06/16 17:41, Sjef Hoeks wrote:<br>
    </div>
    <blockquote
      cite="mid:0e7f5ee31f0146e19c34e7c9316392d7@za-vm-185.gouwit.local"
      type="cite">
      <meta http-equiv="Content-Type" content="text/html;
        charset=windows-1252">
      <meta name="Generator" content="Microsoft Word 15 (filtered
        medium)">
      <style><!--
/* Font Definitions */
@font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
        {font-family:Verdana;
        panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0cm;
        margin-bottom:.0001pt;
        font-size:11.0pt;
        font-family:"Calibri",sans-serif;
        mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:#0563C1;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:#954F72;
        text-decoration:underline;}
span.E-mailStijl17
        {mso-style-type:personal-compose;
        font-family:"Verdana",sans-serif;
        color:windowtext;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-family:"Calibri",sans-serif;
        mso-fareast-language:EN-US;}
@page WordSection1
        {size:612.0pt 792.0pt;
        margin:70.85pt 70.85pt 70.85pt 70.85pt;}
div.WordSection1
        {page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
      <div class="WordSection1">
        <p class="MsoNormal"><span
            style="font-size:10.0pt;font-family:&quot;Verdana&quot;,sans-serif">Hi,<o:p></o:p></span></p>
        <p class="MsoNormal"><span
            style="font-size:10.0pt;font-family:&quot;Verdana&quot;,sans-serif"><o:p> </o:p></span></p>
        <p class="MsoNormal"><span
            style="font-size:10.0pt;font-family:&quot;Verdana&quot;,sans-serif">I
            setup Keycloak for using an Identity Provider. Everything
            works fine, i.e. when I open my application, I see the
            Keycloak login screen, choose the Identity Provider (e.g.
            GitHub), login and I can use my application. When I open the
            application again in a new tab, I’m already logged in and I
            can use the application without logging in again.<o:p></o:p></span></p>
        <p class="MsoNormal"><span
            style="font-size:10.0pt;font-family:&quot;Verdana&quot;,sans-serif"><o:p> </o:p></span></p>
        <p class="MsoNormal"><span
            style="font-size:10.0pt;font-family:&quot;Verdana&quot;,sans-serif">But
            I always want to use the Identity Provider, so I check
            Authenticate by Default in the settings tab of the Identity
            Provider. Everything seems to work fine, but when I open the
            application in a second tab, the first tab is
            reauthenticating. And then the second tab is
            reauthenticating. And so on.<o:p></o:p></span></p>
        <p class="MsoNormal"><span
            style="font-size:10.0pt;font-family:&quot;Verdana&quot;,sans-serif"><o:p> </o:p></span></p>
        <p class="MsoNormal"><span
            style="font-size:10.0pt;font-family:&quot;Verdana&quot;,sans-serif">I
            tried this with my own implemented Identity Provider and
            with GitHub. I expected that the only difference is that I
            don’t have to choose the Identity Provider. According to the
            docs only step 3 and 4 from the base flow are skipped (show
            list of identity providers and select identity provider).
            But the behaviour is very different.
            <o:p></o:p></span></p>
        <p class="MsoNormal"><span
            style="font-size:10.0pt;font-family:&quot;Verdana&quot;,sans-serif"><o:p> </o:p></span></p>
        <p class="MsoNormal"><span
            style="font-size:10.0pt;font-family:&quot;Verdana&quot;,sans-serif">Is
            this expected behaviour or a bug?<o:p></o:p></span></p>
        <p class="MsoNormal"><span
            style="font-size:10.0pt;font-family:&quot;Verdana&quot;,sans-serif"><o:p> </o:p></span></p>
        <p class="MsoNormal"><span style="mso-fareast-language:NL"><o:p> </o:p></span></p>
        <p class="MsoNormal"><span style="mso-fareast-language:NL">Kind
            regards,<o:p></o:p></span></p>
        <p class="MsoNormal">Sjef<o:p></o:p></p>
      </div>
      <p id="c1-id-6" style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"><span
          id="c1-id-7" style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana"></span> </p>
      <p id="c1-id-8" style="FONT-SIZE: 10pt; FONT-FAMILY: Arial; COLOR:
        #00b7dd"><strong id="c1-id-9"><span id="c1-id-10"
            style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana">Sjef Hoeks<br
              id="c1-id-11">
          </span></strong><span id="c1-id-12" style="FONT-SIZE: 9pt;
          FONT-FAMILY: Verdana"><span id="c1-id-13" style="FONT-SIZE:
            9pt">Technisch Architect</span> </span></p>
      <p id="c1-id-14" style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"><img
          id="c1-id-15" alt=""
          src="cid:part1.09040508.02050202@redhat.com" height="42"
          width="126"></p>
      <p id="c1-id-16" style="FONT-SIZE: 10pt; FONT-FAMILY: Arial;
        COLOR: #00b7dd; LINE-HEIGHT: 16px">
        <strong id="c1-id-17"><span id="c1-id-18" style="FONT-SIZE:
            12pt; FONT-FAMILY: Verdana"><span id="c1-id-19"
              style="COLOR: #717171"><span id="c1-id-20"
                style="FONT-SIZE: 9pt">Gouw Informatie Technologie bv</span><br
                id="c1-id-21">
            </span></span></strong><span id="c1-id-22" style="FONT-SIZE:
          9pt; FONT-FAMILY: Verdana"><span id="c1-id-23" style="COLOR:
            #717171">Hogeweg 5, 5301 LB Zaltbommel<br id="c1-id-24">
            Postbus 98, 5300 AB Zaltbommel<br id="c1-id-25">
            T 0418 511 522<br id="c1-id-26">
            M <br id="c1-id-27">
            E <a class="moz-txt-link-abbreviated" href="mailto:s.hoeks@gouwit.nl">s.hoeks@gouwit.nl</a><br id="c1-id-28">
            I <a class="moz-txt-link-abbreviated" href="http://www.gouwit.nl">www.gouwit.nl</a></span></span></p>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
keycloak-user mailing list
<a class="moz-txt-link-abbreviated" href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a>
<a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/keycloak-user">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>
    </blockquote>
    <br>
  </body>
</html>