Categories
- All Categories
- Oracle Analytics Learning Hub
- 31 Oracle Analytics Sharing Center
- 22 Oracle Analytics Lounge
- 252 Oracle Analytics News
- 45 Oracle Analytics Videos
- 16.1K Oracle Analytics Forums
- 6.3K Oracle Analytics Idea Labs
- Oracle Analytics User Groups
- 93 Oracle Analytics Trainings
- 16 Oracle Analytics and AI Challenge
- Find Partners
- For Partners
Welcome to the Oracle Analytics Community: Please complete your User Profile and upload your Profile Picture
ER: Support Seamless SSO to OAC with Keycloak Direct Grant (No IDCS Login Prompt)
SridharL
Rank 3 - Community Apprentice
We have federated Keycloak with OCI IAM (IDCS) using OIDC. (Followed:https://blogs.oracle.com/coretec/ssofederation-with-keycloak-and-idcs-andor-oci-iam-domains)
Users authenticate into WebApplication using Keycloak Direct Grant (API-based token login).
Current Behavior:
When users click the OAC link from WebApplication, they are redirected to the IDCS login page and must log in again before accessing OAC.
Expected Behavior:
Users should land directly on the OAC homepage without seeing the IDCS login screen, using SSO from Keycloak.
Observation:
- Direct Grant authentication does not create a browser session / Keycloak cookie
- OCI IAM → OAC requires a browser-based session
- Hence, re-login is prompted (expected by current design)
Enhancement Request:
Requesting support/enhancement to:
- Enable seamless SSO to OAC when authentication is done via Keycloak Direct Grant
- Or provide an alternative supported approach to bridge token-based authentication with browser SSO
SR Number: 4-0001307225, 4-0001048078
Tagged:
1