[keycloak-dev] [KEYCLOAK-996] - Allow application to select provider
Pedro Igor Silva
psilva at redhat.com
Fri Jan 23 14:23:19 EST 2015
Hi,
KEYCLOAK-996 is about allowing clients to select an existing identity provider when sending an authentication request to the server. Initially, this is all about passing the IdP id and automatically redirect the user to its login page. Without even show KC's login page.
IMO instead of using an "idp_hint", like proposed in that JIRA, we may start using the "acr_values" parameter as defined by OIDC specs. I think this parameter better fits the purpose and will allow us to support LoAs in the future as well.
The acr value in this case would be something like "idp-X", where X is the id of the identity provider.
What do you think ?
Regards.
Pedro Igor
More information about the keycloak-dev
mailing list