[keycloak-dev] Passing login_hint up to IdP when using kc_idp_hint
Marek Posolda
mposolda at redhat.com
Thu Dec 8 07:21:19 EST 2016
It doesn't seem it is possible ATM. The possibility is, that you create
your own implementation of identityProvider and you override method :
createAuthorizationUrl(AuthenticationRequest request)
The parameters of the original request, which was sent from your application to Keycloak, are available from the clientSession notes (which itself is available on the AuthenticationRequest).
Marek
On 07/12/16 19:06, Peter Chamberlin wrote:
> Hi Keycloak team,
>
> I'm working on a system which uses Keycloak as a broker to both OIDC and
> SAML2.0 IdPs. We are using `kc_idp_hint` for every request and Keycloak is
> never exposed to the user. The system uses OIDC to connect to Keycloak.
>
> We would like to pass a `login_hint` or `subject` upstream to IdPs
> (depending if it's OIDC or SAML) as we expect to know the user's IdP user
> name, but this does not work out of the box. I can't see anything in the
> documentation that would enable it.
>
> Is it possible? If so how?
>
> Many thanks for any help or pointers you can give.
>
> Peter Chamberlin
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
More information about the keycloak-dev
mailing list