[keycloak-user] Detect existing IdP session

Peter K. Boucher pkboucher801 at gmail.com
Fri Sep 15 10:18:43 EDT 2017


You could write intelligence into the login page that looks at things like
existing sessions and who the referrer was, and decides to silently act as
if the user clicked on the corresponding brokered idp button on the login
page, and do this without displaying anything on the page.

This way, the login page will only actually display if it can't figure out
to which brokered IDP to send the user. 

-----Original Message-----
From: keycloak-user-bounces at lists.jboss.org
[mailto:keycloak-user-bounces at lists.jboss.org] On Behalf Of Stian Thorgersen
Sent: Wednesday, August 30, 2017 2:35 AM
To: Adam Keily <adam.keily at adelaide.edu.au>
Cc: keycloak-user at lists.jboss.org
Subject: Re: [keycloak-user] Detect existing IdP session

We don't support this at the moment, but could possibly be added at least
for OIDC. OIDC has prompt=none which allows checking if a user is
authenticated without displaying login form if they are not. Would need to
be a community contribution though if you expect it to be added anytime
soon.

On 30 August 2017 at 03:17, Adam Keily <adam.keily at adelaide.edu.au> wrote:

> Hi,
>
> Forgive me if this is a dumb question. I'm just wondering if it's possible
> for keycloak to detect that a user has already authenticated to a
> configured IDP before being presented the the login page. E.g.
>
> We have multiple IDP's configured in Keycloak. Facebook, Google, corporate
> ADFS. If they have an existing session, can that be detected e.g.
>
>
>   1.  User is already authenticated to ADFS
>   2.  They attempt to access a KC protected application.
>   3.  Instead of having to click the IDP link on the KC login screen to be
> redirected to ADFS and back again, they are instead just authenticated
> using their existing ADFS session.
>
> I know about kc_idp_hint and default IdP but this is more a case where a
> user might be already authenticated to one of multiple IDP's. Something
> like "Detected ADFS session. Continue as ADFS userA?". I guess if you've
> authed to more than one IDP it could be a problem.
>
> Thanks
> Adam
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user



More information about the keycloak-user mailing list