I have a Keycloak realm that I'm using from my application via OpenID.
Some users are already signed in to one of its' Identity Providers, but
don't have a Keycloak session. I'd like to seamlessly sign them in to
the application without going through a Keycloak login screen.
I think that a '&prompt=none&kc_idp_hint=idp'request from the
application should pass you through to a '&prompt=none' request on the
IdP. I've managed to build some of the code and I'm looking at changing
e.g. AuthorizationEndpointBase
<
https://github.com/keycloak/keycloak/blob/f429469fc8b80425ac85b0f0562710c...
allow that kind of "passive" redirect but not other challenges. Does
this sound like a good plan? I've never tried making this kind of change
before - any general advice? I've seen this
<
https://github.com/keycloak/keycloak/blob/master/misc/HackingOnKeycloak.m...
document.
My request on JIRA KEYCLOAK-7409
<
https://issues.jboss.org/browse/KEYCLOAK-7409>
Someone else's older request
<
http://lists.jboss.org/pipermail/keycloak-user/2017-August/011666.html>
mentioning this strategy