[keycloak-dev] Passing login_hint up to IdP when using kc_idp_hint

Peter Chamberlin peter.chamberlin at digital.cabinet-office.gov.uk
Wed Dec 7 13:06:08 EST 2016

Hi Keycloak team,

I'm working on a system which uses Keycloak as a broker to both OIDC and
SAML2.0 IdPs. We are using `kc_idp_hint` for every request and Keycloak is
never exposed to the user. The system uses OIDC to connect to Keycloak.

We would like to pass a `login_hint` or `subject` upstream to  IdPs
(depending if it's OIDC or SAML) as we expect to know the user's IdP user
name, but this does not work out of the box. I can't see anything in the
documentation that would enable it.

Is it possible? If so how?

Many thanks for any help or pointers you can give.

Peter Chamberlin

More information about the keycloak-dev mailing list