ER: Support Seamless SSO to OAC with Keycloak Direct Grant (No IDCS Login Prompt)

SridharL

We have federated Keycloak with OCI IAM (IDCS) using OIDC. (Followed:https://blogs.oracle.com/coretec/ssofederation-with-keycloak-and-idcs-andor-oci-iam-domains)
Users authenticate into WebApplication using Keycloak Direct Grant (API-based token login).

Current Behavior:
When users click the OAC link from WebApplication, they are redirected to the IDCS login page and must log in again before accessing OAC.

Expected Behavior:
Users should land directly on the OAC homepage without seeing the IDCS login screen, using SSO from Keycloak.

Observation:

• Direct Grant authentication does not create a browser session / Keycloak cookie
• OCI IAM → OAC requires a browser-based session
• Hence, re-login is prompted (expected by current design)

Enhancement Request:
Requesting support/enhancement to:

• Enable seamless SSO to OAC when authentication is done via Keycloak Direct Grant
• Or provide an alternative supported approach to bridge token-based authentication with browser SSO

Gianni Ceresa

Hi,

Ideas for features, enhancement request, should be posted in the Idea Lab: https://community.oracle.com/products/oracleanalytics/categories/idealab-oracle-analytics-cloud-server

That's where product management will be able to see your feature request and based on a number of factors (including up-voting by other users showing the interest in the feature) evaluate if, how, when to consider it for the product.