A login url that bypasses login form and go to idp login form

We have 2 applications that are both using the same microsoft azure ad (entra id) provider. My application is using keycloak for authentication, while the other is not. How do I create an url that sends me straight to microsoft login, skipping keycloak’s default login form, so that the non-keycloak user doesn’t have to go through the additional step at the login form?

I have tried using this url:

http://localhost:8003/realms/<realm-name>/protocol/openid-connect/auth?client_id=<client-id>&response_type=code&scope=openid%20profile%20email&redirect_uri=http%3A%2F%2Flocalhost%3A8003%2Frealms%2F<realm-name>%2Fbroker%2Ft<idp-name>%2Fendpoint&kc_idp_hint=<idp-name>

but after logging in with microsoft, I get returned to keycloak with the following message:

We are sorry...
Missing state parameter in response from identity provider.

EDIT: the login was still successful, the missing state just prevents the browser from redirecting to my page for some reason.

While not the main topic, is there any way to implement a single-sign on mechanism from our non-keycloak application to my keycloak application? Knowing that we use the same base aad users provider?

Thanks in advance!

You can create a new browser authentication flow with only two executions: “Cookie” and “Identity Provider Redirector”, both set as alternatives, as shown here Server Administration Guide. The Redirector executor can be configured to automatically forward the users to your Entra ID provider, to do that, set your Entra ID provider alias in the configuration (gear icon). Then, set this new authentication flow as default browser login flow in the advanced settings of your application/client.