[keycloak-user] IdP Initiated SSO

Hello, Thanks for the great product. We have set up several instances of keycloak as the SP utilizing SP-Initiated SSO to external IdPs. Everything in that process is going smoothly. We have an external IdP that wants us to use IdP-initiated SSO to connect to their IdP. The current client protocol is openid-connect. We are using keycloak 5.0. 1. Is it possible for a keycloak service provider client using the openid-connect protocol to perform IdP-initiated SSO. I believe we have to set the client up using the saml protocol. Is this correct? 1a. If it is not possible, are there any workarounds that I can use? My app is using an openid-connect public client. How can I use IdP-initiated SSO in this scenario 2. We need to provide the IdP the public key used to sign the assertions. Are the keys used to sign the assertions located in the keycloak admin console > realm settings > keys > Providers tab? Thanks, Christopher Stephens Software Engineer | EdLogics chris.stephens(a)edlogics.com