Is it using its own login page, or redirecting to Keycloak for login? If it’s not using the Keycloak login it’s using resource owner credential grants, which does not support SSO. If it is using the Keycloak login page take a look at what params it sends when redirecting to the Keycloak login. There are options to force re-authentication.