[keycloak-dev] KEYCLOAK-7409 Detect existing IdP session
Jack C
jack.coady at cantab.net
Sun Jun 3 14:51:41 EDT 2018
I have a Keycloak realm that I'm using from my application via OpenID.
Some users are already signed in to one of its' Identity Providers, but
don't have a Keycloak session. I'd like to seamlessly sign them in to
the application without going through a Keycloak login screen.
I think that a '&prompt=none&kc_idp_hint=idp'request from the
application should pass you through to a '&prompt=none' request on the
IdP. I've managed to build some of the code and I'm looking at changing
e.g. AuthorizationEndpointBase
<https://github.com/keycloak/keycloak/blob/f429469fc8b80425ac85b0f0562710c0309a86f8/services/src/main/java/org/keycloak/protocol/AuthorizationEndpointBase.java#L117>to
allow that kind of "passive" redirect but not other challenges. Does
this sound like a good plan? I've never tried making this kind of change
before - any general advice? I've seen this
<https://github.com/keycloak/keycloak/blob/master/misc/HackingOnKeycloak.md>
document.
My request on JIRA KEYCLOAK-7409
<https://issues.jboss.org/browse/KEYCLOAK-7409>
Someone else's older request
<http://lists.jboss.org/pipermail/keycloak-user/2017-August/011666.html>
mentioning this strategy
More information about the keycloak-dev
mailing list