Hi,
We have integrated our app so that app acts as oauth client to Keycloak and
keycloak is acting as Identity broker for incoming SSO flows (SAML).
APP (oauth client) <- > Keycloak <-> SAML Identity Providers.
Here we generate the SSO url in app so that we select the SAML identity
providers using kc_idp_hint that points the SAML IDP configured in Keycloak
(this is SAML SP SSO flow) and it is working perfectly well.
However I have questions how can I get this SSO integration working for
SAML IDP initiated flow, I tried doing IDP initiated flow with this and I
see Keycloak generating exceptions / errors.
I know oauth / oidc are always initiated at RP (relying party) here APP,
however if Keycloak can create user session and create Identity of user
(for IDP initiated flow) and send browser to a specific url (specified on
IDP through RelayState) than APP can initiate the SSO flow and as user will
have the session on Keycloak, keycloak can redirect user to redirect_uri on
app to have the session . Any thoughts how to get it working. ?.
Thanks,
Vijay