Hello, folks:
We currently have several web and desktop applications that authenticate users using a username/password form POST with credentials from MS Active Directory, some systems store user authentication in their own databases.
Recently, stakeholders have requested that our systems implement SSO and MFA. During our technical evaluation, we found that KeyCloak appears to be an excellent tool for managing SSO/MFA across multiple heterogeneous systems.
At present, we’ve successfully connected KeyCloak (ver.20) with MS Active Directory (User federation). We’ve also discovered methods to log in/create client sessions (obtaining id_token/access_token) and log out/clean client session using API.
However, we are unsure how to achieve the following:
“After logging into system 1
, how can a user automatically log in to system 2
in the same browser without re-entering the username/password?”
Without modifying system 2
, is it possible to query KeyCloak using a token to obtain the user credentials (username/password) for system 2
? (System 2
currently only accepts username/password login.)
Any advice would be greatly appreciated.