I am using Keycloak (KC) as my identity broker with OIDC.
1) Browse client application and press login button
2) Behind the scenes login button will call KC auth end point which will display IDP login page
3) User1 bookmarks the login page and enters credentials and start using the client website
4) User1 closes browser without signing out
5) User2 comes immediately and clicks on bookmarked page which displays IDP login page
6) User2 enters credentials and gets following error:
[Error Message][1] [1]: https://i.stack.imgur.com/vn83h.png
7)Once user press on "back to application", user1 screen get displayed (which exposes user1 information to user2)
How can I expire user1's session if it is active when user2 tries to login using IDP login page directly without any problem.