[keycloak-user] kc_idp_hint parameter is being ignored

Stian Thorgersen sthorger at redhat.com
Fri Dec 1 01:03:49 EST 2017 

I've tried the following which works just fine here:

keycloak.login({idpHint:'google'})
keycloak.createLoginUrl({idpHint:'google'})

On 30 November 2017 at 21:05, Jeremy Michael <jeremy.michael7373 at gmail.com>
wrote:

> We're using the keycloak.js adapter. I've tried a couple of things, but am
> still not able to get it to work. Within our adapter, we're instantiating
> keycloak with the following (more or less):
>
> keycloak = new Keycloak({
>       url: "mykeycloak.com/auth/",
>       realm: "myrealm",
>       clientId: "myclient",
>       checkLoginIframe: false
>     });
>
> I tried to add the following immediately after the code block below:
>
> keycloak.createLoginUrl({
> idpHint: 'myIdP'
> });
>
> But that generated an error: Argument of type '{ idpHint: string; }' is
> not assignable to parameter of type 'LoginOptions'. Object literal may only
> specify known properties, and 'idpHint' does not exist in type
> 'LoginOptions'.
>
> So, I tried adding the idpHint param on the initial block:
> keycloak = new Keycloak({
>       url: "mykeycloak.com/auth/",
>       realm: "myrealm",
>       clientId: "myclient",
>       checkLoginIframe: false,
>       idpHint: 'myIdP'
>     });
>
> That didn't cause any errors, but it didn't seem to have any effect (I
> still landed on the login page).
>
> Any ideas?
>
> On Wed, Nov 29, 2017 at 3:32 PM, Stian Thorgersen <sthorger at redhat.com>
> wrote:
>
>> The kc_idp_hint param isn't set on your app, but rather it's a query
>> param that needs to be included when the app is doing the login. What
>> adapter are you using?
>>
>> On 29 November 2017 at 18:46, Jeremy Michael <
>> jeremy.michael7373 at gmail.com> wrote:
>>
>>> Hello all,
>>>
>>> I’m trying to do something that looks like it should be very easy, but is
>>> not working for me. Hopefully someone can help me figure out what I’m
>>> doing
>>> wrong.
>>>
>>> We have an application secured by Keycloak and have two Identity
>>> Providers
>>> set up. Clicking the buttons on the standard Keycloak login screen works
>>> fine for both Identity Providers. We can also set up either provider as a
>>> default (in the browser Authentication flow) to bypass the login screen,
>>> and that works fine. However, in some cases, we want to bypass the login
>>> screen and use Identity Provider 1, and in others we want to bypass the
>>> login screen and use Identity Provider 2.
>>>
>>> It looks like we should be able to achieve what we want by using the
>>> kc_idp_hint parameter. But, when I try to test it out, the
>>> kc_idp_hint seems to be ignored.
>>>
>>> I tried the following, where the URL is the address of my app secured by
>>> Keycloak, and idp1alias is the alias of the Identity Provider I want to
>>> use:
>>> https://www.myapp.com?kc_idp_hint=idp1alias
>>> <https://www.myapp.com/?kc_idp_hint=idp1alias>
>>>
>>> However, instead of bypassing the login screen and automatically
>>> beginning
>>> the authentication process with Identity Provider 1, I am landing on the
>>> standard Keycloak login screen.
>>>
>>> As another test, I tried just going to the built in,
>>> “/auth/realms/<realm>/account” with the "kc_idp_hint" parameter added
>>> and I
>>> got the same behavior (i.e., I saw the Keycloak login screen):
>>> https://mykeycloakurl.com/auth/realms/myrealm/account?kc_idp
>>> _hint=idp1alias.
>>>
>>> I’m clearly missing something, or misunderstanding how this should work.
>>> Can someone help get me pointed in the right direction?
>>>
>>> Thanks!
>>> Jeremy
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>>
>>
>

More information about the keycloak-user mailing list