[keycloak-user] Login via SAML RESPONSE from an IdP

Hello everybody, I am trying to figure out if Keycloak is capable to fulfil the following requirement. I read through the documentation but was not able to figure it out. Scenario: A user is on a website where he has the possibility to jump to web applications of different partners via SSO. The website provider only supports IdP Initiated SSO and the button links provided are SAML Assertion Consumer URLs. The flow describes what should be happening for my understanding: Flow: 1. User login on website. 2. User clicks on button. 3. Website creates an encrypted SAML RESPONSE using its STS, redirects user to Keycloak's SAML Assertion Consumer URL and POSTs the SAML RESPONSE there. 4. Keycloak decrypts/validates SAML RESPONSE and authenticates the user. 5. Keycloak redirects user to the application. 6. User uses application. Is this possible? How has it to be configured? Do you need any more information to help me? Thank you in advance! Best regards Karsten Honsack **************************************