[keycloak-user] kc_idp_hint parameter is being ignored

Fri Dec 1 09:01:52 EST 2017

I should mention that we are using this via TypeScript. Could that be the
reason we're seeing the error that we are?

On Fri, Dec 1, 2017 at 1:03 AM, Stian Thorgersen <sthorger at redhat.com>
wrote:

> I've tried the following which works just fine here:
>
> keycloak.login({idpHint:'google'})
> keycloak.createLoginUrl({idpHint:'google'})
>
> On 30 November 2017 at 21:05, Jeremy Michael <jeremy.michael7373 at gmail.com
> > wrote:
>
>> We're using the keycloak.js adapter. I've tried a couple of things, but
>> am still not able to get it to work. Within our adapter, we're
>> instantiating keycloak with the following (more or less):
>>
>> keycloak = new Keycloak({
>>       url: "mykeycloak.com/auth/",
>>       realm: "myrealm",
>>       clientId: "myclient",
>>       checkLoginIframe: false
>>     });
>>
>> I tried to add the following immediately after the code block below:
>>
>> keycloak.createLoginUrl({
>> idpHint: 'myIdP'
>> });
>>
>> But that generated an error: Argument of type '{ idpHint: string; }' is
>> not assignable to parameter of type 'LoginOptions'. Object literal may only
>> specify known properties, and 'idpHint' does not exist in type
>> 'LoginOptions'.
>>
>> So, I tried adding the idpHint param on the initial block:
>> keycloak = new Keycloak({
>>       url: "mykeycloak.com/auth/",
>>       realm: "myrealm",
>>       clientId: "myclient",
>>       checkLoginIframe: false,
>>       idpHint: 'myIdP'
>>     });
>>
>> That didn't cause any errors, but it didn't seem to have any effect (I
>> still landed on the login page).
>>
>> Any ideas?
>>
>> On Wed, Nov 29, 2017 at 3:32 PM, Stian Thorgersen <sthorger at redhat.com>
>> wrote:
>>
>>> The kc_idp_hint param isn't set on your app, but rather it's a query
>>> param that needs to be included when the app is doing the login. What
>>> adapter are you using?
>>>
>>> On 29 November 2017 at 18:46, Jeremy Michael <
>>> jeremy.michael7373 at gmail.com> wrote:
>>>
>>>> Hello all,
>>>>
>>>> I’m trying to do something that looks like it should be very easy, but
>>>> is
>>>> not working for me. Hopefully someone can help me figure out what I’m
>>>> doing
>>>> wrong.
>>>>
>>>> We have an application secured by Keycloak and have two Identity
>>>> Providers
>>>> set up. Clicking the buttons on the standard Keycloak login screen works
>>>> fine for both Identity Providers. We can also set up either provider as
>>>> a
>>>> default (in the browser Authentication flow) to bypass the login screen,
>>>> and that works fine. However, in some cases, we want to bypass the login
>>>> screen and use Identity Provider 1, and in others we want to bypass the
>>>> login screen and use Identity Provider 2.
>>>>
>>>> It looks like we should be able to achieve what we want by using the
>>>> kc_idp_hint parameter. But, when I try to test it out, the
>>>> kc_idp_hint seems to be ignored.
>>>>
>>>> I tried the following, where the URL is the address of my app secured by
>>>> Keycloak, and idp1alias is the alias of the Identity Provider I want to
>>>> use:
>>>> https://www.myapp.com?kc_idp_hint=idp1alias
>>>> <https://www.myapp.com/?kc_idp_hint=idp1alias>
>>>>
>>>> However, instead of bypassing the login screen and automatically
>>>> beginning
>>>> the authentication process with Identity Provider 1, I am landing on the
>>>> standard Keycloak login screen.
>>>>
>>>> As another test, I tried just going to the built in,
>>>> “/auth/realms/<realm>/account” with the "kc_idp_hint" parameter added
>>>> and I
>>>> got the same behavior (i.e., I saw the Keycloak login screen):
>>>> https://mykeycloakurl.com/auth/realms/myrealm/account?kc_idp
>>>> _hint=idp1alias.
>>>>
>>>> I’m clearly missing something, or misunderstanding how this should work.
>>>> Can someone help get me pointed in the right direction?
>>>>
>>>> Thanks!
>>>> Jeremy
>>>> _______________________________________________
>>>> keycloak-user mailing list
>>>> keycloak-user at lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>>
>>>
>>
>