Ok thanks! I know about idp initiated sso for SAML, didn't realise that there
wasn't an equivalent for OIDC.
-----Original Message-----
From: Hynek Mlnarik [mailto:hmlnarik@redhat.com]
Sent: Tuesday, 22 August 2017 4:48 PM
To: Matt Evans <mevans(a)aconex.com>
Cc: keycloak-user(a)lists.jboss.org
Subject: Re: [keycloak-user] Bookmarking keycloak login pages
You seem to want what is called IdP-initiated workflow that works for SAML apps [1] but
not for OIDC. See this thread [2] for furtner info.
[1]
https://keycloak.gitbooks.io/documentation/server_admin/topics/clients/sa...
[2]
http://lists.jboss.org/pipermail/keycloak-user/2017-February/009642.html
On Tue, Aug 22, 2017 at 4:47 AM, Matt Evans <mevans(a)aconex.com> wrote:
We have people that have bookmarked the login page of keycloak so
that they can return there and authenticate, rather than go to the client app page and be
redirected.
This doesn't work because the bookmark they have contains time sensitive information,
e.g. the nonce and state etc. So they can authenticate correctly, but when redirected to
the application it fails.
Is there anything that can be done for this situation? I thought perhaps including the
information as post body parameters and doing a post rather than redirecting with query
string parameters, but this doesn't work, POST is not an accepted http method. Also I
assume that returning there from a bookmark won't work either because that post body
information will be missing...
Matt
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
--Hynek