Update topics/identity-broker/suggested.adoc

This commit is contained in:
Stian Thorgersen 2016-09-07 14:12:08 +02:00
parent f8c317aab2
commit a74a5adc5a

View file

@ -1,12 +1,10 @@
=== Client Suggested Identity Provider === Client Suggested Identity Provider
Each identity provider has an option `Authenticate By Default`, which allows that Identity provider to be automatically selected during authentication. OIDC applications can bypass the {{book.project.name}} login page by specifying a hint on which
The user won't see the {{book.project.name}} login page and will instead be automatically redirected to the default identity provider.
OIDC applications can also bypass the {{book.project.name}} login page by specifying a hint on which
identity provider they want to use. identity provider they want to use.
This is done by appending the `kc_idp_hint` query parameter in the Authorization Code Flow authorization endpoint.
This is done by setting the `kc_idp_hint` query parameter in the Authorization Code Flow authorization endpoint.
{{book.project.name}} OIDC client adapters also allow you to specify this query parameter when you access a secured resource {{book.project.name}} OIDC client adapters also allow you to specify this query parameter when you access a secured resource
at the application. at the application.
@ -19,7 +17,7 @@ GET /myapplication.com?kc_idp_hint=facebook HTTP/1.1
Host: localhost:8080 Host: localhost:8080
---- ----
In this case, is expected that your realm has an identity provider with an alias `facebook`. In this case, is expected that your realm has an identity provider with an alias `facebook`. If this provider doesn't exist the login form will be displayed.
If you are using `keycloak.js` adapter, you can also achieve the same behavior: If you are using `keycloak.js` adapter, you can also achieve the same behavior:
@ -32,3 +30,5 @@ keycloak.createLoginUrl({
}); });
---- ----
The `kc_idp_hint` query parameter also allows the client to override the default identity provider if one is configured for the `Identity Provider Redirector` authenticator. The client can also disable the automatic redirecting by setting the `kc_idp_hint` query parameter to an empty value.