[keycloak-user] Bookmarking keycloak login pages

Matt Evans mevans at aconex.com
Tue Aug 22 21:15:53 EDT 2017


Ok thanks! I know about idp initiated sso for SAML, didn't realise that there wasn't an equivalent for OIDC.


-----Original Message-----
From: Hynek Mlnarik [mailto:hmlnarik at redhat.com] 
Sent: Tuesday, 22 August 2017 4:48 PM
To: Matt Evans <mevans at aconex.com>
Cc: keycloak-user at lists.jboss.org
Subject: Re: [keycloak-user] Bookmarking keycloak login pages

You seem to want what is called IdP-initiated workflow that works for SAML apps [1] but not for OIDC. See this thread [2] for furtner info.

[1] https://keycloak.gitbooks.io/documentation/server_admin/topics/clients/saml/idp-initiated-login.html
[2] http://lists.jboss.org/pipermail/keycloak-user/2017-February/009642.html

On Tue, Aug 22, 2017 at 4:47 AM, Matt Evans <mevans at aconex.com> wrote:
> We have people that have bookmarked the login page of keycloak so that they can return there and authenticate, rather than go to the client app page and be redirected.
>
> This doesn't work because the bookmark they have contains time sensitive information, e.g. the nonce and state etc. So they can authenticate correctly, but when redirected to the application it fails.
>
> Is there anything that can be done for this situation? I thought perhaps including the information as post body parameters and doing a post rather than redirecting with query string parameters, but this doesn't work, POST is not an accepted http method. Also I assume that returning there from a bookmark won't work either because that post body information will be missing...
>
> Matt
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user



-- 

--Hynek



More information about the keycloak-user mailing list