I'm trying to secure a url : /monitoring with Keycloak using SAML. I've modified my web.xml : <web-app> <!-- Javamelody Access check --> <login-config> <auth-method>KEYCLOAK-SAML</auth-method> <realm-name>this is ignored currently</realm-name> </login-config> <security-role> <role-name>monitoringrole</role-name> </security-role> <security-constraint> <web-resource-collection> <web-resource-name>Monitoring</web-resource-name> <url-pattern>/monitoring</url-pattern> </web-resource-collection> <auth-constraint> <role-name>monitoringrole</role-name> </auth-constraint> </security-constraint> <listener> <listener-class> org.springframework.web.context.request.RequestContextListener </listener-class> </listener></web-app> I've also modified my tomcat7's context.xml file with the correct Valve and added the keycloak-saml.xml in /WEB-INF. I'm correctly redirected to the IdP, but even after successfully logging in, I keep getting this message : *You are already logged in* I guess I'm redirecting to the same url I'm securing, but shouldn't keycloak grant me access to the page ? [image: Capture.PNG] ​ Here is my configuration on the keycloak server : ​ [image: 7252z.png] ​ Am I missing something on the configuration side ? Thank you.