[keycloak-user] kc_idp_hint parameter is being ignored

Jeremy Michael jeremy.michael7373 at gmail.com
Thu Nov 30 15:05:11 EST 2017


We're using the keycloak.js adapter. I've tried a couple of things, but am
still not able to get it to work. Within our adapter, we're instantiating
keycloak with the following (more or less):

keycloak = new Keycloak({
      url: "mykeycloak.com/auth/",
      realm: "myrealm",
      clientId: "myclient",
      checkLoginIframe: false
    });

I tried to add the following immediately after the code block below:

keycloak.createLoginUrl({
idpHint: 'myIdP'
});

But that generated an error: Argument of type '{ idpHint: string; }' is not
assignable to parameter of type 'LoginOptions'. Object literal may only
specify known properties, and 'idpHint' does not exist in type
'LoginOptions'.

So, I tried adding the idpHint param on the initial block:
keycloak = new Keycloak({
      url: "mykeycloak.com/auth/",
      realm: "myrealm",
      clientId: "myclient",
      checkLoginIframe: false,
      idpHint: 'myIdP'
    });

That didn't cause any errors, but it didn't seem to have any effect (I
still landed on the login page).

Any ideas?

On Wed, Nov 29, 2017 at 3:32 PM, Stian Thorgersen <sthorger at redhat.com>
wrote:

> The kc_idp_hint param isn't set on your app, but rather it's a query param
> that needs to be included when the app is doing the login. What adapter are
> you using?
>
> On 29 November 2017 at 18:46, Jeremy Michael <jeremy.michael7373 at gmail.com
> > wrote:
>
>> Hello all,
>>
>> I’m trying to do something that looks like it should be very easy, but is
>> not working for me. Hopefully someone can help me figure out what I’m
>> doing
>> wrong.
>>
>> We have an application secured by Keycloak and have two Identity Providers
>> set up. Clicking the buttons on the standard Keycloak login screen works
>> fine for both Identity Providers. We can also set up either provider as a
>> default (in the browser Authentication flow) to bypass the login screen,
>> and that works fine. However, in some cases, we want to bypass the login
>> screen and use Identity Provider 1, and in others we want to bypass the
>> login screen and use Identity Provider 2.
>>
>> It looks like we should be able to achieve what we want by using the
>> kc_idp_hint parameter. But, when I try to test it out, the
>> kc_idp_hint seems to be ignored.
>>
>> I tried the following, where the URL is the address of my app secured by
>> Keycloak, and idp1alias is the alias of the Identity Provider I want to
>> use:
>> https://www.myapp.com?kc_idp_hint=idp1alias
>> <https://www.myapp.com/?kc_idp_hint=idp1alias>
>>
>> However, instead of bypassing the login screen and automatically beginning
>> the authentication process with Identity Provider 1, I am landing on the
>> standard Keycloak login screen.
>>
>> As another test, I tried just going to the built in,
>> “/auth/realms/<realm>/account” with the "kc_idp_hint" parameter added and
>> I
>> got the same behavior (i.e., I saw the Keycloak login screen):
>> https://mykeycloakurl.com/auth/realms/myrealm/account?kc_
>> idp_hint=idp1alias.
>>
>> I’m clearly missing something, or misunderstanding how this should work.
>> Can someone help get me pointed in the right direction?
>>
>> Thanks!
>> Jeremy
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>


More information about the keycloak-user mailing list