My question is more theoretical at this point.
I have a use case where I would have to integrate my application (App 1) with Keycloak and Keycloak with an external identity provider. Keycloak is a mere broker in this case. There are other apps registered on that external IDP as well.
Scenario 1: User has neither logged into App 1 nor the IDP yet
When the user tries to access the App 1, its redirected eventually to the external IDP login form and post authentication, it would be redirected back to the app. This is a straightforward flow.
Scenario 2: User had already logged into the IDP
What happens when the user had already logged into the IDP, the session is active and now App 1 is accessed. Would it still show the login form or it would eventually redirect to the App 1 without prompting for the user name and the password?
Only if this is possible, true SSO is possible as not every app has to go through the same Keycloak (there could some apps directly integrated with the external IDP)
