[keycloak-user] Issues faced in IdP initiated flow
Dmitry Telegin
dt at acutus.pro
Sun Dec 16 22:42:09 EST 2018
Hello Bhavana,
There is no direct equivalent for "IdP initiated SSO" in the OpenID Connect world. This will work seamlessly only if both 3rd party IdP *and* the client are SAML (see the attached diagram).
However, there is a workaround that could solve the problem to some extent. You can create a special link that would point inside Keycloak, and upon being opened it will initiate login against 3rd party IdP, bypassing Keycloak login screen. Do you think this will suit your needs?
Regards,
Dmitry Telegin
CTO, Acutus s.r.o.
Keycloak Consulting and Training
Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
+42 (022) 888-30-71
E-mail: info at acutus.pro
On Fri, 2018-12-14 at 17:31 +0530, Bhavana Motwani wrote:
> Hi all,
>
> We are using Keycloak as a SP.
> So far we have done the following:
>
> - Configured an external IDP (eg. auth0) to broker the authentication in
> a realm.
> - Created an open-id connect client in the same realm
> - Using the keycloak-connect node lib in our web application to connect
> to client.
> - We are successfully able to do a SP initiated SSO authentication.
>
>
> Facing issues with IDP initiated SSO
>
> - Do we have to create a client in our Keycloak? if yes what will be the
> changes.
> - What will be the possible changes on the IDP side that we have
> brokered. We are trying with Auth0.
> - this is the link we are using :
> https://www.keycloak.org/docs/4.5/server_admin/index.html#idp-initiated-login
> ,
> but documentation is not very clear.
>
> Thank you for the help
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
-------------- next part --------------
A non-text attachment was scrubbed...
Name: sso_.png
Type: image/png
Size: 43721 bytes
Desc: not available
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20181217/0c980198/attachment-0001.png
More information about the keycloak-user
mailing list