search

p2-inc / phasetwo

Phase Two public repo for feature requests and issue tracking
0 stars 0 forks source link

[Example] Authentication flow for redirecting users to IDP #1

Closed xgp closed 8 hours ago

xgp commented 1 year ago

Q: if i have already associated IDP with user can't i use keycloak workflow to get idp from username and then redirect to it

xgp commented 1 year ago

You can use the Home IDP Discovery Authenticator in your login flow to redirect users with existing IDP associations. To set this up,

  1. navigate to the Authentication section of the Keycloak admin console
  2. select the Browser flow
  3. in the Action menu in the upper right, select Duplicate
  4. name the flow something like home-idp-example and click Save
  5. in your new flow, click on the + menu of the forms row and select Add step Screen Shot 2022-10-06 at 4 42 59 PM
  6. page through the list and select Home IDP Discovery Screen Shot 2022-10-06 at 4 22 07 PM
  7. drag the new action you added to the top of the forms section, switch the requirement from Disabled to Required, and then click on the gear icon
  8. configure the step by giving the configuration a name like home-idp-discovery-config, turning on Forward to linked IdP, and clicking Save Screen Shot 2022-10-06 at 4 22 51 PM
  9. in the Action menu in the upper right, select Bind flow
  10. in the Bind flow modal, select Browser flow and click Save Screen Shot 2022-10-06 at 4 49 31 PM
xgp commented 1 year ago

Note: Users must have verified email addresses for this to work properly.