[keycloak-user] IdP selection based on email address
Dmitry Telegin
dt at acutus.pro
Wed Jul 25 19:49:27 EDT 2018
Hi Yann,
Script-based authenticator should be perfect here. For how to implement redirection to IdP, take a look at how it is done in IdentityProviderAuthenticator (that shows in the GUI as "Identity Provider Redirector"):
List<IdentityProviderModel> identityProviders = context.getRealm().getIdentityProviders();
https://github.com/keycloak/keycloak/blob/master/services/src/main/java/org/keycloak/authentication/authenticators/browser/IdentityProviderAuthenticator.java#L66
Basically, you'll need to implement the same in JavaScript.
Good luck!
Dmitry Telegin
CTO, Acutus s.r.o.
Keycloak Consulting and Training
Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
+42 (022) 888-30-71
E-mail: info at acutus.pro
On Wed, 2018-07-25 at 13:10 +0000, Yann Jouanin wrote:
> Hello,
>
> We are using keycloak with multiple IdP from our customers. Because
> we don't want to offer a list of Idp (customer A can't use the idp of
> customer B), I would like to prompt the user for the email address
> first and decide then to redirect to a specific IdP based on the
> domain as an example.
>
> Does somebody here can advise me on the greatest way to implement
> this behavior?
> My first thought was to use a custom flow with a script, but I can't
> find how to specify the idp to use using script.
>
>
> Best regards,
> Yann Jouanin
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list