[keycloak-dev] Automatically login user to application when logged into realm

[Bill Burke]

Did you even read my response?  I completely mapped out the entire flow 
of how it works *now* in our demo and how it could work with a pure 
HTML5 app.  Go play with the demo to understand things better maybe?

You talkd about this before:
 > A company has an internal Keycloak server, they have a single realm 
with multiple internal applications. All applications are hosted on 
different servers. Let's imagine this company is called Red Hat. The 
user, let's call him Stian, first goes to the OrangeHRM to book some 
long overdue holiday. He's not currently logged in to the realm so is is 
shown an anonymous access screen instead with a login link. Stian 
presses login, fills in username and password and successfully logs in 
to the realm. Now Stian wants to go to docspace, again Stian has to 
press the Login link, but doesn't have to provide a username or 
password, but instead is simply redirected back to the application as a 
logged in user. Stian is actually a bit confused about this as he just 
logged in to an application without providing a username or password.



What you describe is not how our demo works nor will it ever work that 
way.  You log in once to the auth server, any app you visit knows who 
you are.  There's no need to click a "login" button when you visit a new 
site.  HTML5 app would work exactly the same way as any of the WARs in 
the Keycloak demo code except all the redirect and cookie processing 
would happen within Javascript within the browser. There's just no need 
for your extra "no-forms" invocation!  The login check is already built 
into the protocol.

http://www.tizag.com/javascriptT/javascriptredirect.php

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com