Stack Overflow
Stack Overflow

Questions tagged [idp]

Identity Provider (IDP)

IDP on wikipedia

342 questions
45
votes
10 answers

How can I restrict client access to only one group of users in keycloak?

I have a client in keycloak for my awx(ansible tower) webpage. I need only the users from one specific keycloak group to be able to log in through this client. How can I forbid all other users(except from one particular group) from using this…
lukasell
  • 761
  • 1
  • 8
  • 10
19
votes
4 answers

AWS VPN using federated login with Google IdP - app_not_configured_for_user

I'm trying to setup a VPN connection using a federated login with Google IdP following these instructions. Previously, I had configured a saml-provider with Google and it worked fine to authenticate users to the AWS console through Google using ARN…
Cyril Duchon-Doris
  • 12,964
  • 9
  • 77
  • 164
16
votes
10 answers

How to bypass Keycloak login form and jump directly to the IDP login?

I'm running the saml-broker-authentication example. The first thing that I see is in the UI is a user/pass for with an option to use a broker (image below). Is there a way to skip this form and go straight to the IDP? After clicking on one of the…
AlikElzin-kilaka
  • 34,335
  • 35
  • 194
  • 277
13
votes
1 answer

Error while doing IdP initiated login using AWS Cognito

I am using IdP as Onelogin & aws cognito(SP). SP initiated login working fine. But when i clicked on App Portal/ Home -> on my application, then it redirects to cognito with error prompt "Invalid relayState from identity provider" I checked relay…
Rohit Jadhav
  • 145
  • 1
  • 7
9
votes
2 answers

Programatic username/password access with KeyCloak using external IDP brokering

I'm using Identity Brokering feature and external IDP. So, user logs in into external IDP UI, then KeyCloak broker client receives JWT token from external IDP and KeyCloak provides JWT with which we access the resources. I've set up Default…
yyunikov
  • 5,719
  • 2
  • 43
  • 78
7
votes
2 answers

Using MSAL with non-Microsoft Identity providers

I would like to know if MSAL can be used with Identity providers other than Microsoft products. If yes, how. I checked the MSAL documentetion but it is not straightforward in this question. What I would like to do is to authenticate to Google and…
KTib
  • 71
  • 2
7
votes
1 answer

How to grant some users partial user management rights in Keycloak?

Let's say I'm using one realm mycomp in Keycloak to handle all users (+ master realm for Keycloak superadmin). I'm have role of Customer Support (CS) that should be able to view users and manage their basic data like names, email, password reset…
nomysz
  • 187
  • 1
  • 9
7
votes
1 answer

idp initiated sso using keycloak

This question is in the area of SAML based IDP initiated SSO. As a POC, I have two keycloak instances, say keycloak1 and keycloak2. I would want to achieve the below : Authentication would be done at keycloak1 keycloak1 then directs to keycloak2 to…
vsairam
  • 197
  • 1
  • 9
6
votes
3 answers

KeyCloak Refresh External IDP Token

We are using KeyCloak Identity Brokering to federate authentication to an external IDP. The Identity Provider is of type OpenID Connect v1.0. Additionally, we are using OIDC Authorization Code Flow with PKCE. We are successully able to retrieve the…
Ayondeep Datta
  • 81
  • 2
  • 7
6
votes
1 answer

Create a custom identity provider and configure it with keycloak

I am working on a project where I need to create an application that shall act as an OIDC mediator between a client which only supports OIDC for authentication and a REST api. The REST api is able to generate tokens and give user info but does not…
Tomas Andersen
  • 289
  • 1
  • 4
  • 13
5
votes
0 answers

How can I reset OAuth consent screen?

I have followed instrucctions from OAuth consent screen - ability to remove application logo to remove logo. But now, when I try to create an OAuth client Id I can´t because the following message : "The brand that you're trying to edit has been…
Víctor
  • 416
  • 5
  • 15
5
votes
3 answers

Direct Access Grant with KeyCloak using external Identity Provider (IDP)

I would like to authenticate against KeyCloak using "Direct Access Grant": https://www.keycloak.org/docs/latest/server_admin/index.html#resource-owner-password-credentials-grant-direct-access-grants I works like a charm when keycloak manages users…
Łukasz Torzyński
  • 141
  • 1
  • 3
  • 6
5
votes
3 answers

How can I simulate an identity providers for SAML?

I'm writing some SSO code, that will allow any IdP that supports SAML to authorize with my code. I need an IdP Simulator that can provide me a metadata URL with the Idp config so that I can test my code. (I'm providing in my code the SP config). I…
Emma
  • 149
  • 2
  • 8
5
votes
2 answers

Keycloak flow to allow only authorized IDP accounts

I would like to setup Google federation using Keycloak however only for authorized users in my company. Setting up Google federation allows any Google account to login. I have looked at the authentication flow on Keycloak but I have been unable to…
Alexandre Thenorio
  • 2,288
  • 3
  • 31
  • 50
4
votes
0 answers

Error in SAML response processing: No SAML assertion found in the SAML response

I've configured Cognito to use SAML Identity Provider and did all the setup on AD side, AD accepts the request and allow me to sign-in, then it responds to the configured idpresponse endpoint with the SAMLResponse form data value as you can see in…
Marcelo Luiz Onhate
  • 501
  • 8
  • 17
1
2 3
22 23