In keycloak, how to redirect to an IDP with kc_idp_hint?

Question

Here is the scene. I'm using keycloak for kibana, and I want to add two keycloak IDPs in one keycloak. When I'm using different kibana, the kibana will redirect to appropriate keycloak IDP. But now I can only redirect to the master keycloak.

I know Identity Provider Redirector, but it's realm-specific. I cannot add a new realm because I only have one.

And the kc_idp_hint doesn't work for me. I tried using the url (http://localhost:5601?kc_idp_hint=idp1), the kc_idp_hint is lost when redirect to keycloak auth url (http://localhost:8080/auth/realms/master/protocol/openid-connect/auth?...)

score 9 · Answer 1 · answered Dec 08 '20 at 12:05

9

And the kc_idp_hint doesn't work for me. I tried using the url (http://localhost:5601?kc_idp_hint=idp1), the kc_idp_hint is lost when redirect to keycloak auth url (http://localhost:8080/auth/realms/master/protocol/openid-connect/auth?...)

The url should look like the following:

<KEYCLOAK_HOST>/auth/realms/<YOUR_REALM_NAME>/protocol/openid-connect/auth?client_id=<YOUR_CLIENT_ID>&redirect_uri=<THE_REDIRECT_URI>&response_type=code&scope=openid&kc_idp_hint=<the_name_that_you_give_to_the_idp>

answered Dec 08 '20 at 12:05

dreamcrash

47,137
25
94
117

1

simple & direct thanks – kplshrm7 Aug 31 '22 at 07:51
@kplshrm7, this https://www.keycloak.org/docs/latest/server_admin/#default_identity_provider might be also useful for you – dreamcrash Aug 31 '22 at 08:19

score 0 · Answer 2 · answered Feb 29 '20 at 06:25

0

I found the solution of this problem. In 'Authentication', you can add a new flow which use the needed idp. And in the client, you can set 'Authentication Flow Overrides' - 'Browser Flow' to the new flow.

answered Feb 29 '20 at 06:25

flyingpot

148
1
1
11

In keycloak, how to redirect to an IDP with kc_idp_hint?

2 Answers2