Yes, It might be a bug.

It seems that when you click to second tab with application and you are already authenticated, keycloak should automatically authenticate you through SSO cookie. However it looks that keycloak is instead redirecting to Identity provider (even if user is already authenticated).

It seems that "authenticateByDefault" logic for redirecting to identityProvider is implemented in AuthorizationEndpointBase.handleBrowserAuthenticationRequest , which is always triggered earlier than authentication flows (which checks SSO cookie). It looks that "authenticateByDefault" should be rather moved to UsernamePasswordAuthenticator and done before the username-password form is going to be shown.

So feel free to create JIRA.
Marek

On 20/06/16 17:41, Sjef Hoeks wrote:

Hi,

 

I setup Keycloak for using an Identity Provider. Everything works fine, i.e. when I open my application, I see the Keycloak login screen, choose the Identity Provider (e.g. GitHub), login and I can use my application. When I open the application again in a new tab, I’m already logged in and I can use the application without logging in again.

 

But I always want to use the Identity Provider, so I check Authenticate by Default in the settings tab of the Identity Provider. Everything seems to work fine, but when I open the application in a second tab, the first tab is reauthenticating. And then the second tab is reauthenticating. And so on.

 

I tried this with my own implemented Identity Provider and with GitHub. I expected that the only difference is that I don’t have to choose the Identity Provider. According to the docs only step 3 and 4 from the base flow are skipped (show list of identity providers and select identity provider). But the behaviour is very different.

 

Is this expected behaviour or a bug?

 

 

Kind regards,

Sjef

 

Sjef Hoeks
Technisch Architect 

Gouw Informatie Technologie bv
Hogeweg 5, 5301 LB Zaltbommel
Postbus 98, 5300 AB Zaltbommel
T 0418 511 522
M
E s.hoeks@gouwit.nl
I www.gouwit.nl



_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user