[prev in list] [next in list] [prev in thread] [next in thread]
List: keycloak-dev
Subject: [keycloak-dev] KEYCLOAK-7409 Detect existing IdP session
From: jack.coady () cantab ! net (Jack C)
Date: 2018-06-03 18:51:41
Message-ID: ebd68c7b-bde5-bbce-b771-74ef0dac1089 () cantab ! net
[Download RAW message or body]
I have a Keycloak realm that I'm using from my application via OpenID.
Some users are already signed in to one of its' Identity Providers, but
don't have a Keycloak session. I'd like to seamlessly sign them in to
the application without going through a Keycloak login screen.
I think that a '&prompt=none&kc_idp_hint=idp'request from the
application should pass you through to a '&prompt=none' request on the
IdP. I've managed to build some of the code and I'm looking at changing
e.g. AuthorizationEndpointBase
<https://github.com/keycloak/keycloak/blob/f429469fc8b80425ac85b0f0562710c0309a86f8/se \
rvices/src/main/java/org/keycloak/protocol/AuthorizationEndpointBase.java#L117>to \
allow that kind of "passive" redirect but not other challenges. Does this sound like \
a good plan? I've never tried making this kind of change before - any general \
advice? I've seen this \
<https://github.com/keycloak/keycloak/blob/master/misc/HackingOnKeycloak.md> \
document.
My request on JIRA KEYCLOAK-7409
<https://issues.jboss.org/browse/KEYCLOAK-7409>
Someone else's older request
<http://lists.jboss.org/pipermail/keycloak-user/2017-August/011666.html>
mentioning this strategy
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic