Hi,
We are developing a POC for SSO as below.
We have a React Application build for SSO, and it will pass the login credentials (through API) to Keycloak and get the token as response. We will set this token in session cookie. A Client Application (build using Spring boot / Keycloak adaptor) is expected to login using SSO login. Client Application send the request to browser cookie.
Validation is un-successful because of incorrect value for “KEYCLOAK_IDENTITY”. Due to this, Client application will be redirected to its login page.
If we hardcode the value (captured from API calls made by Client Application) in Browser, it will work as expected.
Could you please let me know : where this ID is getting generated ?
Is it generated from SSO Application while login or is it some value we can get from Keycloak server ?
The way you’re authenticate your users and try to achieve SSO is not as it is meant to be in OIDC. Usage of “API” (I guess you are using the Resource-Owner-Password-Credential-Flow) can’t be used to achieve SSO with a valid session.
Usage of Authorization Code with PKCE is the recommended way to achieve what you want.
If necessary, please see specs and docs of OIDC.
For using Authorization Code with PKCE it will redirect to the keycloak login page right if the session is not available. We are trying to avoid using keycloak login page. We want to use our own custom login page and hit keycloak API to achieve our functionality. We dont want to use themes also that keycloak provides. Is it possible to use our application login page to enter credentials and hit keycloak API to get Authorization code?
OAuth2/OIDC is not about “doing anything via an API”, it’s about using well defined flows.
Let me quote myself from above:
If necessary, please see specs and docs of OIDC.