checkSSO uses the query param 'prompt=none' when forwarding the request to KeyCloak. This may allow authenticating the user without interaction as long as the user is already authenticated with KeyCloak.
This issue has been addressed in the following products: Red Hat Single Sign-On Via RHSA-2023:1049 https://access.redhat.com/errata/RHSA-2023:1049