[keycloak-user] kc_idp_hint parameter is being ignored

Jeremy Michael jeremy.michael7373 at gmail.com
Wed Nov 29 12:46:02 EST 2017


Hello all,

I’m trying to do something that looks like it should be very easy, but is
not working for me. Hopefully someone can help me figure out what I’m doing
wrong.

We have an application secured by Keycloak and have two Identity Providers
set up. Clicking the buttons on the standard Keycloak login screen works
fine for both Identity Providers. We can also set up either provider as a
default (in the browser Authentication flow) to bypass the login screen,
and that works fine. However, in some cases, we want to bypass the login
screen and use Identity Provider 1, and in others we want to bypass the
login screen and use Identity Provider 2.

It looks like we should be able to achieve what we want by using the
kc_idp_hint parameter. But, when I try to test it out, the
kc_idp_hint seems to be ignored.

I tried the following, where the URL is the address of my app secured by
Keycloak, and idp1alias is the alias of the Identity Provider I want to use:
https://www.myapp.com?kc_idp_hint=idp1alias
<https://www.myapp.com/?kc_idp_hint=idp1alias>

However, instead of bypassing the login screen and automatically beginning
the authentication process with Identity Provider 1, I am landing on the
standard Keycloak login screen.

As another test, I tried just going to the built in,
“/auth/realms/<realm>/account” with the "kc_idp_hint" parameter added and I
got the same behavior (i.e., I saw the Keycloak login screen):
https://mykeycloakurl.com/auth/realms/myrealm/account?kc_idp_hint=idp1alias.

I’m clearly missing something, or misunderstanding how this should work.
Can someone help get me pointed in the right direction?

Thanks!
Jeremy


More information about the keycloak-user mailing list