keycloak-home-idp-discovery
keycloak-home-idp-discovery copied to clipboard
[BUG] On re-authentiction the currently logged in user is ignored
Is there an existing issue for this?
- [X] I have searched the existing issues
Current Behavior
Alt1.
- Login to keycloak wth any application
- Wait until a re-authentication is required (not sure about exact time but about 5 minutes)
- Trigger a login from a app with a action included ex.
kc_action=UPDATE_PROFILE
- Form is shown with attempted user being the user I'm logged in as and email field is empty
- User has to enter the username or select the IDP
- Eventually user gets to the update profile form
Alt2.
- Login to keycloak wth any application
- Wait until a re-authentication is required (not sure about exact time but about 5 minutes)
- Trigger a login from a app with a action included ex.
kc_action=UPDATE_PROFILE
and includelogin_hint=myemail
- Get redirected to 3rd party IDP and then redirected back to Keycloak
- Update profile form is shown
Expected Behavior
Behavior of Alt1 should be that the user that of Alt2 after step 3 i.e:
- Login to keycloak wth any application
- Wait until a re-authentication is required (not sure about exact time but about 5 minutes)
- Trigger a login from a app with a action included ex.
kc_action=UPDATE_PROFILE
- Get redirected to 3rd party IDP and then redirected back to Keycloak
- Update profile form is shown
If I don't have a IDP connected to the user and it only has a password it also works as expected, see the following image
Steps To Reproduce
Configure the browser flow to contain the following steps:
- Cookie - Alternative
- Home IdP Discovery - Alternative
- User attribute: email
- Forward users with unverified email: true
- Bypass login page: true
- Forward to linked IdP: true
- Forward to first matched IdP: false
- Password Form (used during re-authentiction) - Alternative
- Username Password Form (used during login) - Alternative
Alt1.
- With a user connected to any 3rd party IdP
- Login to keycloak wth any application
- Wait until a re-authentication is required (not sure about exact time but about 5 minutes)
- Trigger a login from a app with a action included ex.
kc_action=UPDATE_PROFILE
- Form is shown with attempted user being the user I'm logged in as and email field is empty
- User has to enter the username or select the IDP
- Eventually user gets to the update profile form
Alt2.
- With a user connected to any 3rd party IdP
- Login to keycloak wth any application
- Wait until a re-authentication is required (not sure about exact time but about 5 minutes)
- Trigger a login from a app with a action included ex.
kc_action=UPDATE_PROFILE
and includelogin_hint=myemail
- Get redirected to 3rd party IDP and then redirected back to Keycloak
- Update profile form is shown
Version
- Keycloak: 23.0.4
- This extension: 23.0.0
Anything else?
No response