Hi John,
Thanks for pointing this out - in my original message I was about to write "...and
check that your client doesn't have Force Authentication turned on", but recalled
that this is for brokered SAML IdPs only :)
Dmitry
On Mon, 2018-12-17 at 08:32 -0500, John Dennis wrote:
On 12/16/18 10:12 PM, Dmitry Telegin wrote:
> Hello Mahendra,
>
> This should work out of the box - after all, that's what SSO is about. Are you
sure that both OIDC and SAML clients are in the same Keycloak realm?
And make sure you don't have ForceAuthn set to true in the request. As a
reminder this is the definition of ForceAuthn: "A Boolean value. If
"true", the identity provider MUST authenticate the presenter directly
rather than rely on a previous security context."
> Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
> +42 (022) 888-30-71
> E-mail: info(a)acutus.pro
>
>
> On Fri, 2018-12-14 at 16:04 +0000, Satrasala, Mahendra wrote:
> > I can SSO across different JWT clients but if I try to access a SAML client, I
am redirected to the login page even if I have an active session for the user in keycloak
after an OIDC authentication.
> >
> >
> > Is it possible to automatically authenticate the user for the SAML client?
Simply put, I am trying to get a SAML assertion on behalf of the user after OIDC
authentication.
> >
> >
> > Thanks in advance!!
> >
> >
> >
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user(a)lists.jboss.org
> >
https://lists.jboss.org/mailman/listinfo/keycloak-user
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>