Hello all,
First off please excuse any wrong terminology in this post.
I’m completely new to SSO and KeyClock. Will be happy to add more details as needed.
I have several open source web apps / CMS configured with SAML and Keycloak. Wordpress and Nextcloud for example to name the 2 most widely known.
At the moment, when a user wants to sign in to Wordpress or Nextcloud, the option is to “direct login” or “login with SSO”.
Clicking on “login with SSO” directs to Keycloak, the user signs in and is directed back to Wordpress as authenticated user.
Next the user may switch to Nextcloud where he is again prompted to “direct login” or "login with SSO.
Clicking “login with SSO” now just shortly redirects to KeyCloak and right back to Nextcloud since the user is already authenticated from the Wordpress login.
This is great, but what I am looking to eliminate is the second login prompt.
The goal would be to “auto login” any user that has already signed in once to any of the web apps connected.
So for example if the user logged in to Wordpress already with SSO, then browsing to Nextcloud would not prompt to click “login with SSO” again.
Same idea for logout. When a user signs out from one web app, he/she should be logged out from all at the same time.
I assume there are several paths to achieve this. Is there a Keycloak side setting that this can be done with?
I don’t have the development skills to change the way the CMS side login works myself, but any ideas and pointers in the right direction would be greatly appreciated.
Thank you!