2016-05-26 16:09:04 +00:00
|
|
|
|
|
|
|
|
=== Client Suggested Identity Provider
|
|
|
|
|
|
2016-05-27 15:23:34 +00:00
|
|
|
Each identity provider has an option `Authenticate By Default`, which allows that Identity provider is automatically selected during authentication.
|
|
|
|
|
User won't even see the {{book.project.name}} login page and will instead be automatically redirected to the default identity provider.
|
2016-05-26 16:09:04 +00:00
|
|
|
|
2016-05-27 15:23:34 +00:00
|
|
|
OIDC applications can also bypass the {{book.project.name}} login page by specifying a hint on which
|
|
|
|
|
identity provider they want to use.
|
|
|
|
|
This is done by appending the `kc_idp_hint` query parameter in the Authorization Code Flow authorization endpoint.
|
2016-05-26 16:09:04 +00:00
|
|
|
|
2016-05-27 15:23:34 +00:00
|
|
|
{{book.project.name}} OIDC client adapters also allow you to specify this query parameter when you access a secured resource
|
|
|
|
|
at the application.
|
2016-05-26 16:09:04 +00:00
|
|
|
|
2016-05-27 15:23:34 +00:00
|
|
|
For example
|
2016-05-26 16:09:04 +00:00
|
|
|
|
|
|
|
|
[source,java]
|
|
|
|
|
----
|
|
|
|
|
GET /myapplication.com?kc_idp_hint=facebook HTTP/1.1
|
|
|
|
|
Host: localhost:8080
|
|
|
|
|
----
|
|
|
|
|
|
|
|
|
|
In this case, is expected that your realm has an identity provider with an alias `facebook`.
|
|
|
|
|
|
|
|
|
|
If you are using `keycloak.js` adapter, you can also achieve the same behavior:
|
|
|
|
|
|
|
|
|
|
[source,java]
|
|
|
|
|
----
|
|
|
|
|
var keycloak = new Keycloak('keycloak.json');
|
|
|
|
|
|
|
|
|
|
keycloak.createLoginUrl({
|
|
|
|
|
idpHint: 'facebook'
|
|
|
|
|
});
|
|
|
|
|
----
|
|
|
|
|
|
