Keycloak always ask to reauthenticate when using a keycloak identity provider


I have an annoying issue which I can’t solve. I’m running a “Main Keycloak” identity server which works great with a couple of apps. Usually, once I’m signed in with the first app, I just need to click “Login with Keycloak” on any other app and I’m in … the idea of Single-Sign-On.

Currently I’m playing around with OpenTalk, which comes with an own Keycloak container for authentication. Having two user bases is annoying, so I’ve configured my “Main Keycloak” as an identity provider for the “Opentalk Keycloak”.

This basically works well - the “Opentalk Keycloak” shows me the “Log in with Keycloak” button and I can log in via my “Main Keycloak”.

The issue is: If I’m already signed in my Main Keycloak - where I can log in to any apps just with a click on “Log in with Keycloak” - doing the same in the Opentalk login, it always wants my password and OTP again. It says: “To continue please log in again”.


Why is this happening in this specific scenario? And how can I get rid of this, so that I’m immediately logged in (as I’m already authenticated against my Main Keycloak?

Any ideas are highly appreciated!

1 Like

i have same question.

Might be because “Remember me” is not set up. If the token isn’t being refreshed by an app, and the ID token is not persistent, my guess is that the CookieAuthenticator doesn’t know that the user is logged in.