We have federated Keycloak with OCI IAM (IDCS) using OIDC. (Followed:https://blogs.oracle.com/coretec/ssofederation-with-keycloak-and-idcs-andor-oci-iam-domains)
Users authenticate into WebApplication using Keycloak Direct Grant (API-based token login).
Current Behavior:
When users click the OAC link from WebApplication, they are redirected to the IDCS login page and must log in again before accessing OAC.
Expected Behavior:
Users should land directly on the OAC homepage without seeing the IDCS login screen, using SSO from Keycloak.
Observation:
- Direct Grant authentication does not create a browser session / Keycloak cookie
- OCI IAM → OAC requires a browser-based session
- Hence, re-login is prompted (expected by current design)
Enhancement Request:
Requesting support/enhancement to:
- Enable seamless SSO to OAC when authentication is done via Keycloak Direct Grant
- Or provide an alternative supported approach to bridge token-based authentication with browser SSO
SR Number: 4-0001307225, 4-0001048078
