[keycloak-dev] OIDC Identity Brokering with Client parameter forward
乗松隆志 / NORIMATSU,TAKASHI
takashi.norimatsu.ws at hitachi.com
Thu Apr 19 21:10:44 EDT 2018
Hello.
When using OIDC Identity Brokering, I've found that the keycloak's built-in OIDC Identity Brokering provider does not have the feature of forwarding some parameters originated from a client application to an external IdP.
Such the feature might be beneficial when you host its own IdP and want to configure its UX based on forwarded client parameters and so on.
Previously, I had realized this feature by implementing custom Authentication provider and User Storage provider.
However, it had been too much complicated and I had the advice to use Identity Brokering.
https://github.com/keycloak/keycloak/pull/4260
Therefore, I've implemented this feature(Forwarding parameters) based on this OIDC Identity Brokering built-in provider.
https://github.com/keycloak/keycloak/pull/5163
Forwarded parameters are prefixed with "fwd_".
It needs some documentation so that I'd like to do that if this proposal is accepted.
Also, I've created corresponding JIRA ticket.
https://issues.jboss.org/browse/KEYCLOAK-7201
Hope this PR is reviewed and merged.
Best Regards
Takashi Norimatsu
Hitachi, Ltd.
More information about the keycloak-dev
mailing list