[keycloak-user] kc_idp_hint parameter is being ignored

Stian Thorgersen sthorger at redhat.com
Mon Dec 4 02:58:17 EST 2017 

Got no clue sorry.

Stan - do you know?

On 1 December 2017 at 15:01, Jeremy Michael <jeremy.michael7373 at gmail.com>
wrote:

> I should mention that we are using this via TypeScript. Could that be the
> reason we're seeing the error that we are?
>
> On Fri, Dec 1, 2017 at 1:03 AM, Stian Thorgersen <sthorger at redhat.com>
> wrote:
>
>> I've tried the following which works just fine here:
>>
>> keycloak.login({idpHint:'google'})
>> keycloak.createLoginUrl({idpHint:'google'})
>>
>> On 30 November 2017 at 21:05, Jeremy Michael <
>> jeremy.michael7373 at gmail.com> wrote:
>>
>>> We're using the keycloak.js adapter. I've tried a couple of things, but
>>> am still not able to get it to work. Within our adapter, we're
>>> instantiating keycloak with the following (more or less):
>>>
>>> keycloak = new Keycloak({
>>>       url: "mykeycloak.com/auth/",
>>>       realm: "myrealm",
>>>       clientId: "myclient",
>>>       checkLoginIframe: false
>>>     });
>>>
>>> I tried to add the following immediately after the code block below:
>>>
>>> keycloak.createLoginUrl({
>>> idpHint: 'myIdP'
>>> });
>>>
>>> But that generated an error: Argument of type '{ idpHint: string; }' is
>>> not assignable to parameter of type 'LoginOptions'. Object literal may only
>>> specify known properties, and 'idpHint' does not exist in type
>>> 'LoginOptions'.
>>>
>>> So, I tried adding the idpHint param on the initial block:
>>> keycloak = new Keycloak({
>>>       url: "mykeycloak.com/auth/",
>>>       realm: "myrealm",
>>>       clientId: "myclient",
>>>       checkLoginIframe: false,
>>>       idpHint: 'myIdP'
>>>     });
>>>
>>> That didn't cause any errors, but it didn't seem to have any effect (I
>>> still landed on the login page).
>>>
>>> Any ideas?
>>>
>>> On Wed, Nov 29, 2017 at 3:32 PM, Stian Thorgersen <sthorger at redhat.com>
>>> wrote:
>>>
>>>> The kc_idp_hint param isn't set on your app, but rather it's a query
>>>> param that needs to be included when the app is doing the login. What
>>>> adapter are you using?
>>>>
>>>> On 29 November 2017 at 18:46, Jeremy Michael <
>>>> jeremy.michael7373 at gmail.com> wrote:
>>>>
>>>>> Hello all,
>>>>>
>>>>> I’m trying to do something that looks like it should be very easy, but
>>>>> is
>>>>> not working for me. Hopefully someone can help me figure out what I’m
>>>>> doing
>>>>> wrong.
>>>>>
>>>>> We have an application secured by Keycloak and have two Identity
>>>>> Providers
>>>>> set up. Clicking the buttons on the standard Keycloak login screen
>>>>> works
>>>>> fine for both Identity Providers. We can also set up either provider
>>>>> as a
>>>>> default (in the browser Authentication flow) to bypass the login
>>>>> screen,
>>>>> and that works fine. However, in some cases, we want to bypass the
>>>>> login
>>>>> screen and use Identity Provider 1, and in others we want to bypass the
>>>>> login screen and use Identity Provider 2.
>>>>>
>>>>> It looks like we should be able to achieve what we want by using the
>>>>> kc_idp_hint parameter. But, when I try to test it out, the
>>>>> kc_idp_hint seems to be ignored.
>>>>>
>>>>> I tried the following, where the URL is the address of my app secured
>>>>> by
>>>>> Keycloak, and idp1alias is the alias of the Identity Provider I want
>>>>> to use:
>>>>> https://www.myapp.com?kc_idp_hint=idp1alias
>>>>> <https://www.myapp.com/?kc_idp_hint=idp1alias>
>>>>>
>>>>> However, instead of bypassing the login screen and automatically
>>>>> beginning
>>>>> the authentication process with Identity Provider 1, I am landing on
>>>>> the
>>>>> standard Keycloak login screen.
>>>>>
>>>>> As another test, I tried just going to the built in,
>>>>> “/auth/realms/<realm>/account” with the "kc_idp_hint" parameter added
>>>>> and I
>>>>> got the same behavior (i.e., I saw the Keycloak login screen):
>>>>> https://mykeycloakurl.com/auth/realms/myrealm/account?kc_idp
>>>>> _hint=idp1alias.
>>>>>
>>>>> I’m clearly missing something, or misunderstanding how this should
>>>>> work.
>>>>> Can someone help get me pointed in the right direction?
>>>>>
>>>>> Thanks!
>>>>> Jeremy
>>>>> _______________________________________________
>>>>> keycloak-user mailing list
>>>>> keycloak-user at lists.jboss.org
>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>
>>>>
>>>>
>>>
>>
>

More information about the keycloak-user mailing list