Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] No username is displayed on username form only sign button appears, when forced logins(prompt=login) is used #475

Open
1 task done
shankys4u opened this issue Dec 2, 2024 · 2 comments
Open
1 task done

[BUG] No username is displayed on username form only sign button appears, when forced logins(prompt=login) is used #475

shankys4u opened this issue Dec 2, 2024 · 2 comments
Assignees
@sventorben
Labels
bug Something isn't working

Comments

@shankys4u
Copy link

shankys4u commented Dec 2, 2024
edited
Loading

Is there an existing issue for this?

  • I have searched the existing issues

Current Behavior

Hi Sventorben - I must say that this Home Idp extension is an excellent work by you and very much helpful.

I am fairly new to Keycloak. In our use case, we are passing oidc param - 'prompt=login' in the login request url. However, it seems like the protocol forces to perform reauthentication and the home idp displays a username form with sign-in only button, but no username display. This I believe, is due the fact that there is no active SSO session for the user in keycloak or there may context user missing, basically no user session exists. I think, isn't the reauthentication logic in home idp along with protocol check, should also check for user and display/redirects to normal login username form (username and sign-in button) instead and performs the home idp flow.

Expected Behavior

For forced login requests, the reauthentication logic should also check the user context and display a username (indicating valid SSO user session) with username form to begin with, instead of a username with sign-in button for login.

Steps To Reproduce

  1. Configure a public client in keycloak.
  2. Make a login request with (prompt=login). For e.g. - https://localhost:8443/realms/current/protocol/openid-connect/auth?client_id=test-ui&redirect_uri=https%3A%2F%2Flocalhost%3A4200%2F&state=aa094a39-4865-49f2-80d4-28f956c9591f&response_mode=fragment&response_type=code&scope=openid&nonce=d8fa0074-9600-4f46-8af4-06d0f42ba6e6&code_challenge=muG7MNuR1XyMESvDmc89Un6gGUMVANsixUiInWiislI&code_challenge_method=S256&prompt=login
  3. Setup the Home Idp and set as default for Browser flow.
  4. Test the client and redirecting on login. The following username form is displayed -
image

Version

- Keycloak:26.0.0
- This extension: latest 26.0.0

Anything else?

No response
@shankys4u shankys4u added the bug Something isn't working label Dec 2, 2024
@sventorben sventorben self-assigned this Dec 4, 2024
@sventorben
Copy link
Owner

Hey @shankys4u,
would you mind sharing your authentication flow configuration?

@shankys4u
Copy link
Author

Sure, here it is -

image

It's standard browser, I just removed - Kerberos step and replaced Identity Provider Redirect with Home Discovery Provider step.

hdp step configuration -

image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sventorben sventorben

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@shankys4u @sventorben