Yes, It might be a bug.
It seems that when you click to second tab with application and you are
already authenticated, keycloak should automatically authenticate you
through SSO cookie. However it looks that keycloak is instead
redirecting to Identity provider (even if user is already authenticated).
It seems that "authenticateByDefault" logic for redirecting to
identityProvider is implemented in
AuthorizationEndpointBase.handleBrowserAuthenticationRequest , which is
always triggered earlier than authentication flows (which checks SSO
cookie). It looks that "authenticateByDefault" should be rather moved to
UsernamePasswordAuthenticator and done before the username-password form
is going to be shown.
So feel free to create JIRA.
On 20/06/16 17:41, Sjef Hoeks wrote:
I setup Keycloak for using an Identity Provider. Everything works
fine, i.e. when I open my application, I see the Keycloak login
screen, choose the Identity Provider (e.g. GitHub), login and I can
use my application. When I open the application again in a new tab,
I’m already logged in and I can use the application without logging in
But I always want to use the Identity Provider, so I check
Authenticate by Default in the settings tab of the Identity Provider.
Everything seems to work fine, but when I open the application in a
second tab, the first tab is reauthenticating. And then the second tab
is reauthenticating. And so on.
I tried this with my own implemented Identity Provider and with
GitHub. I expected that the only difference is that I don’t have to
choose the Identity Provider. According to the docs only step 3 and 4
from the base flow are skipped (show list of identity providers and
select identity provider). But the behaviour is very different.
Is this expected behaviour or a bug?
*Gouw Informatie Technologie bv
*Hogeweg 5, 5301 LB Zaltbommel
Postbus 98, 5300 AB Zaltbommel
T 0418 511 522
keycloak-user mailing list