[keycloak-user] SSO on non-protected / public urls

Hi All, I'm evaluating keycloak and identifying the possibility to provide SSO services on non protected (public) pages. Assume the following environment: Portal 1 - https://site1.example.com/public - https://site1.example.com/protected Portal 2 - https://site2.example.com/public - https://site2.example.com/protected /protected is the restricted area of the portal, that only logged in users may access /public is the public area where both logged in and anonymous users may navigate I'm trying to achieve the following - User logs in @ https://site1.example.com - SSO session and site1 session are created - User goes to public area of site2, https://site2.example.com/public - User is automatically logged in (site2 session is created) It seems that the above is not possible with OIDC / SAML since the user has to land on a protected page to initiate federation, or perform an action (e.g. click a button). Any other thoughts, feedback? Thanks in advance, Michalis