From a74a5adc5ad8f588e7cb46a3396b55369ba9dd8b Mon Sep 17 00:00:00 2001
From: Stian Thorgersen <stian@redhat.com>
Date: Wed, 7 Sep 2016 14:12:08 +0200
Subject: [PATCH] Update topics/identity-broker/suggested.adoc

---
 topics/identity-broker/suggested.adoc | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/topics/identity-broker/suggested.adoc b/topics/identity-broker/suggested.adoc
index 60480913dd..7aaa61e084 100644
--- a/topics/identity-broker/suggested.adoc
+++ b/topics/identity-broker/suggested.adoc
@@ -1,12 +1,10 @@
 
 === Client Suggested Identity Provider
 
-Each identity provider has an option `Authenticate By Default`, which allows that Identity provider to be automatically selected during authentication.
-The user won't see the {{book.project.name}} login page and will instead be automatically redirected to the default identity provider.
-
-OIDC applications can also bypass the {{book.project.name}} login page by specifying a hint on which
+OIDC applications can bypass the {{book.project.name}} login page by specifying a hint on which
 identity provider they want to use.
-This is done by appending the `kc_idp_hint` query parameter in the Authorization Code Flow authorization endpoint.
+
+This is done by setting the `kc_idp_hint` query parameter in the Authorization Code Flow authorization endpoint.
 
 {{book.project.name}} OIDC client adapters also allow you to specify this query parameter when you access a secured resource
 at the application.
@@ -19,7 +17,7 @@ GET /myapplication.com?kc_idp_hint=facebook HTTP/1.1
 Host: localhost:8080
 ----
 
-In this case, is expected that your realm has an identity provider with an alias `facebook`.
+In this case, is expected that your realm has an identity provider with an alias `facebook`. If this provider doesn't exist the login form will be displayed.
 
 If you are using `keycloak.js` adapter, you can also achieve the same behavior:
 
@@ -32,3 +30,5 @@ keycloak.createLoginUrl({
 });
 ----
 
+The `kc_idp_hint` query parameter also allows the client to override the default identity provider if one is configured for the `Identity Provider Redirector` authenticator. The client can also disable the automatic redirecting by setting the `kc_idp_hint` query parameter to an empty value.
+