Hi, I have configured an external identity provider (Norwegian one, Signicat, BankID), and they require “acr_value” set as query parameter to the authorize call.
This is the request parameter I would like to add: acr_values=urn:signicat:oidc:method:nbid
The issue is that I can’t see where and how I can set it in Keycloak UI when I configuring the identity provider. I downloaded the Keycloak source to look if I found anything there, and I see it in AbstractOAuth2IdentityProvider class (
My understanding is that ACR value cannot be set based on the target IDP.
In the code above, you can see that ACR values is not read from getConfig() which contains the parameters that you can set through the GUI at the “Identity Provider” level.
ACR must be set in the initial URL that the client uses at the beginning.
That’s a pity because I wanted to do exactly the same thing : I have a federation with 2+ IDPs and I wanted to force one of the IDP to make a MFA regardless of the client_id
Alas, I think Keycloak does not support this at the moment.