[keycloak-user] Idp and authenticate by default
Marek Posolda
mposolda at redhat.com
Tue Jun 21 01:52:26 EDT 2016
Yes, It might be a bug.
It seems that when you click to second tab with application and you are
already authenticated, keycloak should automatically authenticate you
through SSO cookie. However it looks that keycloak is instead
redirecting to Identity provider (even if user is already authenticated).
It seems that "authenticateByDefault" logic for redirecting to
identityProvider is implemented in
AuthorizationEndpointBase.handleBrowserAuthenticationRequest , which is
always triggered earlier than authentication flows (which checks SSO
cookie). It looks that "authenticateByDefault" should be rather moved to
UsernamePasswordAuthenticator and done before the username-password form
is going to be shown.
So feel free to create JIRA.
Marek
On 20/06/16 17:41, Sjef Hoeks wrote:
>
> Hi,
>
> I setup Keycloak for using an Identity Provider. Everything works
> fine, i.e. when I open my application, I see the Keycloak login
> screen, choose the Identity Provider (e.g. GitHub), login and I can
> use my application. When I open the application again in a new tab,
> I’m already logged in and I can use the application without logging in
> again.
>
> But I always want to use the Identity Provider, so I check
> Authenticate by Default in the settings tab of the Identity Provider.
> Everything seems to work fine, but when I open the application in a
> second tab, the first tab is reauthenticating. And then the second tab
> is reauthenticating. And so on.
>
> I tried this with my own implemented Identity Provider and with
> GitHub. I expected that the only difference is that I don’t have to
> choose the Identity Provider. According to the docs only step 3 and 4
> from the base flow are skipped (show list of identity providers and
> select identity provider). But the behaviour is very different.
>
> Is this expected behaviour or a bug?
>
> Kind regards,
>
> Sjef
>
> *Sjef Hoeks
> *Technisch Architect
>
> *Gouw Informatie Technologie bv
> *Hogeweg 5, 5301 LB Zaltbommel
> Postbus 98, 5300 AB Zaltbommel
> T 0418 511 522
> M
> E s.hoeks at gouwit.nl
> I www.gouwit.nl
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160621/3584f87d/attachment-0001.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 69071 bytes
Desc: not available
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20160621/3584f87d/attachment-0001.jpe
More information about the keycloak-user
mailing list