Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-8043

prompt=none doesn't work with default identity provider

    Details

    • Sprint:
      Keycloak Sprint 15, Keycloak Sprint 19, Keycloak Sprint 20, Keycloak Sprint 21, Keycloak Sprint 22
    • Story Points:
      13
    • Steps to Reproduce:
      Hide

      open http://developers.redhat.com/ login
      open a new tab and go to http://developers.redhat.com/launch/ see that the redirect from keycloak is `http://developers.redhat.com/launch/#error=login_required&state=3a2101ff-8ce9-4787-89a0-7007c87a75a6` then press the login button.
      Now you are logged in without entering a password

      If we change to 'login-required' the init function does figure out that we are already logged in.

      Show
      open http://developers.redhat.com/ login open a new tab and go to http://developers.redhat.com/launch/ see that the redirect from keycloak is ` http://developers.redhat.com/launch/#error=login_required&state=3a2101ff-8ce9-4787-89a0-7007c87a75a6 ` then press the login button. Now you are logged in without entering a password If we change to 'login-required' the init function does figure out that we are already logged in.
    • Docs QE Status:
      NEW
    • QE Status:
      NEW

      Description

      If a realm has a default identity provider configured a regular login will automatically redirect to the default identity provider. With prompt=none there is no automatic redirect, which results in applications not being logged-in even though the user is already logged-in to the default identity provider.

      If the default identity provider is an OIDC provider and it supports prompt=none we can pass prompt=none to the default identity provider and we would get the correct behaviour. Not sure if there is an equivalent function for SAML. Simplest option here would just be to have it as a config option on the default identity provider, but a nicer way would be to somehow detect if the provider supports it or not.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  sguilhen Stefan Guilhen
                  Reporter:
                  edewit Erik Jan de Wit
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  5 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved:

                    Time Tracking

                    Estimated:
                    Original Estimate - 1 week, 2 days
                    1w 2d
                    Remaining:
                    Remaining Estimate - 1 week, 2 days
                    1w 2d
                    Logged:
                    Time Spent - Not Specified
                    Not Specified