<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">Yes, It might be a bug. <br>
<br>
It seems that when you click to second tab with application and
you are already authenticated, keycloak should automatically
authenticate you through SSO cookie. However it looks that
keycloak is instead redirecting to Identity provider (even if user
is already authenticated). <br>
<br>
It seems that "authenticateByDefault" logic for redirecting to
identityProvider is implemented in AuthorizationEndpointBase.<span
style="background-color:#e4e4ff;">handleBrowserAuthenticationRequest
, which is always triggered earlier than authentication flows
(which checks SSO cookie). It looks that "authenticateByDefault"
should be rather moved to UsernamePasswordAuthenticator and done
before the username-password form is going to be shown. <br>
<br>
So feel free to create JIRA.<br>
Marek</span>
<meta http-equiv="content-type" content="text/html;
charset=windows-1252">
<br>
<br>
On 20/06/16 17:41, Sjef Hoeks wrote:<br>
</div>
<blockquote
cite="mid:0e7f5ee31f0146e19c34e7c9316392d7@za-vm-185.gouwit.local"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Verdana;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
span.E-mailStijl17
{mso-style-type:personal-compose;
font-family:"Verdana",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 70.85pt 70.85pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Verdana",sans-serif">Hi,<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Verdana",sans-serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Verdana",sans-serif">I
setup Keycloak for using an Identity Provider. Everything
works fine, i.e. when I open my application, I see the
Keycloak login screen, choose the Identity Provider (e.g.
GitHub), login and I can use my application. When I open the
application again in a new tab, I’m already logged in and I
can use the application without logging in again.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Verdana",sans-serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Verdana",sans-serif">But
I always want to use the Identity Provider, so I check
Authenticate by Default in the settings tab of the Identity
Provider. Everything seems to work fine, but when I open the
application in a second tab, the first tab is
reauthenticating. And then the second tab is
reauthenticating. And so on.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Verdana",sans-serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Verdana",sans-serif">I
tried this with my own implemented Identity Provider and
with GitHub. I expected that the only difference is that I
don’t have to choose the Identity Provider. According to the
docs only step 3 and 4 from the base flow are skipped (show
list of identity providers and select identity provider).
But the behaviour is very different.
<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Verdana",sans-serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Verdana",sans-serif">Is
this expected behaviour or a bug?<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Verdana",sans-serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:NL"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:NL">Kind
regards,<o:p></o:p></span></p>
<p class="MsoNormal">Sjef<o:p></o:p></p>
</div>
<p id="c1-id-6" style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"><span
id="c1-id-7" style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana"></span> </p>
<p id="c1-id-8" style="FONT-SIZE: 10pt; FONT-FAMILY: Arial; COLOR:
#00b7dd"><strong id="c1-id-9"><span id="c1-id-10"
style="FONT-SIZE: 9pt; FONT-FAMILY: Verdana">Sjef Hoeks<br
id="c1-id-11">
</span></strong><span id="c1-id-12" style="FONT-SIZE: 9pt;
FONT-FAMILY: Verdana"><span id="c1-id-13" style="FONT-SIZE:
9pt">Technisch Architect</span> </span></p>
<p id="c1-id-14" style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"><img
id="c1-id-15" alt=""
src="cid:part1.09040508.02050202@redhat.com" height="42"
width="126"></p>
<p id="c1-id-16" style="FONT-SIZE: 10pt; FONT-FAMILY: Arial;
COLOR: #00b7dd; LINE-HEIGHT: 16px">
<strong id="c1-id-17"><span id="c1-id-18" style="FONT-SIZE:
12pt; FONT-FAMILY: Verdana"><span id="c1-id-19"
style="COLOR: #717171"><span id="c1-id-20"
style="FONT-SIZE: 9pt">Gouw Informatie Technologie bv</span><br
id="c1-id-21">
</span></span></strong><span id="c1-id-22" style="FONT-SIZE:
9pt; FONT-FAMILY: Verdana"><span id="c1-id-23" style="COLOR:
#717171">Hogeweg 5, 5301 LB Zaltbommel<br id="c1-id-24">
Postbus 98, 5300 AB Zaltbommel<br id="c1-id-25">
T 0418 511 522<br id="c1-id-26">
M <br id="c1-id-27">
E <a class="moz-txt-link-abbreviated" href="mailto:s.hoeks@gouwit.nl">s.hoeks@gouwit.nl</a><br id="c1-id-28">
I <a class="moz-txt-link-abbreviated" href="http://www.gouwit.nl">www.gouwit.nl</a></span></span></p>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
keycloak-user mailing list
<a class="moz-txt-link-abbreviated" href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a>
<a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/keycloak-user">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>
</blockquote>
<br>
</body>
</html>