login-required behavior with check-sso AND IdentityProviderRedirector
158 views
Skip to first unread message
Olivier Boudet
Sep 1, 2021, 5:43:39 AM9/1/21
to Keycloak User
Hello,
I post here because I need some advices for a functional need.
I have a realm A.
I have a realm B1 which delegates the authentication to realm A.
I have a realm B2 which delegates the authentication to realm A.
If I log in to realm B1 I obtains a session on realm B1 and also on realm A. If I go to realm B2, I want to be automatically logged in realm B2 thanks to my session opened on realm A.
I have done a POC by modifying the keycloak.js adapter like in this commit : https://github.com/olivierboudet/keycloak/commit/13dab1a4465db5e856aaa9419e7654fc4ac5db7c
It seems to work as I want, because the check-sso iframe redirects correctly to the delegator identity provider and recreate a new session on delegated realm.
To sum up, I want to reproduce with check-sso in iframe the same behavior as login-required mode with an IdentityProviderRedirector configured.
My questions are :
- is it legit to do this ?
- why is it not officially supported, and does it make sense to be ?
- if it makes sense, should it be a new mode "check-sso-with-login" or someting similar ?
Thanks
Regards
David D
Sep 8, 2021, 4:36:38 AM9/8/21
to Keycloak User
Hi everybody,
Or the question would be more accurate in Keycloak-dev ?
I'm also wondering : is it a problem to reproduce the login-required behaviour in check-sso with the doLogin method ?
Or the question would be more accurate in Keycloak-dev ?
Thanks
David D
Oct 13, 2021, 8:26:48 AM10/13/21
to Keycloak User
Hi,
Nobody has ever set a silent check-sso in a multi-realm environment with an external common Keycloak OIDC Idp ?
thanks
Reply all
Reply to author
Forward
0 new messages