[keycloak-user] RV: How to force login (¿best practice?)

Luis Rodríguez Fernández uo67113 at gmail.com
Tue Oct 30 05:13:37 EDT 2018


Hello Pablo,

If you are using a saml adapter you can set forceAuthentication="true" in
your Service Provider configuration [1]:

"SAML clients can request that a user is re-authenticated even if they are
already logged in at the IdP."

Hope it helps,

Luis

[1] https://www.keycloak.org/docs/latest/securing_apps/index.html#saml-2







El lun., 29 oct. 2018 a las 16:07, Pablo Bravo (<Pablo.Bravo at osudio.com>)
escribió:

> Hi all,
>
> We are currently implementing keycloak and we are facing an issue that we
> are not sure what's the best way to solve it.
>
> We have different webapps making use of the sso and that's working fine.
> The problem we have is when we make log in using the sso in one webapp and
> then we do the same in a different webapp.
>
> Initially this second webapp does not know which user is coming (and it's
> not necessary to be logged in to make use of it). When clicking on "login",
> it automatically logs in the user (by making a redirection to keycloak and
> automatically logging the already logged user in the other webapp). This
> second logging happens "transparently" to the user, since the redirection
> to keycloak is very fast and it's not noticeable. This behaviour is not
> very user friendly.
>
> The question is: Taking into account that this second webapp can't know
> upfront which user is accessing the site (unless actively redirecting to
> keycloak), is it possible to force always the users to log in for a
> specific keycloak client? By this I mean actually ask the visitor for
> user/pw even if keycloak knows already them from other keycloak clients.
>
> What's the best practice for this use case?
>
> Thanks in advance!
>
> Pablo
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>


-- 

"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."

- Samuel Beckett


More information about the keycloak-user mailing list