Re: [keycloak-dev] KEYCLOAK-4509: OIDC IDP initiated login

Hello, I would like to raise a thread on OIDC IDP initiated login (or OIDC third party initiated login). KC supports only SAML Clients for IDP Initiated login ( http://www.keycloak.org/docs/latest/server_admin/index. html#idp-initiated-login).When I have an OIDC app, I cannot use this feature.The need has been raised in KEYCLOAK-4509. I created an ugly PR to implement this feature, my use case is described in [1].In this implementation, I : - configured IDP initiated SAML between KC and external IDP- and hacked the code to test if the destination app was OIDC. If it was OIDC, then KC makes a plain redirect to the RP app (see also [1]).This allows SAML initiated IDP and conversion to OIDC app. We could implement that by relying on OIDC 3rd party initiated login.See [3] on how this *could* work.This would allow OIDC third party initiated IDP for OIDC app (but this isn't enough for having SAML initiated IDP for an OIDC app - perhaps there's a solution for handling both OIDC 3rd party ). wdyt ? Cheers,Adrian [1] https://github.com/keycloak/keycloak/pull/4965# issuecomment-373578277.[2] http://openid.net/specs/openid- connect-core-1_0.html#ThirdPartyInitiatedLogin[3] ht tps://github.com/keycloak/keycloak/pull/4965#issuecomment-373580906[4] https://issues.jboss.org/browse/KEYCLOAK-4509 | | Garanti sans virus. www.avg.com | _______________________________________________ keycloak-dev mailing list keycloak-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-dev