sventorben / keycloak-home-idp-discovery

Keycloak: Home IdP Discovery - discover home identity provider or realm by email domain
MIT License
263 stars 48 forks source link
authentication discovery domain email keycloak keycloak-authenticator keycloak-extension keycloak-provider keycloak-server realm

Keycloak: Home IdP Discovery

This is a simple Keycloak authenticator to redirect users to their home identity provider during login.

GitHub release (latest SemVer) Keycloak Dependency Version GitHub Release Date Github Last Commit

CI build open issues CodeScene Code Health

What is it good for?

When a federated user wants to login via Keycloak, Keycloak will present a username/password form and a list of configured identity providers to the user. The user needs to choose an identity provider to get redirected. This authenticator allows to skip the step of selecting an identity provider.

How does it work?

If this authenticator gets configured as part of a browser based login flow, Keycloak will present a username form (without password form and without list of configured identity providers). A user can then enter an email address. Keycloak will then choose an identity provider based on the domain part of the provided email address and forward the user to the chosen provider.

Documentation

Please refer to the documentation website for instructions on installation, configuration, features, and general usage.

Youtube Video - Interview with Niko Köbler