[keycloak-dev] KEYCLOAK-4509: OIDC IDP initiated login

Stian Thorgersen sthorger at redhat.com
Fri Mar 16 08:50:37 EDT 2018


[Adding some info from the PR]

OIDC IdP initiated login is something I assume there are specifications for
already. So rather than doing a home-grown solution we should use that.

There's some mention in OIDC specs about third-party initiated logins (
https://openid.net/specs/openid-connect-core-1_0.html#ThirdPartyInitiatedLogin).
I've not looked at it much, but it seems to cover this use-case.

On 16 March 2018 at 09:24, Adrian Gonzalez <adr_gonzalez at yahoo.fr> wrote:

> Hello,
> I would like to raise a thread on OIDC IDP initiated login (or OIDC third
> party initiated login).
> KC supports only SAML Clients for IDP Initiated login (
> http://www.keycloak.org/docs/latest/server_admin/index.
> html#idp-initiated-login).When I have an OIDC app, I cannot use this
> feature.The need has been raised in KEYCLOAK-4509.
>
> I created an ugly PR to implement this feature, my use case is described
> in [1].In this implementation, I :
> - configured IDP initiated SAML between KC and external IDP- and hacked
> the code to test if the destination app was OIDC. If it was OIDC, then KC
> makes a plain redirect to the RP app (see also [1]).This allows SAML
> initiated IDP and conversion to OIDC app.
> We could implement that by relying on OIDC 3rd party initiated login.See
> [3] on how this *could* work.This would allow OIDC third party initiated
> IDP for OIDC app (but this isn't enough for having SAML initiated IDP for
> an OIDC app - perhaps there's a solution for handling both OIDC 3rd party ).
> wdyt ?
> Cheers,Adrian
>
>
> [1] https://github.com/keycloak/keycloak/pull/4965#
> issuecomment-373578277.[2] http://openid.net/specs/openid-
> connect-core-1_0.html#ThirdPartyInitiatedLogin[3] ht
> tps://github.com/keycloak/keycloak/pull/4965#issuecomment-373580906[4]
> https://issues.jboss.org/browse/KEYCLOAK-4509
>
>
>
>
>
>
> |  | Garanti sans virus. www.avg.com  |
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev


More information about the keycloak-dev mailing list