[keycloak-user] Need guidance on auto login feature

Tony Harris Tony.Harris at oneadvanced.com
Mon Apr 8 12:11:35 EDT 2019 

If you add the header X-Requested-With: XMLHttpRequest then Keycloak will switch into beaer-only mode and not direct these XMLHTTPRequests to the login page when your token expires, instead it will return a HTTP 401 response.

You may need to add  autoDetectBearerOnly="true" to your keycloak application config json file too as well.

-----Original Message-----
From: keycloak-user-bounces at lists.jboss.org [mailto:keycloak-user-bounces at lists.jboss.org] On Behalf Of Khyati Kataria
Sent: 08 April 2019 15:13
To: keycloak-user at lists.jboss.org
Subject: [keycloak-user] Need guidance on auto login feature

Hi,

I would like to get some guidance on following scenario.

I have a requirement to skip keycloak login page by setting up header using bearer token. Is this a right approach ? or is there any way I can skip login page and be able to logged in customer service console

Scenario:
1) create bearer token invoking:
POST to http://<server>/auth/realms/test/protocol/openid-connect/token/
with post data:
grant_type=password&client_id=client&username=admin&password=admin1

read the token from response
2) do a get using new XMLHttpRequest() and setting the header xhr.open("GET", "http://<server>/csc/", true); xhr.setRequestHeader('Authorization', 'Bearer ' + token);

after doing this we can see on network traces that it actually bring the subscribed ID page but with this we do only a "static" get, and we see all cookies are set

3) finally from page we do a redirect to http://server/csc so browser really opens the  portal (and not just get the content), but at this stage we get redirected to Keycloak login form

I don't want redirect to login form, I need guidance on this. Is this possible to have auto login ? or anyway we can skip login page  ?



Regards,
Khyati
_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user

________________________________

Please consider the environment: Think before you print!


This message has been scanned for malware by Websense. www.websense.com

More information about the keycloak-user mailing list