[keycloak-user] Query on application integration for SAML flow (IDP initiated flow)

abhijeet chauhan abhichow07 at gmail.com
Wed Oct 9 14:37:20 EDT 2019


Hi,

We have integrated our app so that app acts as oauth client to Keycloak and
keycloak is acting as Identity broker for incoming SSO flows (SAML).

APP (oauth client)     <- > Keycloak    <-> SAML Identity Providers.

Here we generate the SSO url in app so that we select the SAML identity
providers using kc_idp_hint that points the SAML IDP configured in Keycloak
(this is SAML SP SSO flow) and it is working perfectly well.

However I have questions how can I get this SSO integration working for
SAML IDP initiated flow, I tried doing IDP initiated flow with this and I
see Keycloak generating exceptions / errors.

I know oauth / oidc are always initiated at RP (relying party) here APP,
however if  Keycloak can create user session and create Identity of user
(for IDP initiated flow) and send browser to a specific url (specified on
IDP through RelayState) than APP can initiate the SSO flow and as user will
have the session on Keycloak, keycloak can redirect user to redirect_uri on
app to have the session . Any thoughts how to get it working. ?.

Thanks,
Vijay


More information about the keycloak-user mailing list