We have 2 applications that are both using the same microsoft azure ad (entra id) provider. My application is using keycloak for authentication, while the other is not. How do I create an url that sends me straight to microsoft login, skipping keycloak’s default login form, so that the non-keycloak user doesn’t have to go through the additional step at the login form?
I have tried using this url:
http://localhost:8003/realms/<realm-name>/protocol/openid-connect/auth?client_id=<client-id>&response_type=code&scope=openid%20profile%20email&redirect_uri=http%3A%2F%2Flocalhost%3A8003%2Frealms%2F<realm-name>%2Fbroker%2Ft<idp-name>%2Fendpoint&kc_idp_hint=<idp-name>
but after logging in with microsoft, I get returned to keycloak with the following message:
We are sorry...
Missing state parameter in response from identity provider.
EDIT: the login was still successful, the missing state just prevents the browser from redirecting to my page for some reason.
While not the main topic, is there any way to implement a single-sign on mechanism from our non-keycloak application to my keycloak application? Knowing that we use the same base aad users provider?
Thanks in advance!