Avoid Keycloak Default Login Page and Use Project Login Page

How can I get rid of keycloak's default login page and use my own login page

when you set Access Type of your client to "public", then keycloak will always redirect a user to its login page. You can set Access Type to "bearer-only" - in this case keycloak would NOT redirect, but you need to be authenticated to access secured ressources.

If you configure keycloak like this, then, when accessing secured pages, you will need to implement some process, which checks, if user is already authenticated, and if not, redirect it to your login page.

Keycloak login by skipping the login page

TLDR; No, it's not possible.

You can login to Keycloak and get an access token for a user via API, but it can only be used to call APIs on Application2 on behalf of the user. So it would be useful if you're not going to show Application2 UI and the user will see the result of the Application2 API calls in Application1.

The reason is Keycloak, like other SSO solution, uses cookies to track the SSO session. So if your user logins to Application2, he/she will have Keycloak SSO cookie on its browser. So when user accesses Application1 for the first time (and if Application1 is integrated with Keycloak) as it doesn't have a session, he/she gets redirected to Keycloak login page, Keycloak will notice that the SSO cookie is there and is valid so considers user as a logged in user and will not render any login UI and just redirects it back to Application1.

You can't access that Keycloak cookie via API and even if you could, you will not be able to set it on user's browser for Keycloak domain.

Related Topics