[keycloak-user] Identity Brokering, external IDP require nonce

Jérôme Blanchard jayblanc at gmail.com
Mon Mar 26 10:50:49 EDT 2018


Hi triton,
I have submitted a pull request that should fixe that. (
https://github.com/keycloak/keycloak/pull/5082)
Could you try with the latest sources and confirm that it works now ?
Thanks,
Best regards, Jérôme.

Le lun. 26 mars 2018 à 15:40, triton oidc <triton.oidc at gmail.com> a écrit :

> Hi,
>
> in my scenario, i'm using Keycloak as an IDP broker.
> It works fine with a lot of configuration.
>
> I build keycloak from source 3 weeks ago.
>
> However the IDP i'm trying to integrate right now requires a nonce in the
> first call on the authorization endpoint.
>
>
> https://myidp.com/authorize?scope=openid+profile&state=state&response_type=code&client_id=clientid&redirect_uri=redirect_uri
> fails
> but if i manually add "&nonce=1234" in the url it works
>
> I could not find an option in the external IDP concerning this nonce
> generation.
> Did i miss something ?
> Should i ask for a feature and i'll wait for someone to look at it ?
>
> any help would be appreciated
>
> Thanks a lot
>
> Amaury
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>


More information about the keycloak-user mailing list