Hi. Running the saml-broker-authentication example <https://github.com/keycloak/keycloak/tree/3.2.1.Final/examples/broker/sam...;, a client was configured on the SP realm (saml-broker-authentication-realm). See screencap below. In the example, the authentication is done using javascript keycloak library (using openid). *Is there a way to initiate a login (sso) to an IDP through Keycloak as SP without the need to authenticate the client?* In pingfederate there is an option to call the SP without authentication. Example: https://<ping-sp-url:port>/sp/startSSO.ping?PartnerIdpId=<idp-id>&TargetResource=<redirect URL> [image: enter image description here] <https://i.stack.imgur.com/M3MFQ.png> * Also posted the question in SO: https://stackoverflow.com/ questions/46420512/how-to-connect-to-keycloak-as-sp- without-defining-a-client Thanks.