Redirect to application instead of showing already logged in


I would like to ask if the following problem can be solved.

I have two application (Jira, Confluence) connected to keycloak. When my session expires, it logs me out of the apps. When I reload both application in two tabs it asks for login in both. Now I log in to one application. If I want to reload tab of the second app, keycloak says you are already logged in.

Is there a way to automatically redirect to a second app instead of a message that you are already logged in?


1 Like

This is a default behavior and intended. While you are reloading in both tabs the content and thus starting an authentication session, authentication is successfully done in first tab. But there‘s still an ongoing auth session in tab 2 (at least from a KC perspective). So, as Keycloak can‘t know what to do, it just displays a message with the current state, saying the user is already authenticated.
Believe me, just because you think it‘s obvious to redirect the user back to the app, it is not for other customers. Every customer has different expectations on what to do when something special happens. As Keycloak can‘t provide everything what might be possible, displaying current state is a good compromise.
If you want a special behavior, you are free to implement a custom Authencticator and use it in your deployment/flows.

Thank you very much for reply.

I also agree, this behavior is weird in my POV

When i log in one tab, then on the second tab with same credential and it say i’m already connected. What other behavior than accessing the website other users would want ? (honest question, not sarcarsm)

Can’t you integrate this parameter to be switch on or off in the config ? Then user could choose the best for them ? @dasniko

Thanks a lot

1 Like

any more hints on how to achieve this? Any pointer appreciated.

There are multiple threads regarding this on github, and no resolution.

From my perspective, the You are already loggedin is proper way how to handle this, but Keycloak needs to provide the means to do otherwise, either through admin console and configurable options e.g.
Automatic login or Force log out when this ocurrs, or at least provide proper way how to implement this as a custom SPI.

The documentation lacks any information regarding this, and to implement this you have to dig deep into Keycloak’s source to understand what can be done.

@dasniko can you please provide a guide or any info on how this can be achieved and with what Authenticator?