Hello Bhavana,
There is no direct equivalent for "IdP initiated SSO" in the OpenID Connect
world. This will work seamlessly only if both 3rd party IdP *and* the client are SAML (see
the attached diagram).
However, there is a workaround that could solve the problem to some extent. You can create
a special link that would point inside Keycloak, and upon being opened it will initiate
login against 3rd party IdP, bypassing Keycloak login screen. Do you think this will suit
your needs?
Regards,
Dmitry Telegin
CTO, Acutus s.r.o.
Keycloak Consulting and Training
Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
+42 (022) 888-30-71
E-mail: info(a)acutus.pro
On Fri, 2018-12-14 at 17:31 +0530, Bhavana Motwani wrote:
Hi all,
We are using Keycloak as a SP.
So far we have done the following:
- Configured an external IDP (eg. auth0) to broker the authentication in
a realm.
- Created an open-id connect client in the same realm
- Using the keycloak-connect node lib in our web application to connect
to client.
- We are successfully able to do a SP initiated SSO authentication.
Facing issues with IDP initiated SSO
- Do we have to create a client in our Keycloak? if yes what will be the
changes.
- What will be the possible changes on the IDP side that we have
brokered. We are trying with Auth0.
- this is the link we are using :
https://www.keycloak.org/docs/4.5/server_admin/index.html#idp-initiated-login
,
but documentation is not very clear.
Thank you for the help
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user