[keycloak-user] IdP Initiated SSO

Chris Stephens chris.stephens at edlogics.com
Fri Aug 16 12:01:14 EDT 2019


Hello,

Thanks for the great product. We have set up several instances of keycloak as the SP utilizing SP-Initiated SSO to external IdPs. Everything in that process is going smoothly. We have an external IdP that wants us to use IdP-initiated SSO to connect to their IdP. The current client protocol is openid-connect. We are using keycloak 5.0.

1. Is it possible for a keycloak service provider client using the openid-connect protocol to perform IdP-initiated SSO. I believe we have to set the client up using the saml protocol. Is this correct?

	1a. If it is not possible, are there any workarounds that I can use? My app is using an openid-connect public client. How can I use IdP-initiated SSO in this 	scenario

2. We need to provide the IdP the public key used to sign the assertions. Are the keys used to sign the assertions located in the keycloak admin console > realm settings > keys > Providers tab?

Thanks,

Christopher Stephens
Software Engineer | EdLogics
chris.stephens at edlogics.com 




More information about the keycloak-user mailing list