[keycloak-user] Detect existing IdP session

Adam Keily adam.keily at adelaide.edu.au
Tue Aug 29 21:17:09 EDT 2017


Hi,

Forgive me if this is a dumb question. I'm just wondering if it's possible for keycloak to detect that a user has already authenticated to a configured IDP before being presented the the login page. E.g.

We have multiple IDP's configured in Keycloak. Facebook, Google, corporate ADFS. If they have an existing session, can that be detected e.g.


  1.  User is already authenticated to ADFS
  2.  They attempt to access a KC protected application.
  3.  Instead of having to click the IDP link on the KC login screen to be redirected to ADFS and back again, they are instead just authenticated using their existing ADFS session.

I know about kc_idp_hint and default IdP but this is more a case where a user might be already authenticated to one of multiple IDP's. Something like "Detected ADFS session. Continue as ADFS userA?". I guess if you've authed to more than one IDP it could be a problem.

Thanks
Adam


More information about the keycloak-user mailing list