Hi all,
We are currently implementing keycloak and we are facing an issue that we are not sure
what's the best way to solve it.
We have different webapps making use of the sso and that's working fine. The problem
we have is when we make log in using the sso in one webapp and then we do the same in a
different webapp.
Initially this second webapp does not know which user is coming (and it's not
necessary to be logged in to make use of it). When clicking on "login", it
automatically logs in the user (by making a redirection to keycloak and automatically
logging the already logged user in the other webapp). This second logging happens
"transparently" to the user, since the redirection to keycloak is very fast and
it's not noticeable. This behaviour is not very user friendly.
The question is: Taking into account that this second webapp can't know upfront which
user is accessing the site (unless actively redirecting to keycloak), is it possible to
force always the users to log in for a specific keycloak client? By this I mean actually
ask the visitor for user/pw even if keycloak knows already them from other keycloak
clients.
What's the best practice for this use case?
Thanks in advance!
Pablo