[keycloak-user] Idp and authenticate by default

Marek Posolda mposolda at redhat.com
Tue Jun 21 01:52:26 EDT 2016


Yes, It might be a bug.

It seems that when you click to second tab with application and you are 
already authenticated, keycloak should automatically authenticate you 
through SSO cookie. However it looks that keycloak is instead 
redirecting to Identity provider (even if user is already authenticated).

It seems that "authenticateByDefault" logic for redirecting to 
identityProvider is implemented in 
AuthorizationEndpointBase.handleBrowserAuthenticationRequest , which is 
always triggered earlier than authentication flows (which checks SSO 
cookie). It looks that "authenticateByDefault" should be rather moved to 
UsernamePasswordAuthenticator and done before the username-password form 
is going to be shown.

So feel free to create JIRA.
Marek

On 20/06/16 17:41, Sjef Hoeks wrote:
>
> Hi,
>
> I setup Keycloak for using an Identity Provider. Everything works 
> fine, i.e. when I open my application, I see the Keycloak login 
> screen, choose the Identity Provider (e.g. GitHub), login and I can 
> use my application. When I open the application again in a new tab, 
> I’m already logged in and I can use the application without logging in 
> again.
>
> But I always want to use the Identity Provider, so I check 
> Authenticate by Default in the settings tab of the Identity Provider. 
> Everything seems to work fine, but when I open the application in a 
> second tab, the first tab is reauthenticating. And then the second tab 
> is reauthenticating. And so on.
>
> I tried this with my own implemented Identity Provider and with 
> GitHub. I expected that the only difference is that I don’t have to 
> choose the Identity Provider. According to the docs only step 3 and 4 
> from the base flow are skipped (show list of identity providers and 
> select identity provider). But the behaviour is very different.
>
> Is this expected behaviour or a bug?
>
> Kind regards,
>
> Sjef
>
> *Sjef Hoeks
> *Technisch Architect
>
> *Gouw Informatie Technologie bv
> *Hogeweg 5, 5301 LB Zaltbommel
> Postbus 98, 5300 AB Zaltbommel
> T 0418 511 522
> M
> E s.hoeks at gouwit.nl
> I www.gouwit.nl
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160621/3584f87d/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 69071 bytes
Desc: not available
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20160621/3584f87d/attachment-0001.jpe 


More information about the keycloak-user mailing list