[keycloak-dev] KEYCLOAK-4509: OIDC IDP initiated login

Adrian Gonzalez adr_gonzalez at yahoo.fr
Fri Mar 16 04:24:11 EDT 2018


Hello,
I would like to raise a thread on OIDC IDP initiated login (or OIDC third party initiated login).
KC supports only SAML Clients for IDP Initiated login (http://www.keycloak.org/docs/latest/server_admin/index.html#idp-initiated-login).When I have an OIDC app, I cannot use this feature.The need has been raised in KEYCLOAK-4509.

I created an ugly PR to implement this feature, my use case is described in [1].In this implementation, I :
- configured IDP initiated SAML between KC and external IDP- and hacked the code to test if the destination app was OIDC. If it was OIDC, then KC makes a plain redirect to the RP app (see also [1]).This allows SAML initiated IDP and conversion to OIDC app.
We could implement that by relying on OIDC 3rd party initiated login.See  [3] on how this *could* work.This would allow OIDC third party initiated IDP for OIDC app (but this isn't enough for having SAML initiated IDP for an OIDC app - perhaps there's a solution for handling both OIDC 3rd party ).
wdyt ?
Cheers,Adrian


[1] https://github.com/keycloak/keycloak/pull/4965#issuecomment-373578277.[2] http://openid.net/specs/openid-connect-core-1_0.html#ThirdPartyInitiatedLogin[3] https://github.com/keycloak/keycloak/pull/4965#issuecomment-373580906[4] https://issues.jboss.org/browse/KEYCLOAK-4509


 


 
|  | Garanti sans virus. www.avg.com  |



More information about the keycloak-dev mailing list